Combine mask attack with combinator
#1
Dear all,

I am trying to crack a semi random password of length 9-12 characters. Based on patterns in the semi random password (patterns in other semi random passwords) I defined 4 character sets which combined with numbers represent the password. I know that some blocks of 2-3 characters stick together.
I can define these different pieces as different mask each on a new line in a mask file, e.g. two digits (?d?d) for sure next to each-other, some characters (?1?2?2) for sure next to each-other. In this way, I can reduce the number of orders in the password from 10! to 7!, which is a huge difference.

My questions is, after defining these pieces of the puzzle, how to look for different orders of these pieces?
I checked the standard rules to see if there is a rule available, but I did not find a rule that could check for different orders. I know we have the combinator attack, but I do not know if and how that can be used in combination with a mask attack, as far as I know it only works with a brute-force password list. Generating such a list is slow and might be more than my HD can handle.

A last resort I can think of is to write a script to generate all possible orders as mask pattern and put them in the mask file, but I think this might blow up hashcat and be inefficient. Hence my question is there a more straightforward way to look at orders/combinations of masks.
Reply
#2
I ended up generating all orders as mask myself, I used btcrecovery for this purpose, but a few for loops would do the same.
After a lot of trial and error, I got the definition of the custom characters in the mask file right, putting the lines below in the beginning of my mask file (but it did not work).
--custom-charset1: kmhdl
--custom-charset2: sfjPaGMi
--custom-charset3: DFgJLnopwztvxZKbec
--custom-charset4: CQRTYABSEqryIHNUuWOVX

In the end I had to change to defining per line the character set which if way less efficient if you ask me, this should be optional, not obligatory. Example of per line definition of the custom character set. Tip, you can easily paste it in front of multiple lines using sublime multi-line editing:
kmhdl,sfjPaGMi,DFgJLnopwztvxZKbec,CQRTYABSEqryIHNUuWOVX,?1?2
Which means character_set_1:kmhdl , character_set_2: sfjPaGMi, character_set_3: DFgJLnopwztvxZKbec, character_set_4: CQRTYABSEqryIHNUuWOVX, mask_pattern:?1?2

Based on reading the following information on masks and custom character sets
https://hashcat.net/forum/thread-10109.h...racter+set
https://hashcat.net/wiki/doku.php?id=fre..._mask_file

After getting the mask file to work I got a "cuMemAlloc out of memory" error
=>Based on this post:
https://hashcat.net/forum/thread-9528.ht...+of+memory
Trying to clear some RAM, with 11 GB of VRAM, I should have at least 11 GB of normal RAM free.
=> Now running attack of 9 semi random characters
Reply