Mask ignored
#1
Hiya

For a school assignment, (yes ethical hacking is a course for me Smile ) I'm trying to crack a Win7 ntlm hash.

I know the password... it's MyPet123

The command should be this for me:
hashcat -m 1000 -a 6 BBEB311FF8BBB2335C520F767DD67E81 /usr/share/wordlists/rockyou.dic -1 ?u -2 ?l -3 ?d ?1?2?1?2?2?3?3?3

But I'm running into max keyspace, integer overflow.

If I try to reduce the length of the password so making the mask ?1?2?1?2?2?3?3, it's trying candidates with length of 11.

What am I missing here?

Many thanks!
Reply
#2
The length of the candidate will be the length of the candidate from the wordlist + your mask, so if you have a mask of 7-8 characters, you will quickly get candidates of length 11 and above.
Also, why use -1, -2 and -3 on so simple masks? Just use ?u?l?u?l?l?d?d?d
I guess what you really want here is the -a3 and not the -a6.
Reply
#3
(12-05-2022, 09:49 PM)b8vr Wrote: The length of the candidate will be the length of the candidate from the wordlist + your mask, so if you have a mask of 7-8 characters, you will quickly get candidates of length 11 and above.
Also, why use -1, -2 and -3 on so simple masks? Just use ?u?l?u?l?l?d?d?d
I guess what you really want here is the -a3 and not the -a6.

Yes  ?u?l?u?l?l?l?d?d?d is the mask I tried first but I didn't know it's appending this mask to the wordlist instead of incorporating it in the total password mask. Thanks for that!

Now Brute forcing it since I know the composition of the PW would work better you are right. However I created a mask list with policygen for passwords that consist of 2 caps, 4 lowers and 3 numbers. Is there a way to combine this with a wordlist? 

So for example a wordlist consists of only lower letters but looks at the provided masks and tries the word with each possible combination of 2 caps and additional numbers? That would really rock! Smile
Reply
#4
You need rules for that. That can't be done with masks. See https://hashcat.net/wiki/doku.php?id=rule_based_attack
Reply
#5
(12-06-2022, 08:07 PM)b8vr Wrote: You need rules for that. That can't be done with masks. See https://hashcat.net/wiki/doku.php?id=rule_based_attack

Beautiful, thanks!
Reply