Resuming attack with maskprocessor?
#2
the main question is: is this the correct approach ? does this even make sense with passwords not having 4 identical chars ?
... and most importantly: how much (percentage-wise) of the keyspace is even reduced by this filter... it's probably very small (do the math, just a few percent of enourmous many password candidates, almost negligible amount of passwords are filtered away).

to answer the question: yeah, you are right, neither -s/-l, nor --restore work with pipes/stdin (in hashcat).

that doesn't really prevent you from filtering it externally or internally (by modifying the source etc).

update: there is a better method to the below mentioned one using -s [password] in mp instead of some external skip_first_x_lines (tail -n +[amount])...: just use mp64.exe -s (see update below)

you could for instance just do something like this:
mp ... | skip_first_x_lines [amount] | hashcat64.exe ...

where skip_first_x_lines is just any standard tool (but of course it should be fast) to skip some lines from the input stream and only outputs the remaining part to the output stream (piped to the hashcat executable).

you can read the amount that needs to be skipped with --status --status-timer x or just by hitting s when hashcat is running

... but I would really suggest that you re-consider if not other attack types are better suited (like dictionary attack with rules etc). brute-force is always a very "desperate" strategy and most often the last thing you should do (last desperate hope to still crack something). It's even worse with a very slow hash type like the one you are running. Look here for other possibilities: https:/hashcat.net/wiki/ or just see the attack modes in the --help output



actually I just noticed there is a better method: I totally forgot that maskprocessor (mp64) "already" supports -s/-l. so you could just use -s to skip some of the words at start

mp64.exe -s [word] ... | hashcat64.exe

but be aware that -s works a little bit different in maskprocessor (compared to the -s in hashcat): it expects a password that is used to check if the next passwords should be in the output (instead of a line count or are starting position in the output).
Fortunately, hashcat also outputs password candidates (word), so you could just use that word from the last status of hashcat (--status --status-timer or just hitting s while hashcat is running)
Reply


Messages In This Thread
RE: Resuming attack with maskprocessor? - by philsmd - 11-04-2019, 09:24 AM