+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Support (https://hashcat.net/forum/forum-3.html)
+--- Forum: hashcat (https://hashcat.net/forum/forum-45.html)
+--- Thread: custom wordlist & hmask (/thread-11457.html)
custom wordlist & hmask - hewer - 06-14-2023
hash (SSHA format like: {SSHA}4EBG6UG97gnFknr9A0CRqEQBQdFnQ1JlYTdsTg==)
mask.hcmask (content)
?d?d
?d?d?d
?d?d?d?d
?d?d?d?d?d
?d?d?l?l?d
wlist.txt (content)
Serverless
Innocu
GRANdeur
trackinG
Hotel
moTel
hashcat (command)
hashcat -m 111 hash -a 3 --force --stdout mask.hcmask wlist.txt
The stdout at run time shows:
91135507
44235507
56235507
...etc
Actually, according to the command options every single hashcat attempt should be something like:
Serverless91135507
...etc
In a nutshell every line of wlist.txt should be combined with an hmask entry
Is that possible? I mean I'd like to use a custom wordlist where to every single entry should be appended an hmask attempt
what's wrong with what I'm doing?
thanks in advance
RE: custom wordlist & hmask - Snoopy - 06-14-2023
first, NEVER EVER USE --force (this can lead to wrong hashcomputing and thus wrong passes -> total garbage)
for the rest:
attack mode 3 is plain bruteforce, so your wlist.txt is skipped without warning
you are looking for https://hashcat.net/wiki/doku.php?id=hybrid_attack
attack mode 6 and be aware of the right order for the options in attack mode 6 -> dict then mask/maskfile
last:
when using --stdout yout dont need to provide an hash just try
hashcat -a6 --stdout wlist.txt mask.hcmask
RE: custom wordlist & hmask - aikiuslik - 06-14-2023
serverless116 but stop posting hashes here.
RE: custom wordlist & hmask - hewer - 06-15-2023
(06-14-2023, 09:45 PM)aikiuslik Wrote: serverless116 but stop posting hashes here.that was just a test...anyway I'll stick to it thanks
RE: custom wordlist & hmask - hewer - 06-15-2023
(06-14-2023, 06:50 PM)Snoopy Wrote: first, NEVER EVER USE --force (this can lead to wrong hashcomputing and thus wrong passes -> total garbage)
for the rest:
attack mode 3 is plain bruteforce, so your wlist.txt is skipped without warning
you are looking for https://hashcat.net/wiki/doku.php?id=hybrid_attack
attack mode 6 and be aware of the right order for the options in attack mode 6 -> dict then mask/maskfile
last:
when using --stdout yout dont need to provide an hash just try
hashcat -a6 --stdout wlist.txt mask.hcmask
many thanks
it works like a charm
a few questions:
if using --stdout specifying the hash name is somewhat useless...right?
-a6 can that option be applied to any type of hash? in this case it was SSHA (salt+passwd)..I mean ..earlier my comamnd was -m 111 because that was the
right flag for that type of hash
RE: custom wordlist & hmask - Snoopy - 06-15-2023
Every attack mode can applied to every hashtype.
--stdout just for showing what kind of passwords will be generated, no need for a hash or attackmode