Posts: 31
Threads: 2
Joined: Mar 2020
My password format is:
abcd4dcba
abcde5edcba
abc3cba
The starting part is a random string+String length+The string is inverted as a whole
(The translation I used may not be very accurate)
My idea is to crack with rules,
wordlist:abc
rule:fD4
Run the results: abc4cba
but,This requires preparation of a huge amount wordlist
Do you have any better suggestions?Thanks!
Posts: 31
Threads: 2
Joined: Mar 2020
08-18-2023, 03:48 PM
(This post was last modified: 08-18-2023, 03:50 PM by ly88888.)
Sorry, there is an error in the rule above.I don't see the option to edit the post directly
My password format is:
abcd4dcba
abcde5edcba
abc3cba
The starting part is a random string+String length+The string is inverted as a whole
(The translation I used may not be very accurate)
My idea is to crack with rules,
wordlist:abc
rule:fi44
Run the results: abc4cba
but,This requires preparation of a huge amount wordlist
Do you have any better suggestions?Thanks!
Posts: 879
Threads: 15
Joined: Sep 2017
08-18-2023, 04:33 PM
(This post was last modified: 08-18-2023, 04:34 PM by Snoopy.)
(depending on your hash and attack speed) true random strings or english words?
okay this is a nice one, the best thing is to combine bruteforce with rules (there are possibilities to tune this attack a little bit more but for a fast run)
the maskfile is with lower chars only, add ?u before the first comma for upper and lower letters
masks.txt
Code: ?l,?1?d
?l,?1?1?d
?l,?1?1?1?d
?l,?1?1?1?1?d
?l,?1?1?1??1?1d
?l,?1?1?1?1?1?1?d
?l,?1?1?1?1?1?1?1?d
?l,?1?1?1?1?1?1?1?1?d
rules.txt
Code: fD1
fD2
fD3
fD4
fD5
fD6
fD7
fD8
fD9
hashcat --stdout -a3 masks.txt | hashcat --status -myourmode -O -r rules.txt yourhashfile
what it does:
it generates strings starting from length1 with added numbers, the output is taken as input for hashcat, with added rules for reflecting and deleting positions 1/2 up to 9/10
here we could tune this attack, but then we need to start runs for each length seperalty and with only the specific rule needed, as i said depending on speed this would be an option for longer strings (1-4 or 1-6 or even 1-8 should be fast enough even when using 9 instead of one rule
Posts: 31
Threads: 2
Joined: Mar 2020
(08-18-2023, 04:33 PM)Snoopy Wrote: (depending on your hash and attack speed) true random strings or english words?
okay this is a nice one, the best thing is to combine bruteforce with rules (there are possibilities to tune this attack a little bit more but for a fast run)
the maskfile is with lower chars only, add ?u before the first comma for upper and lower letters
masks.txt
Code: ?l,?1?d
?l,?1?1?d
?l,?1?1?1?d
?l,?1?1?1?1?d
?l,?1?1?1??1?1d
?l,?1?1?1?1?1?1?d
?l,?1?1?1?1?1?1?1?d
?l,?1?1?1?1?1?1?1?1?d
rules.txt
Code: fD1
fD2
fD3
fD4
fD5
fD6
fD7
fD8
fD9
hashcat --stdout -a3 masks.txt | hashcat --status -myourmode -O -r rules.txt yourhashfile
what it does:
it generates strings starting from length1 with added numbers, the output is taken as input for hashcat, with added rules for reflecting and deleting positions 1/2 up to 9/10
here we could tune this attack, but then we need to start runs for each length seperalty and with only the specific rule needed, as i said depending on speed this would be an option for longer strings (1-4 or 1-6 or even 1-8 should be fast enough even when using 9 instead of one rule
Thank you for your reply, I'm learning and need some time
Posts: 31
Threads: 2
Joined: Mar 2020
(08-18-2023, 04:43 PM)ly88888 Wrote: (08-18-2023, 04:33 PM)Snoopy Wrote: (depending on your hash and attack speed) true random strings or english words?
okay this is a nice one, the best thing is to combine bruteforce with rules (there are possibilities to tune this attack a little bit more but for a fast run)
the maskfile is with lower chars only, add ?u before the first comma for upper and lower letters
masks.txt
Code: ?l,?1?d
?l,?1?1?d
?l,?1?1?1?d
?l,?1?1?1?1?d
?l,?1?1?1??1?1d
?l,?1?1?1?1?1?1?d
?l,?1?1?1?1?1?1?1?d
?l,?1?1?1?1?1?1?1?1?d
rules.txt
Code: fD1
fD2
fD3
fD4
fD5
fD6
fD7
fD8
fD9
hashcat --stdout -a3 masks.txt | hashcat --status -myourmode -O -r rules.txt yourhashfile
what it does:
it generates strings starting from length1 with added numbers, the output is taken as input for hashcat, with added rules for reflecting and deleting positions 1/2 up to 9/10
here we could tune this attack, but then we need to start runs for each length seperalty and with only the specific rule needed, as i said depending on speed this would be an option for longer strings (1-4 or 1-6 or even 1-8 should be fast enough even when using 9 instead of one rule
Thank you for your reply, I'm learning and need some time
Thank you for providing the code. Perhaps my translation is not accurate and I didn't fully understand your message. After testing with md5, the cracking speed is still very slow, and even the first 5 (?l?d) portion takes about an hour to crack. Is there a better way to crack it? After all, only the first part is unknown, and the rest is equivalent to some plaintext password. This speed is normal if only the first part is cracked.
Posts: 879
Threads: 15
Joined: Sep 2017
08-24-2023, 10:32 AM
(This post was last modified: 08-24-2023, 10:35 AM by Snoopy.)
first i made a typo (two ?? in row which is wrong) in maskfile line 5, this should be the problem with the attack when reaching this line
second, what kind of hash to you try to attack? attackspeed is also very dependend on the targethash
your passwordstyle with 3 4 5 is cracked within seconds (md5) even on plain cpu (i tried it right now)
5 is exhausted in ~ 30 seconds
Posts: 31
Threads: 2
Joined: Mar 2020
08-25-2023, 03:23 AM
(This post was last modified: 08-25-2023, 03:23 AM by ly88888.)
(08-24-2023, 10:32 AM)Snoopy Wrote: first i made a typo (two ?? in row which is wrong) in maskfile line 5, this should be the problem with the attack when reaching this line
second, what kind of hash to you try to attack? attackspeed is also very dependend on the targethash
your passwordstyle with 3 4 5 is cracked within seconds (md5) even on plain cpu (i tried it right now)
5 is exhausted in ~ 30 seconds
My test is md5 encryption, and the length of 5 digits I mentioned is not the total length of the plaintext password, but rather the 5 bits of the preceding portion. In other words, the total length is 5+1+5
mask
?l,?1?1?1?1?15
rule
fD6
In this case, we only need to crack 5 digits, not 11, so he should complete it quickly
Posts: 879
Threads: 15
Joined: Sep 2017
(08-25-2023, 03:23 AM)ly88888 Wrote: (08-24-2023, 10:32 AM)Snoopy Wrote: first i made a typo (two ?? in row which is wrong) in maskfile line 5, this should be the problem with the attack when reaching this line
second, what kind of hash to you try to attack? attackspeed is also very dependend on the targethash
your passwordstyle with 3 4 5 is cracked within seconds (md5) even on plain cpu (i tried it right now)
5 is exhausted in ~ 30 seconds
My test is md5 encryption, and the length of 5 digits I mentioned is not the total length of the plaintext password, but rather the 5 bits of the preceding portion. In other words, the total length is 5+1+5
mask
?l,?1?1?1?1?15
rule
fD6
In this case, we only need to crack 5 digits, not 11, so he should complete it quickly
this is exaclty what i mean with style 5, e.g. abcde5edcba, this pw is cracked in seconds even on my plain cpu machine and even when using the whole ruleset i posted above
so i think the problem is anywhere else, can you post output of
hashcat -I
and
hashcat -b -m0
Posts: 31
Threads: 2
Joined: Mar 2020
08-25-2023, 04:57 PM
(This post was last modified: 08-25-2023, 05:01 PM by ly88888.
Edit Reason: update
)
[/quote]
this is exaclty what i mean with style 5, e.g. abcde5edcba, this pw is cracked in seconds even on my plain cpu machine and even when using the whole ruleset i posted above
so i think the problem is anywhere else, can you post output of
hashcat -I
and
hashcat -b -m0
[/quote]
I think it took too long to calculate the rules, the benchmarks are all normal.
For the 6-bit case of the previous paragraph, the amount of computation may be too large, such as the format of abcdef6fedcba, and hashcat will directly cause errors
Session..........: 0818-md5
Status...........: Running
Hash.Mode........: 0 (MD5)
Hash.Target......: 430b92f3d862618fa73e2da9918491b3
Time.Started.....: Fri Aug 25 22:52:24 2023 (2 mins, 12 secs)
Time.Estimated...: Fri Aug 25 22:54:36 2023 (0 secs; Runtime limited: 34 mins, 28 secs)
Kernel.Feature...: Optimized Kernel
Guess.Base.......: Pipe
Guess.Mod........: Rules (1.rule)
Speed.#1.........: 0 H/s (0.00ms) @ Accel:256 Loops:1 Thr:128 Vec:1
Recovered........: 0/1 (0.00%) Digests (total), 0/1 (0.00%) Digests (new)
Progress.........: 0
Rejected.........: 0
Restore.Point....: 0
Restore.Sub.#1...: Salt:0 Amplifier:0-0 Iteration:0-1
Candidate.Engine.: Device Generator
Candidates.#1....: [Copying]
Hardware.Mon.#1..: Temp: 40c Fan: 0% Util: 0% Core: 165MHz Mem: 403MHz Bus:16
The previous calculation time is too long, and the next starts to crack the speed
430b92f3d862618fa73e2da9918491b3:abcde5edcba
Session..........: 0818-md5
Status...........: Cracked
Hash.Mode........: 0 (MD5)
Hash.Target......: 430b92f3d862618fa73e2da9918491b3
Time.Started.....: Fri Aug 25 22:52:24 2023 (2 mins, 14 secs)
Time.Estimated...: Fri Aug 25 22:54:38 2023 (0 secs; Runtime limited: 34 mins, 26 secs)
Kernel.Feature...: Optimized Kernel
Guess.Base.......: Pipe
Guess.Mod........: Rules (1.rule)
Speed.#1.........: 23912.9 kH/s (0.32ms) @ Accel:256 Loops:1 Thr:128 Vec:1
Recovered........: 1/1 (100.00%) Digests (total), 1/1 (100.00%) Digests (new)
Progress.........: 1310727little_s1
Rejected.........: 7
Restore.Point....: 0
Restore.Sub.#1...: Salt:0 Amplifier:0-1 Iteration:0-1
Candidate.Engine.: Device Generator
Candidates.#1....: This i not a hashcat problem. -> cxuue5euuxc
Hardware.Mon.#1..: Temp: 41c Fan: 0% Util: 7% Core: 165MHz Mem: 403MHz Bus:16
Started: Fri Aug 25 22:52:23 2023
Stopped: Fri Aug 25 22:54:38 2023
Posts: 31
Threads: 2
Joined: Mar 2020
this is exaclty what i mean with style 5, e.g. abcde5edcba, this pw is cracked in seconds even on my plain cpu machine and even when using the whole ruleset i posted above
so i think the problem is anywhere else, can you post output of
hashcat -I
and
hashcat -b -m0
[/quote]
I've seen that when evaluating rules, memory keeps increasing until there is not enough memory to cause an error, so I think this method is difficult to crack over 6 bits in length unless you have enough memory
|