Mix of --hex-charset and non hex ?

[Mem5]

Hi,

I would like to crack this kind of password :

Code:

user\trandom

"user" is constant
"\t" : tab : 0x09
"random" : password I want to guess, i.e. in my wordlists
I tried :

hashcat  -a 7 -1 "user" --hex-charset -2 09 hashfile ?1?2?a?a?a?a?a?a words.dic

Results :

Code:

Invalid hex character detected in mask user

How can I mix the ascii charset with hex charset ?
Thank you.

[undeath]

1. that's not how custom charsets work
2. convert each letter in user to its ascii hex representation

[Mem5]

Thanks for your answer. I converted ascii in to hex.
Do you mean I will have more success with a combinator attack instead ?

[undeath]

A charset is, as the name implies, a set of chars. Defining a string as charset is not going to do what you want.

[Mem5]

Yes.
So i need to put 'user\n' in a file and combine it with another wordlist?

[undeath]

You can use the mask attack but you cannot specify the user in a custom charset.

[philsmd]

Just to make sure that other users interested in something like this do not choose a wrong approach to do these types of attacks: if you are cracking a "salted" hash, you should use the corresponding hash modes if available.

Therefore for -m 0, if you have an algorithm that uses md5 ($salt . $pass) ... you should use -m 20 of course (see https://hashcat.net/wiki/doku.php?id=example_hashes).

In your specific case for -m 0 and md5 ($salt . $pass) you should use hashes like this:
hash:user[TAB]

where [TAB] needs to be replaced by the tabulator character (0x09) and "user[TAB]" is the salt in this case.
Of course, this type of attack only works if a corresponding salted hash algorithm is available in hahscat.

[Mem5]

It works well, thanks.
I would add to your good answer the use of --hex-salt for hex-salt support for the hashfile, in my case.