hashcat Forum
Found part of my password!! Now what?:) - Printable Version

+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Support (https://hashcat.net/forum/forum-3.html)
+--- Forum: hashcat-utils, maskprocessor, statsprocessor, md5stress, wikistrip (https://hashcat.net/forum/forum-28.html)
+--- Thread: Found part of my password!! Now what?:) (/thread-9788.html)

Found part of my password!! Now what?:) - vicious1 - 01-17-2021

So, as I thought I found part of my password in a text file with the comment being way too cryptic for the second part Smile.. yay me, well
Done in 2012!

Now.. I know for a fact that the password isn’t straight up with repetitive characters.
The first part is 4X8dRu , extrapolating myself here I am assuming it continues along the lines of randomness, no special characters.
I am asking for help to write a rule set that takes whatever maskprocessor pipes in and makes sure the same character is always only twice maximum in the whole password , must contain a number, a lower case an, uppercase all others are discarded.
So I was gonna do with with reject rule.. but because reject rules need 2 sides, I was thinking this:

mp64.bin -q2 -1?u?l?d ?1?1?1?1?1?1 | hashcat -m 15700 -a 1 hashther.hash -k reject.rule basepasswd.txt - 

That basepassword contains the part of the password I know. This SHOULD work but the rule is a mystery to me still..

Yes this is an ether wallet and yes it will take years otherwise...so I am trying to narrow it down.. I am missing 6 characters.

RE: Found part of my password!! Now what?:) - the_charm - 01-17-2021

Hm... I don't think what you're trying to do is possible... I mean, I could be totally off on this, as I've never really used reject rules before...
But if I understand you correctly, you want a rule that says "reject whats coming from maskprocessor, if it contains more than one '4' or >1 'X' or >1 '8' etc."
Having a quick look at the avail. reject rules, I think only the opposite of what you want is possible (namely the "%"-rule to reject plains which contain char X less than N times).
Only thing I can think of ATM is, why not use a mask-file with 6masks and 2custom-charsets like so:
?u?l?d,[everything in ?u?l?d except 4X8dRu],4X8dRu?1?2?2?2?2?2
?u?l?d,[everything in ?u?l?d except 4X8dRu],4X8dRu?2?1?2?2?2?2
I know, this excludes some possible combinations.
But it should still cover most of the keyspace you're trying to check, so it might be a good place to start...
Nonetheless, I hope someone more experienced answers on this issue, to see if your idea with reject rules actually could be achieved...

RE: Found part of my password!! Now what?:) - vicious1 - 01-17-2021

Hi, good point... 
I came up with an interim solution for now..
Maskprocessor | grep with a regexp | hashcat

Seems to work like a dream so far... 

Bit complicated but since ethereum mode 15700 isn’t fast to crack, I am not worried about the speed of the passwords ... but it really seems to work...

RE: Found part of my password!! Now what?:) - the_charm - 01-18-2021

wow! that looks adventurous!^^
but since you're not concerned w/ speed... sure, have some fun with it!

RE: Found part of my password!! Now what?:) - royce - 01-18-2021

Do the math of how many passwords will be skipped if you can impose these restrictions, vs not imposing them, and use this as a basis to calculate the expected runtime for both attacks.