"brute force" and custom charset questions
#1
When performing a brute force (or mask) attack with oclHashcat-plus, can I use a rule to append characters to my mask? I'm assuming I can because it executes successfully but figured it couldn't hurt to ask.

Also, how can I create a custom charset using !?@#$%& without getting an error? I know I could just use ?s, but I don't want all possible special characters to be used in my mask.

Example:
Code:
./oclHashcat-plus64.bin -a 3 --remove -r rules/custom/pix_salt.rule  -n 40 --gpu-loops=1000 -o solved/pix.solv -m 2400 hashes/pix.hash -1 ?l?d -2 ?d!?@#$%& ?u?l?l?l?l?l?1?2

The error I get from that is -bash: !?@#$%& ?: event not found.

Thanks!
#2
these are special characters interpreted by bash. You need to either (single) quote them or escape them.
#3
(11-29-2012, 07:44 PM)undeath Wrote: these are special characters interpreted by bash. You need to either (single) quote them or escape them.

I tried the following:
Code:
./oclHashcat-plus64.bin -a 3 --remove -r rules/custom/pix_salt.rule  -n 40 --gpu-loops=1000 -o solved/pix.solv -m 2400 hashes/pix.hash -1 ?l?d -2 ?d'!?@#$%&' ?u?l?l?l?l?l?1?2

and got this: Syntax error: ?d!?@#$%&

I also tried putting single quotes around only ! and ? and still received the syntax error. What is the escape character?

edit- Using \ as an escape also results in syntax error.
#4
? is the special character for hashcat masks. you need to do ?? to have the character ? in the mask
#5
(11-29-2012, 08:58 PM)undeath Wrote: ? is the special character for hashcat masks. you need to do ?? to have the character ? in the mask

I figured it was the question mark causing problems. Thanks for helping! It works using this syntax:

Code:
./oclHashcat-plus64.bin -a 3 --remove -r rules/custom/pix_salt.rule  -n 40 --gpu-loops=1000 -o solved/pix.solv -m 2400 hashes/pix.hash -1 ?l?d -2 ?d??'!@#$%&' ?u?l?l?l?l?l?1?2
#6
Well, from what I've seen, rules will not work with masks-- only dictionaries.

example rule file (list_salt.rule)
Code:
$t$e$s$t
$u$s$e$r
$n$a$m$e

The following will not successfully crack a known hash:
Code:
./oclHashcat-plus64.bin --remove -a 3 -r rules/custom/list_salt.rule -m 2400 hashes/list.hash ?l?l?l?l?l?l?l?l

The following successfully cracks a known hash:
Code:
./oclHashcat-plus64.bin --remove -a 3 -m 2400 hashes/list.hash ?l?l?l?l?l?l?l?ltest

LXZj69bQ2.4Z8S7h:abcdefghtest

'test' is used in the mask because it is the username associated with the hash. When trying to crack numerous hashes, there will be just as many usernames used as salt. This limits an attack to one at a time. If restricted to a single hash, lite is a better option.

Will later versions of hashcat-plus support rules for a mask attack or a salt list? Maybe this is already supported, and I'm just missing it?

-cheers-

edit- I've tried doing a hybrid mask/dict attack (a 7), but my dictionary does not load successfully. Sad

edit2- derp. Nevermind.... success!
Code:
./oclHashcat-plus64.bin --remove -a 7 -m 2400 hashes/list.hash ?l?l?l?l?l?l?l?l dict/salt/list_app.salt