hashcat Forum Deprecated; Previous versions Old oclHashcat Support v
Mask setup

Threaded Mode
Mask setup
JulioQc Offline
Junior Member
**
Posts: 6
Threads: 1
Joined: Dec 2013
#1
05-06-2014, 09:45 PM
Hello,

I'm trying to specify a particular mask for brute force. I currently use the following argument:

Code:
?u?d ?1?1?1?1?1?1?1?1

8 digits, uppercase only, all numerical

However, I know for a fact the password has a maximum/minimum of 4 upper case letters and 4 numerical. They can be anywhere in this 8 digit sequence.

Example:

Code:
A56BG76Y
R3T123GE
5F3TY5Q8

How can I specify this? Thanks
Find
coolbry95 Offline
Member
***
Posts: 117
Threads: 0
Joined: Nov 2013
#2
05-06-2014, 09:57 PM
Just checking but are you doing -1 ?u?d ?1?1?1?1?1?1?1?1

Also there is not a way you can do that. What you have it correct.
Find
JulioQc Offline
Junior Member
**
Posts: 6
Threads: 1
Joined: Dec 2013
#3
05-06-2014, 10:30 PM
Yes it does work fine but it wastes much time trying combinations that have more (or less) then 4 uppercase letters or numbers.

i.e. A0000001 is a big waste of time because I know its not the password format.

I doubt its impossible to accomplish, maybe using a dictionary generator or rules rather then a mask could work maybe. Being able to do so would be a HUGE performance gain.
Find
undeath Offline
Sneaky Bastard
******
Posts: 2,301
Threads: 11
Joined: Jul 2010
#4
05-06-2014, 10:32 PM (This post was last modified: 05-06-2014, 10:33 PM by undeath.)
you can generate all masks for 8 chars upper/num and filter out the ones which do not have 4 upper/num chars.

echo uuuudddd | ./permute.bin | sort -u | sed 's/\(.\)/?\1/g' > masks.hcmask

note: permute.bin from hashcat-utils
Find
JulioQc Offline
Junior Member
**
Posts: 6
Threads: 1
Joined: Dec 2013
#5
05-06-2014, 11:11 PM
Yeah that sounds like a great solution!

I'm in windows environment for now so so installed sed.exe from GnuWin32 but the 's/\(.\)/?\1/g' argument doesn't want to accept the ?

I've tried without success
(sed.exe: -e expression #1, char 8: unknown command: `?'):

sed.exe "/\(.\)/?\1/g"

I'll try to figure it out but suggestions are welcomed Smile
Find
undeath Offline
Sneaky Bastard
******
Posts: 2,301
Threads: 11
Joined: Jul 2010
#6
05-07-2014, 12:22 AM
you are missing the starting "s" for the sed command
Find
JulioQc Offline
Junior Member
**
Posts: 6
Threads: 1
Joined: Dec 2013
#7
05-07-2014, 04:24 AM
so obvious! hehe thanks Smile

The masks in the generated file are exactly what I was hoping (little editing to do).

It went from 345 days at best to crack to 12 hours!!! Amazing! I already know the password, lets see if oclhashcat can find it now Smile

Thanks again for the help!
Find
atom Offline
Administrator
*******
Posts: 5,232
Threads: 233
Joined: Apr 2010
#8
05-08-2014, 11:25 AM
Wait, there's a tool that generates the neccessary masks to target advanced password policies, it's called PACK: http://thesprawl.org/projects/pack/
Website Find