Combination attack + mask?
#2
(02-04-2024, 04:19 AM)Durka Wrote: I have a zip file I'm trying to crack that I don't recall the password. I know what likely combination of words I'd use and almost certainly would put a "!" or "!!" in there. Say I know it will have "cat" "dog", "!", "!!" in any combination and possibly multiple times (in fact, I probably used the same string twice - like "dog!dog!"). I thought I could put all these into a dictionary, and call on hashcat to use the same dictionary twice :

# hashcat –m 13600 –a 1 myhash.hash mydictionary.dict mydictionary.dict

The problem is, I'd like to define the password length from 7 - 14 spaces and tell it to try all combination of upper/lowercase from my dictionary. I'd like hashcat to combine passwords in such a way that it tests 7 spaces, then 8, then 9, until it reaches 14.

For 7 spaces, it might try :

catcat!            Cat!cat        dOg!cat        dogcat!       !dogDOG

for 8 spaces :

CAT!cat!          catCAT!!      dog!dog!      cat!dOG!

for 12 spaces :

catcatcatcat     caTdogDogdog    cat!cat!cat!    cAT!dog!!DOG

etc...

It seems I'm trying to do a combination + mask attack. Docs might call this a "hybrid" attack, but I'm not seeing examples of how I can do the above. If doing upper/lower is too hard, I wouldn't mind creating a dictionary using a hashcat tool to generate all combinations of possible password for cases : cat cAT cAt CaT etc

there are two ways to achieve this, depending on how many input strings do you have, 

first, use princeporocessor and your inputlist, these list has to contain all upper lower variations of your words (you can use a simple python script do do so, here a variant i found some tmie ago on stackoverflow

Code:
from itertools import product
def generate_case_combinations(input_string):
    char_combinations = [c.lower() + c.upper() if c.isalpha() else c for c in input_string]
    all_combinations = [''.join(combination) for combination in product(*char_combinations)]
    return all_combinations
input_string = "abc"
result = generate_case_combinations(input_string)
print(result)

when you have a huge input list and the combinations killing your storage capacitys, you can use rules instead but you have to generate alle rules beforehand for also for every combination of lenght and possibility

i would lower all input strings and then use rules for toggeling the posistions to upper (you can use maskprocessor or hahscat with stdout option helping you to generate all rules, but these will also consume some space
Reply


Messages In This Thread
Combination attack + mask? - by Durka - 02-04-2024, 04:19 AM
RE: Combination attack + mask? - by Snoopy - 02-05-2024, 12:31 PM