how to create a rule for at least one number and lower char

[paranoyakx]

Hi,

I wanted to know if there is a way to define a mask (or create a rule) that includes there must be at least one number and rest is lower characters.

I wanted to crack a 7  characters password and it might contain numbers and lower case characters. I understood how to define a mask but how can I say that at least 1 digit must be a number. that will reduce the possibilities drastically.

I am aware that I can run 7 times hashcat with changing the mask every time like ?d?l?l?l?l?l?l  and then ?l?1?l?l?l?l?l etc but I might try to use upper cases too so combinations are too high. so, basically I wanted to create my charset and mask as: 

-1 ?l?1?u ?1?1?1?1?1?1?1

but as I said want hashcat to generate passwords so that they must contain at least 1 lower, 1 upper and 1 number. I hope, I could explain it.

thanks.

[Snoopy]

basically (for fast hashes) a built in logic to decline pw candidates like this would slow down the whole process of cracking, therefore you might be better using just a mask with 7 all lowercase combined with a handcrafted ruleset which switches 1-x letters to upper and replace 1-x with a digit

see example rules toggle* and built up your own ruleset

[CATuGHTI]

@Snoopy

How to you use mask and rules together?

Use of -r/--rules-file and -g/--rules-generate only allowed in attack mode 0.

[paranoyakx]

please forgive my lack of explanation. I am quite new at hashcat and might use terminology wrong. basically what I need is, to crack a hash which contains both lower case characters and numbers. so I know that at least one character or number exists so if I define my mask as this: " -1 ?l?1 " it will generate passwords starting from aaaaaa to 999999 right? but I don't want to test aaaaaa or abghre because there must be at least one number in it. likewise I don't want hashcat generate 1111111 either because there must be at least one character. so is this possible to define using masks (or rules or any other option) ?

my current execute command:
hashcat -a 3 -m 22100 -1 ?l?1 ?1?1?1?1?1 hash.txt

thanks.

[CATuGHTI]

@paranoyakx

I think what you need is:

hashcat -a 3 -m 22100 -1 ?l?d ?1?1?1?1?1 hash.txt

?l - lower
?d - numbers

[paranoyakx]

@paranoyakx

I think what you need is:

hashcat -a 3 -m 22100 -1 ?l?d ?1?1?1?1?1 hash.txt

?l - lower
?d - numbers

hi, thanks for reply. by mistake I wrote -1 ?l?1 it should be -1 ?l?d as you indicated. it is a typo on my previous message but as I said this does not solve my problem because -1 ?l?d also checks for aaaaaaaa or 5555555, I want it to generate data as it includes at least one char or number (whatever I defined at -1, there must be at least one of them). for ex if I define the mask as " -1 ?l?u?d?s ?1?1?1?1?1 " then I want it to generate 5 digits passwords which contain at least one lower, upper, number and special character. I assume this is not an option for now.

[Snoopy]

as i said, the logic to decline such pw candidates would slow down more than just checking this pw

sry for my mistake, mask and rules is not supported (at least direcly), you have to cirmumvent this by generating your wordlist beforehand, or feed hahscat with maskprocessor

my try would be using maskprocessor

you can use maskprocesser with just ?l?l?l?l?l?l?l to generate words with just 7 letters lowercase, feed this via pipe to hashcat and you can use a rule file

for basic understanding you can tryout this with a simple test like this

put 32 times the char a into hash.txt (emulating a simple md5)
put $1 into a file called rule.txt (basic rule just append 1 to the password)
fire up this command line (between mask and hahscat, this is a pipe)

mp64 ?l?l?l | hashcat -a 0 -m 0 -O -r rule.txt hash.txt

this should run very fast, just see the line with candidates

Candidates.#1....: yge1 -> zzz1

as you can see, the piped pw candidates where modified on the fly and a 1 was appended, so rukles are working

or you can just fire

mp64 ?l?l?l | hashcat -a 0 -m 0 -O -r rule.txt --stdout

to see the generated passwords
...
zzm1
zzn1
zzo1
zzp1
zzq1
zzr1
zzs1
zzt1
zzu1
zzv1
zzw1
zzx1
zzy1
zzz1

"all" you have to do now ist just lengthen the mask (at least to 6 or 7 times ?l (depending on which kind of rules you want to use)  and build a specialruleset for inserting/switching posistions with upper, numbers, what you want, but this is a quite nice task, because you have to do this for all position from 0-6 (counter starts at 0 ) and for all kind of rules you want

you can see hashcat wiki https://hashcat.net/wiki/doku.php?id=rul...kprocessor how to use the maskprocessor to help you generating the rules and use combinator to combine this rules

[paranoyakx]

thank you very much for support. I will look into maskprocessors as you pointed out.