Which is the best cracking mode?

[ly88888]

My password format is:
abcd4dcba
abcde5edcba
abc3cba

The starting part is a random string+String length+The string is inverted as a whole
(The translation I used may not be very accurate)

My idea is to crack with rules,
wordlist:abc
rule:fD4
Run the results: abc4cba

but,This requires preparation of a huge amount wordlist

Do you have any better suggestions?Thanks!

[ly88888]

Sorry, there is an error in the rule above.I don't see the option to edit the post directly

My password format is:
abcd4dcba
abcde5edcba
abc3cba

The starting part is a random string+String length+The string is inverted as a whole
(The translation I used may not be very accurate)

My idea is to crack with rules,
wordlist:abc
rule:fi44
Run the results: abc4cba

but,This requires preparation of a huge amount wordlist

Do you have any better suggestions?Thanks!

[Snoopy]

(depending on your hash and attack speed) true random strings or english words?

okay this is a nice one, the best thing is to combine bruteforce with rules (there are possibilities to tune this attack a little bit more but for a fast run)

the maskfile is with lower chars only, add ?u before the first comma for upper and lower letters
masks.txt

Code:

?l,?1?d
?l,?1?1?d
?l,?1?1?1?d
?l,?1?1?1?1?d
?l,?1?1?1??1?1d
?l,?1?1?1?1?1?1?d
?l,?1?1?1?1?1?1?1?d
?l,?1?1?1?1?1?1?1?1?d

rules.txt

Code:

fD1
fD2
fD3
fD4
fD5
fD6
fD7
fD8
fD9

hashcat --stdout -a3 masks.txt | hashcat --status -myourmode -O -r rules.txt yourhashfile

what it does:

it generates strings starting from length1 with added numbers, the output is taken as input for hashcat, with added rules for reflecting and deleting positions 1/2 up to 9/10

here we could tune this attack, but then we need to start runs for each length seperalty and with only the specific rule needed, as i said depending on speed this would be an option for longer strings (1-4 or 1-6 or even 1-8 should be fast enough even when using 9 instead of one rule

[ly88888]

(depending on your hash and attack speed) true random strings or english words?

okay this is a nice one, the best thing is to combine bruteforce with rules (there are possibilities to tune this attack a little bit more but for a fast run)

the maskfile is with lower chars only, add ?u before the first comma for upper and lower letters
masks.txt

Code:

?l,?1?d
?l,?1?1?d
?l,?1?1?1?d
?l,?1?1?1?1?d
?l,?1?1?1??1?1d
?l,?1?1?1?1?1?1?d
?l,?1?1?1?1?1?1?1?d
?l,?1?1?1?1?1?1?1?1?d

rules.txt

Code:

fD1
fD2
fD3
fD4
fD5
fD6
fD7
fD8
fD9

hashcat --stdout -a3 masks.txt | hashcat --status -myourmode -O -r rules.txt yourhashfile

what it does:

it generates strings starting from length1 with added numbers, the output is taken as input for hashcat, with added rules for reflecting and deleting positions 1/2 up to 9/10

here we could tune this attack, but then we need to start runs for each length seperalty and with only the specific rule needed, as i said depending on speed this would be an option for longer strings (1-4 or 1-6 or even 1-8 should be fast enough even when using 9 instead of one rule

Thank you for your reply, I'm learning and need some time

[ly88888]

(depending on your hash and attack speed) true random strings or english words?

okay this is a nice one, the best thing is to combine bruteforce with rules (there are possibilities to tune this attack a little bit more but for a fast run)

the maskfile is with lower chars only, add ?u before the first comma for upper and lower letters
masks.txt

Code:

?l,?1?d
?l,?1?1?d
?l,?1?1?1?d
?l,?1?1?1?1?d
?l,?1?1?1??1?1d
?l,?1?1?1?1?1?1?d
?l,?1?1?1?1?1?1?1?d
?l,?1?1?1?1?1?1?1?1?d

rules.txt

Code:

fD1
fD2
fD3
fD4
fD5
fD6
fD7
fD8
fD9

hashcat --stdout -a3 masks.txt | hashcat --status -myourmode -O -r rules.txt yourhashfile

what it does:

it generates strings starting from length1 with added numbers, the output is taken as input for hashcat, with added rules for reflecting and deleting positions 1/2 up to 9/10

here we could tune this attack, but then we need to start runs for each length seperalty and with only the specific rule needed, as i said depending on speed this would be an option for longer strings (1-4 or 1-6 or even 1-8 should be fast enough even when using 9 instead of one rule

Thank you for your reply, I'm learning and need some time

Thank you for providing the code. Perhaps my translation is not accurate and I didn't fully understand your message. After testing with md5, the cracking speed is still very slow, and even the first 5 (?l?d) portion takes about an hour to crack. Is there a better way to crack it? After all, only the first part is unknown, and the rest is equivalent to some plaintext password. This speed is normal if only the first part is cracked.

[Snoopy]

first i made a typo (two ?? in row which is wrong) in maskfile line 5, this should be the problem with the attack when reaching this line

second, what kind of hash to you try to attack? attackspeed is also very dependend on the targethash

your passwordstyle  with 3 4 5 is cracked within seconds (md5) even on plain cpu (i tried it right now)

5 is exhausted in ~ 30 seconds

[ly88888]

first i made a typo (two ?? in row which is wrong) in maskfile line 5, this should be the problem with the attack when reaching this line
second, what kind of hash to you try to attack? attackspeed is also very dependend on the targethash
your passwordstyle  with 3 4 5 is cracked within seconds (md5) even on plain cpu (i tried it right now)
5 is exhausted in ~ 30 seconds

My test is md5 encryption, and the length of 5 digits I mentioned is not the total length of the plaintext password, but rather the 5 bits of the preceding portion. In other words, the total length is 5+1+5

mask
?l,?1?1?1?1?15

rule
fD6

In this case, we only need to crack 5 digits, not 11, so he should complete it quickly

[Snoopy]

first i made a typo (two ?? in row which is wrong) in maskfile line 5, this should be the problem with the attack when reaching this line
second, what kind of hash to you try to attack? attackspeed is also very dependend on the targethash
your passwordstyle  with 3 4 5 is cracked within seconds (md5) even on plain cpu (i tried it right now)
5 is exhausted in ~ 30 seconds

My test is md5 encryption, and the length of 5 digits I mentioned is not the total length of the plaintext password, but rather the 5 bits of the preceding portion. In other words, the total length is 5+1+5

mask
?l,?1?1?1?1?15

rule
fD6

In this case, we only need to crack 5 digits, not 11, so he should complete it quickly

this is exaclty what i mean with style 5, e.g. abcde5edcba, this pw is cracked in seconds even on my plain cpu machine and even when using the whole ruleset i posted above

so i think the problem is anywhere else, can you post output of 

hashcat -I
and
hashcat -b -m0

[ly88888]

[/quote]

this is exaclty what i mean with style 5, e.g. abcde5edcba, this pw is cracked in seconds even on my plain cpu machine and even when using the whole ruleset i posted above

so i think the problem is anywhere else, can you post output of 

hashcat -I
and
hashcat -b -m0
[/quote]

I think it took too long to calculate the rules, the benchmarks are all normal.
For the 6-bit case of the previous paragraph, the amount of computation may be too large, such as the format of abcdef6fedcba, and hashcat will directly cause errors



Session..........: 0818-md5
Status...........: Running
Hash.Mode........: 0 (MD5)
Hash.Target......: 430b92f3d862618fa73e2da9918491b3
Time.Started.....: Fri Aug 25 22:52:24 2023 (2 mins, 12 secs)
Time.Estimated...: Fri Aug 25 22:54:36 2023 (0 secs; Runtime limited: 34 mins, 28 secs)
Kernel.Feature...: Optimized Kernel
Guess.Base.......: Pipe
Guess.Mod........: Rules (1.rule)
Speed.#1.........:        0 H/s (0.00ms) @ Accel:256 Loops:1 Thr:128 Vec:1
Recovered........: 0/1 (0.00%) Digests (total), 0/1 (0.00%) Digests (new)
Progress.........: 0
Rejected.........: 0
Restore.Point....: 0
Restore.Sub.#1...: Salt:0 Amplifier:0-0 Iteration:0-1
Candidate.Engine.: Device Generator
Candidates.#1....: [Copying]
Hardware.Mon.#1..: Temp: 40c Fan:  0% Util:  0% Core: 165MHz Mem: 403MHz Bus:16

The previous calculation time is too long, and the next starts to crack the speed

430b92f3d862618fa73e2da9918491b3:abcde5edcba
Session..........: 0818-md5
Status...........: Cracked
Hash.Mode........: 0 (MD5)
Hash.Target......: 430b92f3d862618fa73e2da9918491b3
Time.Started.....: Fri Aug 25 22:52:24 2023 (2 mins, 14 secs)
Time.Estimated...: Fri Aug 25 22:54:38 2023 (0 secs; Runtime limited: 34 mins, 26 secs)
Kernel.Feature...: Optimized Kernel
Guess.Base.......: Pipe
Guess.Mod........: Rules (1.rule)
Speed.#1.........: 23912.9 kH/s (0.32ms) @ Accel:256 Loops:1 Thr:128 Vec:1
Recovered........: 1/1 (100.00%) Digests (total), 1/1 (100.00%) Digests (new)
Progress.........: 1310727little_s1
Rejected.........: 7
Restore.Point....: 0
Restore.Sub.#1...: Salt:0 Amplifier:0-1 Iteration:0-1
Candidate.Engine.: Device Generator
Candidates.#1....: This i not a hashcat problem. -> cxuue5euuxc
Hardware.Mon.#1..: Temp: 41c Fan:  0% Util:  7% Core: 165MHz Mem: 403MHz Bus:16
Started: Fri Aug 25 22:52:23 2023
Stopped: Fri Aug 25 22:54:38 2023

[ly88888]

this is exaclty what i mean with style 5, e.g. abcde5edcba, this pw is cracked in seconds even on my plain cpu machine and even when using the whole ruleset i posted above

so i think the problem is anywhere else, can you post output of 

hashcat -I
and
hashcat -b -m0
[/quote]

I've seen that when evaluating rules, memory keeps increasing until there is not enough memory to cause an error, so I think this method is difficult to crack over 6 bits in length unless you have enough memory