Need help with hashcat
#1
Hello,

I first want to say my English is not my 1st language, so there might be mistakes in the text.


What I need help with is the following:

I got a dictionary containing different English words. As a test I did create a test password and did hash it with the MD5 algorithm. What I did was replace two letters with 2 digits. Example: a7sol3tely (absolutely).

What I would like to do is make hashcat go through the wordlist and move the digits through every position of the words.

Examples:

00solutely
ab00lutely
abso00tely
absolu00ly
absolute00
0b0olutely
a0s0lutely

And so on.

Lets say that the test password is not cracked, then I would like it to change from 00 to 01 and do the same as above and then move on to 02 and so on till it finds the correct digits and the correct positions.

Is this possible? And if yes, how do I do this? I tried to crack the test password with different rules, but hashcat did not manage to crack it.
Reply
#2
You can write your own rules.
https://hashcat.net/wiki/doku.php?id=rule_based_attack
o00 o10
o10 o20
...
Reply
#3
(05-24-2024, 10:06 PM)buka Wrote: You can write your own rules.
https://hashcat.net/wiki/doku.php?id=rule_based_attack
o00 o10
o10 o20
...

Hello buka,

I have to say I don't got any experience with writing own rules, but I will look on YouTube and hopefully there are good and detailed tutorials about it that are also easy to understand.

In your post you did type the following:

o00 o10
o10 o20

Is 1 of the o10 a typo? Reason I'm asking is because I see it twice.

I also took a look at the link you gave me, but I find some things difficult to understand. Here is an example:


.png   Schermafbeelding 2024-05-25 115352.png (Size: 10.89 KB / Downloads: 3)


Why does the second s get replaced by a $ sign and not the first s? The first s is on the third position and not on the fourth position. Is o3$ not supposed to change the s on the third position, because of number 3?
Reply
#4
use of a custom char set might be more what your thinking of:

Code:
hashcat -m -a 3 hash.txt ?1?1?1?1?1?1?1?1?1?1?1 -1 a7sol3tely -w 4 -O --hwmon-disable --force

Hope this helps!
Reply
#5
(05-25-2024, 01:51 PM)CmdFlaz Wrote: use of a custom char set might be more what your thinking of:

Code:
hashcat -m -a 3 hash.txt ?1?1?1?1?1?1?1?1?1?1?1 -1 a7sol3tely -w 4 -O --hwmon-disable --force

Hope this helps!

Hello CmdFlaz,

The thing is: I want to simulate a situation that I lost my password and that I remember that it's a word from a dictionary and that I remember it only contains 2 digits, but just don't know which word is used and which digits are used + don't remember the positions of the 2 digits.

So like: I want hashcat to try out every word in the wordlist, but do the steps as I explained in my first post.

To make it more clear of what I mean:

Lets say only 1 digit was used. I would like hashcat to do this:

0pple
a0ple
ap0le
app0e
appl0

Then move on to the numbers 1, 2, 3, 4, 5, 6, 7, 8, 9 and then move on to the next word in the wordlist and start again with number 0

But yea I want to do this with 2 digits instead of 1 digit.
Reply
#6
(05-25-2024, 12:10 PM)Nico33 Wrote: Is 1 of the o10 a typo? Reason I'm asking is because I see it twice.
It isn't.

Quote:Why does the second s get replaced by a $ sign and not the first s? The first s is on the third position and not on the fourth position. Is o3$ not supposed to change the s on the third position, because of number 3?

Read the footnotes.
Quote:* Indicates that N starts at 0. For character positions other than 0-9 use A-Z (A=10)
Reply
#7
(05-25-2024, 08:15 PM)buka Wrote:
(05-25-2024, 12:10 PM)Nico33 Wrote: Is 1 of the o10 a typo? Reason I'm asking is because I see it twice.
It isn't.

Quote:Why does the second s get replaced by a $ sign and not the first s? The first s is on the third position and not on the fourth position. Is o3$ not supposed to change the s on the third position, because of number 3?

Read the footnotes.
Quote:* Indicates that N starts at 0. For character positions other than 0-9 use A-Z (A=10)

Oh ok, I thought it was a typo.

Oh, I completely overlooked the footnotes, sorry.

To verify that I understand it:

o00 o10
o10 o20
o20 o30
o30 o40
o40 o50
o50 o60
o60 o70
o70 o80
o80 o90

Is this how the rules have to be or am I now making mistakes? Sorry if I'm asking dumb questions, but I never wrote rules, so it's all new to me + in general it takes a while for me to understand things.
Reply
#8
You can use --stdout to see for yourself if your rules do what they should.

Quote:$ ./hashcat.bin --stdout -r your.rules your.dictionary
00solutely
a00olutely
ab00lutely
abs00utely
abso00tely
absol00ely
absolu00ly
absolut00y
absolute00
Reply
#9
(05-25-2024, 09:32 PM)buka Wrote: You can use --stdout to see for yourself if your rules do what they should.

Quote:$ ./hashcat.bin --stdout -r your.rules your.dictionary
00solutely
a00olutely
ab00lutely
abs00utely
abso00tely
absol00ely
absolu00ly
absolut00y
absolute00

Ok thanks!

Do I need to use the .bin at the end or can I do .exe as well? (Windows user here).

So Like: hashcat.exe --stdout -r your.rules your.dictionary
Reply
#10
(05-25-2024, 07:25 PM)Nico33 Wrote:
(05-25-2024, 01:51 PM)CmdFlaz Wrote: use of a custom char set might be more what your thinking of:

Code:
hashcat -m -a 3 hash.txt ?1?1?1?1?1?1?1?1?1?1?1 -1 a7sol3tely -w 4 -O --hwmon-disable --force

Hope this helps!

Hello CmdFlaz,

The thing is: I want to simulate a situation that I lost my password and that I remember that it's a word from a dictionary and that I remember it only contains 2 digits, but just don't know which word is used and which digits are used + don't remember the positions of the 2 digits.

So like: I want hashcat to try out every word in the wordlist, but do the steps as I explained in my first post.

To make it more clear of what I mean:

Lets say only 1 digit was used. I would like hashcat to do this:

0pple
a0ple
ap0le
app0e
appl0

Then move on to the numbers 1, 2, 3, 4, 5, 6, 7, 8, 9 and then move on to the next word in the wordlist and start again with number 0

But yea I want to do this with 2 digits instead of 1 digit.

I understand a bit better, perhaps you could make a ruleset using 

Insert @ N iNX Insert character X at position N i4! p@ssW0rd p@ss!W0rd
* Indicates that N starts at 0. For character positions other than 0-9 use A-Z (A=10)

and have two of these rules on each line in your rule file, with all possible permutations?

just a thought theres probably a easier way lol

Insert @ N
iNX
Insert character X at position N
i4!
p@ssW0rd
p@ss!W0rd
Reply