Struggling with syntax for brute force mask

Struggling with syntax for brute force mask - Printable Version

+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Developer (https://hashcat.net/forum/forum-39.html)
+--- Forum: hashcat (https://hashcat.net/forum/forum-40.html)
+--- Thread: Struggling with syntax for brute force mask (/thread-10678.html)

Struggling with syntax for brute force mask - marshedpotato - 03-22-2022

Hello, first time attempting something like this

Am currently locked out of an MS Office 2010 document that is encrypted with a password

I managed to install The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali) Linux and use a Python script to get the hash from the document. ($office$*2010*100000*128*16) hash mode 9500.

I ran hashcat using hash mode 9500 and a dictionary attack using rockyou.txt word list.

Unfortunately this did not find the password, so I tried to do brute force instead. But the password is likely to be quite long. We think 9 or 10 characters. this will take weeks with my hardware, so I would like to use a mask to reduce the running time.

What we know:
The password is likely to contain one or two of these 3 words/numbers: review, contract, 2018
The order/position of the word(s)/numbers is unknown
The casing of the words is unknown
It is unlikely that there will be any special characters outside alphabet letters and numbers 2018

I have been reading the documentation on masks but haven't been able to write one in a way that catches everything in my criteria. Is anyone able to help? Many thanks in advance

RE: Struggling with syntax for brute force mask - Snoopy - 03-22-2022

i think you are looking more for combinator attack + rules, if you really want to use mask -> maskfile you have to generate a really huge maskfile like this

maskfiles work linebased, each line is one mask 4 customcharset possible, devided by , so
CS1,MASK
?l?u?d,?1review
means prepend 1 lower or upper or digit before review
?l?u?d,?1?1review
means prepend 2 lower or upper or digit (mixed) before review

just for review
maskfile

Code:
?l?u?d,?1review

?l?u?d,?1?1review

?l?u?d,?1?1?1review

?l?u?d,?1?1?1?1review

?l?u?d,review?1

?l?u?d,review?1?1

?l?u?d,review?1?1?1

?l?u?d,review?1?1?1?1

?l?u?d,?1Review

?l?u?d,?1?1Review

?l?u?d,?1?1?1Review

?l?u?d,?1?1?1?1Review

?l?u?d,Review?1

?l?u?d,Review?1?1

?l?u?d,Review?1?1?1

?l?u?d,Review?1?1?1?1

you will see this will be quite a really huge task to build up these maskfile, but you can use hashcat utils to help you a little

try the following
testdic (i assume no real mixing of upper lower inside one word, if you want this too, you have to add this)

Code:
review

Review

REVIEW

contract

Contract

CONTRACT

2018

combinator testdic testdic > testdic2
combinator3 testdic testdic testdic > testdic3

cat testdic testdic2 testdic3 > fulldic

this will give you all combinations from these words, with this list you could start building up your maskfile

i would use a good editor like sublime text where you can edit multiple lines (str+alt) in one step

or you can try fulldic with rules (this should be a fast run, so i would start with this anyway) -a0 -r dive.rule

RE: Struggling with syntax for brute force mask - marshedpotato - 03-23-2022

(03-22-2022, 08:28 PM)Snoopy Wrote: i think you are looking more for combinator attack + rules, if you really want to use mask -> maskfile you have to generate a really huge maskfile like this

maskfiles work linebased, each line is one mask 4 customcharset possible, devided by , so
CS1,MASK
?l?u?d,?1review
means prepend 1 lower or upper or digit before review
?l?u?d,?1?1review
means prepend 2 lower or upper or digit (mixed) before review

just for review
maskfile

Code:
?l?u?d,?1review ?l?u?d,?1?1review ?l?u?d,?1?1?1review ?l?u?d,?1?1?1?1review ?l?u?d,review?1 ?l?u?d,review?1?1 ?l?u?d,review?1?1?1 ?l?u?d,review?1?1?1?1 ?l?u?d,?1Review ?l?u?d,?1?1Review ?l?u?d,?1?1?1Review ?l?u?d,?1?1?1?1Review ?l?u?d,Review?1 ?l?u?d,Review?1?1 ?l?u?d,Review?1?1?1 ?l?u?d,Review?1?1?1?1

you will see this will be quite a really huge task to build up these maskfile, but you can use hashcat utils to help you a little

try the following
testdic (i assume no real mixing of upper lower inside one word, if you want this too, you have to add this)

Code:
review Review REVIEW contract Contract CONTRACT 2018

combinator testdic testdic > testdic2
combinator3 testdic testdic testdic > testdic3

cat testdic testdic2 testdic3 > fulldic

this will give you all combinations from these words, with this list you could start building up your maskfile

i would use a good editor like sublime text where you can edit multiple lines (str+alt) in one step

or you can try fulldic with rules (this should be a fast run, so i would start with this anyway) -a0 -r dive.rule

thank you for taking the time to write this, you went into a lot more detail than i would have expected from someone on a free forum. i really appreciate it. you've certainly given me a point in the right direction and i'm going to experiment with your suggestions. thanks again!

RE: Struggling with syntax for brute force mask - marshedpotato - 03-23-2022

i'm in! combinator attack using a dictionary i created using your suggestion did the trick in a matter of seconds. thanks so much!