In general you do this mangling (like appending/prepending characters etc) with rule based attacks (with -a 0 and -r my.rule for instance), i.e. you run a wordlist and add those special characters and do other manipulations for instance also by using multi-rule feature (https://hashcat.net/wiki/doku.php?id=rul...ulti-rules).
Of course you could also add constant/fixed characters with -a 3 directly (but if you have a lot of constant pieces within your mask, especially at the beginning, the speed might suffer a lot, especially for fast hash types).
There is only one problem that is a little bit tricky here, but was also discussed a lot on this forum... i.e. what to do if you want to add new lines (let's talk about both line feeds and carriage returns) to your rule file or dictionary file.
Of course the new line also is used as a separator by hashcat to separate lines (e.g. to separate passwords in dictionary files and to separate rules in rule files, respectively)...
The solution is just to use --hex-charset for the charset definitions (e.g. for --custom-charset1 or -1, or also the charsets defined within the hcmask file, https://hashcat.net/wiki/doku.php?id=mas...mask_files) on the one hand... and a combination of prepend+ascii increase+rotate rules (the rotate is only needed if you want to append it) for rule based attacks.
These ideas were already discussed a lot on this forum, so here are just some hints:
The first part (up to the comma) would be interpreted by hashcat as a --custom-charset of U+FE04578!@$12 (note that all duplicated characters are used only once, i.e. they are kind of de-duplicated internally).
Therefore, no this is not the correct approach... each character will be interpreted literally.
You could use the --hex-charset feature to add special characters that you can't type (or are special, like the newline).
Let's assume that efbbbf is the hex-representation of the BOM-mark and that we want to prepend this to the password and append the line feed (\n) or both carriage return and line feed (\r\n).
Your mask file would look something like this:
note that 50617373776f7264 is the hexadecimal equivalent of "Password" (without quotes) and 30, 34, 35, 37, 38, 21, 40, 24 are just the hexadecimal equivalent characters for 0, 4, 5, 7, 8, !, @ and $, respectively.
Therefore the only tricky part is to convert everything to hex (yeah, if you use --hex-charset you must use everything except the built-in and custom defined character variables, e.g. ?a, ?b, ?d, ?1, ?3 etc, to hex) and understand where you want to add what and how many custom charsets you need to define.
In theory there exist several variants of the above that could lead to the same result, e.g. you could store the 0d and 0a into new custom charset etc... but it is kind of useless if they are fixed anyways.
.... so now let's look at how to do the append/prepend thing with rules. The rule file "my.rule" should look something like this (you need to adjust it to your needs).
ATTENTION: within this section I just show how the characters would look like, you still need to insert the actual character into the file by replacing the <xy> with the actual characters:
^<bf> ^<bb> ^<ef> ^<09> +0 {
(Note: this just prepends the 3 BOM bytes, in reverse order !!!, and appends the line feed... This is just an example of a more "complicated" rule)
Again (just to make it very clear) you need to replace the characters with the actual chars.
Within the pseudo-rules above <ef> is the character with hex code ef... you need to replace it.... <09> for instance is just the horizontal line. If we increase 09 by 1 we obtain 0a which is the line feed that we want.
In linux you would create the above rule file with something like this:
Let me explain this a little bit:
We can split this up like this:
5ebf: prepend (^) the hex char bf
20 (optional space between rules)
5ebb: prepend (^) the hex char bb
20 (optional space between rules)
5eef: prepend (^) the hex char ef
20 (optional space between rules)
5e09: prepend (^) the hex char 09 (horizontal tab)
20 (optional space between rules)
2b30: ascii increment (+) at position 0 (decimal 0), i.e. rule +0
20 (optional space between rules)
7b: rotate left ({) to make sure that the line feed is at the end and not at the start
of course if you use a good text editor (or hex editor) you do not need to worry too much about the hexadecimal numbers etc.... it's just an (admittetly more tricky/advanced) example to deal with special characters etc.
Of course you can test all of your examples with the amazing --stdout feature of hashcat. E.g.
or for rules:
Of course you could also add constant/fixed characters with -a 3 directly (but if you have a lot of constant pieces within your mask, especially at the beginning, the speed might suffer a lot, especially for fast hash types).
There is only one problem that is a little bit tricky here, but was also discussed a lot on this forum... i.e. what to do if you want to add new lines (let's talk about both line feeds and carriage returns) to your rule file or dictionary file.
Of course the new line also is used as a separator by hashcat to separate lines (e.g. to separate passwords in dictionary files and to separate rules in rule files, respectively)...
The solution is just to use --hex-charset for the charset definitions (e.g. for --custom-charset1 or -1, or also the charsets defined within the hcmask file, https://hashcat.net/wiki/doku.php?id=mas...mask_files) on the one hand... and a combination of prepend+ascii increase+rotate rules (the rotate is only needed if you want to append it) for rule based attacks.
These ideas were already discussed a lot on this forum, so here are just some hints:
Code:
U+FEFF04578!@$\015\012,?1?1?1?1?1?1PasswordTherefore, no this is not the correct approach... each character will be interpreted literally.
You could use the --hex-charset feature to add special characters that you can't type (or are special, like the newline).
Let's assume that efbbbf is the hex-representation of the BOM-mark and that we want to prepend this to the password and append the line feed (\n) or both carriage return and line feed (\r\n).
Your mask file would look something like this:
Code:
3034353738214024,efbbbf?1?1?1?1?1?150617373776f72640a
3034353738214024,efbbbf?1?1?1?1?1?150617373776f72640d0aTherefore the only tricky part is to convert everything to hex (yeah, if you use --hex-charset you must use everything except the built-in and custom defined character variables, e.g. ?a, ?b, ?d, ?1, ?3 etc, to hex) and understand where you want to add what and how many custom charsets you need to define.
In theory there exist several variants of the above that could lead to the same result, e.g. you could store the 0d and 0a into new custom charset etc... but it is kind of useless if they are fixed anyways.
.... so now let's look at how to do the append/prepend thing with rules. The rule file "my.rule" should look something like this (you need to adjust it to your needs).
ATTENTION: within this section I just show how the characters would look like, you still need to insert the actual character into the file by replacing the <xy> with the actual characters:
^<bf> ^<bb> ^<ef> ^<09> +0 {
(Note: this just prepends the 3 BOM bytes, in reverse order !!!, and appends the line feed... This is just an example of a more "complicated" rule)
Again (just to make it very clear) you need to replace the characters with the actual chars.
Within the pseudo-rules above <ef> is the character with hex code ef... you need to replace it.... <09> for instance is just the horizontal line. If we increase 09 by 1 we obtain 0a which is the line feed that we want.
In linux you would create the above rule file with something like this:
Code:
echo 5ebf205ebb205eef205e09202b30207b | xxd -p -r > my.ruleLet me explain this a little bit:
We can split this up like this:
5ebf: prepend (^) the hex char bf
20 (optional space between rules)
5ebb: prepend (^) the hex char bb
20 (optional space between rules)
5eef: prepend (^) the hex char ef
20 (optional space between rules)
5e09: prepend (^) the hex char 09 (horizontal tab)
20 (optional space between rules)
2b30: ascii increment (+) at position 0 (decimal 0), i.e. rule +0
20 (optional space between rules)
7b: rotate left ({) to make sure that the line feed is at the end and not at the start
of course if you use a good text editor (or hex editor) you do not need to worry too much about the hexadecimal numbers etc.... it's just an (admittetly more tricky/advanced) example to deal with special characters etc.
Of course you can test all of your examples with the amazing --stdout feature of hashcat. E.g.
Code:
hashcat -a 3 --stdout my.hcmaskCode:
hashcat -a 0 --stdout -r my.rule dict.txt