hashcat Forum Support hashcat v
Need help Mask list

Threaded Mode
Need help Mask list
plam07 Offline
Junior Member
**
Posts: 1
Threads: 1
Joined: Oct 2023
#1
Exclamation  10-11-2023, 12:20 PM (This post was last modified: 10-12-2023, 07:10 PM by Chick3nman.)
About 2-3 years ago I made a rar file of the dataset I used in my PhD thesis and put a password on it. Now I need this dataset and I don't remember the password of my rar file.

I've seen that hashcat is a good method, but even if I remember part of my password, I don't fully understand how to create a mask attack.
Can you help me with this?

hash: [Removed by Moderators]

- password length: minimum 9, maximum 12 characters
- the first two or three characters I remember: er or Er or erd or Erd
- The last character should be . or ! but I'm not sure.
- after the first 2 or 3 characters I must have written a number.

That's all I remember about the password. Can you help me to create a mask list for this?

My computer's video card is RTX 3070
Find
Reply
DanielG Offline
Pentester
***
Posts: 180
Threads: 0
Joined: Nov 2017
#2
10-12-2023, 10:20 AM (This post was last modified: 10-12-2023, 10:22 AM by DanielG.)
Before we make the mask, let’s do some math. Using your restrictions let’s make some best case scenario's.

- password length: minimum 9, maximum 12 characters
- the first two or three characters I remember: er or Er or erd or Erd
- The last character should be . or ! but I'm not sure. * I will assume . or !, and omitting the possibility it is something else
- after the first 2 or 3 characters I must have written a number. * I assume 1 number after Er or Erd


1. First two 'er' or 'Er' + a number + {5 to 9 remaining unknowns} + last char '.' or '!'
2. First three 'erd' or 'Erd' + a number + {4 to 8 remaining unknowns} + last char '.' or '!'

Let's assume that the middle unknowns are all lowercase letters (so no numbers or uppercase letters).

1. is 2*10*26^5 trough 26^9*2 = 225867334035200 total possibilities
2. is 2*10*26^4 trough 26^8*2 = 8687205155200 total possibilities

Added together is 234554539190400 total possibilities giving our optimistic restrictions.

On https://hashcat.net/forum/thread-9607.html we can see a benchmark of a 'Gigabyte 3070 Gaming OC' videocard, this is better or equal to your videocard. This post states:

Quote:Hashmode: 13000 - RAR5 (Iterations: 32799)
Speed.#1.........:    68077 H/s (86.31ms) @ Accel:8 Loops:512 Thr:1024 Vec:1

At the mentioned 68077 Hashes per second your attempt will take 234554539190400 / 68077 seconds, also known as 109.3 years.

I don't think these are enough restrictions to guess your password, if it is a variation of a word you might be better off with some words + a big rule list.
Find
Reply