rules in combination attack - Printable Version +- hashcat Forum (https://hashcat.net/forum) +-- Forum: Deprecated; Previous versions (https://hashcat.net/forum/forum-29.html) +--- Forum: General Help (https://hashcat.net/forum/forum-8.html) +--- Thread: rules in combination attack (/thread-4605.html) |
rules in combination attack - xeb - 08-14-2015 Hi there, thanks for building this great software :-) I have an old truecrypt container without a password - but I know it shoud be a combination of some of my other passwords concated with "+*-$" or whatever. So I wrote everything I remembered into a file and used a shell script to combine everything with everything to deepth 3 = - ~50 Lines ^ 3 possibilities. I use this same list for left and right in a combination attack = 50^6 possible combinations. Works fine, I only have one problem - I know my password is rather long (> 16 Chars), but I only can set rules for left and right seperately. I'd like to have a rule to reject all combined passwords <= 16 chars since passwords like *----* are useless to me. Rule file is only supported with -a 0 My current command line looks like this (to sort out at least the obvious crap): oclHashcat64.exe -m 6211 -a 1 container.tc left.txt right.txt -j ">6" -k ">6" Any idea to optimize this thing? I fear I have to remember some more passwords and try again (perhaps with depth 4 on both sides) and it would be very usefull to drop the crap instead of trying every possible combination... RE: rules in combination attack - inoo - 08-15-2015 in my experience, no ruled oclHashcat is more faster in slow hashes so I think below command is suitable for truecrypt hash combinator.bin dict1.txt dict2.txt | len.bin 12 50 | \ oclHashcat64.bin -a 0 -m 6211 container.tc ps) It could specify rule(s) in oclHashcat phrase ( -a 0 -r best64.rule -r behind.rule for example ) if you need RE: rules in combination attack - xeb - 08-15-2015 Thanks for this first idea :-) ... I slept over the problem, there should be much more possible optimisation. The first file looked like Code: . The password should look like passx{one or two concats}passy{one or two concats}passz I'm quite sure if there are two concats between passx and passy there should be only one betweeen passy and passz (or only one concat in both cases? argh!) so I used the two dictionarys up to depth 3. passx passy and passz are different passphrases, no passx passx passy combination. There are ~15 different possible concats (!"$%&/\?=+#'-_.:, and ~40 possible passwords. I think it should be possible to create a dictionary using the utilites, but it won't fit on any harddisk :-( The Number of combinations would shrink dramatically, from 55^6 = 27680640625 to 40 * 15 * 40 * 15 * 40 + 40 * 15 * 15 * 40 * 15 *40 = 230400000, that's less than 1% I read the wiki but have no idea how to realize this on runtime... Edit: even less since it would be 40*39*38, no two same passwords... Edit2: ok, think I got it - lot of manual work, passwords one file, seperators other file and massive use of combinator and combinator3 into new files which are then combinator3ed to hashcat... |