Troubles with creating the mask

[McWorse]

Hi!

I am going crazy: I read all the instructions and the various posts here on the forum, but I have no plan on how to proceed. I am not a native english speaker, and this makes the things even worse. Maybe someone could help me:


I am one of those, who created an ether wallet in 2017 but can't remember, that I created a password. I am actually rock solidly convinced that I never created a password when I created the wallet. But anyway. The problem exists and needs to be solved. So let's assume I did create a password for myself. Because I didn't write anything down, I'm going to assume that I used a default password, which I used a lot in 2017. But because this password does not work, I may have changed it only slightly. Maybe capitalized one (or more) particular letter(s). Or maybe I put a number at the beginning or in the middle of the password. Or maybe I added a special character somewhere. I don't know...

The default password has approximately the following scheme:

weatherspoon32

two words put together and a number.

So with a slight change, it could look like something like this:

weatherSpoon32
!weatheRspooN23
2weather#SPOON3

The easiest way would be to specify a charset:

wWeEtThHrRsSpPoOnN32!#

But these are a lot of possible combinations. To speed up hashcat, I would like to specify the mask. But I really have no clue how to do this. How would I have to proceed in the above case?

Would be great, if someone could give me a hint.

Thanks in advance an kind regards!
McW

[McWorse]

An addition to my question:

I have difficulties in understanding the official explanation of creating a mask file as shown here:

https://hashcat.net/wiki/doku.php?id=mask_attack

The general format of 1 single line in the .hcmask file is as follows:

[?1,][?2,][?3,][?4,]mask

where the placeholders are as follows:

• [?1] the 1st custom charset (--custom-charset1 or -1) will be set to this value, optional
  
• [?2] the 2nd custom charset (--custom-charset2 or -2) will be set to this value, optional
  
• [?3] the 3rd custom charset (--custom-charset3 or -3) will be set to this value, optional
  
• [?4] the 4th custom charset (--custom-charset4 or -4) will be set to this value, optional
  
• [mask] the mask which should (but does not need) to use the custom-charset defined by [?1], [?2], [?3] or [?4] and can use any additional predefined charset (?l, ?u, ?d, ?h, ?H, ?s, ?a, ?b) and can contain fixed chars too (example value: pass?1?d?d?2?l?l)
  

* see the PACK program and some example hcmask files shipped by hashcat (in the masks/ folder).

Is there somewhere an example of a mask file for an own specified charset to look at?

With an example it should be easier to understand for me. Unfortunately, there are no examples for an own specified charset comming with the current hashcat version...

[philsmd]

yeah, all the files under the masks folder within the hashcat root directory are .hcmask files

Therefore you have plenty of examples, just see the masks folder of the 7-zip "hashcat binaries" from https://hashcat.net/hashcat/

You are also lucky that a second explanation exists within the hashcat FAQ (see https://hashcat.net/wiki/doku.php?id=fre..._mask_file ).

I also admit that most of the hcmask files within the masks folder don't use the feature of defining your own charset, but there is one example called hashcat-default.hcmask which (currently) has this content:

Code:

?l?d?u,?l?d,?l?d*!$@_,?1?2?2?2?2?2?2?3?3?3?3?d?d?d?d

this defines 3 new charsets:
- the first one is: --custom-charset1 ?l?d?u
- the second one is: --custom-charset2 ?l?d
- the third one is: --custom-charset3 ?l?d*!$@_

(note, depending on your operating system and shell that you use, you need to quote the strings when using directly within the command line, with single or double quotes)

I think it's quite easy to understand, given that this is an advanced attack technique for an advanced password cracking tool (hashcat), but feel free to ask questions if you are still struggling

---

marc1n : please refrain from only writing "I send PM" in the future. This is a hashcat forum that is based on user-to-user (community) help that is posted within questions and replies (as forum posts) where knowledge and information are shared publicly. We try to help each other in public here.

I've seen already several posts of you that just mention that you've send some DM/PM . This is not following the spirit of helping each other publicly. Either you have a solution and want to share it or you don't have them.

I'm not going to judge (and I also don't know for sure) what you are going to write in the DMs, but in my opinion there is little reason for going private/dark here, except if you want to mention something that you are not willing to share publicly.

Again, I don't know what you write in these PMs etc, but it's against the forum rules to ask for hashes and/or promote any strange services for cracking user hashes (or similar).... and this also holds if users are kind of forced into a private communication that doesn't make much sense (there are some very rare exceptions e.g. if a hashcat developer needs some files to troubleshoot a problem or similar) etc. So I use this chance (again, I'm not saying it's the case here) to strongly advice anybody to not trust other (random) forum users that make any strange request over DMs and maybe also report any attempt of breaking the forum rules or scam attempt etc to the forum moderators / admins (again, I'm not judging this case... I'm just saying that we can't really know what happens in the DMs, but if we get reports of users getting any strange request or are getting links to any strange spam/scam site, we can still investigate and ban the users).

So this is the first warning (actually the second, because royce already mentioned something similar here: https://hashcat.net/forum/thread-10107-p...l#pid52633) and I really apologize if these "claims" (or in general the warning/suspicion) are completely wrong, but you still should stick to the open community spirit of this forum.
Of course we can ban users whenever we see that users don't stick to the rules and are annoying users with strange request over DMs (or similar) or just forum posts mentioning and annoying other users with direct messages etc.

[McWorse]

Sorry ... I don't get it. I want to define my own charset.
What do I have to write (in which format) exactly into the .hcmask file?

Let's take my example from the opening post (I changed it a bit to make things easier now):

Default password:

weatherspoon32

two words put together and a number.

So with a slight change, it could look like something like this:

weatherSpoon32
3WeatherspOOn2

Should the .hcmask file now look like this:

--custom-charset1: wWeEaAtThHrRsSpPoOnN32
?1?1?1?1?1?1?1?1?1?1?1?1?1?1

?

Is this right? Is this enough? Is it correct, that there is space between the colon and the first character? I just don't know how to build the content of the file in terms of format...
XD

[philsmd]

This doesn't seem like a good situation/way to use masks.

masks normally are used for a quite large keyspace applied to a per-position pattern ... e.g. always 5 random alphanumeric characters at the start, followed by 3 lower-case characters .... or similar (an advanced brute-force technique, see wiki: https://hashcat.net/wiki/doku.php?id=mask_attack)

Maybe in this case you should better look into rule-based attacks (see wiki: https://hashcat.net/wiki/doku.php?id=rule_based_attack) based on a specific wordlist (base words).

[McWorse]

But this format for an .hcmask file would be correct:

--custom-charset1: wWeEaAtThHrRsSpPoOnN32
?1?1?1?1?1?1?1?1?1?1?1?1?1?1

?
First line charset, second line mask?

[McWorse]

Ok ... if I understand the explanations behind your provided links, this:

--custom-charset1: wWeEaAtThHrRsSpPoOnN32
?1?1?1?1?1?1?1?1?1?1?1?1?1?1

... should be correct. Dealing with rules will be too difficult for me now at the beginning. So thank you very much for your information so far philsmd. I will refine my first attempt a little bit. Because the possible schemes of my password can be, as example ...

32weatherspoon
2weatherspoon3
2WeaTher3SPoon
weather32spoon
wEAthersPoon23
...
(and so on)

... will split it in three custom charsets, like this:

--custom-charset1: 23wWeEaAtThHrR
--custom-charset2: 23eErRsSpP
--custom-charset3: 23sSpPoOnN
?1?1?1?1?1?2?2?2?2?3?3?3?3?3

With this mask and charsets I will exclude the word (and characters from) spoon for the beginning of the password and a couple of characters of the first part of the password in order to speed the calculation a little bit up.
Better?

[10785740]

How to make a .hcmask file with random 32 charset (?l?u?d), skip all same charset or any generator?

[Snoopy]

How to make a .hcmask file with random 32 charset (?l?u?d), skip all same charset or any generator?

QLOCKER? see here... 

https://hashcat.net/forum/thread-10098-p...l#pid52659

for short, forget bruteforcing (it wont be succesfull in thousands of years), see the video mentioned by philsmd

[philsmd]

Again the best method would probably be to use rule-based attacks, see https://hashcat.net/wiki/doku.php?id=rule_based_attack

you could even create your own dictionary file with several permutations of the base password and run it through some standard rule files (if you really don't want to mess around with creating your own rule file).

Code:

hashcat -m 15700 -a 0 -w 3 -r rules/best64.rule hash.txt dict.txt

hash.txt is the hash file that holds 1 hash line that follows the format mentioned in https://hashcat.net/wiki/doku.php?id=example_hashes (for 15700).
dict.txt is a file that you created with notepad or similar that holds a few thousands of possible password candidates that you think are likely the correct one (original and a little bit mangled base words, 1 password on each line).

The problem with the mask attack is that you do not know the exact length and furthermore the passwords just seem to be shifted and slightly modified (exactly something that you normally use the rule attack for).

If you really would attack a very fast hash, you could of course combine every char that you think could be used into a new charset, but again this type of attack is not clever/fast for a very slow algo like scrypt-based ethereum wallets (-m 15700).
For -m 0 (MD5) you could use something like this:

Code:

hashcat -m 0 -a 3 -w 4 -1 "#23AEHNOPRSTWaehnoprstw" --increment --increment-min 5 --increment-max 15 hash.txt ?1?1?1?1?1?1?1?1?1?1?1?1?1?1?1

but note: that even in this case hashcat will need to increase the password length all the time (and the keyspace gets huger and huger with increasing length) and you won't see the total estimated run time at the start (only the current run time for that specific length, you can modify --increment-min / --increment-max to specify the min/max length... the mask length itself must always be the same length or longer than --increment-max).
This would be quite a strange approach to try all the password candidates and as already set is not recommended at all (and even less clever for slow hash algorithms), but I think you get the idea on how to combine each and every char at each and every position (if you don't know where the chars could be etc)