Using hashcat Brain with slow hash and specific password length
#1
I am trying to attack a slow hash which I know has a length of 12 or more characters.

Since I want to use a rule based attack I am wondering how I can easily limit the amount of password candidates for cracking combined with the hashcat brain.

If I use the example wordlist:


Code:
123456789abcd
123456789abc
12345678
1234


combined with the example ruleset:
Code:
:
$1 $2 $3 $4
]


My desired output would be:
Code:
123456789abcd
123456789abcd1234
123456789abc
123456789abc
123456789abc1234
123456781234


Thereby skipping:
Code:
123456789ab
12345678
1234567
1234
12341234
123


When using an inline filter, it seems to only look at the length of the word before rules are applied:
Code:
hashcat64.bin -a 0 example.dic -r example.rule -j '>C' --stdout
123456789abcd
123456789abcd1234
123456789abc
123456789abc
123456789abc1234
123456789ab


This way I will miss the password 123456781234 while it will try the 11 character password 123456789ab.

I can pipe the output from hashcat to hashcat to remedy this:
Code:
hashcat64.bin -a 0 example.dic -r example.rule —session output --stdout | hashcat64.bin -j '>C' --stdout
123456789abcd
123456789abcd1234
123456789abc
123456789abc
123456789abc1234
123456781234


This works fine (especially because it is a slow hash), however I want to use the hashcat brain which does not accept stdin mode.

So this leaves me with 4 undesirable options:

-Don’t use hashcat brain
-Accept a large set of password candidates are just a waste of computational power since they will never find the correct password
-Create a (insanely large) dictionary file from all password candidates generated by the wordlist and rule that are 12 characters or longer and then start the attack.
-Create a (insanely large) dictionary file from all password candidates generated by the wordlist and rule that are 11 characters or shorter and feed this file to the hashcat brain with a faster hash, afterwards running the normal attack with brain active.

Am I skipping a nice feature of hashcat that I am unaware of and would solve my problem, or is there no better solution than already mentioned above?
Reply


Messages In This Thread
Using hashcat Brain with slow hash and specific password length - by Toetje - 01-14-2020, 12:30 PM