1Password - need help using hashcat

[ForgotMP1P]

Hi!

My last thread got deleted. I asked for help generating a rainbow table for money. I'm very sorry for that.

Anyway i got hashcat running and i was able to recover a test case. So i extracted the hash of the Key from the AgileKeychain and ran it against a textfile which contained my test case password.

Now i'm struggling a little bit as i need to do the following:

I know most of the parts of the forgotten password but i don't know if any of the characters are really used. May someone help me do something like this:

% OR § OR NO CHAR - as the Beginning
Lost
" OR § OR NO CHAR
Password

P.S.: Above is just what i need to achive, the password itself it's more complex but that would cover it pretty much.

[ForgotMP1P]

Oh and when i type in "§" - hashcat complains about this. It runs but the candidates are shown in HEX.

[jimby]

Hi!

My last thread got deleted. I asked for help generating a rainbow table for money. I'm very sorry for that.

Anyway i got hashcat running and i was able to recover a test case. So i extracted the hash of the Key from the AgileKeychain and ran it against a textfile which contained my test case password.

Now i'm struggling a little bit as i need to do the following:

I know most of the parts of the forgotten password but i don't know if any of the characters are really used. May someone help me do something like this:

% OR § OR NO CHAR - as the Beginning
Lost
" OR § OR NO CHAR
Password

P.S.: Above is just what i need to achive, the password itself it's more complex but that would cover it pretty much.

It sound like you now have a hash, and you know the correct hash type.  It also sounds like you are familiar with the structure of the password,  (puncutation followed by word, followed by punctuation, followed by word - or similar).

If this is true, you can generate a list of candidate passwords using the comboleetor perl script.  It is designed for this purpose - generating password candidates when the structure is known.

Have a look at http://www.jimby.name:81/comboleetor_latest/README.txt   to see if it helps your case.

You can then feed your candidate list to hashcat.

Cheers,
Jim B.

[ForgotMP1P]

Thank you so much for your reply. I'll read through the README.

In hashcat i successfully used custom charsets but there's one problem left. I'm not sure if for example:

CUSTOM CHARSET 1 - %$§
?1SomePassword [...]

?1 is really there. The best would be, if hashcat can just do the following:

CUSTOM CHARSET 1 - %$§ NOTHING
So i get:
$SomePassword
$SomePassword
§SomePassword
SomePassword

[undeath]

§ is not an ascii character. Using it in masks or rules is problematic.

[ForgotMP1P]

Ok, i see. How to i handle this with hashcat?

Edit1:
And the main problem, how i can define, that $1 should be used but also it should try not adding $1

CHARSET 1: %&

Generated combinations:
%Password
&Password
Password

Edit2: I wrote a textfile with § and set the charset to Latin1 like in this wiki post:
https://hashcat.net/wiki/doku.php?id=fre...arabic_etc

Still seeing HEX... at the candidates list.

[undeath]

First you need to find out what encoding to use, then you can create a charset file: https://hashcat.net/wiki/doku.php?id=mas...rset_files

If you need a multibyte character (utf-8) you need to split everything into the individual bytes of the character.

[ForgotMP1P]

Ok, the 1password master password is not choosey:
https://support.1password.com/special-ch...-password/

I just need the § char

Edit: I'm very concerned. My demo hash from yesterday doesn't encrypt anymore. WTF
I type in the demo password in 1Password and it unlocks the keychain. I use the exact same password in hashcat and it doesn't get encrypted.

[ForgotMP1P]

Okay, it's definitely the § char which messes all up.

[ForgotMP1P]

I tried the following:

CHARSET 1: [HEX]c2
CHARSET 2: [HEX]a7
This should result in §

Password?1?2

(http://blog.bitcrack.net/2013/09/crackin...guage.html)

Guess what, it doesn't work. No error message but it just doesn't crack the password and as i'm using a demo password i'm 100% sure.