Troubles with creating the mask

[McWorse]

Again the best method would probably be to use rule-based attacks, see https://hashcat.net/wiki/doku.php?id=rule_based_attack

you could even create your own dictionary file with several permutations of the base password and run it through some standard rule files (if you really don't want to mess around with creating your own rule file).

Code:

hashcat -m 15700 -a 0 -w 3 -r rules/best64.rule hash.txt dict.txt

hash.txt is the hash file that holds 1 hash line that follows the format mentioned in https://hashcat.net/wiki/doku.php?id=example_hashes (for 15700).
dict.txt is a file that you created with notepad or similar that holds a few thousands of possible password candidates that you think are likely the correct one (original and a little bit mangled base words, 1 password on each line).

The problem with the mask attack is that you do not know the exact length and furthermore the passwords just seem to be shifted and slightly modified (exactly something that you normally use the rule attack for).

If you really would attack a very fast hash, you could of course combine every char that you think could be used into a new charset, but again this type of attack is not clever/fast for a very slow algo like scrypt-based ethereum wallets (-m 15700).
For -m 0 (MD5) you could use something like this:

Code:

hashcat -m 0 -a 3 -w 4 -1 "#23AEHNOPRSTWaehnoprstw" --increment --increment-min 5 --increment-max 15 hash.txt ?1?1?1?1?1?1?1?1?1?1?1?1?1?1?1

but note: that even in this case hashcat will need to increase the password length all the time (and the keyspace gets huger and huger with increasing length) and you won't see the total estimated run time at the start (only the current run time for that specific length, you can modify --increment-min / --increment-max to specify the min/max length... the mask length itself must always be the same length or longer than --increment-max).
This would be quite a strange approach to try all the password candidates and as already set is not recommended at all (and even less clever for slow hash algorithms), but I think you get the idea on how to combine each and every char at each and every position (if you don't know where the chars could be etc)

Thanks a lot philsmd for your detailed explanation. I took a look at the possible rules but I found no rule for the instruction to test lowercase and uppercase letters. Is there one? So I could write ...

WEATHER
weather

... into the dictionary file and hashcat will create all possible password candidates like:

Weather
wEAther
weaTHER

(and so on)
?

Is there a specific rule for that?

[McWorse]

Ok... just managed it to start hashcat. I am using the command console for the first time and I am sweat now... Therefore, I apologize for not working with rules yet. I am a totally noob, so I have to start as easy as possible.

I used this mask_file.hcmask:

--custom-charset1: 23wWeEaAtThHrR
--custom-charset2: 23eErRsSpP
--custom-charset3: 23sSpPoOnN
?1?1?1?1?1?2?2?2?2?3?3?3?3?3

and this command:

.\hashcat.exe -m 15700 -a 3 hash.txt mask_file.hcmask

It looks like, that hashcat started three attemps. Each one with one of my custom charsets.

But I want, that hashcat uses all three charsets at the same time, how I defined it in the mask:

?1?1?1?1?1?2?2?2?2?3?3?3?3?3

What is the trick for that?
Sorry ... I don't get it...

EDIT:
After each attempt it told me, that my wordlist is too small.
And at the end of the three attempts there was a message, that custom charset 1 is undefined.
What the heck ... ?

[philsmd]

If you read my posts carefully, I just explained what the fields of a hcmask file look like (each field/column of a hcmask file is separated by a comma ","). The "--custom-charset1" was just an explanation what the first field in a hcmask file would be when the users needs/sets it - before the mask which is always at the very end -... you don't need to write it (it was just the explanation what would be set.... i.e. what is the equivalent if you look at the hashcat --help output and use it without/outside the mask file).

Your mask should probably look like this:

Code:

23wWeEaAtThHrR,23eErRsSpP,23sSpPoOnN,?1?1?1?1?1?2?2?2?2?3?3?3?3?3

and use the --increment option if you are not sure about the lengths:

Code:

.\hashcat.exe -m 15700 --increment --increment-min 5 -a 3 hash.txt mask_file.hcmask

Note that --increment is very special here and it might not do exactly what you may expect ... i.e with length 5, the mask would not contain any ?2 or ?3 characters, but only ?1?1?1?1?1 (because hashcat increments always the full mask , SEE the additional explanation below)

just as a further explanation; if you only need ONE single custom charset i.e. --custom-charset1 , this would be the mask_file.hcmask

Code:

23#AEHNOPRSTWaehnoprstw,?1?1?1?1?1?1?1?1?1?1?1?1?1?1?1

also here, if you are not sure about the length, you could either write down different MASK (i.e. lines) in the hcmask file, or use --increment
As a further explanation: the --increment works like this:
hashcat just "loops" over the different lengths, that means that with --increment --increment-min 5 , this is what hashcat will try when the full masks in the hcmask file line (last field) is ?1?1?1?1?1?1?1?1?1?1?1?1?1?1?1 (without ?2 and without ?3 as a explanation, but the same holds for the other masks you use): first ?1?1?1?1?1 , then ?1?1?1?1?1?1 , then ?1?1?1?1?1?1?1, then ?1?1?1?1?1?1?1?1 etc (up to the mask length or if set up to --increment-max). To increment in the middle you would need to write down several masks in the mask file, i.e. if you want to increment like this ?1?1?1?2?3?3?3 , ?1?1?1?2?2?3?3?3 , ?1?1?1?2?2?2?3?3?3 (as you see the middle ?2 is increment in this EXAMPLE, we need to write them all down, because --increment will always increment the whole mask - i.e. only add another position of the mask at the END).

This is also basically what the FAQ and the wiki explain about the .hcmask file format... but I hope it's more clear now

tl;dr : just define the custom charsets directly in the correct field/column of the hcmask file, without the "--custom-charset" (that would be quite stupid if every hcmask file would always need to have that string when a custom charset would need to be defined).

It's good that you are willing to learn and I think you are quite quick at learning (even as a new user, noob). The beginning is always hard, but if you get the format and start to understand how hashcat works, you can profit a lot from this *advanced password cracker*. Good luck

[McWorse]

!

Code:

23wWeEaAtThHrR,23eErRsSpP,23sSpPoOnN,?1?1?1?1?1?2?2?2?2?3?3?3?3?3

!

I obviously did not understand the instructions at all, but now I got it. Just thought I had to write the whole "--custom-charset1" stuff. I will make my first try with that. After that, I will go further with the increment option. But I have to go on slowly with one step after another. And with breaks to calm down...
^^

Because ... yes: The beginning is extremely hard. Especially if you don't know anything about programming / command console (and all that stuff) and have always tried to keep that out of your life ... like me. But I will try it and I am very happy about your detailed answers. That really helps me. Thank you!

[McWorse]

Ok... there is probably no way around rules, because:

The presumed password length is 16.
Hashcat attacks about 50 times in one minute.

Because there are (if it is true, what hashcat shows, what I believe in) - 1,038,800,993,736,720,384 possible passwords. Converted to time, it is 39,5 billion years of calculating... so I should hope, that the universe is expanding forever, without a big rip - otherwise it will be tight.
XD

Does that sound likely, or does that look like a mistake? Is the speed of 50 attacks / minute normal?

----

Just working with AMD Ryzen 7 3800X (8 x 3.9GHz), Mainboard ASRock X570M Pro4, NVIDIA GeForce RTX 3070 Palit Jetstream 8G (extraneous for my task), 32GB DDR4-3000 and SSD. It is an absolute virgin system...

[Snoopy]

well scrypt is slow and "anti-gpu", hashcat is using GPU by default, there are many updates to scrypt but take a look at output from command

hashcat -D 1,2 -m 15700 -b

maybe it is better to stick to CPU (opencl drivers needed) check output from comand above whether your cpu is recognized or not