hashcat Forum
Parameters for passwords - Printable Version

+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Support (https://hashcat.net/forum/forum-3.html)
+--- Forum: hashcat (https://hashcat.net/forum/forum-45.html)
+--- Thread: Parameters for passwords (/thread-5770.html)

Parameters for passwords - godcandy - 08-18-2016

I am new to hashcat and would like to get some guidance.  I am using a hybrid attack using a dictionary with a mask on the end.  I would like to limit the attack to 8-10 character passwords as to not waste to much cpu power just to verify my users are using good passwords.  I need to know how to add a variable length mask and restrict it to create a password similar to "Max12345" by using the dictionary to push out the words and then tagging on the random digits with characters on the end.  These are windows passwords and thus are required to have complexity and meet a requirement of 8 characters.  Most users only do the minimum as we are all aware so I suspect it will be pretty easy to get most users.

Thanks in advance

RE: Parameters for passwords - atom - 08-19-2016

If you use -a 6 hybrid attack that means you have a mask. The mask will add N length to the candidates, depending on your mask. Means if you subtract that length from your maximum password length, all you need to do is to filter the input wordlist for that size. You can use -j parameter with the < rule, see rule pages on wiki