Hashcating 7z passw - Printable Version +- hashcat Forum (https://hashcat.net/forum) +-- Forum: Support (https://hashcat.net/forum/forum-3.html) +--- Forum: hashcat (https://hashcat.net/forum/forum-45.html) +--- Thread: Hashcating 7z passw (/thread-9168.html) |
Hashcating 7z passw - angelicoq - 04-27-2020 Hi all, I've been pointed to this tool and forum on reddit. As way of short background story, I got myself in a bit of a predicament. Namely, I managed to mistype something in a 45 letter password I usually use when creating my .7z data backups. After making the archive I deleted the original files and can no longer recover them. Now, this is not the first time I typed the password wrong when doing it fast, but this is the first time I checked fast and didn't see the error in the typed password when creating the archive, so it is possible that:
I am absolutely sure in first 15 and last 10 letters of the password. I never get those wrong. That means I have to guess where I made the mistake in the middle part of typed password (20 lowercase letters) so I can unlock the archive. As I know only the very basics of this area, I'm currently needing assistance with: 1. When I extract hash of the 7z archive with 7z2hashcat64-1.3 utility (89752 characters long), Hashcat gives me a "Token length exception" error. What am I doing wrong here? Do I need another utility to extract the password hash? 2. From what I gather I would need to run a mask attack with a file where I would put all the possible combinations. To simplify, the text mask file would contain something like this: 123?56789 1234?6789 12345?789 123??6789 1234??789 123?5?789 123???789 Off course, it would be more complex (have more combinations). In connection with this I have two questions: a) Is there some tool where I can input the 123???789, and that this utility creates all the combinations for the mask file, (in the above case, the first 6 combinations)? Is https://github.com/hashcat/maskprocessor used for this? b) Could you help me with coming up with the exact command line that would run this mask txt (combinations.hcmask) with the password hash txt (lost.hash)? All the letters I'm trying to find are lower case (?l) So far, I got this: Code: -m 11600 -a 3 -o lost.hash combinations.hcmask RE: Hashcating 7z passw - philsmd - 04-27-2020 -o is wrong in your command line. --outfile (or short -o) is only used for redirecting the output to a file (the results). you need to specify the hash like this: Code: hashcat -m 11600 -a 3 -w 3 extracted.hash combinations.hcmask for the other part it's difficult to say if mask attack is much faster compared to other approaches.... it could even turn out that a simple perl/python script with pipe/stdin -a 0 will be fast enough and easier to use: Code: python my_perfect_special_password_generator.py | hashcat -m 11600 -a 0 -w 3 lost.hash you could even use stdin/pipe together with rules for hashcat (add "-r my.rules" at the right). yeah, you could use maskprocessor to generate a huge list of masks (using ?l), or use any other scripting language to generate hcmask files that fit your specific use case (e.g. a new python/perl script that adds ?l at some positions in the string and outputs a list of masks, i.e. a hcmask file). The problem is that your situation is very specific and there isn't a perfect off-the-shelf solution, I would say. Since 7-Zip is a very slow hash type, it probably doesn't matter too much if you use -a 0 (maybe with rules) or -a 3 with hcmask files.... but in general you shouldn't use mask attacks with a very long static/hard-coded beginning (since it can't be accelerated a lot). I think your approach is okay using hcmask files (but you still could consider if rule based attacks, maybe by even using the multi rule feature: -r first.rule -r second.rule, would also work for you)... the problem is however how many different masks it would require and if it's still feasible with that huge length (fortunately you only have 1 "password candidate" and not more passwords to choose from). in general, for the hcmask approach I would recommend starting with a smaller length and add some ?l and afterwards increase the length. You could put the list of masks down by hand or generate them by a script (with increasing length and additional ?l as the mask length increases). RE: Hashcating 7z passw - angelicoq - 04-27-2020 Thank you for your feedback . As I'm still new at this, I need some time to get into the subject matter and process the information. Thank God I dont need the data right now. The password in question "composed" of 4-6 letter words and numbers in a fixed order (think of it as a long sentence without spaces), so essentially I mistyped one of these words. Let us say the password is composed of: LEFTPARTOFTHEPASSWORD street random root bunny RIGHTPARTOFTHEPASSWORD (without spaced between words). And let us say e.g. that "random" always goes after street" and before "root". The error is somewhere in the "streetrandomrootbunny" part. Assuming that street is the mistyped word in password being it could be: LEFTPART?treetRIGHTPART LEFTPARTs?reetRIGHTPART LEFTPARTst?leetRIGHTPART LEFTPARTstr?letRIGHTPART LEFTPARTstre?tRIGHTPART LEFTPARTstree?RIGHTPART LEFTPARTtreetRIGHTPART LEFTPARTsreetRIGHTPART LEFTPARTsteetRIGHTPART LEFTPARTstretRIGHTPART LEFTPARTstreetRIGHTPART LEFTPARTstreeRIGHTPART LEFTPART?streetRIGHTPART LEFTPARTs?treetRIGHTPART LEFTPARTst?reetRIGHTPART LEFTPARTstr?eetRIGHTPART LEFTPARTstre?etRIGHTPART LEFTPARTstree?tRIGHTPART LEFTPARTstreet?RIGHTPART where ? is a lowercase letter, assuming there is only one typo in the word. What I was thinking of doing is running the above combinations for 4 potential words that are at issue. However, if that doesnt work (assuming I made more than 1 mistake in one of these 4 words OR that there are two potential mistakes in two separate words), I was thinking of using a tool to make more complex masks involving combinations of two words at the time. Could you also help me with a hash extraction? Is there some tool that correctly extracts hash of a 7z password protected archive? I'm still getting the "Token length exception" error. RE: Hashcating 7z passw - undeath - 04-27-2020 For what you want to do I would recommend rules instead of a mask attack. If you get the "Token length exception" I have bad news for you however. hashcat can only support 7z archives up to a certain size and that error usually means your archive is too big. RE: Hashcating 7z passw - philsmd - 04-27-2020 7z2hashcat from https://github.com/philsmd/7z2hashcat (you would need to either have perl installed or use the windows binary from https://github.com/philsmd/7z2hashcat/releases). The .7z file must first be converted to a hash file. The output of 7z2hashcat can be written or copied to a file that you use with hashcat -m 11600 I would say that you always need to start with the original password and remove some chars and try to add some ?l Code: LEFTPARTOFTHEPASSWORDstreetrandomrootbunnyRIGHTPARTOFTHEPASSWORD As you can see, it could get quite complex very fast... that's why I suggested to also consider creating a fast password generating script or use a rule based attack as an alternative (see https://hashcat.net/wiki/doku.php?id=rule_based_attack) Note: you could/should also try with the latest beta version of hashcat from https://hashcat.net/beta/ since I'm pretty sure we made some changes and also increased some limits etc for -m 11600 hashes |