02-06-2018, 05:31 PM
I don't think that this mask would help or even be correct.
What -a 3 -1 charset --increment --increment-min 10 --increment-max 30
?1?1?1?1?1?1?1?1?1?1?1?1PASSWORD?1?1?1?1?1?1?1?1?1?1?1?1?1?1?1?1?1?1?1?1
means is that hashcat will use the charset defined by --custom-charset1 (or short -1, "dash one") and increment the mask starting with length 10 e.g. if we convert that to a hcmask file it would be something like this:
note: this is completely different to the strategy/plan that we used above.
The mask will of course stop after the length of the password candidates reached 30 (included).
Furthermore: the masks soon become infeasible to brute-force. Depending on the charset (--custom-charset1 or short -1) the keyspace of the single masks will soon become way too huge and hashcat will also complain about (e.g. 64-bit integer limits, overflow risk because it will just be an infeasible huge keyspace).
I don't think that you understood --ncrement and the other parameters correctly. Please have a look at https://hashcat.net/wiki/doku.php?id=mask_attack for details on how masks work
Again, I still think that the best strategy is to use some well working rules and dictionaries. Brute-forcing should be only used as a last desperate option (and even if you use it you should have a good strategy, feasibility is very important!).
What -a 3 -1 charset --increment --increment-min 10 --increment-max 30
?1?1?1?1?1?1?1?1?1?1?1?1PASSWORD?1?1?1?1?1?1?1?1?1?1?1?1?1?1?1?1?1?1?1?1
means is that hashcat will use the charset defined by --custom-charset1 (or short -1, "dash one") and increment the mask starting with length 10 e.g. if we convert that to a hcmask file it would be something like this:
Code:
charset,?1?1?1?1?1?1?1?1?1?1
charset,?1?1?1?1?1?1?1?1?1?1?1
charset,?1?1?1?1?1?1?1?1?1?1?1?1
charset,?1?1?1?1?1?1?1?1?1?1?1?1P
charset,?1?1?1?1?1?1?1?1?1?1?1?1PA
charset,?1?1?1?1?1?1?1?1?1?1?1?1PAS
charset,?1?1?1?1?1?1?1?1?1?1?1?1PASS
charset,?1?1?1?1?1?1?1?1?1?1?1?1PASSW
charset,?1?1?1?1?1?1?1?1?1?1?1?1PASSWO
charset,?1?1?1?1?1?1?1?1?1?1?1?1PASSWOR
charset,?1?1?1?1?1?1?1?1?1?1?1?1PASSWORD
charset,?1?1?1?1?1?1?1?1?1?1?1?1PASSWORD?1
...
charset,?1?1?1?1?1?1?1?1?1?1?1?1?1PASSWORD?1?1?1?1?1?1?1?1?1note: this is completely different to the strategy/plan that we used above.
The mask will of course stop after the length of the password candidates reached 30 (included).
Furthermore: the masks soon become infeasible to brute-force. Depending on the charset (--custom-charset1 or short -1) the keyspace of the single masks will soon become way too huge and hashcat will also complain about (e.g. 64-bit integer limits, overflow risk because it will just be an infeasible huge keyspace).
I don't think that you understood --ncrement and the other parameters correctly. Please have a look at https://hashcat.net/wiki/doku.php?id=mask_attack for details on how masks work
Again, I still think that the best strategy is to use some well working rules and dictionaries. Brute-forcing should be only used as a last desperate option (and even if you use it you should have a good strategy, feasibility is very important!).