Posts: 16
Threads: 6
Joined: Sep 2021
09-28-2021, 08:10 AM
Hey folks,
First off - apologies if this is commonly asked, I couldn't find it in the docs and I'm not sure what the search would be for what I'm trying to do, I kept getting maskfiles but I don't think that's what I want
I need to use more than one custom set.
e.g.
mask: ?u?l?1?2?3?4?
where:
?1 is '?l?d'
?2 is '_!$'
?3 is 'Gg'
?4 is 'eE3£'
?5 is '{}£$'
In John I would use the '[]' notation i.e. [eE3£] for ?3
Can I do this in hashcat?
Thanks
Posts: 889
Threads: 15
Joined: Sep 2017
09-28-2021, 05:38 PM
(This post was last modified: 09-28-2021, 05:38 PM by Snoopy.)
you can only use 4 custom sets, but you could use
https://hashcat.net/wiki/doku.php?id=hybrid_attack where the dict just contains the chars from your ?5
OR in fact, your ?2 ?3 ?4 ?5 are a small keyspace (3*2*4*4=96 possibilities), why you dont build up a prebuild dictionary from these chars see hashcat utils combinator and just start with
dict1:
_
!
$
and dict2
G
g
combine them, combine the result with dict3 (your ?4), combine this result with dict4 (your ?5)
and then use this dict in hybrid attack see link above
Posts: 16
Threads: 6
Joined: Sep 2021
Thanks Snoopy I'll check it out
I've got a (probably typical problem) where a part of the password is known, but it is known to have substitutions and the whole length is up to 10. The fewer possibilities... the better
Posts: 889
Threads: 15
Joined: Sep 2017
(09-28-2021, 06:47 PM)HostileBlue2020 Wrote: Thanks Snoopy I'll check it out
I've got a (probably typical problem) where a part of the password is known, but it is known to have substitutions and the whole length is up to 10. The fewer possibilities... the better
substitutions can also be done by rules (mostly in addition with a good wordlist), but in your case (it seems you have a real good clue about the passwordstyle) i think the way i mentioned will be the best approach