How to Bruteforce a part-known string?
#1
Hello,

I am pretty new to hashcat, the GUI is not working for me because of syntax errors, so I found out how to use the textmode.

My question: How to define a specific word which I know for sure, that it is a part of the string?

My command looks something like this. (lets say that the string I search is: "test2013")

Code:
hashcat-cli32.exe -m 0 -a 3 -o found.txt hash.txt "?l?l?l?l2013"

But the process build up like this.

?l
?l?l
?l?l?l
?l?l?l?l
?l?l?l?l2
?l?l?l?l20
?l?l?l?l201
?l?l?l?l2013

but I should look like this

?l2013
?l?l2013
?l?l?l2013
?l?l?l?l2013

to make the process faster. Because it useless to try
2
20
201
2013
because I know for sure the part "2013" is in the string.

How to do this?

thanks
#2
your mask is correct (great job on that by the way, most people who are new to hashcat do not pick up on masks so quickly), you just need to add --pw-min 8

Code:
hashcat-cli32 -a 3 -o found.txt hash.txt "?l?l?l?l2013" --pw-min 8
#3
epix i thing that You dont understand question ;] ?l2013 isnt pw-min 8
Guy need to find word with string "2013" it can be "e2013" witch dont have 8 chars lenght
#4
But it is the exact same thing for other length, if you want to do it in one run use for instance a script like this (untested, remove the "echo" if it seems to be ok for you):

Code:
hc_pre=""
for i in $(seq 5 8)
do
  hc_pre=${hc_pre}"?l"
  echo hashcat-cli32 -a 3 -o found.txt hash.txt ${hc_pre}2013 --pw-min $i
done

Note: for sure it is possible to do this even simpler or using other bash internals (e.g. looping w/ {5..8} etc) ... this is just a POC
#5
(06-05-2013, 07:29 PM)Szulik Wrote: epix i thing that You dont understand question ;] ?l2013 isnt pw-min 8
Guy need to find word with string "2013" it can be "e2013" witch dont have 8 chars lenght

he said his goal was to build a mask to find "test2013", so that's what i helped him do. i ignored all the other ramblings Smile