hashcat
advanced password recovery

anomalies · (This post was last modified: 09-02-2013, 08:26 AM by anomalies.)

hi,

my case here was cracking my client hashdump and after using jtr+ocl concurrently (straight wordlist with some mangling rules in both) and cracked some of the hashes, it turns out they tend to use password like 'companyname$s$d$d' ($s=symbol,$d=numeric).

almost like korelogic rules (appendSymbolNumNum), in jtr i can customize the rules to fit my needs but in hashcat, i haven't tried before.

so here my maskprocessor that i want to make it generate the custom rules.

Code:
append 1 symbol then Nth lowercase alpha 

mp64.exe -o bfappend1sym2alpha.rule '$?s $?l $?l'

mp64.exe -o bfappend1sym3alpha.rule '$?s $?l $?l $?l'

mp64.exe -o bfappend1sym4alpha.rule '$?s $?l $?l $?l $?l'

mp64.exe -o bfappend1sym5alpha.rule '$?s $?l $?l $?l $?l $?l'

append 2 symbol then Nth lowercase alpha

mp64.exe -o bfappend2sym1alpha.rule '$?s $?s $?l'

mp64.exe -o bfappend2sym2alpha.rule '$?s $?s $?l $?l'

mp64.exe -o bfappend2sym3alpha.rule '$?s $?s $?l $?l $?l'

mp64.exe -o bfappend2sym4alpha.rule '$?s $?s $?l $?l $?l $?l'

prepend 1 symbol then Nth lowercase alpha

mp64.exe -o bfprepend1sym2alpha.rule '^?s ^?l ^?l'

mp64.exe -o bfprepend1sym3alpha.rule '^?s ^?l ^?l ^?l'

mp64.exe -o bfprepend1sym4alpha.rule '^?s ^?l ^?l ^?l ^?l'

mp64.exe -o bfprepend1sym5alpha.rule '^?s ^?l ^?l ^?l ^?l ^?l'

prepend 2 symbol then Nth lowercase alpha

mp64.exe -o bfprepend2sym1alpha.rule '^?s ^?s ^?l'

mp64.exe -o bfprepend2sym2alpha.rule '^?s ^?s ^?l ^?l'

mp64.exe -o bfprepend2sym3alpha.rule '^?s ^?s ^?l ^?l ^?l'

mp64.exe -o bfprepend2sym4alpha.rule '^?s ^?s ^?l ^?l ^?l ^?l'

prepend Nth lowercase alpha then 1 symbol

mp64.exe -o bfprepend2alpha1sym.rule '^?s ^?s ^?l'

mp64.exe -o bfprepend3alpha1sym.rule '^?l ^?l ^?l ^?s'

mp64.exe -o bfprepend4alpha1sym.rule '^?l ^?l ^?l ^?l ^?s'

mp64.exe -o bfprepend5alpha1sym.rule '^?l ^?l ^?l ^?l ^?l ^?s'

append 1 symbol then Nth numeric  

mp64.exe -o bfappend1sym2digi.rule '$?s $?d $?d'

mp64.exe -o bfappend1sym3digi.rule '$?s $?d $?d $?d'

mp64.exe -o bfappend1sym4digi.rule '$?s $?d $?d $?d $?d'

mp64.exe -o bfappend1sym5digi.rule '$?s $?d $?d $?d $?d $?d'

append 2 symbol then Nth numeric 

mp64.exe -o bfappend2sym1digi.rule '$?s $?s $?d'

mp64.exe -o bfappend2sym2digi.rule '$?s $?s $?d $?d'

mp64.exe -o bfappend2sym3digi.rule '$?s $?s $?d $?d $?d'

mp64.exe -o bfappend2sym4digi.rule '$?s $?s $?d $?d $?d $?d'

append 1 numeric then Nth symbol 

mp64.exe -o bfappend1digi2sym.rule '$?d $?s $?s'

mp64.exe -o bfappend1digi3sym.rule '$?d $?s $?s $?s'

mp64.exe -o bfappend1digi4sym.rule '$?d $?s $?s $?s $?s'

mp64.exe -o bfappend1digi5sym.rule '$?d $?s $?s $?s $?s $?s'

append 2 numeric then Nth numeric 

mp64.exe -o bfappend2digi1sym.rule '$?d $?d $?s'

mp64.exe -o bfappend2digi2sym.rule '$?d $?d $?s $?s'

mp64.exe -o bfappend2digi3sym.rule '$?d $?d $?s $?s $?s'

mp64.exe -o bfappend2digi4sym.rule '$?d $?d $?s $?s $?s $?s'

prepend 1 symbol then Nth numeric

mp64.exe -o bfprepend1sym2digi.rule '^?s ^?d ^?d'

mp64.exe -o bfprepend1sym3digi.rule '^?s ^?d ^?d ^?d'

mp64.exe -o bfprepend1sym4digi.rule '^?s ^?d ^?d ^?d ^?d'

mp64.exe -o bfprepend1sym5digi.rule '^?s ^?d ^?d ^?d ^?d ^?d'

prepend 2 symbol then 1 numeric 

mp64.exe -o bfprepend2sym1digi.rule '^?s ^?s ^?d'

mp64.exe -o bfprepend2sym2digi.rule '^?s ^?s ^?d ^?d'

mp64.exe -o bfprepend2sym3digi.rule '^?s ^?s ^?d ^?d ^?d'

mp64.exe -o bfprepend2sym4digi.rule '^?s ^?s ^?d ^?d ^?d ^?d'

prepend Nth numeric then 1 symbol

mp64.exe -o bfprepend2digi1sym.rule '^?d ^?d ^?s'

mp64.exe -o bfprepend3digi1sym.rule '^?d ^?d ^?d ^?s'

mp64.exe -o bfprepend4digi1sym.rule '^?d ^?d ^?d ^?d ^?s'

mp64.exe -o bfprepend5digi1sym.rule '^?d ^?d ^?d ^?d ^?d ^?s'

is that correct?

thank you and please don't bash me. Big Grin

**epixoip** · 09-02-2013, 08:32 AM

since this was posted in the oclHashcat-plus forum, how about a solution that works best for oclHashcat-plus?

just create an hcmask file with all these different masks in it, then run hybrid attacks with that hcmask file.

Code:
epixoip@token:~/oclHashcat-1.00$ cat > anomalies.hcmask << EOF

> ?s?l?l

> ?s?l?l?l

> ?s?l?l?l?l

> ?s?l?l?l?l?l

> ?s?s?l

> ?s?s?l?l

> ?s?s?l?l?l

> ?s?s?l?l?l?l

> ?s?d?d

> ?s?d?d?d

> ?s?d?d?d?d

> ?s?d?d?d?d?d

> ?s?s?d

> ?s?s?d?d

> ?s?s?d?d?d

> ?s?s?d?d?d?d

> ?d?s?s

> ?d?s?s?s

> ?d?s?s?s?s

> ?d?s?s?s?s?s

> ?d?d?s

> ?d?d?s?s

> ?d?d?s?s?s

> ?d?d?s?s?s?s

> EOF

epixoip@token:~/oclHashcat-1.00$ ./oclHashcat64.bin -a 6 hashlist wordlist anomalies.hcmask

epixoip@token:~/oclHashcat-1.00$ ./oclHashcat64.bin -a 7 hashlist anomalies.hcmask wordlist

anomalies · (This post was last modified: 09-02-2013, 09:20 AM by anomalies.)

hi epixoip,

i like your solution, simply elegant.

thanks.

Login
Username/Email:
Password:	Lost Password?
	Remember me

hashcat advanced password recovery

hashcat
advanced password recovery