Password with known letters
#1
Hello everyone, great forum here, I´m Alex and i try to familiarize myself with hashcat!

I have a simpler question. I just can't manage a brute force mask attack with certain letters. So I know 4 characters (A; i; 1; u) of a 10-digit password, but I don't know any order or position. Do you know how I can best implement this?

i tried:
hashcat.exe -a 3 -m 16600 -w 3 hash.txt 10char-1l-1u-1d-1s-compliantAi1u.hcmask

I added $A, $i, $1 and $u to the original Maskfile but hashcat tries all the variations anyway.

Do you know an option how i can handle that correct?

I´m sorry about my english...

Thank you for your support!
Reply
#2
Your format is wrong for the mask. It appears from your description, that all 4 of those characters appear in the password, you just don't know where. In which case, the mask file need to be carefully crafted to include a special mask in any of the 10 positions, like so:

Ai1u,?1?1?1?1?a?a?a?a?a?a
Ai1u,?1?a?1?1?1?a?a?a?a?a
Ai1u,?1?1?a?1?1?a?a?a?a?a
etc.

However, even this will take a very long time unless you are lucky even for a fast hash. If you know more facts about the password, such as no special characters, then that will help.

See https://hashcat.net/wiki/doku.php?id=mask_attack
Reply
#3
Thanks a lot for your fast reply, now i got it!

So i define a mask with all opinions.
Reply
#4
Hello again!

I deifined the mask and it works fine, but the problem is, hashcat tries all opinions, but the 4 characters aren´t fix includes.

So, as your example it will do like:

Ai1u,?1?1?1?1?a?a?a?a?a?a --> AAAAxxxxx
Ai1u,?1?a?1?1?1?a?a?a?a?a --> ixiiixxxx
Ai1u,?1?1?a?1?1?a?a?a?a?a --> 11x11xxxx

and so on, that realy needs much of time Wink

I would like all letters to always be a fiver component like:

Ai1u,?1?1?1?1?a?a?a?a?a?a --> Ai1uxxxxx
Ai1u,?1?a?1?1?1?a?a?a?a?a --> ux1iAxxxx
Ai1u,?1?1?a?1?1?a?a?a?a?a --> 1xuAixxxx

is this possible?

Thanks a lot!!
Reply
#5
(04-11-2021, 11:04 AM)outaspace Wrote: Hello again!

I deifined the mask and it works fine, but the problem is, hashcat tries all opinions, but the 4 characters aren´t fix includes.

So, as your example it will do like:

Ai1u,?1?1?1?1?a?a?a?a?a?a --> AAAAxxxxx
Ai1u,?1?a?1?1?1?a?a?a?a?a --> ixiiixxxx
Ai1u,?1?1?a?1?1?a?a?a?a?a --> 11x11xxxx

and so on, that realy needs much of time Wink

I would like all letters to always be a fiver component like:

Ai1u,?1?1?1?1?a?a?a?a?a?a --> Ai1uxxxxx
Ai1u,?1?a?1?1?1?a?a?a?a?a --> ux1iAxxxx
Ai1u,?1?1?a?1?1?a?a?a?a?a --> 1xuAixxxx

is this possible?

Thanks a lot!!
Reply
#6
Hi,

You want to use the combipow of hashcat/src/combipow.bin

Create a Textfile containing your letters. As you are not sure about which comes after an other, you want to make a list with each letter on a new line.

A
i
1
u
.....

./combipow.bin your_wordlist > name_of_output_file

Now you head off to an combinator attack. Use your dict first and then brute force. You want to use hashcat -a 3 -m 16600 name_of_output_file ?a?a?a?a?a?a

You get what I mean? I have a similar problem but I used special chars like äöü in my password with 0.045 BTC electrum wallet.
Reply
#7
Hey Centurio!

Thanks for your input!

First, I wish you get your bitcoin! Wink

I tried combipow and it works nice, i generated a new file and tried the brute force attack, how you write, i only added the hash, like:

hashcat -a 3 -m 16600 hash.txt name_of_output_file ?a?a?a?a?a?a

the output from hashcat is ?a?a?a?a?a?a: unsupported file type.

can I possibly bring the generated file into a mask?
Reply
#8
did you replace "name_of_output_file" with something like out.txt ?
Reply
#9
i tried both, the outputfile without an ending (like the original file)

hashcat -a 3 -m 16600 hash.txt combi ?a?a?a?a?a?a
error: the output from hashcat is ?a?a?a?a?a?a: unsupported file type

and the outputfile with *.txt
hashcat -a 3 -m 16600 hash.txt combi.txt ?a?a?a?a?a?a
error: Integer overflow detected in keyspace of mask: ?a?a?a?a?a?a

The combi.txt is like:
A
Ai
Ai1
i1
1u

looks like it defines all combinations.
I tried also some other text files with the brute force attack, but unfortunately this doesn't work either.

did it work for you?

Thanks for your time!
Reply
#10
ah, I am stupid. It is not attack mode 3, it is mode 6. This way you will be able to run hashcat.
hashcat -a 6 -m 16600 your_hash.txt your_list.txt ?a?a?a?a?a?a

btw: I have the Hashcrack book from netmux. It's a very good one if you want to stay in this area.

Yes and no. I remember have imported the wallet multiple times. So I have extracted all haseh of the wallets. 1 I could crack, but it's balance (8 mBTC) I had already withdrawn. So it is really the default_wallet. I loaded it again in electrum, and its only this one. The others are wach only (my imported one).

My list constisted 30 Lines, but no success yet. If only BTC would not grow that much, it would be not worring me :-)

Let me know if it worked or you need further help or GPU power :-)
Reply