Attack with known hints (position unknown) + brutforce for other chars

Attack with known hints (position unknown) + brutforce for other chars - Printable Version

+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Misc (https://hashcat.net/forum/forum-15.html)
+--- Forum: General Talk (https://hashcat.net/forum/forum-33.html)
+--- Thread: Attack with known hints (position unknown) + brutforce for other chars (/thread-11184.html)

Attack with known hints (position unknown) + brutforce for other chars - kazax - 12-11-2022

Hello!

I searched a lot but I did not find a solution to my problem, maybe I did not use the right term, I ask my question here hoping that it is not a duplicate

What is the best approach to crack a password between 10 and 15 characters, I know 1 word of 7 letters (jupiter) and 1 symbol (#) but I don't know their position (can be prefix, suffix or in the middle, word before the symbol or inverse), I have to bruteforce the missing characters with possible letter/number/symbol.

ex (* = bruteforced char):

jupiter*****#
#*****jupiter
***jupiter#**
**jupiter**#*
**#**jupiter*
#***jupiter**
... and so on

is there a way to try all possible position of known elements while bruteforcing the missing chars without specificly generating a wordlist?

and if i need to create a wordlist, this can be done with maskprocessor in a oneshot or i need to create every mask manually and append result to the wordlist?

thank you in advance for your answer

RE: Attack with known hints (position unknown) + brutforce for other chars - b8vr - 12-11-2022

You could build a mask file.
If you expect digits or lowercase on the unknown locations, you could do something like:
?l?d, jupiter?1?1?1?1?1#
?l?d, jupiter?1?1?1?1#?1
?l?d, jupiter?1?1?1#?1?1
......
?l?d, #?1?1?1jupiter?1?1
......
?l?d, ?1?1?1?1?1#jupiter

RE: Attack with known hints (position unknown) + brutforce for other chars - kazax - 12-11-2022

(12-11-2022, 11:14 AM)b8vr Wrote: You could build a mask file.
If you expect digits or lowercase on the unknown locations, you could do something like:
?l?d, jupiter?1?1?1?1?1#
?l?d, jupiter?1?1?1?1#?1
?l?d, jupiter?1?1?1#?1?1
......
?l?d, #?1?1?1jupiter?1?1
......
?l?d, ?1?1?1?1?1#jupiter

yes indeed I think that a mask file remains the simplest approach, I continued to browse the wiki and forum and this is the idea that comes out on similar cases.
I will make a small script to generate all masks covering all cases.

thank you for confirmation Wink