Mask-Problem for Noob.
#1
Hi guys,

who can help me? I have an understanding problem. I know that a user creates his passwords by following schemes:


1-4 numbers (but not always)
1-12 letters (from time to time is the first letter a uppercase).
1-4 numbers (but not always)
1-2 special character (but not always)

There is a muster:

68alex!
5alehandro!!
37Aleks!!!
Alekss75!
alehhandro68!
1968aleksander1975
aleksander75.
Aleksandr1975
Aleksander1975!
alex1968.

Which mask can I create, to cover all there possible combinations of such passwords?

Code:
--increment-min=1 --increment-max=22 -1 ?d?u?l?d?s ?d?d?d?d?u?l?l?l?l?l?l?l?l?l?l?l?l?l?d?d?d?d?s?s
???

Although I have read the help, but my English is very bad.

Thanks.

Takeshi
#2
ur -1 is ?a.. and contain 2 ?d
u should make a mask file which contain all kind of possibility,
for example the mask file should contain

?d?d?l?l?l?l
?d?l?l?l?l?d
?u?d?d?l?l?s
and so on.

u should use https://thesprawl.org/projects/pack/ (PolicyGen)

from what u wrote the majority of the password contain the name alex
u could do
-1 alexkdros -2 19687 -3 A -4 !@#$%^&*()_+=-
and do such thing for 12 chars
?3?1?1?1?1?1?1?1?1?2?2?2?2
or
?1?1?1?1?1?1?1?2?2?2?2?4
#3
(07-18-2016, 03:20 PM)kiara Wrote: ur -1 is ?a.. and contain 2 ?d
u should make a mask file which contain all kind of possibility,
for example the mask file should contain

?d?d?l?l?l?l
?d?l?l?l?l?d
?u?d?d?l?l?s
and so on.

u should use https://thesprawl.org/projects/pack/ (PolicyGen)

from what u wrote the majority of the password contain the name alex
u could do
-1 alexkdros -2 19687 -3 A -4 !@#$%^&*()_+=-
and do such thing for 12 chars
?3?1?1?1?1?1?1?1?1?2?2?2?2
or
?1?1?1?1?1?1?1?2?2?2?2?4

Thank you for speed-answer, kiara! The boy use not only Ale...xxx -word, but various words - from Alex to ZzzzZZZzzzZ. My sample was slightly misleading. :-(

But the idea is very helpful for me. I will try on. I will "PACK" try too. Thank you.
#4
PACK is the way to go if you want to BF a keyspace that has a known password policy.

However it's a bad practice because in your case the keyspace is too large and you will propably end up with no results.

You may want to use rule based attacks
#5
(07-19-2016, 08:51 AM)atom Wrote: PACK is the way to go if you want to BF a keyspace that has a known password policy.

However it's a bad practice because in your case the keyspace is too large and you will propably end up with no results.

You may want to use rule based attacks

Yes, I know it. But the rules based attack was not successful. I I tried "best64"- und "top5000"- and "Toxic"-rules with custom dictionary, my own dictionaries (first names and brithdays/days/years) and with two well known today 11 and 35 GB dictionaries. No success. A combination dictionary attack was not success too. Masks is my last chance. Maybe I'll get lucky.