Brute force mask
#4
(03-05-2023, 06:33 PM)KR2615 Wrote: I realize that. But if there's only 160 possible mistakes (4 rules * 40 chars) if there's only one mistake or 25600 combination (if I took two mistakes) it is possible.

well yes/no

i'll give you a start, toggling rule is T* ,* is index 0-9 and A-Z so max possibilities 36 and thus maximum lenght for password 36, BUT you have to consider all combinations of toggling, just toggling one char at position x easy peasy, toggling 2 chars at positions x and y would be 36*36, three positions 36*36*36 and so on, you can generate these like this, i removed the spaces between T to reduce storage consumption but lets have some math fun with this
count 3
hashcat --stdout -a3 -1 ?d?u "T?1T?1T?1" >> rules.file

basic math for ruleset of toggling all possibilities for char-count of count "lenght" would be 36^lenght *((lenght*2)+2 bytes), count is also the number of the rules combined

combinations for count 6
36^6 * ((6*2)+2) bytes = ~30 GB
count 7
36^7 * ((7*2)+2 bytes) = 1253 GB

i think you guess how fast this ruleset will grow when you do more combinations

your 1337 and shift indeed could be thought very small, as hashcat rules only provide the option to replace all occurences of X with Y

so for shifting its 10 rules, for leet it is also very small, depending on "how leet" you will be, c with ( and so on

instead of of toggling chars per position you could use replace for your chars too, which will reduce your basic ruleset but you have to consider this will replace/toggle ALL chars of one type, take a look at the "e", replace would be all e to E or all E to e, but no combinations of just first e, only second e and so on

$BW5eLqAEKYw\:26l,`WSNle\q3R,39Z?:*.cIQi

BUT again, you have to consider all combinations of these single rules, just replacing i with 1, no problem, but when it comes to combinations of combinations like, replacing i with 1, e with 3 but not c with ( but toggling/replace char w/W and this for all possible chars a-z, well this ruleset will also grow very fast and consume more storage than we ever produced
Reply


Messages In This Thread
Brute force mask - by KR2615 - 03-05-2023, 12:18 PM
RE: Brute force mask - by marc1n - 03-05-2023, 12:26 PM
RE: Brute force mask - by KR2615 - 03-05-2023, 06:33 PM
RE: Brute force mask - by Snoopy - 03-06-2023, 03:30 PM