hashcat Forum

Full Version: Custom charset, I'm lost...
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Hello there,

not-so-savvy-with-hashcat user here, need help defining a charset for a brute force attack. I am aware that mask attack is more versatile but in my special case it can be any password from 1-6 characters with characters a not-so-smart human with a German keyboard would choose so brute force it is. So before I let my PC run 3 days with a broken charset, I want to make this right - the documentation is a bit confusing.

What I basically need is a charset that lets me crack a PW from 1-6 characters with every possible combination of

a-z
A-Z
äöü
ÄÖU
0-9
!@#$%&*-+.,

It's not usually my kind of thing to ask help for every little bit and I usually figure stuff out on myself but I fear to waste precious time by running my PC for a long time with the wrong charset. I calculated the time my PC needs for this, it's fine.

Thanks in advance!
You can supply a custom charset using --custom-charset[1-4] files. The ./charsets/ directory has some stock ones, including the ./charsets/standard/German/ directory. You can combine up to four multiple charsets using --custom-charset1, --custom-charset2, etc. Or you can concatenate files to make a custom one.

You can also specific charsets with hex, using --hex-charset.

You can make sure that your setup is working by testing against a short known password hashed with, say, MD5. You can also use the --stdout feature to check your work.

Good luck!
Thanks for your reply royce!

So if I got this right, creating a new .hcchr file with basically

abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZäöüÄÖÜ0123456789!@#$%&*-+.,

as content and specifying it by

--custom-charset1 \folder\folder\mycharset.hcchr

does the job?
So I've tested a lot of variations and I don't seem to be able to do it. Could anyone kindly provide me with the steps needed to do this? No documentation is really useful for me as I want to use a very special charset and all brute force doc is replaced by the infinitely more complex mask attack.
First, you need to know which encoding scheme was used, because if the german umlauts. Was it ISO-8859 or utf-8?