buitin charsets works, but custom charsets dosn't work
#1
Hello all;
I have a problem with using custom character set.
I make a sample `hash_salt.txt` as input hash file, with bellow data:

hash_salt.txt:
Code:
b0393ef671f10d32135ee40dd9ad6837@zt_uru[|fVL5::\cbo+&fZDAXJE1!_

The separator between hash and salt is `@`.

Then i set password length to 4 characters. (The password is `pass`)

And when i try this cmd:

Code:
hashcat-cli64.exe -a 3 -m 2711 --pw-min=4 --pw-max=4 --hex-charset -p @ -o "out.txt" --outfile-format=3 -n 8 -c 256 "hash_salt.txt" -1 ?l ?1?1?1?1

The hashcat find successfully that and output of `out.txt` is:

Code:
b0393ef671f10d32135ee40dd9ad6837@zt_uru[|fVL5::\cbo+&fZDAXJE1!_@pass

Now when i want to use my custom character set, like `-1 aps ?1?1?1?1` because i know that password is `pass` and have only `p`, `a` and `s` characters within it,

But with `-1 aps ?1?1?1?1` in this cmd:

Code:
hashcat-cli64.exe -a 3 -m 2711 --pw-min=4 --pw-max=4 --hex-charset -p @ -o "out.txt" --outfile-format=3 -n 8 -c 256 "hash_salt.txt" -1 aps ?1?1?1?1

The hashcat can not find the `pass`.

To cover `pass` string in mask brute force range attack, what is a minimum custom character set for that? this `-1 aps ?1?1?1?1` character set is wrong?
(With assume that we know the password string consist of `p`, `a` and `s` characters and length of it is 4)
#2
Please use --help and the wiki to learn about --hex-charset.
Hint: if you remove --hex-charset it should work

Please also don't post hashes if not ask by a dev, see https://hashcat.net/forum/announcement-2.html
#3
Sample hashes are alright.
Like Philipp said, --hex-charset is obsolete.
Ditch it and it should work.
Also, I highly recommend not to use the -c flag at all.
Finally, hashcat is smart, you don't need @ instead of ':' for hash separator, it treats everything after the first colon as salt.
#4
Thanks,

Ok, i remove `--hex-charset` option, and you right because `aps` is not hex characters, and now hashcat find `pass`.

Also i use `@` instead of `:`, just because hashcat note me that `1 salts contain separator-char ':'` and i change it to don't note(or warn) me again.

Now i have another question about salt.

I remove the salt section form `hash_salt.txt` file and rename it to `hash.txt`:

hash.txt:
Code:
b0393ef671f10d32135ee40dd9ad6837

And want to use `brute-vbulletin.salt` salt file that is in `hashcat-0.46\salts` directory:

Code:
`hashcat-0.46\salts\brute-vbulletin.salt`

but with the same custom character set as above, the hashcat can not find the `pass`:

Code:
hashcat-cli64.exe -a 3 -m 2711 --pw-min=4 --pw-max=4 -e "brute-vbulletin.salt" -o "out.txt" --outfile-format=3 -n 8 "hash.txt" -1 aps ?1?1?1?1

How can i cover a salt such as `zt_uru[|fVL5::\cbo+&fZDAXJE1!_` in attack? does this file `brute-vbulletin.salt`can cover that or not?
and can i set custom character set for salt too?
#5
Ok , i found my answer about salt, here vBulletin MD5 without Salts
Thanks all.