Struggling with syntax for brute force mask
#1
Hello, first time attempting something like this 

Am currently locked out of an MS Office 2010 document that is encrypted with a password 

I managed to install The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali) Linux and use a Python script to get the hash from the document. ($office$*2010*100000*128*16) hash mode 9500. 

I ran hashcat using hash mode 9500 and a dictionary attack using rockyou.txt word list. 

Unfortunately this did not find the password, so I tried to do brute force instead. But the password is likely to be quite long. We think 9 or 10 characters. this will take weeks with my hardware, so I would like to use a mask to reduce the running time. 

What we know:
The password is likely to contain one or two of these 3 words/numbers: review, contract, 2018
The order/position of the word(s)/numbers is unknown
The casing of the words is unknown
It is unlikely that there will be any special characters outside alphabet letters and numbers 2018

I have been reading the documentation on masks but haven't been able to write one in a way that catches everything in my criteria. Is anyone able to help? Many thanks in advance
Reply
#2
i think you are looking more for combinator attack + rules, if you really want to use mask -> maskfile you have to generate a really huge maskfile like this

maskfiles work linebased, each line is one mask 4 customcharset possible, devided by , so
CS1,MASK
?l?u?d,?1review
means prepend 1 lower or upper or digit before review
?l?u?d,?1?1review
means prepend 2 lower or upper or digit (mixed) before review

just for review
maskfile
Code:
?l?u?d,?1review
?l?u?d,?1?1review
?l?u?d,?1?1?1review
?l?u?d,?1?1?1?1review

?l?u?d,review?1
?l?u?d,review?1?1
?l?u?d,review?1?1?1
?l?u?d,review?1?1?1?1

?l?u?d,?1Review
?l?u?d,?1?1Review
?l?u?d,?1?1?1Review
?l?u?d,?1?1?1?1Review

?l?u?d,Review?1
?l?u?d,Review?1?1
?l?u?d,Review?1?1?1
?l?u?d,Review?1?1?1?1

you will see this will be quite a really huge task to build up these maskfile, but you can use hashcat utils to help you a little

try the following
testdic (i assume no real mixing of upper lower inside one word, if you want this too, you have to add this)
Code:
review
Review
REVIEW
contract
Contract
CONTRACT
2018

combinator testdic testdic > testdic2
combinator3 testdic testdic testdic > testdic3

cat testdic testdic2 testdic3 > fulldic

this will give you all combinations from these words, with this list you could start building up your maskfile

i would use a good editor like sublime text where you can edit multiple lines (str+alt) in one step

or you can try fulldic with rules (this should be a fast run, so i would start with this anyway) -a0 -r dive.rule
Reply
#3
(03-22-2022, 08:28 PM)Snoopy Wrote: i think you are looking more for combinator attack + rules, if you really want to use mask -> maskfile you have to generate a really huge maskfile like this

maskfiles work linebased, each line is one mask 4 customcharset possible, devided by , so
CS1,MASK
?l?u?d,?1review
means prepend 1 lower or upper or digit before review
?l?u?d,?1?1review
means prepend 2 lower or upper or digit (mixed) before review

just for review
maskfile
Code:
?l?u?d,?1review
?l?u?d,?1?1review
?l?u?d,?1?1?1review
?l?u?d,?1?1?1?1review

?l?u?d,review?1
?l?u?d,review?1?1
?l?u?d,review?1?1?1
?l?u?d,review?1?1?1?1

?l?u?d,?1Review
?l?u?d,?1?1Review
?l?u?d,?1?1?1Review
?l?u?d,?1?1?1?1Review

?l?u?d,Review?1
?l?u?d,Review?1?1
?l?u?d,Review?1?1?1
?l?u?d,Review?1?1?1?1

you will see this will be quite a really huge task to build up these maskfile, but you can use hashcat utils to help you a little

try the following
testdic (i assume no real mixing of upper lower inside one word, if you want this too, you have to add this)
Code:
review
Review
REVIEW
contract
Contract
CONTRACT
2018

combinator testdic testdic > testdic2
combinator3 testdic testdic testdic > testdic3

cat testdic testdic2 testdic3 > fulldic

this will give you all combinations from these words, with this list you could start building up your maskfile

i would use a good editor like sublime text where you can edit multiple lines (str+alt) in one step

or you can try fulldic with rules (this should be a fast run, so i would start with this anyway) -a0 -r dive.rule

thank you for taking the time to write this, you went into a lot more detail than i would have expected from someone on a free forum. i really appreciate it. you've certainly given me a point in the right direction and i'm going to experiment with your suggestions. thanks again!
Reply
#4
i'm in! combinator attack using a dictionary i created using your suggestion did the trick in a matter of seconds. thanks so much!
Reply