hashcat Forum

Full Version: Exploiting the human factor
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Pages: 1 2
The Enigma was cracked much due to the human factor and the human errors.
So I thought: How about making a mask that will run a brute force attack that will cover most of the human laziness?

My first thoughts:
1. Password length set to 8-10 chars.  
2. First letter may be uppercase or lowercase.
3. Last 1-3 chars is probably lowercase or numbers.

What's your thoughts about this approach, and what should be included, without making a mask that takes "forever" to run?
That's exactly what hashcat does when using attack mode 3 (brute force, -a 3), and a mask is not specified.

It defaults to this mask:

-1 ?l?d?u -2 ?l?d -3 ?l?d*!$@_ ?1?2?2?2?2?2?2?3?3?3?3?d?d?d?d
Can this mask be set to increment the length of 8-10 chars?
Yes, by default if you specify no other parameters other than -a 3, it will automatically increment until exhaustion. IF you want it to terminate earlier, you'd have to specify an --increment-max.
What util should I use to make a mask according to my specs listed above? (head is not fully operational after being at work today).
No utility necessary - honest. Big Grin Study the default, understand how it works, and then adapt it to your needs. Big Grin
I think I need to make a masks file to cover it exactly as I want, but mask processor does not have the options I need.
just create the hashcat mask file (a.hcmask) manually:

hashcat -m 2500 -a 3 -w 3 hash a.hcmask

note: of course you can modify this in any shape or form you like, e.g. using ?l (lowercase letters) instead of ?a (which is much huger, i.e. ?l?u?d?s)
I made a hcmask-file looking like this:









I think it covers all the combinations I wanted.
Worth a try. It says it will take 11 days to complete, which is acceptable.

But I'm still interested in suggestions for modifications.
lol, it will take 11 days just for the first one

that's also why brute-force is not usually the best strategy, but it of course depends a lot on the info you have and especially how confident you are that the passwords are 100% randomly generated and not human-choosen

btw: sometimes it's better to prefer masks with larger keyspace, because they can be accelerated better (depending also on the hash type etc). e.g. ?l?l?l?l?l?l?l?l and ?u?l?l?l?l?l?l?l is equivalent as ?l?u,?1?l?l?l?l?l?l?l , but the second one might peform (sligthly) better, of course a set of ?a?a?a... at the start would allow even more acceleration
Pages: 1 2