01-30-2019, 02:27 PM
which type of rar archives we are talking about here?
hashcat supports these 2 hash types for rar archives:
-m 12500 = RAR3-hp
-m 13000 = RAR5
(the non-hp version of rar3, i.e. the one without header protection/encryption, is not currently supported)
I think you could deal with this missing 5 characters with different attack modes and you need to see which is the fastest for you.
In general, if you have a static/constant prefix you should actually use some salted alternatives of the algorithm (e.g. for md5 ($salt . $pass) you do not use md5 ($pass) , but the salted alternative). Unfortunately rar3 has no salted alternatives.
Therefore, we need to stick with the other attack types that make sense here:
-a 6 (hybrid attack, a mask at the right hand site)
-a 1 (combinator attack, 2 dicts), the static part (20 chars) is in the first dict
-a 0 (with rules)
in theory, you could also use rules to prefix the password candidates with a static string and append the missing characters, but note that the number of rule functions is limited to 31 (see https://hashcat.net/wiki/doku.php?id=rul...imitations), so we are already close to the limit if you intend to use 20 rules for prefixing a static string.
In this case you could "generate" a dictionary with the lowercase and uppercase letters (max 2 uppercase) including the l33t words. e.g. something like this
where the a.hcmask can be generated by e.g. policygen from PACK and should be something like this:
?l@31056,?u,?1?1?2?1?2
?l@31056,?u,?1?1?1?1?1
?l@31056,?u,?2?1?2?1?1
etc
the digits and specials can be added with rules, e.g. $! to add a question mark.... but adding all combinations of 5 digits with rules is already quite a large set of rules (I would say too huge)... in theory you could add the digits to the base dict too, but that would imply that the dict on disk will get quite large.
As said, alternatively you could combine 2 dicts (with -a 1) which should be quite self-explaining, but the dicts of course need to be pre-generated and stored on disk .... or you could use -a 6 and use a mask file (hcmask) at the right site.
There is a final approach that you could use, but it's probably the slowest, i.e. using stdin/pipes. I would say that this attack shouldn't be used here, because it will slow the speed down by a lot, because you do not have a very filtered/restricted/special set of password candidates, the idea would be like this:
Note: multiple rules are only supported with -a 0 = straigth/dictionary attacks.
hashcat supports these 2 hash types for rar archives:
-m 12500 = RAR3-hp
-m 13000 = RAR5
(the non-hp version of rar3, i.e. the one without header protection/encryption, is not currently supported)
I think you could deal with this missing 5 characters with different attack modes and you need to see which is the fastest for you.
In general, if you have a static/constant prefix you should actually use some salted alternatives of the algorithm (e.g. for md5 ($salt . $pass) you do not use md5 ($pass) , but the salted alternative). Unfortunately rar3 has no salted alternatives.
Therefore, we need to stick with the other attack types that make sense here:
-a 6 (hybrid attack, a mask at the right hand site)
-a 1 (combinator attack, 2 dicts), the static part (20 chars) is in the first dict
-a 0 (with rules)
in theory, you could also use rules to prefix the password candidates with a static string and append the missing characters, but note that the number of rule functions is limited to 31 (see https://hashcat.net/wiki/doku.php?id=rul...imitations), so we are already close to the limit if you intend to use 20 rules for prefixing a static string.
In this case you could "generate" a dictionary with the lowercase and uppercase letters (max 2 uppercase) including the l33t words. e.g. something like this
Code:
hashcat --stdout -a 3 -o base_dict.txt a.hcmask
where the a.hcmask can be generated by e.g. policygen from PACK and should be something like this:
?l@31056,?u,?1?1?2?1?2
?l@31056,?u,?1?1?1?1?1
?l@31056,?u,?2?1?2?1?1
etc
the digits and specials can be added with rules, e.g. $! to add a question mark.... but adding all combinations of 5 digits with rules is already quite a large set of rules (I would say too huge)... in theory you could add the digits to the base dict too, but that would imply that the dict on disk will get quite large.
As said, alternatively you could combine 2 dicts (with -a 1) which should be quite self-explaining, but the dicts of course need to be pre-generated and stored on disk .... or you could use -a 6 and use a mask file (hcmask) at the right site.
There is a final approach that you could use, but it's probably the slowest, i.e. using stdin/pipes. I would say that this attack shouldn't be used here, because it will slow the speed down by a lot, because you do not have a very filtered/restricted/special set of password candidates, the idea would be like this:
Code:
./my_special_password_generation_script.sh | hashcat -m 12500 -a 0 -w 3 hash.txt
Note: multiple rules are only supported with -a 0 = straigth/dictionary attacks.