hashcat Forum Support hashcat v
How to sort a mask file based on probability

Threaded Mode
How to sort a mask file based on probability
firefullplank Offline
Junior Member
**
Posts: 4
Threads: 2
Joined: Jan 2022
#1
Question  01-19-2022, 01:02 PM
I have a mask file consisting of about 46k different masks to make it only try 8 character passwords that include at least 1 digit, 1 lowercase char and 1 uppercase char. The thing is that the masks are in a seemingly random order and I would like to sort it so it tries the most probable masks first because it's unlikely that someone has a password where format will be ?s?s?s?s?s?l?u?d. I could make a python script do this but I am unsure of the different probabilities of a password starting with a uppercase char and the next one being lowercase etc.
Is there any tool out there that will sort a mask file for you based on probability or if not any source that tells me the probabilities of these different cases so i can make a tool to sort my mask file.

Thanks.
Find
Reply
Snoopy Offline
Posting Freak
*****
Posts: 822
Threads: 15
Joined: Sep 2017
#2
01-19-2022, 02:26 PM
probability depends on the language you are attacking, you could use a password analyzing tool like PACK and feed a known password plainlist like rockyou or something similar, i did this once and IF there was an uppercaseletter it was most likely on the first position and/or something like this passwordstyle

TheKing
TheKing123
TheKing123!

as i mentioned in your other thread you could also try another approach like just using one mask with 8 time lower chars and then use a customized ruleset to upper chars or/and for inserting digits, BUT you you have to generate this ruleset on your own, i think there is no out of the box ruleset that will fit your needs, see examples shipped with hashcat

example PACK output for a small password list i found somewhere on the internet, as you can see if there is an upper char, it is on first position (last 5 lines)

Code:
[*]Advanced Masks:
[+]              ?l?l?l?l?l?l: 06% (6486)
[+]          ?l?l?l?l?l?l?l?l: 05% (5592)
[+]            ?l?l?l?l?l?l?l: 04% (4769)
[+]          ?l?l?l?l?l?l?d?d: 03% (3886)
[+]        ?l?l?l?l?l?l?l?l?l: 03% (3407)
[+]              ?d?d?d?d?d?d: 03% (3194)
[+]          ?d?d?d?d?d?d?d?d: 02% (2734)
[+]          ?l?l?l?l?d?d?d?d: 02% (2397)
[+]                ?l?l?l?l?l: 02% (2397)
[+]            ?l?l?l?l?l?d?d: 02% (1970)
[+]        ?l?l?l?l?l?d?d?d?d: 02% (1876)
[+]      ?l?l?l?l?l?l?l?l?l?l: 02% (1748)
[+]          ?l?l?l?l?l?d?d?d: 02% (1724)
[+]        ?l?l?l?l?l?l?l?d?d: 01% (1660)
[+]              ?l?l?l?l?d?d: 01% (1455)
[+]        ?l?l?l?l?l?l?d?d?d: 01% (1333)
[+]      ?l?l?l?l?l?l?d?d?d?d: 01% (1294)
[+]              ?u?l?l?l?l?l: 01% (1229)
[+]          ?u?l?l?l?l?l?d?d: 01% (1149)
[+]          ?l?l?l?l?l?l?l?d: 01% (1082)
[+]          ?u?l?l?l?l?l?l?l: 01% (1068)
[+]            ?u?l?l?l?l?l?l: 01% (995)
Find
Reply
firefullplank Offline
Junior Member
**
Posts: 4
Threads: 2
Joined: Jan 2022
#3
01-19-2022, 02:35 PM (This post was last modified: 01-19-2022, 02:38 PM by firefullplank.)
yes i have seen PACK but providing a wordlist is not really an option as you observed in my previous thread as the file size would bee too big so I'm looking for a way to do this without using a wordlist. One option i thought off is to gen a password for each entry in the mask file and pass that to PACK but it also takes into consideration the frequency of the specific type of password so I am not sure how effective that would be.

Also I heard that hashcat automatically tries the most probable combinations first for a mask, is this true?
Find
Reply
Snoopy Offline
Posting Freak
*****
Posts: 822
Threads: 15
Joined: Sep 2017
#4
01-19-2022, 03:43 PM
(01-19-2022, 02:35 PM)firefullplank Wrote: One option i thought off is to gen a password for each entry in the mask file and pass that to PACK but it also takes into consideration the frequency of the specific type of password so I am not sure how effective that would be.

well this would result in the same mask, so no, this is not effective at all

to generate a statistic you will need a starting point and therefore at least one wordlist with "real world passwords"

this is the shortened output by pack for a "real word pw list" i found while examining a spam-server used by a german "hacker", i also tried this list (plus best64.rule) against a leaked database dump for a german forum and i was able to instant crack round about 25% of the used passwords

Code:
[*]Length:
[+]                        8: 30% (148307)
[+]                        6: 29% (142581)
[+]                        7: 19% (91284)

[*]Advanced Masks:
[+]              ?l?l?l?l?l?l: 12% (58189)
[+]          ?l?l?l?l?l?l?l?l: 11% (53264)
[+]              ?d?d?d?d?d?d: 09% (42067)
[+]            ?l?l?l?l?l?l?l: 08% (40902)
[+]          ?d?d?d?d?d?d?d?d: 06% (31394)

snip till first mask with upper occurs

[+]              ?u?l?l?l?l?l: 01% (2949)
[+]    ?l?l?l?l?l?l?l?l?l?l?l: 01% (2836)
[+]        ?l?l?l?l?l?l?l?d?d: 01% (2699)
[+]            ?l?l?l?d?d?d?d: 01% (2648)
[+]              ?u?u?u?u?u?u: 01% (2602)
[+]        ?l?l?l?l?l?d?d?d?d: 01% (2515)

as you can see, most passwords are really really simple, but as i mentioned, to get these statistic, you will need a passwordlist to start with
Find
Reply