What attack to use
#1
I'm new and I want to explore a little more Hashcat.  I have a small drive that I Bitlocked with a 15 digit alpha numeric and special character password, it has lower case and upper case randomly.  I have used FTK imager and John Ripper and have 4 Hashes.  What word lists or rules do I need and what command to give in CMD to Hashcat.  Thanks in advanced and thanks for being patient with a NOOB Smile
Reply
#2
For a password with that complexity you most likely will have no luck. The keyspace for attacking that length would be decades with even a super computer.

But for learning purposes - Check out mask attack on the wiki! It will describe how to use different characters sets to create bruteforce attacks.

For example, since you have defined it being EXACTLY 15 characters we can eliminate the process of guessing any other lengths which is a great start! However, needing digits (?d), uppercase (?u), lowercase (?l) and special characters (?s) all within the password we need to create what is called a custom character-set. This can be accomplished by using the -1 to -4 parameters which would need to be defined with that specific requirement.

So when you create your attack you will need to include the custom character set with all the above for EVERY location of the 15 total length password.

Code:
hashcat -a 3 -m xxx -1 ?d?u?l?s hash.file ?1?1?1?1?1?1?1?1?1?1?1?1?1?1?1

So in the above code you will see how I created a custom character set, allowed it to use ALL digits, uppercase, lowercase, and special characters. THEN I made my mask length 15 total length which is the amount of ?1 which specifies to use the custom character set for EACH position.

So with mask attacks you can mix and match anyway you want if you know exact character positions, that will greatly decrease the attack length by specifying more direct attacks. By this I would mean if you knew the 3rd character in the password is a "P" then we can apply that to our mask by simply putting the letter in that position.

Code:
hashcat -a 3 -m xxx -1 ?d?u?l?s hash.file ?1?1P?1?1?1?1?1?1?1?1?1?1?1?1

So now we are realistically only attack 14 length because we have defined the 3rd position is the letter P for ALL guesses. So the more you KNOW about the password the more you can apply to your mask which in theory could make the attack small enough to be feasible. Such things could be knowing each position "could be" a smaller character set such as position 1 being ONLY a digit, or position 15 ONLY being a special character. All these tweaks will shorten the attack and will reduce the total keyspace. But if the password is completely UNKNOWN and you're doing a full bruteforce of all characters, you'll have no chance sorry!
Reply
#3
Thank you! sorry for late reply as I was on vacation.  I created this password my self and wanted to start learning.
Reply
#4
(10-03-2022, 05:29 AM)slyexe Wrote: For a password with that complexity you most likely will have no luck. The keyspace for attacking that length would be decades with even a super computer.

But for learning purposes - Check out mask attack on the wiki! It will describe how to use different characters sets to create bruteforce attacks.

For example, since you have defined it being EXACTLY 15 characters we can eliminate the process of guessing any other lengths which is a great start! However, needing digits (?d), uppercase (?u), lowercase (?l) and special characters (?s) all within the password we need to create what is called a custom character-set. This can be accomplished by using the -1 to -4 parameters which would need to be defined with that specific requirement.

So when you create your attack you will need to include the custom character set with all the above for EVERY location of the 15 total length password.

Code:
hashcat -a 3 -m xxx -1 ?d?u?l?s hash.file ?1?1?1?1?1?1?1?1?1?1?1?1?1?1?1

So in the above code you will see how I created a custom character set, allowed it to use ALL digits, uppercase, lowercase, and special characters. THEN I made my mask length 15 total length which is the amount of ?1 which specifies to use the custom character set for EACH position.

So with mask attacks you can mix and match anyway you want if you know exact character positions, that will greatly decrease the attack length by specifying more direct attacks. By this I would mean if you knew the 3rd character in the password is a "P" then we can apply that to our mask by simply putting the letter in that position.

Code:
hashcat -a 3 -m xxx -1 ?d?u?l?s hash.file ?1?1P?1?1?1?1?1?1?1?1?1?1?1?1

So now we are realistically only attack 14 length because we have defined the 3rd position is the letter P for ALL guesses. So the more you KNOW about the password the more you can apply to your mask which in theory could make the attack small enough to be feasible.  Such things could be knowing each position "could be" a smaller character set such as position 1 being ONLY a digit, or position 15 ONLY being a special character. All these tweaks will shorten the attack and will reduce the total keyspace. But if the password is completely UNKNOWN and you're doing a full bruteforce of all characters, you'll have no chance sorry!

in the mask, what does ?1 mean? because ?1 isn't a charset of anything? 

Also, if say the 3rd position was a P so you put a P, what happens if the 3rd position was actually the number 1? In your case, since the mark is ?1 how does it know that this is actually a 1 in the sequence or if it is an actual mask?

Lets say the example password is "M8Y4S9X5" then which character sets should I include? 
if ?H = 0123456789ABCDEF then does that mean it only goes up to the character "F" ? Or would it still go all the way to Z? I'm confused about that.
Reply