This is not support by default with hashcat, but it's pretty easy to hack hashcat to do it.
I've attached a diff to do so. Make sure to clean old objects and cached kernels, too.
After modifications the original password should, by design, still crack it:
So if this works you're ready to run:
Since the keyspace (2^40) of your mask is below the hash output size (2^64) there's no guarantee you will find a collision, except if the hash was actually created with a 2^40 password.
Also note that the modification for the kernel was only made for optimized -m 100 kernel in brute-force mode for single hashes. If you need other attack-modes etc you have to patch them as well.
I've attached a diff to do so. Make sure to clean old objects and cached kernels, too.
Quote:$ make clean
$ rm -rf kernels
$ git reset --hard
$ git checkout 477216ccdbc5fb9600a5092c269abebf4156b6b5
$ git apply git_apply.txt
$ make
After modifications the original password should, by design, still crack it:
Quote:$ echo -n password |sha1sum
5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8 -
$ cat > hash
5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8
$ ./hashcat -m 100 hash -O -a 3 -w 3 password --potfile-disable --self-test-disable --quiet
5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8:password
So if this works you're ready to run:
Quote:$ ./hashcat -m 100 hash -O -a 3 -w 3 ?b?b?b?b?b --potfile-disable --self-test-disable
Since the keyspace (2^40) of your mask is below the hash output size (2^64) there's no guarantee you will find a collision, except if the hash was actually created with a 2^40 password.
Also note that the modification for the kernel was only made for optimized -m 100 kernel in brute-force mode for single hashes. If you need other attack-modes etc you have to patch them as well.