06-30-2020, 10:33 PM
Evening Phil,
The first command was a typo in the post (-w <wordlist>), not in my terminal. I have a bad habit of doing that and it will throw an error if I do it. It's a habit from other applications like gobuster where I have to specify -w /usr/share/wordlists/dirbuster/list.txt.
I've never much looked into Mask Attacks before. My understanding was essentially they're a brute force attack (aaaa-zzzz), but you can specify specific characters where ?l is lowercase, ?u is uppercase, ?d is a decimal and ?a is all (upper, lower, decimal and symbol). ?s would be symbols.
Eg: P@$$w0rd1! as a mask would look like ?u?s?s?s?l?d?l?l?d?s.
Therefore would stand that a bruteforce would naturally be ?a?a?a?a?a?a?a (all possible combinations of upper, lower, numbers and symbols) which by definition is a mask... I thought. I could be wrong, like I said, I haven't really investigated it.
Your last point (misunderstanding the benchmark) is quite possible..
Cheers,
Mike
The first command was a typo in the post (-w <wordlist>), not in my terminal. I have a bad habit of doing that and it will throw an error if I do it. It's a habit from other applications like gobuster where I have to specify -w /usr/share/wordlists/dirbuster/list.txt.
I've never much looked into Mask Attacks before. My understanding was essentially they're a brute force attack (aaaa-zzzz), but you can specify specific characters where ?l is lowercase, ?u is uppercase, ?d is a decimal and ?a is all (upper, lower, decimal and symbol). ?s would be symbols.
Eg: P@$$w0rd1! as a mask would look like ?u?s?s?s?l?d?l?l?d?s.
Therefore would stand that a bruteforce would naturally be ?a?a?a?a?a?a?a (all possible combinations of upper, lower, numbers and symbols) which by definition is a mask... I thought. I could be wrong, like I said, I haven't really investigated it.
Your last point (misunderstanding the benchmark) is quite possible..
Cheers,
Mike