More than 4 character sets for Mask attacks
#1
I've read previous posts about using more than 4 character sets and I see that it's not possible. Why is that? What's the logic behind not allowing any amount?

This is my issue and I'm not sure how to resolve it using anything other than a mask attack.

Let's take this password for example: ThisIsMyPassword9799!

I'm not sure about the capitilization, I may have capitalized some of the characters, or not. So I'd like to use something like

Tt,Ii,Mm,Pp?1his?2s?3y?4assword9799!

However, I'm also not sure if I switching o's with 0's, or which special character I've used at the end (and would like to avoid using ?s since I have a much smaller set). It's also possible that I've switching the a's with 4's.

How should I approach this? I'd like to use a Mask attack as it's the fastest and I feel that if I had a way to define more than 4 character sets it would be the best option for me.
Reply
#2
(04-13-2021, 10:30 AM)xabbix Wrote: I've read previous posts about using more than 4 character sets and I see that it's not possible. Why is that? What's the logic behind not allowing any amount?

This is my issue and I'm not sure how to resolve it using anything other than a mask attack.

Let's take this password for example: ThisIsMyPassword9799!

I'm not sure about the capitilization, I may have capitalized some of the characters, or not. So I'd like to use something like

Tt,Ii,Mm,Pp?1his?2s?3y?4assword9799!

However, I'm also not sure if I switching o's with 0's, or which special character I've used at the end (and would like to avoid using ?s since I have a much smaller set). It's also possible that I've switching the a's with 4's.

How should I approach this? I'd like to use a Mask attack as it's the fastest and I feel that if I had a way to define more than 4 character sets it would be the best option for me.


Hi,

Are you attacking a fast or a slow hash?

I do not understand your custom character sets. Can you list them please?
I understand them this way:
1: TtIiMmPp
2: his
3: s
4: assword9799!

hashcat -a 3 -m *your_mode* hash.txt -1 TtIiMmPp -2 his -3 s ?1?2?1?3?1 assword9799! (you can add the end of the password to the end of the mask. Not sure if you need a space or not).
But you must be sure about the right ending of your password.

Get what I mean? :-)
Reply
#3
(04-13-2021, 12:50 PM)Centurio Wrote:
(04-13-2021, 10:30 AM)xabbix Wrote: I've read previous posts about using more than 4 character sets and I see that it's not possible. Why is that? What's the logic behind not allowing any amount?

This is my issue and I'm not sure how to resolve it using anything other than a mask attack.

Let's take this password for example: ThisIsMyPassword9799!

I'm not sure about the capitilization, I may have capitalized some of the characters, or not. So I'd like to use something like

Tt,Ii,Mm,Pp?1his?2s?3y?4assword9799!

However, I'm also not sure if I switching o's with 0's, or which special character I've used at the end (and would like to avoid using ?s since I have a much smaller set). It's also possible that I've switching the a's with 4's.

How should I approach this? I'd like to use a Mask attack as it's the fastest and I feel that if I had a way to define more than 4 character sets it would be the best option for me.


Hi,

Are you attacking a fast or a slow hash?

I do not understand your custom character sets. Can you list them please?
I understand them this way:
1: TtIiMmPp
2: his
3: s
4: assword9799!

hashcat -a 3 -m *your_mode* hash.txt -1 TtIiMmPp -2 his -3 s ?1?2?1?3?1 assword9799! (you can add the end of the password to the end of the mask. Not sure if you need a space or not).
But you must be sure about the right ending of your password.

Get what I mean? :-)

I'm attacking a fast hash and I get what you mean. What you're suggesting is a workaround that will attempt many passwords I do not wish to include. This was just an example, but I do have a lot of use cases where I simply need more than 4 character sets to work with, in this example it would probably be easy to include these unwanted attempts as it will not take much longer to go through them as well, but in other cases it will take ages more. Another example is a longer password, let's take this base password

ThisIsALongerPassword1111111111!

Valid candidates are

thisIsALongerpassword11111155111!
Th1sIsALongerPassword5511111111@
Th1sIs4LongerP4assword9285819204%
Th1isIsALongerP4ssw0rd0195828402&

If you try to accommodate this via a Mask attack, you simply cannot without using your workaround that will take a much longer time to crack.
Reply
#4
Yeah, I understand. Sometimes I wish myself a brutforce attack with the possibility to limit the how often the same character can be used per candidate. Let's say a Z only can used once in a candidate where as a e can be used max 3 times.

Like this ZZZZZZZZZ ZZZZZZZZa ZZZZeeeeZ can be avoided.
Reply
#5
well your attack is very, very specific and therefore quite to specific for what maskattack was made for

parsing such "complex" mask you are looking for, with more than 4 charsets and so on, would slowdown the generation of passwordcandidates more than actuall trying millions (of fast hashes) of "not perfect fitting candidates"

if you really want to achieve only real perfect password candidates you have to do some real "handmade preparations" before, also it seems more like a job for a combinator attack

you could first generate a basic style wordlist with maskprocessor (just with lower case letters), combine it with a second wordlist for your numbers and special chars or use at this point your wordlist + mask and leave any modifications to a handcrafted ruleset

for example with rules like

sa4 (replaces all lowercase a with 4)
T3 (toggles lower upper on index 3, starting with index 0)

of course you have to combinate most of thes rules, see hashcat utils for helping with these, i think some runs of combipow will do the job quite well
Reply