+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Support (https://hashcat.net/forum/forum-3.html)
+--- Forum: hashcat (https://hashcat.net/forum/forum-45.html)
+--- Thread: How do I use more than 4 custom masks? (/thread-10356.html)
How do I use more than 4 custom masks? - HostileBlue2020 - 09-28-2021
Hey folks,
First off - apologies if this is commonly asked, I couldn't find it in the docs and I'm not sure what the search would be for what I'm trying to do, I kept getting maskfiles but I don't think that's what I want
I need to use more than one custom set.
e.g.
mask: ?u?l?1?2?3?4?
where:
?1 is '?l?d'
?2 is '_!$'
?3 is 'Gg'
?4 is 'eE3£'
?5 is '{}£$'
In John I would use the '[]' notation i.e. [eE3£] for ?3
Can I do this in hashcat?
Thanks
RE: How do I use more than 4 custom masks? - Snoopy - 09-28-2021
you can only use 4 custom sets, but you could use https://hashcat.net/wiki/doku.php?id=hybrid_attack where the dict just contains the chars from your ?5
OR in fact, your ?2 ?3 ?4 ?5 are a small keyspace (3*2*4*4=96 possibilities), why you dont build up a prebuild dictionary from these chars see hashcat utils combinator and just start with
dict1:
_
!
$
and dict2
G
g
combine them, combine the result with dict3 (your ?4), combine this result with dict4 (your ?5)
and then use this dict in hybrid attack see link above
RE: How do I use more than 4 custom masks? - HostileBlue2020 - 09-28-2021
Thanks Snoopy I'll check it out
I've got a (probably typical problem) where a part of the password is known, but it is known to have substitutions and the whole length is up to 10. The fewer possibilities... the better
RE: How do I use more than 4 custom masks? - Snoopy - 09-29-2021
(09-28-2021, 06:47 PM)HostileBlue2020 Wrote: Thanks Snoopy I'll check it out
I've got a (probably typical problem) where a part of the password is known, but it is known to have substitutions and the whole length is up to 10. The fewer possibilities... the better
substitutions can also be done by rules (mostly in addition with a good wordlist), but in your case (it seems you have a real good clue about the passwordstyle) i think the way i mentioned will be the best approach