hashcat Forum
Variable mask in the middle of the password - Printable Version

+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Support (https://hashcat.net/forum/forum-3.html)
+--- Forum: hashcat (https://hashcat.net/forum/forum-45.html)
+--- Thread: Variable mask in the middle of the password (/thread-7372.html)



Variable mask in the middle of the password - pkern - 03-17-2018

I have a relatively long string (36 characters plus) that is of the form prefix<password>suffix, where prefix and suffix are completely static. I wanted to use a mask in the middle but I can't seem to figure out from the various documentation if that's actually possible, if I need the mask generator or if there's a smarter way. The best approach for me would be to be able to throw in a dictionary for the middle value first for the easy cases and then do with the mask-based brute force approach. I suppose I can write a rule that does prepend and append at the same time and that's easy. But I can't figure out how to combine that with masks and/or increments. I suppose if I need to implement the incrementing manually on each step that'd be fine though.

Any pointers are appreciated, happy to dig further myself once I know what the right track could be. Thanks!


RE: Variable mask in the middle of the password - undeath - 03-17-2018

All your findings are correct. There is no "native" way to do such a mask attack.


RE: Variable mask in the middle of the password - pkern - 03-17-2018

(03-17-2018, 07:15 PM)undeath Wrote: All your findings are correct. There is no "native" way to do such a mask attack.

But even if there's no native way, how would you approach this? If I try prepend/append rules (i.e. a reversed set of ^s and a set of $s) for the whole thing I end up with something that cannot be used by the OpenCL kernel ("Cannot convert rule for use on OpenCL device"). Apparently because I need to specify too many of them.

AIUI I can't use the maskprocessor either if I want to use a dictionary first because that's just brute-force. Even though that at least would easily support prefix/suffix use. Plus I'd need to have some kind of mutation rule on the input anyway. Is the solution really to try to get something to emit lines fast enough to feed into hashcat as a pipe?


RE: Variable mask in the middle of the password - royce - 03-18-2018

I'm not sure that I fully understand the use case. Can you provide a contrived example?

For at least some part of the attack, you can hard-code a prefix and suffix:

Code:
$ hashcat --stdout -a 3 testtest?l?l?lTESTTEST | head
testtestereTESTTEST
testtestanaTESTTEST
testtestonaTESTTEST
testtestherTESTTEST
testtestterTESTTEST
testtestinaTESTTEST
testtestserTESTTEST
testtestyanTESTTEST
testtestrerTESTTEST
testtestustTESTTEST



RE: Variable mask in the middle of the password - pkern - 03-18-2018

Oh wow, thanks! For some reason I thought that would not work, mostly because I was experimenting with incrementing where it did the wrong thing. But that I really could do manually. And this boosts performance by an order of magnitude or two over mp64 (which isn't surprising, really).

Which only leaves the question if this is somehow combinable with a word list as well. Doing a pass with a rule adjusted word list would be helpful, I guess. I suppose in the worst case I could do the --stdout bits and then pre-process the lines with sed, although having just observed the speedup hashcat has when it knows about the data I'm a bit more reluctant to do that. ;-) I'd need to at least outsource something to the rule engine...


RE: Variable mask in the middle of the password - undeath - 03-18-2018

You already mentioned the solution for dicts in your first post: write a rule to append/prepend your suffix/prefix.