Hashcat bruteforcing with special rules
#1
Hello,

I am a hashcat noob but I need some help. I forgot my Truecrypt Countainer Password and need to crack it now.
It has 37-41 Characters. The good news I know the last 20 Characters and the first 4 excatly. I know the 6th Position it's a "," or ".". And I know the 5th Position could be one letter or nothing, than the 6th Position would be the 6th Position.
I also know between 5/6 till 20/21th Position are two static phrases.
One is like that "HuW" and one is like that "84839", the rest is out of 6 Characters.

Example how it could look like:

!Ii!,HuW;,.H).84839..123456789+'+uHdbHDhE

or maybe:

!Ii!c.HuW;,HH).84839..123456789+'+uHdbHDhE

(don't worry I changed up here things, thats now how my password look like, but it's an example for configuration.)

I did some math and cam out that it can get cracked in less than a day with a Amd 290x.

I need now help to get the configuration right. Here is an example how it would look like in OTFBrutus.

!Ii![c]{0-1}[\.\,]{1}["HuW" \;\.\-\_\)\: "84839"]{6-10}123456789+'+uHdbHDhE
OTFBrutus said it would be 4908384256 combinations.
(4908384256 / 500000 / 60 / 60 = 2,72 h)


the password can only get cracked in a good time, if 84839 and HuW are threated like a static phrases "in way like a character (from the math side").

Thank you very much!
Reply
#2
Do not request help cracking a hash or offer a cash reward. This is against the forum rules.

Basically what you are looking for here is a mask attack. http://hashcat.net/wiki/doku.php?id=mask_attack

The static portions of your password will be static in your mask. For the unknown portions you'll use custom charsets.
Reply
#3
Thank you bro for the fast answer. I didn't want to break the rules here, I didn't know that.

Can you set this up for me please? I would really really appreciate that!

€dit: What about this: "I know the 6th Position it's a "," or ".". And I know the 5th Position could be one letter or nothing, than the 6th Position would be the 6th Position."
Reply
#4
You will need multiple masks to accomplish this, so you should probably use an hcmask file.

I will help you construct one mask. You will need to construct the others.

-1 '.,' -2 ';.-_):' '!Ii!?1HuW?1?184839123456789+'\''+uHdbHDhE'
Reply
#5
Why did you do it like that?
I don't understand.


this part is almost known:
!Ii!c.
could be also
!Ii!c,
or
!Ii!,
!Ii!c,

and this part is really known:

123456789+'+uHdbHDhE

everything between is almost unknow except the charset and the static combination 84839 and HuW but it could also be hUw.
In this middle part could be up to 6-10 characters, if you cound 84839 and HuW as one character (if you count 84839 and HuW as 5 and 3 characters in this middle part is than a total of between 16 and 12). And in this middle part is a charset of 6-7 chars.
Did you maybe misunderstood my question? Or did I missunderstood you?

€dit: and one thing more that I know, HuW definetly appears only one time in this middle part and 84839 also appears one time in the middle part.
Reply
#6
If you put the same amount of energy in just writing the mask instead of describing what you want you actually would get it faster. Epix gave you a good example.
sch0.org
Reply
#7
I don't see in his examples how "HuW" and "84839" rotate in this case? I don't know where HuW and 84839 are. First could come 84839 and than HuW or different way. And I don't know whats between them. I just know they are between beginning and end (middle) and I know this middle part has with this 2 phrases (12-16 chars if you count them as one char -> 6-10)

€dit: I am just despread. I need your help!
Reply
#8
Is it somehow possible to set up a charset where this 2 static phrases are recognized as a char (even they aren't)?

than it would be

8 chars in the middle

-1 '.,' -2 ';.-_):"HuW" "84839"' '!Ii!?1?2?2?2?2?2?2?2?2123456789+'\''+uHdbHDhE'
-1 '.,' -2 ';.-_):"HuW" "84839"' '!Ii!c?1?2?2?2?2?2?2?2?2123456789+'\''+uHdbHDhE'

9 chars in the middle

-1 '.,' -2 ';.-_):"HuW" "84839"' '!Ii!?1?2?2?2?2?2?2?2?2?2123456789+'\''+uHdbHDhE'
-1 '.,' -2 ';.-_):"HuW" "84839"' '!Ii!c?1?2?2?2?2?2?2?2?2?2123456789+'\''+uHdbHDhE'

10 chars in the middle
-1 '.,' -2 ';.-_):"HuW" "84839"' '!Ii!?1?2?2?2?2?2?2?2?2?2?2123456789+'\''+uHdbHDhE'
-1 '.,' -2 ';.-_):"HuW" "84839"' '!Ii!c?1?2?2?2?2?2?2?2?2?2?2123456789+'\''+uHdbHDhE'

or? But is it possible to put a static phrase in a charset?

and the other question is it possible to let this run in a queque? Or do I have to start every mask new?

€dit: my problem is how can I bring this two static phrases in a charset? And how can I run this automatically?


€dit2: Ahhh I guess I know what you know mean with hcmask.

I have to create something like that:

5 x ?2
-1 '.,' -2 ';.-_):' '!Ii!?1HuW18483?2?2?2?2?2123456789+'\''+uHdbHDhE'
-1 '.,' -2 ';.-_):' '!Ii!?1HuW?218483?2?2?2?2123456789+'\''+uHdbHDhE'
-1 '.,' -2 ';.-_):' '!Ii!?1HuW?2?218483?2?2?2123456789+'\''+uHdbHDhE'
...
-1 '.,' -2 ';.-_):' '!Ii!?1HuW?2?2?2?2?218483123456789+'\''+uHdbHDhE'
...
-1 '.,' -2 ';.-_):' '!Ii!?1?2?2?2?2?218483HuW123456789+'\''+uHdbHDhE'

Am I right? And than again repeat this with 6 x ?2 and 7 x ?2 and 8 x ?2
Is that correct?

If this is right and I created that file, how can I execute it with oclHashcat?
Reply
#9
Those masks are looking good. Unfortunately since your custom charset includes a comma, and hcmasks use commas to separate fields, an hcmask file would not work. So what you'll need to do is run each of these masks one-by-one with hashcat. It's probably best to script this out.
Reply
#10
No way Sad I just already started to do this masks. This are a lot of masks, I can't start them one by one.
Isn't there a way around like you did with the ' ?

I can't script that, can you help me please?

€dit: 2 more questions:

1.) How does a command look like for TC AES (RipeMD) with hcmaks?
2.) Which OS would work best with a AMD R9 290x?

ahh and a 3rd one:

is a slash / also a Problem for hashcat if it appears?

€dit3: I found this in the Documention:
"- \, means that the comma should be used literally (not a separator between ?1, ?2, ?3, ?4 or mask)" but you right, the problem is that is in the custom charset. What can I do? :/

€dit4:

would the command be this:

./oclHashcat-plus64.bin -m 6211 -a 3 -n 32 /root/desktop/countainer.tc -1 '.,' -2 ';,.-_):' '!Ii!?1HuW18483?2?2?2?2?2123456789+'\''+uHdbHDhE' -o /root/desktop/found/found.txt

or is something missing?
Reply