06-27-2018, 05:51 PM
(06-27-2018, 05:10 PM)plaverty9 Wrote: To your original question:
"I'd like to carry out a rule-based attack where the password should have:
- capitalise first character
- append from one to four digits to the end
- append a special character and from one to four digits to the end."
Try something along the lines of:
hashcat -m<value> <hash> -a3 -1 ?d?s ?u?a?a?a?a?1?1?1?1 --increment
where you use as many ?a as you think are necessary, or if you know something about those characters, you can tighten that up with a smaller character set.
I'd like to perform a rule-based attack because I know that my target uses generally common words (e.g. italian words, that in some occasions have the first character capitalised) followed by specific suffixes (e.g. a special character and from 2 to 4 digits). For this reason I think that a brute force attak, even if based on masks, it's not the best solution.