Trying to find the most efficient mode for this attack
#1
Hey Hashcat forums, 

Been lurking here every day for the past few weeks trying to figure out the best way forwards with this attack, Decided I had to post to try get some help from some of the more experienced users.

I have a long password which is similar to this; 
TFGgg~FGENE90REPTOTH__FUEHF909

But for my second password I randomly spam typed my hands on my keyboard a few times (1-7chars I believe), in two positions, moving the mouse once. 

So I have two parts of the second password I want to bruteforce, and 3 parts of the first password I know are included in the second.
but I am not sure of the exact length or the exact position, but I have a rough idea,  

to help visualise it its a bit like this:
TFGgg~FGENE90REPTO[1-7Chars]TH__FUE[1-7Chars]HF909

however the two  [1-7Chars] - I am not sure on the exact position I put these both in

After reading a few useful posts on these forums, I identified all keys I could have pressed on my keyboard and used maskprocessor to output all 1-7 combinations of these with each char only repeating twice max (as I remember using diff keys when I spammed) So I have all 1-7 combos in a file but I run into these problems;

combinator attack only allows one rule per line, so I cant append, prepend and insert my middle sections as its too many rules
I couldnt use a custom charset with a bruteforce attack
I cant see or find a option to append or prepend words in maskprocessor when I make my charset,that could maybe help me find a workaround
I know 75% of the chars used in my the password Im trying to find, I could try bruteforce it using the chars I know it contains and use expanding increments, This would get rid of the need for a middle section but isnt efficient as I know part or parts of what the middle section would contain and in which order they appear. and I would need to be bruteforcing like 20+ chars..

Is there a way to specify when using a combinator attack which dictionary to position first and which to use second in the attack? Or a way to use more than 2 word lists/dictionarys in this attack mode?

A positional anchor type attack would work but I dont think hashcat has this implemented yet

I keep running into problems with each attack mode, mainly around inputting possible combos for the middle section in moving increments. I was wondering how you forum users would approach this problem?
Thanks in advance for any help provided, I have been trying to teach myself as much as I can and reading up on forums but I am struggling to find a solution and felt it best to ask for some advice 

~Cmd2002
Reply
#2
(04-29-2023, 02:27 PM)Cmd2002 Wrote: Hey Hashcat forums, 

Been lurking here every day for the past few weeks trying to figure out the best way forwards with this attack, Decided I had to post to try get some help from some of the more experienced users.

I have a long password which is similar to this; 
TFGgg~FGENE90REPTOTH__FUEHF909

But for my second password I randomly spam typed my hands on my keyboard a few times (1-7chars I believe), in two positions, moving the mouse once. 

So I have two parts of the second password I want to bruteforce, and 3 parts of the first password I know are included in the second.
but I am not sure of the exact length or the exact position, but I have a rough idea,  

to help visualise it its a bit like this:
TFGgg~FGENE90REPTO[1-7Chars]TH__FUE[1-7Chars]HF909

however the two  [1-7Chars] - I am not sure on the exact position I put these both in

After reading a few useful posts on these forums, I identified all keys I could have pressed on my keyboard and used maskprocessor to output all 1-7 combinations of these with each char only repeating twice max (as I remember using diff keys when I spammed) So I have all 1-7 combos in a file but I run into these problems;

combinator attack only allows one rule per line, so I cant append, prepend and insert my middle sections as its too many rules
I couldnt use a custom charset with a bruteforce attack
I cant see or find a option to append or prepend words in maskprocessor when I make my charset,that could maybe help me find a workaround
I know 75% of the chars used in my the password Im trying to find, I could try bruteforce it using the chars I know it contains and use expanding increments, This would get rid of the need for a middle section but isnt efficient as I know part or parts of what the middle section would contain and in which order they appear. and I would need to be bruteforcing like 20+ chars..

Is there a way to specify when using a combinator attack which dictionary to position first and which to use second in the attack? Or a way to use more than 2 word lists/dictionarys in this attack mode?

A positional anchor type attack would work but I dont think hashcat has this implemented yet

I keep running into problems with each attack mode, mainly around inputting possible combos for the middle section in moving increments. I was wondering how you forum users would approach this problem?
Thanks in advance for any help provided, I have been trying to teach myself as much as I can and reading up on forums but I am struggling to find a solution and felt it best to ask for some advice 

~Cmd2002

You could put TFGgg~FGENE90REPTO in a file, TH__FUE in another file and HF909 in a third. And then you could use combinatorX from hashcat-utils piped into hashcat, combining the 3 files with the file from maskprocessor.
Reply
#3
Thanks for the reply, I managed to get a batch file to run my masks automatically. ChatGPT is a godsend for learning hashcat and debugging errors. Highly recommend it to any other users struggling
Reply
#4
(05-01-2023, 12:17 PM)Cmd2002 Wrote: Thanks for the reply, I managed to get a batch file to run my masks automatically. ChatGPT is a godsend for learning hashcat and debugging errors. Highly recommend it to any other users struggling

OK, so I have been working for years on and off using hascat to guess a certain password. I am OK at but get lost in the rules and rulesets. I just thought maybe chatGPT could be like an assistant to me. I"m not sure exactly how to go about using chatGPT ~ esp. since I hav the right to be guessing this password but I think chatGPT will be limited because it is not supposed to be used to guess passwords?
Reply
#5
BTW: Chatgpt, Github copilot, or OPenAI Codex?
Reply
#6
I would STRONGLY recommend AGAINST using ChatGPT, GPT-4, Codex, etc. for anything hashcat related. They are far more likely to be wrong than right when it comes to hashcat related questions and anything they might get right is entirely by chance. There have been many examples recently of people using ChatGPT/GPT-4 to try and learn hashcat and while it may produce some "working" commands sometimes, those commands are often doing something different than what the user intended. It's also seemingly completely incapable of writing rules and only barely capable of writing simple masks. 

DO NOT TRUST ChatGPT or other AI models to help you with hashcat.
Reply
#7
(09-25-2023, 11:25 PM)Chick3nman Wrote: I would STRONGLY recommend AGAINST using ChatGPT, GPT-4, Codex, etc. for anything hashcat related. They are far more likely to be wrong than right when it comes to hashcat related questions and anything they might get right is entirely by chance. There have been many examples recently of people using ChatGPT/GPT-4 to try and learn hashcat and while it may produce some "working" commands sometimes, those commands are often doing something different than what the user intended. It's also seemingly completely incapable of writing rules and only barely capable of writing simple masks. 

DO NOT TRUST ChatGPT or other AI models to help you with hashcat.

Hey Chickenman

Should have been a bit more detailed..  ChatGPT can be useful if the commands are in regards to setting up a linux server, installing other packages that may need to be, working out ETA for large keyspace masks, etc. Just work around your errors and ask it in different formats, or correct it if its wrong. 

So yes dont trust it all the time, but it's very useful for beginners starting out, helped me hugely to get familiarized
Reply
#8
Yes, this is a very advanced technology. Very convenient. For example, I use such an online chat in various online stores where a bot advises me. Moreover, he advises very competently. This artificial intelligence in the field of online chat has already reached such a level that it thinks almost like a human.
Reply