(04-13-2021, 12:50 PM)Centurio Wrote:(04-13-2021, 10:30 AM)xabbix Wrote: I've read previous posts about using more than 4 character sets and I see that it's not possible. Why is that? What's the logic behind not allowing any amount?
This is my issue and I'm not sure how to resolve it using anything other than a mask attack.
Let's take this password for example: ThisIsMyPassword9799!
I'm not sure about the capitilization, I may have capitalized some of the characters, or not. So I'd like to use something like
Tt,Ii,Mm,Pp?1his?2s?3y?4assword9799!
However, I'm also not sure if I switching o's with 0's, or which special character I've used at the end (and would like to avoid using ?s since I have a much smaller set). It's also possible that I've switching the a's with 4's.
How should I approach this? I'd like to use a Mask attack as it's the fastest and I feel that if I had a way to define more than 4 character sets it would be the best option for me.
Hi,
Are you attacking a fast or a slow hash?
I do not understand your custom character sets. Can you list them please?
I understand them this way:
1: TtIiMmPp
2: his
3: s
4: assword9799!
hashcat -a 3 -m *your_mode* hash.txt -1 TtIiMmPp -2 his -3 s ?1?2?1?3?1 assword9799! (you can add the end of the password to the end of the mask. Not sure if you need a space or not).
But you must be sure about the right ending of your password.
Get what I mean? :-)
I'm attacking a fast hash and I get what you mean. What you're suggesting is a workaround that will attempt many passwords I do not wish to include. This was just an example, but I do have a lot of use cases where I simply need more than 4 character sets to work with, in this example it would probably be easy to include these unwanted attempts as it will not take much longer to go through them as well, but in other cases it will take ages more. Another example is a longer password, let's take this base password
ThisIsALongerPassword1111111111!
Valid candidates are
thisIsALongerpassword11111155111!
Th1sIsALongerPassword5511111111@
Th1sIs4LongerP4assword9285819204%
Th1isIsALongerP4ssw0rd0195828402&
If you try to accommodate this via a Mask attack, you simply cannot without using your workaround that will take a much longer time to crack.