06-03-2021, 06:45 PM
Hello,
I am a new user looking for the best approach to attack a single hash with a password containing a known "base word".
To explain further using an arbitrary example:
passwd file contains only root user:
root:$1$abcdefge$1234123512361237123812:root:/home/root:/bin/sh
Password is known to be based on a single word, in this example "accordion".
Password could be:
Accordion
Acc0rd1on
4Ac0rdi1on
!$@cC-oRD!#0n2
but is definitely not going to be:
harmonica
H4rmoniCa
I have tried:
hashcat -m 0500 -i --increment-min 7 -a 3 -1 "aA4@cC(" -2 "oO0iI!1" -3 "rRdDnN" testhash.hash "?1?1?1?2?3?3?2?2?a?a?a?a"
and things of that nature, this seems to cast the net very wide, trying passwords like CccIndo which are way off, but also takes a lot of time to fail to find the password. Perhaps this approach could work if there were 8-10 different custom character sets and the -i switch was able to prepend ?a or work backwards from the end of the mask. I feel like there has to be a better approach.
I have also tried creating a custom rule file to create the specific substitutions I am after:
soO
so0
etc.etc.
But have not quite figured out how to apply the substitutions to each possible combination of "accordion" "accOrdion" "accOrdi0n". Nor how to add ?a wildcards to either end or interspersed in the base word.
I'm open to using other tools to generate a more comprehensive wordlist containing the possible combinations of the base word but would appreciate any guidance, either on the appropriate toolchain or the best use of hashcat internals.
Thanks.
I am a new user looking for the best approach to attack a single hash with a password containing a known "base word".
To explain further using an arbitrary example:
passwd file contains only root user:
root:$1$abcdefge$1234123512361237123812:root:/home/root:/bin/sh
Password is known to be based on a single word, in this example "accordion".
Password could be:
Accordion
Acc0rd1on
4Ac0rdi1on
!$@cC-oRD!#0n2
but is definitely not going to be:
harmonica
H4rmoniCa
I have tried:
hashcat -m 0500 -i --increment-min 7 -a 3 -1 "aA4@cC(" -2 "oO0iI!1" -3 "rRdDnN" testhash.hash "?1?1?1?2?3?3?2?2?a?a?a?a"
and things of that nature, this seems to cast the net very wide, trying passwords like CccIndo which are way off, but also takes a lot of time to fail to find the password. Perhaps this approach could work if there were 8-10 different custom character sets and the -i switch was able to prepend ?a or work backwards from the end of the mask. I feel like there has to be a better approach.
I have also tried creating a custom rule file to create the specific substitutions I am after:
soO
so0
etc.etc.
But have not quite figured out how to apply the substitutions to each possible combination of "accordion" "accOrdion" "accOrdi0n". Nor how to add ?a wildcards to either end or interspersed in the base word.
I'm open to using other tools to generate a more comprehensive wordlist containing the possible combinations of the base word but would appreciate any guidance, either on the appropriate toolchain or the best use of hashcat internals.
Thanks.