+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Support (https://hashcat.net/forum/forum-3.html)
+--- Forum: hashcat (https://hashcat.net/forum/forum-45.html)
+--- Thread: Need help Mask list (/thread-11650.html)
Need help Mask list - plam07 - 10-11-2023
About 2-3 years ago I made a rar file of the dataset I used in my PhD thesis and put a password on it. Now I need this dataset and I don't remember the password of my rar file.
I've seen that hashcat is a good method, but even if I remember part of my password, I don't fully understand how to create a mask attack.
Can you help me with this?
hash: [Removed by Moderators]
- password length: minimum 9, maximum 12 characters
- the first two or three characters I remember: er or Er or erd or Erd
- The last character should be . or ! but I'm not sure.
- after the first 2 or 3 characters I must have written a number.
That's all I remember about the password. Can you help me to create a mask list for this?
My computer's video card is RTX 3070
RE: Need help Mask list - DanielG - 10-12-2023
Before we make the mask, let’s do some math. Using your restrictions let’s make some best case scenario's.
- password length: minimum 9, maximum 12 characters
- the first two or three characters I remember: er or Er or erd or Erd
- The last character should be . or ! but I'm not sure. * I will assume . or !, and omitting the possibility it is something else
- after the first 2 or 3 characters I must have written a number. * I assume 1 number after Er or Erd
1. First two 'er' or 'Er' + a number + {5 to 9 remaining unknowns} + last char '.' or '!'
2. First three 'erd' or 'Erd' + a number + {4 to 8 remaining unknowns} + last char '.' or '!'
Let's assume that the middle unknowns are all lowercase letters (so no numbers or uppercase letters).
1. is 2*10*26^5 trough 26^9*2 = 225867334035200 total possibilities
2. is 2*10*26^4 trough 26^8*2 = 8687205155200 total possibilities
Added together is 234554539190400 total possibilities giving our optimistic restrictions.
On https://hashcat.net/forum/thread-9607.html we can see a benchmark of a 'Gigabyte 3070 Gaming OC' videocard, this is better or equal to your videocard. This post states:
Quote:Hashmode: 13000 - RAR5 (Iterations: 32799)
Speed.#1.........: 68077 H/s (86.31ms) @ Accel:8 Loops:512 Thr:1024 Vec:1
At the mentioned 68077 Hashes per second your attempt will take 234554539190400 / 68077 seconds, also known as 109.3 years.
I don't think these are enough restrictions to guess your password, if it is a variation of a word you might be better off with some words + a big rule list.