Posts: 10
Threads: 1
Joined: Apr 2015
04-01-2015, 11:35 AM
(This post was last modified: 04-01-2015, 03:12 PM by MultiFilm.)
Hello,
I am a hashcat noob but I need some help. I forgot my Truecrypt Countainer Password and need to crack it now.
It has 37-41 Characters. The good news I know the last 20 Characters and the first 4 excatly. I know the 6th Position it's a "," or ".". And I know the 5th Position could be one letter or nothing, than the 6th Position would be the 6th Position.
I also know between 5/6 till 20/21th Position are two static phrases.
One is like that "HuW" and one is like that "84839", the rest is out of 6 Characters.
Example how it could look like:
!Ii!,HuW;,.H).84839..123456789+'+uHdbHDhE
or maybe:
!Ii!c.HuW;,HH).84839..123456789+'+uHdbHDhE
(don't worry I changed up here things, thats now how my password look like, but it's an example for configuration.)
I did some math and cam out that it can get cracked in less than a day with a Amd 290x.
I need now help to get the configuration right. Here is an example how it would look like in OTFBrutus.
!Ii![c]{0-1}[\.\,]{1}["HuW" \;\.\-\_\)\: "84839"]{6-10}123456789+'+uHdbHDhE
OTFBrutus said it would be 4908384256 combinations.
(4908384256 / 500000 / 60 / 60 = 2,72 h)
the password can only get cracked in a good time, if 84839 and HuW are threated like a static phrases "in way like a character (from the math side").
Thank you very much!
Posts: 2,936
Threads: 12
Joined: May 2012
Do not request help cracking a hash or offer a cash reward. This is against the forum rules.
Basically what you are looking for here is a mask attack. http://hashcat.net/wiki/doku.php?id=mask_attack
The static portions of your password will be static in your mask. For the unknown portions you'll use custom charsets.
Posts: 10
Threads: 1
Joined: Apr 2015
04-01-2015, 11:49 AM
(This post was last modified: 04-01-2015, 11:51 AM by MultiFilm.)
Thank you bro for the fast answer. I didn't want to break the rules here, I didn't know that.
Can you set this up for me please? I would really really appreciate that!
€dit: What about this: "I know the 6th Position it's a "," or ".". And I know the 5th Position could be one letter or nothing, than the 6th Position would be the 6th Position."
Posts: 2,936
Threads: 12
Joined: May 2012
You will need multiple masks to accomplish this, so you should probably use an hcmask file.
I will help you construct one mask. You will need to construct the others.
-1 '.,' -2 ';.-_):' '!Ii!?1HuW?1?184839123456789+'\''+uHdbHDhE'
Posts: 10
Threads: 1
Joined: Apr 2015
04-01-2015, 01:31 PM
(This post was last modified: 04-01-2015, 01:46 PM by MultiFilm.)
Why did you do it like that?
I don't understand.
this part is almost known:
!Ii!c.
could be also
!Ii!c,
or
!Ii!,
!Ii!c,
and this part is really known:
123456789+'+uHdbHDhE
everything between is almost unknow except the charset and the static combination 84839 and HuW but it could also be hUw.
In this middle part could be up to 6-10 characters, if you cound 84839 and HuW as one character (if you count 84839 and HuW as 5 and 3 characters in this middle part is than a total of between 16 and 12). And in this middle part is a charset of 6-7 chars.
Did you maybe misunderstood my question? Or did I missunderstood you?
€dit: and one thing more that I know, HuW definetly appears only one time in this middle part and 84839 also appears one time in the middle part.
Posts: 68
Threads: 3
Joined: Feb 2011
If you put the same amount of energy in just writing the mask instead of describing what you want you actually would get it faster. Epix gave you a good example.
sch0.org
Posts: 10
Threads: 1
Joined: Apr 2015
04-01-2015, 02:30 PM
(This post was last modified: 04-01-2015, 02:53 PM by MultiFilm.)
I don't see in his examples how "HuW" and "84839" rotate in this case? I don't know where HuW and 84839 are. First could come 84839 and than HuW or different way. And I don't know whats between them. I just know they are between beginning and end (middle) and I know this middle part has with this 2 phrases (12-16 chars if you count them as one char -> 6-10)
€dit: I am just despread. I need your help!
Posts: 10
Threads: 1
Joined: Apr 2015
04-01-2015, 02:56 PM
(This post was last modified: 04-01-2015, 04:12 PM by MultiFilm.)
Is it somehow possible to set up a charset where this 2 static phrases are recognized as a char (even they aren't)?
than it would be
8 chars in the middle
-1 '.,' -2 ';.-_):"HuW" "84839"' '!Ii!?1?2?2?2?2?2?2?2?2123456789+'\''+uHdbHDhE'
-1 '.,' -2 ';.-_):"HuW" "84839"' '!Ii!c?1?2?2?2?2?2?2?2?2123456789+'\''+uHdbHDhE'
9 chars in the middle
-1 '.,' -2 ';.-_):"HuW" "84839"' '!Ii!?1?2?2?2?2?2?2?2?2?2123456789+'\''+uHdbHDhE'
-1 '.,' -2 ';.-_):"HuW" "84839"' '!Ii!c?1?2?2?2?2?2?2?2?2?2123456789+'\''+uHdbHDhE'
10 chars in the middle
-1 '.,' -2 ';.-_):"HuW" "84839"' '!Ii!?1?2?2?2?2?2?2?2?2?2?2123456789+'\''+uHdbHDhE'
-1 '.,' -2 ';.-_):"HuW" "84839"' '!Ii!c?1?2?2?2?2?2?2?2?2?2?2123456789+'\''+uHdbHDhE'
or? But is it possible to put a static phrase in a charset?
and the other question is it possible to let this run in a queque? Or do I have to start every mask new?
€dit: my problem is how can I bring this two static phrases in a charset? And how can I run this automatically?
€dit2: Ahhh I guess I know what you know mean with hcmask.
I have to create something like that:
5 x ?2
-1 '.,' -2 ';.-_):' '!Ii!?1HuW18483?2?2?2?2?2123456789+'\''+uHdbHDhE'
-1 '.,' -2 ';.-_):' '!Ii!?1HuW?218483?2?2?2?2123456789+'\''+uHdbHDhE'
-1 '.,' -2 ';.-_):' '!Ii!?1HuW?2?218483?2?2?2123456789+'\''+uHdbHDhE'
...
-1 '.,' -2 ';.-_):' '!Ii!?1HuW?2?2?2?2?218483123456789+'\''+uHdbHDhE'
...
-1 '.,' -2 ';.-_):' '!Ii!?1?2?2?2?2?218483HuW123456789+'\''+uHdbHDhE'
Am I right? And than again repeat this with 6 x ?2 and 7 x ?2 and 8 x ?2
Is that correct?
If this is right and I created that file, how can I execute it with oclHashcat?
Posts: 2,936
Threads: 12
Joined: May 2012
Those masks are looking good. Unfortunately since your custom charset includes a comma, and hcmasks use commas to separate fields, an hcmask file would not work. So what you'll need to do is run each of these masks one-by-one with hashcat. It's probably best to script this out.
Posts: 10
Threads: 1
Joined: Apr 2015
04-01-2015, 09:39 PM
(This post was last modified: 04-01-2015, 10:27 PM by MultiFilm.)
No way  I just already started to do this masks. This are a lot of masks, I can't start them one by one.
Isn't there a way around like you did with the ' ?
I can't script that, can you help me please?
€dit: 2 more questions:
1.) How does a command look like for TC AES (RipeMD) with hcmaks?
2.) Which OS would work best with a AMD R9 290x?
ahh and a 3rd one:
is a slash / also a Problem for hashcat if it appears?
€dit3: I found this in the Documention:
"- \, means that the comma should be used literally (not a separator between ?1, ?2, ?3, ?4 or mask)" but you right, the problem is that is in the custom charset. What can I do? :/
€dit4:
would the command be this:
./oclHashcat-plus64.bin -m 6211 -a 3 -n 32 /root/desktop/countainer.tc -1 '.,' -2 ';,.-_):' '!Ii!?1HuW18483?2?2?2?2?2123456789+'\''+uHdbHDhE' -o /root/desktop/found/found.txt
or is something missing?
|
