hashcat Forum

Full Version: How to crack Keepass2 passcode, help me
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
I don't know the command to do this, and "--help's" output isn't helping too much. The part that's really confusing is how can I put in rules for the brute-force, like which kind of characters and ones I know of, etc, since I partially know the password, but I forgot a few parts (3-6 characters of a single kind), so I wonder how I can find the remaining bits. I don't mind if it takes a day or so.
tks
so you are using -m 13400 together with the modified (removed file names etc) output of keepass2john from bleeding-jumbo john the ripper (JTR) ?

Well, it depends if the chars are appended/prepended or in the middle.

In theory all these methods could work:
-a 3 (mask attack) with a --custom-charset1 with your list of chars and a mask using it e.g. -a 3 --custom-charset1 4dhKTg3p hash_from_keepass2john.txt STARTOFPASSWORD?1?1?1?1
-a 0 with rules (-r) that append ($x) Or prepend (^y) the characters
-a 6 to append a mask to each pass/line in the dictionary
-a 7 to prepend a mask to each pass/line in the dictionary
-a 1 to combine 2 dictionaries

each approach has its advantages and disadvantages... for instance using -a 3 with a static string like "STARTOFPASSWORD" at the beginning is normally not the best performance-wise in hashcat (but for slow hashes it doesn't matter too much). -a 0 with rules is sometimes a problem if your keyspace is too large such that you have very many rules (but actually you could stack them with -r first -r second -r third) and if you do NOT know all the rules or need to generate them by a script etc (it's not a problem in general, but a little bit cumbersome for beginners).

I would suggest to start here:
https://hashcat.net/wiki/doku.php?id=mask_attack (-a 3)
https://hashcat.net/wiki/doku.php?id=rule_based_attack (-a 0 -r)
https://hashcat.net/wiki/doku.php?id=combinator_attack (-a 1)

It doesn't really matter too much which approach you choose as long as it isn't much slower than the others and as long as it works as expected (generates the correct password candidates). You could always test your approach with --stdout -a x [options] (don't specify any hash files when using --stdout !).