Looking for A Little Push

[msf004]

I am still learning the ways of Hashcat - I used a previous version a few years back for a single task, now I have another task.

My question is if anyone can give me a suggestion of the best way(s) (attack methods/wordlists/etc.) to start trying to crack a password file that has these rules:

Minimum password length = 10
Minimum lowercase chars = 1
Minimum uppercase chars = 1
Minimum numeric chars   = 1
Minimum symbolic chars  = 1

Obviously, brute-force is out being 10 chars minimum.  I have been reading many threads and taking notes, but I have been possibly trying to over analyze the best ways to start.

Being there are many of you on here that has experience, I thought I would ask for some feedback based on the password rules I listed.  There are ~2000 hashes in this file.

[royce]

It sounds like you've discovered a number of options from your research. What are they? What criteria have you considered for prioritizing them?

[msf004]

It sounds like you've discovered a number of options from your research. What are they? What criteria have you considered for prioritizing them?

That is a great question, Royce.

First, I have found many wordlists from posts and online, such as: english words, 1337, casemutation, first names, last names, as well as others.

I have read many opinions that say long word lists are not as important as applying rules to smaller, great word lists.

Thus my initial notes were:

(1) try a straight against the popular passwords file:  -a 0
(2) try a wordlist with brute-force:  -a 6 example.dict ?d?d?d?d
(3) try wordlists with rules: -r <rules file> <hashes> <dictionary>

On #3, I mostly have rules files that came with hashcat.

When I apply all of this, being I have ~10 wordlists as well as >10 rules files.  Suddenly I have many dozens of different attacks to try - which is good; however, I think this is also my reason for the post.

Thus, I was hoping someone may have some opinions/views/knowledge on attack methods that may be better for my password rules that I know.

[rico]

You haven't mentioned the hash type though. Each of them have different hash rates, sometimes vastly so. Faster hash rates open up the scope for experimentation (more rules, brute-force, etc.).

[msf004]

You haven't mentioned the hash type though. Each of them have different hash rates, sometimes vastly so. Faster hash rates open up the scope for experimentation (more rules, brute-force, etc.).

Right, good point!

It is from OpenLDAP and as such, I used slapcat to extract into LDIF format (LDAP Data Interchange Format) which is no more than a SSHA password (a SHA-1 that includes a salt in the computation) that has been base64 encoded. 

From slapcat, I have: e1NTSEF9b0pvQTdrMDVhMVRSazgxR2pzQ2tONUEybW9kNVNsQkI

I can then decode using: 

Code:

echo "$(echo e1NTSEF9b0pvQTdrMDVhMVRSazgxR2pzQ2tONUEybW9kNVNsQkI= | base64 --decode )"

Giving me: {SSHA}oJoA7k05a1TRk81GjsCkN5A2mod5SlBB

[atom]

To attack with the above cirterias you need to use PACK, it will generate the needed maskfiles for it

[msf004]

To attack with the above cirterias you need to use PACK, it will generate the needed maskfiles for it

Hi Atom, could you please elaborate?  In my minimal experience with hashcat I have never heard of PACK.  From a search, if I found the correct "pack", it appears to be a separate github project that utilizes hashcat.  Is that accurate?

[atom]

As I said, it will generate the needed maskfiles for it. Just try and find out

[hashcrash]

Here you go: http://thesprawl.org/projects/pack/

[msf004]

Here you go: http://thesprawl.org/projects/pack/

Thanks hashcrack - I assumed the github project I found was the same thing and downloaded it last night and started playing around. 

This package looks very cool - thanks for confirming the package and the link.