Brute-force missing characters from a known word?
#1
I'm new to Hashcat and hash-cracking in general, so bear with me please.

I have a 54 character long string from which only four characters are missing; the rest are known. I also have the complete string's GOST hash. I want to know if there is a way to Brute-force the hash using the 54 character string to obtain those missing characters, and subsequently the whole string.

I tried to create a table file, but it went on to become 20+ GB huge before I quit Hashcat in fear of running out of space. I also tried to combine rules and charset by passing
Code:
-1 ?l?u?d
as a parameter and putting
Code:
s*?1
in the .rule file (where the missing characters are represented by * in the hash file). Apparently that's not allowed. I also don't want to go deep into shell-scripting, since that would mean learning a whole new language just to crack a code. My brain is already rattled by Python and C as it is. Oh, and I'm on Windows 8.1.

So is there a way that I've overlooked? Is there some trick or technique that you learn only from experience?

Any help is appreciated. Thanks in advance!
#2
Not sure what you want rules for. Just use a normal mask attack with s*?1?1?1?1
#3
Okay, I swear I'm trying but I can't get it. I didn't understand your method so I didn't try it, but I tried this:
Code:
hashcat-cli32.exe -a 3 -m 6900 ex.hash ex.hcmask
and it is taking 'ex.hcmask' as a mask of static letters. BTW, ex.hcmask contains this:
Code:
?l?d?u,http://example.com/asdf.php?key=asdf?1s7f8df?1?1?17
(the url is similar to the url that I'm trying to crack).

Then I tried to be direct:
Code:
hashcat-cli32.exe -a 3 -m 6900 --pw-min=54 --pw-max=54 ex.hash -1 ?l?d?u http://example.com/asdf.php?key=asdf?1s7f8df?1?1?17
but that returns a syntax error in the url/mask. I'm thinking due to '?k' ?

Anyways, can you explain how you'd do it? There's something I'm missing, and I just can't see what. I'm only a day old at this, so I don't know everything. Still, I feel like I've tried everything and I'm exhausted.

Thanks for replying.
#4
Your approach is what undeath was suggesting. I think that your conclusion is right too. The problem is likely to be the ?k so you have to find the proper way to escape it. I don't have an answer to that right now. Also the length for the min and max are wrong.
#5
Here's the solution:

Code:
An exception is if we want the static letter ? itself, which must be written as ??.

Command line:

Code:
hashcat-cli64.exe -a 3 -m 6900 --pw-min=47 --pw-max=47 -o found.txt test.hash -1 ?l?d?u "http://example.com/asdf.php??key=asdf?1s7f8df?1?1?17"

Hashcat is trying to crack it and despite the fact that the whole mask is 48 chars long, hashcat reports the full mask with length 47 as specification when you hit enter (if you try with length 46, you won't see the 7 at the end of the mask). This is expected behavior. However, it completes the attack without cracking the hash in my case so there might be a bug in hashcat concerning that (the use of ??).
#6
I had read somewhere during my quest for hashcat knowledge that ?? can be used to escape a question mark. And it works:
Code:
hashcat-cli32.exe -a 3 -m 6900 --pw-min=54 --pw-max=54 ex.hash -1 ?l?d?u http://example.com/asdf.php??key=asdf?1s7f8df?1?1?17

Unfortunately, no hashes were cracked for the url. I thought the problem was at my end, but I tried cracking
Code:
hello?kgoodbye:c71005c28efad7e95b145130dd970d7f9521b2dd9c222fb2dacea5eca962f761
with the escaping and it works. I'll contact the guys who made this challenge once again.

Also, the url I gave is a dummy. The original one is 54 characters long.

Thanks for your help, guys!

Edit: I see that there's no Reputation giving system in this forum. Well, here's two thumbs up for you anyways. ? ?