Hashcat bruteforcing with special rules - Printable Version +- hashcat Forum (https://hashcat.net/forum) +-- Forum: Support (https://hashcat.net/forum/forum-3.html) +--- Forum: hashcat (https://hashcat.net/forum/forum-45.html) +--- Thread: Hashcat bruteforcing with special rules (/thread-4239.html) Pages:
1
2
|
Hashcat bruteforcing with special rules - MultiFilm - 04-01-2015 Hello, I am a hashcat noob but I need some help. I forgot my Truecrypt Countainer Password and need to crack it now. It has 37-41 Characters. The good news I know the last 20 Characters and the first 4 excatly. I know the 6th Position it's a "," or ".". And I know the 5th Position could be one letter or nothing, than the 6th Position would be the 6th Position. I also know between 5/6 till 20/21th Position are two static phrases. One is like that "HuW" and one is like that "84839", the rest is out of 6 Characters. Example how it could look like: !Ii!,HuW;,.H).84839..123456789+'+uHdbHDhE or maybe: !Ii!c.HuW;,HH).84839..123456789+'+uHdbHDhE (don't worry I changed up here things, thats now how my password look like, but it's an example for configuration.) I did some math and cam out that it can get cracked in less than a day with a Amd 290x. I need now help to get the configuration right. Here is an example how it would look like in OTFBrutus. !Ii![c]{0-1}[\.\,]{1}["HuW" \;\.\-\_\)\: "84839"]{6-10}123456789+'+uHdbHDhE OTFBrutus said it would be 4908384256 combinations. (4908384256 / 500000 / 60 / 60 = 2,72 h) the password can only get cracked in a good time, if 84839 and HuW are threated like a static phrases "in way like a character (from the math side"). Thank you very much! RE: Hashcat bruteforcing with spezial rules - epixoip - 04-01-2015 Do not request help cracking a hash or offer a cash reward. This is against the forum rules. Basically what you are looking for here is a mask attack. http://hashcat.net/wiki/doku.php?id=mask_attack The static portions of your password will be static in your mask. For the unknown portions you'll use custom charsets. RE: Hashcat bruteforcing with spezial rules - MultiFilm - 04-01-2015 Thank you bro for the fast answer. I didn't want to break the rules here, I didn't know that. Can you set this up for me please? I would really really appreciate that! €dit: What about this: "I know the 6th Position it's a "," or ".". And I know the 5th Position could be one letter or nothing, than the 6th Position would be the 6th Position." RE: Hashcat bruteforcing with spezial rules - epixoip - 04-01-2015 You will need multiple masks to accomplish this, so you should probably use an hcmask file. I will help you construct one mask. You will need to construct the others. -1 '.,' -2 ';.-_):' '!Ii!?1HuW?1?184839123456789+'\''+uHdbHDhE' RE: Hashcat bruteforcing with spezial rules - MultiFilm - 04-01-2015 Why did you do it like that? I don't understand. this part is almost known: !Ii!c. could be also !Ii!c, or !Ii!, !Ii!c, and this part is really known: 123456789+'+uHdbHDhE everything between is almost unknow except the charset and the static combination 84839 and HuW but it could also be hUw. In this middle part could be up to 6-10 characters, if you cound 84839 and HuW as one character (if you count 84839 and HuW as 5 and 3 characters in this middle part is than a total of between 16 and 12). And in this middle part is a charset of 6-7 chars. Did you maybe misunderstood my question? Or did I missunderstood you? €dit: and one thing more that I know, HuW definetly appears only one time in this middle part and 84839 also appears one time in the middle part. RE: Hashcat bruteforcing with spezial rules - kartan - 04-01-2015 If you put the same amount of energy in just writing the mask instead of describing what you want you actually would get it faster. Epix gave you a good example. RE: Hashcat bruteforcing with spezial rules - MultiFilm - 04-01-2015 I don't see in his examples how "HuW" and "84839" rotate in this case? I don't know where HuW and 84839 are. First could come 84839 and than HuW or different way. And I don't know whats between them. I just know they are between beginning and end (middle) and I know this middle part has with this 2 phrases (12-16 chars if you count them as one char -> 6-10) €dit: I am just despread. I need your help! RE: Hashcat bruteforcing with spezial rules - MultiFilm - 04-01-2015 Is it somehow possible to set up a charset where this 2 static phrases are recognized as a char (even they aren't)? than it would be 8 chars in the middle -1 '.,' -2 ';.-_):"HuW" "84839"' '!Ii!?1?2?2?2?2?2?2?2?2123456789+'\''+uHdbHDhE' -1 '.,' -2 ';.-_):"HuW" "84839"' '!Ii!c?1?2?2?2?2?2?2?2?2123456789+'\''+uHdbHDhE' 9 chars in the middle -1 '.,' -2 ';.-_):"HuW" "84839"' '!Ii!?1?2?2?2?2?2?2?2?2?2123456789+'\''+uHdbHDhE' -1 '.,' -2 ';.-_):"HuW" "84839"' '!Ii!c?1?2?2?2?2?2?2?2?2?2123456789+'\''+uHdbHDhE' 10 chars in the middle -1 '.,' -2 ';.-_):"HuW" "84839"' '!Ii!?1?2?2?2?2?2?2?2?2?2?2123456789+'\''+uHdbHDhE' -1 '.,' -2 ';.-_):"HuW" "84839"' '!Ii!c?1?2?2?2?2?2?2?2?2?2?2123456789+'\''+uHdbHDhE' or? But is it possible to put a static phrase in a charset? and the other question is it possible to let this run in a queque? Or do I have to start every mask new? €dit: my problem is how can I bring this two static phrases in a charset? And how can I run this automatically? €dit2: Ahhh I guess I know what you know mean with hcmask. I have to create something like that: 5 x ?2 -1 '.,' -2 ';.-_):' '!Ii!?1HuW18483?2?2?2?2?2123456789+'\''+uHdbHDhE' -1 '.,' -2 ';.-_):' '!Ii!?1HuW?218483?2?2?2?2123456789+'\''+uHdbHDhE' -1 '.,' -2 ';.-_):' '!Ii!?1HuW?2?218483?2?2?2123456789+'\''+uHdbHDhE' ... -1 '.,' -2 ';.-_):' '!Ii!?1HuW?2?2?2?2?218483123456789+'\''+uHdbHDhE' ... -1 '.,' -2 ';.-_):' '!Ii!?1?2?2?2?2?218483HuW123456789+'\''+uHdbHDhE' Am I right? And than again repeat this with 6 x ?2 and 7 x ?2 and 8 x ?2 Is that correct? If this is right and I created that file, how can I execute it with oclHashcat? RE: Hashcat bruteforcing with special rules - epixoip - 04-01-2015 Those masks are looking good. Unfortunately since your custom charset includes a comma, and hcmasks use commas to separate fields, an hcmask file would not work. So what you'll need to do is run each of these masks one-by-one with hashcat. It's probably best to script this out. RE: Hashcat bruteforcing with special rules - MultiFilm - 04-01-2015 No way I just already started to do this masks. This are a lot of masks, I can't start them one by one. Isn't there a way around like you did with the ' ? I can't script that, can you help me please? €dit: 2 more questions: 1.) How does a command look like for TC AES (RipeMD) with hcmaks? 2.) Which OS would work best with a AMD R9 290x? ahh and a 3rd one: is a slash / also a Problem for hashcat if it appears? €dit3: I found this in the Documention: "- \, means that the comma should be used literally (not a separator between ?1, ?2, ?3, ?4 or mask)" but you right, the problem is that is in the custom charset. What can I do? :/ €dit4: would the command be this: ./oclHashcat-plus64.bin -m 6211 -a 3 -n 32 /root/desktop/countainer.tc -1 '.,' -2 ';,.-_):' '!Ii!?1HuW18483?2?2?2?2?2123456789+'\''+uHdbHDhE' -o /root/desktop/found/found.txt or is something missing? |