writing a mask for a rule
#1
I want to start a mask attack for a password I remembered some of part. but I am not sure how I can do it.
basically rule is like that:

(. ! .! !. null)(4 or 5 digit int)KnownPartOfTheKey(4 or 5 digit int)(. ! .! !. null)
and minimum is 25 character.

null means it can be empty and there may not be a anything there instead of !, ., .!, !.
how can mask written for this rules?
Reply
#2
this is not possible with one mask, you have use multiple masks or use pregenerated wordlists

ill give you a hint for masks
make a file called masks.txt and add this first line (each line is one mask)
Code:
. ! .! !.?d?d?d?dKnownPartOfTheKey?d?d?d?d. ! .! !.
you can test this with
Code:
hashcat --stdout -a3 masks.txt

this will generate passes like this 
Code:
. ! .! !.4422KnownPartOfTheKey3961. ! .! !.
. ! .! !.6250KnownPartOfTheKey3961. ! .! !.
. ! .! !.1511KnownPartOfTheKey3961. ! .! !.
. ! .! !.0250KnownPartOfTheKey3961. ! .! !.
. ! .! !.2806KnownPartOfTheKey3961. ! .! !.

now you have to specifiy rules for the other combinations lets say 
* 4 digits * 5 digits *
* 5 digits * 4 digits *
* 5 digits * 5 digits *
and also for the null possibility, depending wether or not these "mixing" possibilities are wanted or unwanted (e.g. * null 4digits key 5digits *) you will need, i think, minimal 4 rules max 16 rules for one Key
Reply
#3
great explanation with example / command.

i would be thankful if you help me in defining rule / mask ... i have some keywords and also some digit patterns / figures and 2-3 special characters which i generally / usually used in my passwords (i have password protected excel 2007 file). whether i should generate 3 files - keyword-file, number/figure-file & special-char-file ? if so, how i should use all the three files simultaneously to either generate passwords or mask-attack ? also give any other suggestion ... thanks in advance & regards,

(07-21-2022, 01:22 PM)Snoopy Wrote: this is not possible with one mask, you have use multiple masks or use pregenerated wordlists

ill give you a hint for masks
make a file called masks.txt and add this first line (each line is one mask)
Code:
. ! .! !.?d?d?d?dKnownPartOfTheKey?d?d?d?d. ! .! !.
you can test this with
Code:
hashcat --stdout -a3 masks.txt

this will generate passes like this 
Code:
. ! .! !.4422KnownPartOfTheKey3961. ! .! !.
. ! .! !.6250KnownPartOfTheKey3961. ! .! !.
. ! .! !.1511KnownPartOfTheKey3961. ! .! !.
. ! .! !.0250KnownPartOfTheKey3961. ! .! !.
. ! .! !.2806KnownPartOfTheKey3961. ! .! !.

now you have to specifiy rules for the other combinations lets say 
* 4 digits * 5 digits *
* 5 digits * 4 digits *
* 5 digits * 5 digits *
and also for the null possibility, depending wether or not these "mixing" possibilities are wanted or unwanted (e.g. * null 4digits key 5digits *) you will need, i think, minimal 4 rules max 16 rules for one Key
Reply
#4
(07-22-2022, 10:47 AM)hetcat Wrote: great explanation with example / command.

i would be thankful if you help me in defining rule / mask ... i have some keywords and also some digit patterns / figures and 2-3 special characters which i generally / usually used in my passwords (i have password protected excel 2007 file). whether i should generate 3 files - keyword-file, number/figure-file & special-char-file ? if so, how i should use all the three files simultaneously to either generate passwords or mask-attack ? also give any other suggestion ... thanks in advance & regards,

is your file password protected (opening) or is it encrypted?, im not quite sure, but with excel 2007 and opening/sheetprotection you should be able to remove the password protection by simply manipulating some xml files inside the uncompressed xlsx file (7zip)
Reply
#5
my file is password protected (opening) ... can't open without password. i had already tried to open the file by manipulating with .xml  (from 7zip) ... but i can't find any .xml file within it. ... i will be thankful if you can help me in resolve my queries ...

also i would be thank if you suggest a command to build a password file using user-defined character-set.  whether i need to specify character-set in separate file ? please reply in details. 

thanks & regards

(07-22-2022, 01:47 PM)Snoopy Wrote:
(07-22-2022, 10:47 AM)hetcat Wrote: great explanation with example / command.

i would be thankful if you help me in defining rule / mask ... i have some keywords and also some digit patterns / figures and 2-3 special characters which i generally / usually used in my passwords (i have password protected excel 2007 file). whether i should generate 3 files - keyword-file, number/figure-file & special-char-file ? if so, how i should use all the three files simultaneously to either generate passwords or mask-attack ? also give any other suggestion ... thanks in advance & regards,

is your file password protected (opening) or is it encrypted?, im not quite sure, but with excel 2007 and opening/sheetprotection you should be able to remove the password protection by simply manipulating some xml files inside the uncompressed xlsx file (7zip)
Reply
#6
see attached pictures, how looks your filecontent when opening with 7z?

enc.jpg means file is fully encrypted, no way of manipulating xml
sheet.jpg should be possible

next thing see hashcat utils https://github.com/hashcat/hashcat-utils/releases, combinator
example given
front.txt
Code:
! ! !
? ! ?
! ? !

back.txt
Code:
123
234
345

combinator front.txt back.txt results in any combination of front and back

! ! !123
! ! !234
! ! !345
? ! ?123
? ! ?234
? ! ?345
! ? !123
! ? !234
! ? !345


redirect this to another file like combinator front.txt back.txt > mix1.txt, you can use mix1.txt with another file and so on, this way you can combine your own very well predefined wordlist


Attached Files
.jpg   sheet.jpg (Size: 14.45 KB / Downloads: 4)
.jpg   enc.jpg (Size: 14.72 KB / Downloads: 4)
Reply