hashcat Forum
Best approch to a long password with known characters and other qualifiers - Printable Version

+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Support (https://hashcat.net/forum/forum-3.html)
+--- Forum: hashcat (https://hashcat.net/forum/forum-45.html)
+--- Thread: Best approch to a long password with known characters and other qualifiers (/thread-12147.html)

Best approch to a long password with known characters and other qualifiers - IzzyWorks - 09-05-2024

Hello, I am not technical. I have a zip file I cannot open, and I would like some help configuring the attack. 

Here is what I know
  • My password contains a known movie quote, 
  • The quote is followed by an unknown/forgotten/misspelt word, 
  • This is followed up by two known number characters and a special character.
  • The unknown/forgotten/misspelt word is a single word, all in lowercase
  • There is the possibility the unknown/forgotten/misspelled word is the name of a product.
  • The unknown/forgotten/misspelt word is between 4 and 14 characters and is more likely to be between 5 and 10. 
I am curious if the search can fan out from searching for 5 characters words first to 6, then back to 4, then 7, and then exhaust the search until 14 characters. 

Thank you, everyone, for any input and help you can provide.

RE: Best approch to a long password with known characters and other qualifiers - Snoopy - 09-09-2024

the mainproblem is the misspelled word, using rules to modify candidates will also modify your quote

so the best approach i can think of is the following

take a look at this thread https://hashcat.net/forum/thread-7195.html, the rules for swapping and substitutions are shown and explained 

get yourself a wordlist with words of your language and or productnames (or you scrape this data from the web, wikipedia overview lists are some good starting point)

use the desired rules and pregenerate a second wordlist with also misspelled words, at this point there more than one possibilities

1. using combinator attack with wordlist 1 (only with your quote) wordlist 2 (the one with misspelled words) plus using -k for applying a rule for adding your numbers and special char

2. dictionary attack, adding your quote to the front of wordlist 2 and using rules to add your numbers and special char

3. hybrid attack adding your quote to the front of wordlist 2 and use a mask to add your numbers and special char

4. adding your quote to the front of wordlist 2 and using rules to add your numbers and special char outputting a third wordlist and just use this list as input