hashcat Forum
Bruteforce RAR3 with repeated password - Printable Version

+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Support (https://hashcat.net/forum/forum-3.html)
+--- Forum: hashcat (https://hashcat.net/forum/forum-45.html)
+--- Thread: Bruteforce RAR3 with repeated password (/thread-9648.html)



Bruteforce RAR3 with repeated password - RARcheologist - 11-20-2020

I am trying to bruteforce a RAR3 file with a repeating password

Let's say the password is abc$1abc$1

I want to bruteforce the abc$1 part and duplicate it.

For a simple password like abc$1, this works:

hashcat.exe -m 12500 -a3 hash ?l?l?s?d

But what if I want to bruteforce using only duplicates of ?l?l?s?d, like aaa!1aaa!1 or zzz=0zzz=0, how do I do it?

I tried creating a duplicate.rule with just a d in it, but it won't allow me to use rules in brute force mode.

Any help is appreciated!


RE: Bruteforce RAR3 with repeated password - undeath - 11-20-2020

The easiest solution would be using stdin.

hashcat --stdout -a3 ?l?l?l?s?d | hashcat -m 12500 hash -j d


RE: Bruteforce RAR3 with repeated password - RARcheologist - 11-20-2020

Cheers, that works!


RE: Bruteforce RAR3 with repeated password - RARcheologist - 11-21-2020

How would I do triples like abc$1abc$1abc$1?


RE: Bruteforce RAR3 with repeated password - undeath - 11-21-2020

See https://hashcat.net/wiki/doku.php?id=rule_based_attack for all available rules


RE: Bruteforce RAR3 with repeated password - RARcheologist - 11-21-2020

(11-21-2020, 01:45 PM)undeath Wrote: See https://hashcat.net/wiki/doku.php?id=rule_based_attack for all available rules

I see, so just use p2 instead of d then.

Hopefully my last question:

When using hashcat nested this way, where do I put the session command?


hashcat --session session1 --stdout -a3 ?l?l?l?s?d | hashcat -m 12500 hash -j d

or

hashcat --stdout -a3 ?l?l?l?s?d | hashcat --session session1 -m 12500 hash -j d

or do I need a session in either, and then do I restore both sessions with

hashcat --session session1 --restore

or

hashcat --session session1 --restore | hashcat --session session2 --restore


Thanks a lot!


RE: Bruteforce RAR3 with repeated password - undeath - 11-21-2020

You cannot use sessions for resuming when using stdin. In your case it might be more practical to save the generated wordlist on your drive.