Trying all case permutations for all alphabetical letters of a password?

[42]

Greetings,

We have a password of 24 characters with mixed upper and lower case characters, numbers and punctuation.

I want to try a mask attack of all possible upper/lower case permutations of each alphabetical character in the password e.g. say the password is:

ThisIsA24CharacterPassw0

Then it should do a mask of all the A..Z an a..z characters and try ever case modulation option on each of them.

Currently mask attacks allow for:

?l = abcdefghijklmnopqrstuvwxyz
?u = ABCDEFGHIJKLMNOPQRSTUVWXYZ
?d = 0123456789
?h = 0123456789abcdef
?H = 0123456789ABCDEF
?s = «space»!"#$%&'()*+,-./:;<=>?@[\]^_`{|}~
?a = ?l?u?d?s
?b = 0x00 - 0xff

So one more like:

?aC

Which would try a and A in that position so both upper and lower case of the letter a in this case the mask input needs to be 3 characters to allow the user to input the initial character that should be tried in all its case varients.

So it would be something like:

?TC?hC?iC?sC?IC?sC?AC24?CC?hC?aC?rC?aC?cC?tC?eC?rC?PC?aC?sC?sC?wC0

I can't see any simple way to do this in Hashcat presently without a complex additional Python script and I find it strange that a "case-toggling" mask is not available?

Let me know your thoughts, if this could be implemented or perhaps there is already a simple way to implement this?

Kindest wishes,

Martin

[TheBogeyman]

Greetings,

We have a password of 24 characters with mixed upper and lower case characters, numbers and punctuation.

I want to try a mask attack of all possible upper/lower case permutations of each alphabetical character in the password e.g. say the password is:

ThisIsA24CharacterPassw0

Then it should do a mask of all the A..Z an a..z characters and try ever case modulation option on each of them.

Currently mask attacks allow for:

?l = abcdefghijklmnopqrstuvwxyz
?u = ABCDEFGHIJKLMNOPQRSTUVWXYZ
?d = 0123456789
?h = 0123456789abcdef
?H = 0123456789ABCDEF
?s = «space»!"#$%&'()*+,-./:;<=>?@[\]^_`{|}~
?a = ?l?u?d?s
?b = 0x00 - 0xff

So one more like:

?aC

Which would try a and A in that position so both upper and lower case of the letter a in this case the mask input needs to be 3 characters to allow the user to input the initial character that should be tried in all its case varients.

So it would be something like:

?TC?hC?iC?sC?IC?sC?AC24?CC?hC?aC?rC?aC?cC?tC?eC?rC?PC?aC?sC?sC?wC0

I can't see any simple way to do this in Hashcat presently without a complex additional Python script and I find it strange that a "case-toggling" mask is not available?

Let me know your thoughts, if this could be implemented or perhaps there is already a simple way to implement this?

Kindest wishes,

Martin

If I understood correctly, you want all permutations of letters of a word change, digits stay as is?

like input word is "Test1" and you seek for all permutations which in case of Test1 are:
test1
tesT1
teSt1
teST1
tEst1
tEsT1
tESt1
tEST1
Test1
TesT1
TeSt1
TeST1
TEst1
TEsT1
TESt1
TEST1

[b8vr]

Firstly, doing any sort of mask attack on 24 characters is really not possible. Even on the fastest hash, that would take trillions of years. On passwords of that size, you need some really good wordlists and rulesets.

Second, you seem to misunderstand the mask concept. ?a means all lowercase letters a-z, all uppercase letters A-Z, numbers 0-9 and the subset of special chars in ?s is tried on that given position. So ?aC would try all of the above followed by an uppercase C. I'm not sure where you get that C from in your question.... Maybe you are confusing masks with rules? You can't use a mask attack with rules. Unless you pipe hashcat into itself. But you should really familiarize yourself with masks and rules....