Help on Rule or Mask or something

[pdparisi]

Hi All,

I am very new to this. I have been poking around using Hashcat trying crack a PDF file (m 10500) password. I know the following about it:

The user says that they use the following pattern:

[Special Character]Regular English Word[Special Character]A Different English Word[Special Character]

• Each special character is blank, or a special character, typically a shifted number or such, brackers, punctuation. No high order characters.
  
• Regular English words of something you might look up and see in a typical room. Typically, lower case but may have an initial cap.
  

Here is my current command line:

hashcat.exe -S -w 3 -m 10500 words_alpha.txt -r onerule.txt -o cracked.txt


What are some better approaches to getting this done?

I would love your input and ideas!

Thanks!
Paul.

[b8vr]

One way to do it could be by first creating a list of words with added special characters, like this:

Hashcat -a6 wordlist ?s --stdout > wordlist-specchar.txt

And then run a command where I pipe hashcat into itself:

Hashcat -a1 wordlist-specchar.txt wordlist-specchar.txt --stdout | hashcat -a7 -m10500 hash ?s

Another option is creating one list of words and one list of special chars and then use combinatorx from hashcat-utils to combine them and pipe them into hashcat.

[pdparisi]

I am going to try both options. Thank you so much! I will let you know how it goes...

One thing - I am trying to find CombinatorX and it does not seem to be in hashcat-utils-1.9... I must be missing something?

Thanks,
Paul.

[pdparisi]

Hmmm...

Here are my two commands:

This works:

Hashcat -a6 f:\crack\500words.txt ?s --stdout > f:\crack\500words-specchar.txt

This:

Hashcat -a1 f:\crack\500words-specchar.txt f:\crack\500words-specchar.txt --stdout | hashcat -a7 -m10500 f:\crack\source.hash ?s -o f:\crack\500-output.txt

Give me the following output:

hashcat (v6.2.6) starting

Successfully initialized the NVIDIA main driver CUDA runtime library.

Failed to initialize NVIDIA RTC library.

* Device #1: CUDA SDK Toolkit not installed or incorrectly installed.
CUDA SDK Toolkit required for proper device support and utilization.
Falling back to OpenCL runtime.

* Device #1: WARNING! Kernel exec timeout is not disabled.
This may cause "CL_OUT_OF_RESOURCES" or related errors.
To disable the timeout, see: https://hashcat.net/q/timeoutpatch
clCreateContext(): CL_OUT_OF_HOST_MEMORY

OpenCL API (OpenCL 3.0 CUDA 12.0.147) - Platform #1 [NVIDIA Corporation]
========================================================================
* Device #1: Quadro P620, 1664/2047 MB (511 MB allocatable), 4MCU

OpenCL API (OpenCL 3.0 ) - Platform #2 [Intel(R) Corporation]
=============================================================
* Device #2: Intel(R) UHD Graphics 630, 26112/52310 MB (2047 MB allocatable), 24MCU

Minimum password length supported by kernel: 0
Maximum password length supported by kernel: 32

No usable dictionary file found.

Started: Tue Feb 21 09:30:10 2023
Stopped: Tue Feb 21 09:30:14 2023

And no output...


Any thoughts on why the No usable dictionary file found is there.

Thanks!
Paul.

[pdparisi]

Bump?

[Snoopy]

Bump?

first resolve this 2 problems

Failed to initialize NVIDIA RTC library. -> CUDA SDK isnt installed properly

* Device #1: WARNING! Kernel exec timeout is not disabled.
This may cause "CL_OUT_OF_RESOURCES" or related errors.
To disable the timeout, see: https://hashcat.net/q/timeoutpatch
clCreateContext(): CL_OUT_OF_HOST_MEMORY

-> install the patch and reboot

next thing, your command line is wrong, you cannot combine attackmodes over pipe as far as i know

this line should work, but you lose the -a7 part, (instead generate the -a7 part like you did with -a6 and combine the 6 output and the 7output)

Hashcat -a1 f:\crack\500words-specchar.txt f:\crack\500words-specchar.txt --stdout | hashcat -m10500 f:\crack\source.hash -o f:\crack\500-output.txt

Hashcat -a1 6output.txt 7output --stdout | hashcat -m10500 f:\crack\source.hash -o f:\crack\500-output.txt

[pdparisi]

Thank you for the pointers. I really appreciate it.

Here are the two command lines that I think incorporate your recommendations:

Hashcat -a6 f:\crack\500words.txt ?s --stdout > f:\crack\500words-specchar6.txt

Hashcat -a7 f:\crack\500words-specchar6.txt f:\crack\500words-specchar6.txt --stdout > f:\crack\500words-specchar7.txt

Is that correct? Do I have it closer?

Thanks,
Paul.

[Snoopy]

i hope im assuming right what you want to achieve, otherwise please tell me, you have a dict with 500 words, lets assume one word ist "yellow" and "red" and you want do attack your hash with all mixed candidates like

*yellowyellow*
!yellowyellow*
!yellowred*
*redyellow*
so (special char + word + word + special char) if yes there are, two ways

first approach, generating basic dicts
Hashcat -a6 f:\crack\500words.txt ?s --stdout > f:\crack\500words-specchar6.txt
Hashcat -a7 ?s f:\crack\500words.txt --stdout > f:\crack\500words-specchar7.txt

hashcat -a1 -m10500 -O hash f:\crack\500words-specchar7.txt f:\crack\500words-specchar6.txt

second aproach (depending on your real dict line count, as combinator output gets big very fast depending on combinations, for example, i tested it with 500 numbers 0000-0499 as basic dict 500txt, + a7 results in s500.txt with 16500 lines and 115kb, combinator s500.txt 500.txt > s500x500.txt is ~91MB

Hashcat -a7 ?s f:\crack\500words.txt --stdout > f:\crack\500words-specchar7.txt
combinator 500words-specchar7.txt 500words.txt > s500x500.txt

hashcat -a6 -m10500 -O hash s500x500.txt ?s

with just 500 words as basic dicts, there should be no speed diff in these two approaches

[pdparisi]

Your assumption is correct but there needs to be and optional special character between each word.

*yellow$yellow*
!yellow%yellow*
!yellow@red*
*red#yellow*

so (special char + word + special char + word + special char)...


I am going to see if I can try out your suggestions.

[pdparisi]

Ok - so I have a more detailed, perhaps this is a smaller set of requirements:

• Two words
• Initial caps
• Numbers after. Most likely 4 digits
• Special characters before or after either $ or !

Example of another password created in the same context: Plate&1015, or $Plate8988