hashcat Forum
Brute force mask - Printable Version

+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Misc (https://hashcat.net/forum/forum-15.html)
+--- Forum: User Contributions (https://hashcat.net/forum/forum-25.html)
+--- Thread: Brute force mask (/thread-11337.html)



Brute force mask - KR2615 - 03-05-2023

Hi. I got an HDD encrypted by luksCrypt using over 40 chars passphrase. I've gotten this password. Not at all but I badly remember one or two characters. For example my password is:

$BW5eLqAEKYw\:26l,`WSNle\q3R,39Z?:*.cIQi

How can I do a brute force attack on it testing:

1. Upper/lower cases variations:
$Bw5eLqAEKYw\:26l,`WSNle\q3R,39Z?:*.cIQi
$bW5eLqAEKYw\:26l,`WSNle\q3R,39Z?:*.cIQi
and so on.

2. All 1337 variations ( 3 instead of E, 1 instead of i and so on), example:
$BW5eLqA3KYw\:26l,`WSNle\q3R,39Z?:*.cIQi

3. All Shift button variations, example 4 instead of $, / instead of ? and so on

4. All other missclick/misspress of buttons, example A, W, D instead of each S in my pass, j,m,l,o,i,u instead of k and so on.

Is there any pattern?
Thanks in advance for your reply
Best regards


RE: Brute force mask - marc1n - 03-05-2023

Brute force 40 chars? I think it's too much of a combination to crack.


RE: Brute force mask - KR2615 - 03-05-2023

I realize that. But if there's only 160 possible mistakes (4 rules * 40 chars) if there's only one mistake or 25600 combination (if I took two mistakes) it is possible.


RE: Brute force mask - Snoopy - 03-06-2023

(03-05-2023, 06:33 PM)KR2615 Wrote: I realize that. But if there's only 160 possible mistakes (4 rules * 40 chars) if there's only one mistake or 25600 combination (if I took two mistakes) it is possible.

well yes/no

i'll give you a start, toggling rule is T* ,* is index 0-9 and A-Z so max possibilities 36 and thus maximum lenght for password 36, BUT you have to consider all combinations of toggling, just toggling one char at position x easy peasy, toggling 2 chars at positions x and y would be 36*36, three positions 36*36*36 and so on, you can generate these like this, i removed the spaces between T to reduce storage consumption but lets have some math fun with this
count 3
hashcat --stdout -a3 -1 ?d?u "T?1T?1T?1" >> rules.file

basic math for ruleset of toggling all possibilities for char-count of count "lenght" would be 36^lenght *((lenght*2)+2 bytes), count is also the number of the rules combined

combinations for count 6
36^6 * ((6*2)+2) bytes = ~30 GB
count 7
36^7 * ((7*2)+2 bytes) = 1253 GB

i think you guess how fast this ruleset will grow when you do more combinations

your 1337 and shift indeed could be thought very small, as hashcat rules only provide the option to replace all occurences of X with Y

so for shifting its 10 rules, for leet it is also very small, depending on "how leet" you will be, c with ( and so on

instead of of toggling chars per position you could use replace for your chars too, which will reduce your basic ruleset but you have to consider this will replace/toggle ALL chars of one type, take a look at the "e", replace would be all e to E or all E to e, but no combinations of just first e, only second e and so on

$BW5eLqAEKYw\:26l,`WSNle\q3R,39Z?:*.cIQi

BUT again, you have to consider all combinations of these single rules, just replacing i with 1, no problem, but when it comes to combinations of combinations like, replacing i with 1, e with 3 but not c with ( but toggling/replace char w/W and this for all possible chars a-z, well this ruleset will also grow very fast and consume more storage than we ever produced