hashcat Forum

Full Version: Hashcat bruteforcing with special rules
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Pages: 1 2
Hello,

I am a hashcat noob but I need some help. I forgot my Truecrypt Countainer Password and need to crack it now.
It has 37-41 Characters. The good news I know the last 20 Characters and the first 4 excatly. I know the 6th Position it's a "," or ".". And I know the 5th Position could be one letter or nothing, than the 6th Position would be the 6th Position.
I also know between 5/6 till 20/21th Position are two static phrases.
One is like that "HuW" and one is like that "84839", the rest is out of 6 Characters.

Example how it could look like:

!Ii!,HuW;,.H).84839..123456789+'+uHdbHDhE

or maybe:

!Ii!c.HuW;,HH).84839..123456789+'+uHdbHDhE

(don't worry I changed up here things, thats now how my password look like, but it's an example for configuration.)

I did some math and cam out that it can get cracked in less than a day with a Amd 290x.

I need now help to get the configuration right. Here is an example how it would look like in OTFBrutus.

!Ii![c]{0-1}[\.\,]{1}["HuW" \;\.\-\_\)\: "84839"]{6-10}123456789+'+uHdbHDhE
OTFBrutus said it would be 4908384256 combinations.
(4908384256 / 500000 / 60 / 60 = 2,72 h)


the password can only get cracked in a good time, if 84839 and HuW are threated like a static phrases "in way like a character (from the math side").

Thank you very much!
Do not request help cracking a hash or offer a cash reward. This is against the forum rules.

Basically what you are looking for here is a mask attack. http://hashcat.net/wiki/doku.php?id=mask_attack

The static portions of your password will be static in your mask. For the unknown portions you'll use custom charsets.
Thank you bro for the fast answer. I didn't want to break the rules here, I didn't know that.

Can you set this up for me please? I would really really appreciate that!

€dit: What about this: "I know the 6th Position it's a "," or ".". And I know the 5th Position could be one letter or nothing, than the 6th Position would be the 6th Position."
You will need multiple masks to accomplish this, so you should probably use an hcmask file.

I will help you construct one mask. You will need to construct the others.

-1 '.,' -2 ';.-_):' '!Ii!?1HuW?1?184839123456789+'\''+uHdbHDhE'
Why did you do it like that?
I don't understand.


this part is almost known:
!Ii!c.
could be also
!Ii!c,
or
!Ii!,
!Ii!c,

and this part is really known:

123456789+'+uHdbHDhE

everything between is almost unknow except the charset and the static combination 84839 and HuW but it could also be hUw.
In this middle part could be up to 6-10 characters, if you cound 84839 and HuW as one character (if you count 84839 and HuW as 5 and 3 characters in this middle part is than a total of between 16 and 12). And in this middle part is a charset of 6-7 chars.
Did you maybe misunderstood my question? Or did I missunderstood you?

€dit: and one thing more that I know, HuW definetly appears only one time in this middle part and 84839 also appears one time in the middle part.
If you put the same amount of energy in just writing the mask instead of describing what you want you actually would get it faster. Epix gave you a good example.
I don't see in his examples how "HuW" and "84839" rotate in this case? I don't know where HuW and 84839 are. First could come 84839 and than HuW or different way. And I don't know whats between them. I just know they are between beginning and end (middle) and I know this middle part has with this 2 phrases (12-16 chars if you count them as one char -> 6-10)

€dit: I am just despread. I need your help!
Is it somehow possible to set up a charset where this 2 static phrases are recognized as a char (even they aren't)?

than it would be

8 chars in the middle

-1 '.,' -2 ';.-_):"HuW" "84839"' '!Ii!?1?2?2?2?2?2?2?2?2123456789+'\''+uHdbHDhE'
-1 '.,' -2 ';.-_):"HuW" "84839"' '!Ii!c?1?2?2?2?2?2?2?2?2123456789+'\''+uHdbHDhE'

9 chars in the middle

-1 '.,' -2 ';.-_):"HuW" "84839"' '!Ii!?1?2?2?2?2?2?2?2?2?2123456789+'\''+uHdbHDhE'
-1 '.,' -2 ';.-_):"HuW" "84839"' '!Ii!c?1?2?2?2?2?2?2?2?2?2123456789+'\''+uHdbHDhE'

10 chars in the middle
-1 '.,' -2 ';.-_):"HuW" "84839"' '!Ii!?1?2?2?2?2?2?2?2?2?2?2123456789+'\''+uHdbHDhE'
-1 '.,' -2 ';.-_):"HuW" "84839"' '!Ii!c?1?2?2?2?2?2?2?2?2?2?2123456789+'\''+uHdbHDhE'

or? But is it possible to put a static phrase in a charset?

and the other question is it possible to let this run in a queque? Or do I have to start every mask new?

€dit: my problem is how can I bring this two static phrases in a charset? And how can I run this automatically?


€dit2: Ahhh I guess I know what you know mean with hcmask.

I have to create something like that:

5 x ?2
-1 '.,' -2 ';.-_):' '!Ii!?1HuW18483?2?2?2?2?2123456789+'\''+uHdbHDhE'
-1 '.,' -2 ';.-_):' '!Ii!?1HuW?218483?2?2?2?2123456789+'\''+uHdbHDhE'
-1 '.,' -2 ';.-_):' '!Ii!?1HuW?2?218483?2?2?2123456789+'\''+uHdbHDhE'
...
-1 '.,' -2 ';.-_):' '!Ii!?1HuW?2?2?2?2?218483123456789+'\''+uHdbHDhE'
...
-1 '.,' -2 ';.-_):' '!Ii!?1?2?2?2?2?218483HuW123456789+'\''+uHdbHDhE'

Am I right? And than again repeat this with 6 x ?2 and 7 x ?2 and 8 x ?2
Is that correct?

If this is right and I created that file, how can I execute it with oclHashcat?
Those masks are looking good. Unfortunately since your custom charset includes a comma, and hcmasks use commas to separate fields, an hcmask file would not work. So what you'll need to do is run each of these masks one-by-one with hashcat. It's probably best to script this out.
No way Sad I just already started to do this masks. This are a lot of masks, I can't start them one by one.
Isn't there a way around like you did with the ' ?

I can't script that, can you help me please?

€dit: 2 more questions:

1.) How does a command look like for TC AES (RipeMD) with hcmaks?
2.) Which OS would work best with a AMD R9 290x?

ahh and a 3rd one:

is a slash / also a Problem for hashcat if it appears?

€dit3: I found this in the Documention:
"- \, means that the comma should be used literally (not a separator between ?1, ?2, ?3, ?4 or mask)" but you right, the problem is that is in the custom charset. What can I do? :/

€dit4:

would the command be this:

./oclHashcat-plus64.bin -m 6211 -a 3 -n 32 /root/desktop/countainer.tc -1 '.,' -2 ';,.-_):' '!Ii!?1HuW18483?2?2?2?2?2123456789+'\''+uHdbHDhE' -o /root/desktop/found/found.txt

or is something missing?
Pages: 1 2