Desperate Pleb bidding for help - Printable Version +- hashcat Forum (https://hashcat.net/forum) +-- Forum: Support (https://hashcat.net/forum/forum-3.html) +--- Forum: hashcat (https://hashcat.net/forum/forum-45.html) +--- Thread: Desperate Pleb bidding for help (/thread-6186.html) |
Desperate Pleb bidding for help - desperatenoob - 01-06-2017 Hey guys, I'm sure you get posts like this a lot, but I'm incredibly desperate and don't know where else to turn. I won't break the rules by asking anyone to crack my hash, but I am more than willing to amply compensate bitcoin to anyone willing to take time out of their day to walk me through this problem I've been working on for the last 3 days. Here's the problem: I'm locked out of an old veracrypt container. I don't remember exactly which ciphers I used, but I was pretty paranoid at the time and feel like I may have used the cascading thing. The password is like 16-27 characters long, BUT I know like 90% of it. Or at least enough of it to make bruteforcing the remainder feasible. Here's what I know: The meat of the password is something like "KTKTKT07xx$$" Where I know 'KT' is repeated 3 times, I know 07 is in there at least once, but maybe also appears again before the 'KT' I am fairly certain 'x' and '$' are in there too, but I don't remember how often, though I know not more than 4 times in a row but there could be variations like: "x07xKTxKTxKTx07x$$" or "KTKTKT07xxx$" or even possibly "x07xKTx$KTx$KTx$07x Does this make sense? Anyway, to compound these possibilities, I also know that on either side of this password is '?Word?' and '?WORD?' Its the same word on either side, but I don't know which side is all caps. I also know that '?' is either a '3' or a '#' or else nothing, but which ever side has the '3' the other side has the '#'. I don't think I'm explaining this clearly, But there are only 16 possibilities here: 3WordPasswordWORD# 3WordPassword#WORD 3WORDPasswordWord# 3WORDPassword#Word WORD3Password#Word WORD3PassswordWord# Word3PasswordWORD# Word3Password#WORD #WordPasswordWORD3 #WordPassword3WORD #WORDPasswordWord3 #WORDPassword3Word WORD#PasswordWord3 WORD#Password3Word Word#Password3WORD Word#PasswordWORD3 That's it. dammit now the word 'word' looks weird to me. There's a very small possibility that the main password has '123' instead of xxx or even ABC or !@# but if it was it would be sequential and no longer than 3 chars (!@# is just 123 holding shift on my keyboard) Anyway, I'm completely lost as to how to feed hashcat the right veracrypt hash, let alone create the right rules. I've made up a list, after racking my brain, of all the possible main password combinations I might have used so I was thinking I could start by using that as a wordlist in combination with a mask. But dammit I'm overwhelmed and stressing out just crazy desperate, its hard to think straight about things, let alone learn how to use sophisticated hacking programs If anyone can help me, or can point me to someone who can help, I'd be so grateful RE: Desperate Pleb bidding for help - duhblow7 - 01-07-2017 extract your veracrypt hash. https://hashcat.net/wiki/frequently_asked_questions#how_do_i_extract_the_hashes_from_truecrypt_volumes the mask attacks will not be able to fulfill all of the variations you have proposed but it may fulfill a few. i think your best bet would be to come up with a script to generate a few hundred if not a few thousand mask attacks to cover all of the crazy variations you can come up with being a possibility. because you are so specific it doesn't seem like each mask attack would have a large keyspace. there better be a huge wallet.dat file chilling on there because this is a lot of work. RE: Desperate Pleb bidding for help - desperatenoob - 01-08-2017 (01-07-2017, 12:08 AM)duhblow7 Wrote: extract your veracrypt hash. Ok so I think I've finally (6 hours of learning dd later) got the hash extracted, but I couldn't be sure whether or not I'd made it a hidden container so I guess I have to just run hashcat on both the first 512bytes and the 512bytes after the first 64k? There's no way to know? The guy in this blog: http://www.williamkent.io/2016/09/11/how-i-recovered-my-password-from-veracrypt/ says he used python to generate his wordlist kind of like you mentioned, although his password sounded like it required a much simpler process. And yea, the file is pretty fat. Enough so that I would thankfully throw a couple month's wages at it RE: Desperate Pleb bidding for help - miccee - 01-08-2017 can you do mask attack with custom mask like Code: ?1WORD?2?2?2?2?2?2?2?2?2?2?2?2WORD?1 -1=3# -2=KT07x$ RE: Desperate Pleb bidding for help - desperatenoob - 01-08-2017 (01-08-2017, 07:54 AM)miccee Wrote: can you do mask attack with custom mask like Ok.. That seems like it might take a really long time though. I was hoping I could eliminate some more possibilities. Maybe make a couple word lists like: List 1: KTKTKT KT 07 And then List 2: Word3 WORD# etc.. And then do a combination attack with a mask on the first list like: ???KT??KT??KT??????? And append list 2 to either side. Can you make a charset that includes a blank? I don't know, my coding experience is limited to a LISP class I took 12 years ago. RE: Desperate Pleb bidding for help - miccee - 01-08-2017 (01-08-2017, 09:43 AM)desperatenoob Wrote:(01-08-2017, 07:54 AM)miccee Wrote: can you do mask attack with custom mask like Code: echo $'3Word\n3WORD\n#Word\n#WORD\nWord\nWORD\n' > prepend.txt Code: crunch 16 18 -p KT KT KT 07 x x x x '$' '$' '$' '$' > password.txt Code: echo $'Word3\nWORD3\nWord#\nWORD#\nWord\nWORD\n' > append.txt Code: ./combinator3.bin prepend.txt password.txt append.txt > prepend_password_append.txt The problem with this is your password... all these combined would have a significant amount of hashes The other solution is making both prepend.txt and append.txt into rule and you just have to mess with password.txt and insert the rule. I wonder if anyone else has a better idea. |