hashcat Forum
How do I use more than 4 custom masks? - Printable Version

+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Support (https://hashcat.net/forum/forum-3.html)
+--- Forum: hashcat (https://hashcat.net/forum/forum-45.html)
+--- Thread: How do I use more than 4 custom masks? (/thread-10356.html)



How do I use more than 4 custom masks? - HostileBlue2020 - 09-28-2021

Hey folks,

First off - apologies if this is commonly asked, I couldn't find it in the docs and I'm not sure what the search would be for what I'm trying to do, I kept getting maskfiles but I don't think that's what I want

I need to use more than one custom set.

e.g.

mask: ?u?l?1?2?3?4?

where:

?1 is '?l?d'
?2 is '_!$'
?3 is 'Gg'
?4 is 'eE3£'
?5 is '{}£$'

In John I would use the '[]' notation i.e. [eE3£] for ?3

Can I do this in hashcat?

Thanks


RE: How do I use more than 4 custom masks? - Snoopy - 09-28-2021

you can only use 4 custom sets, but you could use https://hashcat.net/wiki/doku.php?id=hybrid_attack where the dict just contains the chars from your ?5

OR in fact, your ?2 ?3 ?4 ?5 are a small keyspace (3*2*4*4=96 possibilities), why you dont build up a prebuild dictionary from these chars see hashcat utils combinator and just start with

dict1:
_
!
$
and dict2
G
g

combine them, combine the result with dict3 (your ?4), combine this result with dict4 (your ?5)

and then use this dict in hybrid attack see link above


RE: How do I use more than 4 custom masks? - HostileBlue2020 - 09-28-2021

Thanks Snoopy I'll check it out

I've got a (probably typical problem) where a part of the password is known, but it is known to have substitutions and the whole length is up to 10. The fewer possibilities... the better


RE: How do I use more than 4 custom masks? - Snoopy - 09-29-2021

(09-28-2021, 06:47 PM)HostileBlue2020 Wrote: Thanks Snoopy I'll check it out

I've got a (probably typical problem) where a part of the password is known, but it is known to have substitutions and the whole length is up to 10. The fewer possibilities... the better

substitutions can also be done by rules (mostly in addition with a good wordlist), but in your case (it seems you have a real good clue about the passwordstyle) i think the way i mentioned will be the best approach