hashcat Forum
How to go about a password you know has 3 - 5 more or less known words? - Printable Version

+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Misc (https://hashcat.net/forum/forum-15.html)
+--- Forum: General Talk (https://hashcat.net/forum/forum-33.html)
+--- Thread: How to go about a password you know has 3 - 5 more or less known words? (/thread-9362.html)

Pages: 1 2


How to go about a password you know has 3 - 5 more or less known words? - CracktainCrunch - 07-04-2020

Hi everybody,

this my first attempt at cracking a RAR archive. I figured out how to brute force stuff rather quickly. Turns out this method takes way to long for the password I am looking for.
It is something, let's say, along the lines of "mybrotherisanass" or "mybrotherisadick" or "mybrotherisanasshole" or "mybrotherstinks". With variations of lower and upper case letters. Essentially a phrase of up to 5 words, maybe all lower case, maybe one upper case at the beginning, maybe an upper case letter at the beginning of every word.
I tried combipow but 90% of it is just gibberish and a waste of time.
Is there another method of combining words into phrases as passwords?


RE: How to go about a password you know has 3 - 5 more or less known words? - philsmd - 07-05-2020

you could just use --stdout -a 1 or combinator.bin or combinator3.bin to generate a dictionary file.

you could for instance start with a list of 2 words combinated together and with -a 1 add the 3rd one (2 + 1 = 3):

Code:
hashcat -m 13000 -a 1 -w 3 hash.txt two_words.txt one_word.txt

3 words and add one (3 + 1 = 4):
Code:
hashcat -m 13000 -a 1 -w 3 hash.txt three_words.txt one_word.txt

or (2 + 2 = 4):

Code:
hashcat -m 13000 -a 1 -w 3 hash.txt two_words.txt two_words.txt

and finally 5 words (3 + 2 = 5):

Code:
hashcat -m 13000 -a 1 -w 3 hash.txt three_words.txt two_words.txt

of course you need to generate all those files first and it's of course only possible/feasible to do so if the number of words is very low (because combining 5 words each one with each other will grow exponentially with the number of words):
Code:
hashcat --stdout -a 1 -o two_words.txt one_word.txt one_word.txt

or:
Code:
combinator one_word.txt one_word.txt > two_words.txt

or for 3:
Code:
combinator3 one_word.txt one_word.txt one_word.txt  > three_words.txt
etc etc

also see https://hashcat.net/wiki/doku.php?id=hashcat_utils#combinator


RE: How to go about a password you know has 3 - 5 more or less known words? - CracktainCrunch - 07-05-2020

(07-05-2020, 01:15 PM)philsmd Wrote: you could just use --stdout -a 1 or combinator.bin or combinator3.bin to generate a dictionary file.

you could for instance start with a list of 2 words combinated together and with -a 1 add the 3rd one (2 + 1 = 3):

...

I had that idea too. Just thought there might be some kind of rule set I could use to achieve the same result. Thanks fpr the tips.

Can you tell me how I can make hashcat properly recognise letters like 'ä' or 'ü'?


RE: How to go about a password you know has 3 - 5 more or less known words? - philsmd - 07-05-2020

different topic, off-topic

hint: encoding. UTF8 character encoding is supported by default, but all hashing algorithms work with bytes (0x00-0xff) anyways.


RE: How to go about a password you know has 3 - 5 more or less known words? - CracktainCrunch - 07-05-2020

(07-05-2020, 05:23 PM)philsmd Wrote: different topic, off-topic

hint: encoding. UTF8 character encoding is supported by default, but all hashing algorithms work with bytes (0x00-0xff) anyways.

Not sure if I understand but that is not a big issue anyway.

More imortant when I use combinator.bin to generate the phrases at some point the amount of phrases becomes too big to just simply copy them all from inside powershell and paste them in a txt. Is there some other command I have to type in to make combinator generate a txt?


RE: How to go about a password you know has 3 - 5 more or less known words? - philsmd - 07-05-2020

the file redirect with
Code:
> two_words.txt

was already mentioned above.

Please read more carefully


RE: How to go about a password you know has 3 - 5 more or less known words? - CracktainCrunch - 07-05-2020

Thanks


RE: How to go about a password you know has 3 - 5 more or less known words? - CracktainCrunch - 07-05-2020

(07-05-2020, 01:15 PM)philsmd Wrote: 3 words and add one (3 + 1 = 4):
Code:
combinator three_words.txt one_word.txt > four_words.txt

I am getting some weird results at this point. The whole file looks like this:

Code:
MyBrotherIs
畺歭瑯敺൮*僾椀愀䘀漀琀稀攀匀琀椀渀欀琀ഀ娀浵潋穴湥਍MyBrotherIs
畺䭭瑯敺൮*僾椀愀䘀漀琀稀攀匀琀椀渀欀琀ഀ䐀潯൦*僾椀愀䘀漀琀稀攀匀琀椀渀欀琀ഀ搀潯൦*僾椀愀䘀漀琀稀攀匀琀椀渀欀琀ഀ䔀敫敬牲来湥൤*僾椀愀䘀漀琀稀攀匀琀椀渀欀琀ഀ攀敫敬牲来湥൤*僾椀愀䘀漀琀稀攀匀琀椀渀欀琀ഀ䔀敫桬晡൴*僾椀愀䘀漀琀稀攀匀琀椀渀欀琀ഀ攀敫桬晡൴*僾椀愀䘀漀琀稀攀匀琀椀渀欀琀ഀ䔀扲꓃浲楬档਍MyBrotherIs

I tried Google Translate and it is Chinese. Not sure what I'm doing wrong.


RE: How to go about a password you know has 3 - 5 more or less known words? - philsmd - 07-05-2020

my guess is that you messed your command up.

maybe you specified a wrong file. Make sure that everything after "combinator" is a text file. for instance "combinator combinator ... " do not make sense.

What are the commands that you used, exactly ! ???

you could use "hashcat --stdout -a 1 ..." as an alternative (as mentioned above) if you really think that something is not working correctly with combinator


RE: How to go about a password you know has 3 - 5 more or less known words? - CracktainCrunch - 07-05-2020

(07-05-2020, 06:19 PM)philsmd Wrote: my guess is that you messed your command up.

maybe you specified a wrong file. Make sure that everything after "combinator" is a text file. for instance "combinator combinator ... " do not make sense.

What are the commands that you used, exactly !  ???

you could use "hashcat --stdout -a 1 ..." as an alternative (as mentioned above) if you really think that something is not working correctly with combinator

Code:
combinator three_words.txt one_word.txt > four_words.txt
This is exactly what I used for command. Except for the file names. At first I thought it might be the amount of combinations but that's not it either. Cut down the amount of words in the files to only 25 each and still same result.
When using "hashcat --stdout -a 1 ..." it points me to
Code:
Usage: hashcat [options]... hash|hashfile|hccapxfile [dictionary|mask|directory]...

Try --help for more help.

If I leave "--stdout" out I get this error message
Code:
three_words.txt: Byte Order Mark (BOM) was detected