Mix of --hex-charset and non hex ?

Mix of --hex-charset and non hex ? - Printable Version

+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Support (https://hashcat.net/forum/forum-3.html)
+--- Forum: hashcat (https://hashcat.net/forum/forum-45.html)
+--- Thread: Mix of --hex-charset and non hex ? (/thread-7377.html)

Mix of --hex-charset and non hex ? - Mem5 - 03-18-2018

Hi,

I would like to crack this kind of password :

Code:
user\trandom

"user" is constant
"\t" : tab : 0x09
"random" : password I want to guess, i.e. in my wordlists
I tried :

Quote:hashcat -a 7 -1 "user" --hex-charset -2 09 hashfile ?1?2?a?a?a?a?a?a words.dic

Results :

Code:
Invalid hex character detected in mask user

How can I mix the ascii charset with hex charset ?
Thank you.

RE: Mix of --hex-charset and non hex ? - undeath - 03-18-2018

1. that's not how custom charsets work
2. convert each letter in user to its ascii hex representation

RE: Mix of --hex-charset and non hex ? - Mem5 - 03-18-2018

Thanks for your answer. I converted ascii in to hex.
Do you mean I will have more success with a combinator attack instead ?

RE: Mix of --hex-charset and non hex ? - undeath - 03-18-2018

A charset is, as the name implies, a set of chars. Defining a string as charset is not going to do what you want.

RE: Mix of --hex-charset and non hex ? - Mem5 - 03-18-2018

Yes.
So i need to put 'user\n' in a file and combine it with another wordlist?

RE: Mix of --hex-charset and non hex ? - undeath - 03-18-2018

You can use the mask attack but you cannot specify the user in a custom charset.

RE: Mix of --hex-charset and non hex ? - philsmd - 03-18-2018

Just to make sure that other users interested in something like this do not choose a wrong approach to do these types of attacks: if you are cracking a "salted" hash, you should use the corresponding hash modes if available.

Therefore for -m 0, if you have an algorithm that uses md5 ($salt . $pass) ... you should use -m 20 of course (see https://hashcat.net/wiki/doku.php?id=example_hashes).

In your specific case for -m 0 and md5 ($salt . $pass) you should use hashes like this:
hash:user[TAB]

where [TAB] needs to be replaced by the tabulator character (0x09) and "user[TAB]" is the salt in this case.
Of course, this type of attack only works if a corresponding salted hash algorithm is available in hahscat.

RE: Mix of --hex-charset and non hex ? - Mem5 - 03-20-2018

It works well, thanks.
I would add to your good answer the use of --hex-salt for hex-salt support for the hashfile, in my case.