Mask Attack Management
#1
I was wondering if anyone knows of a mask attack management system that exists? I'm a hobby programmer so if there isn't one currently, I might try to tackle the idea.

Basically I'm working on a public dump and am currently down to the mask attack sorted by most common per effort. What I'd like to do is a solid way to combine the already done masks and a way to filter out already done attacks.

Just for an example, we know that


?l?l?l?l?l?l?l?l?l
?l?l?l?l?l?l?l?l?u
?l?l?l?l?l?l?l?l?s
?l?l?l?l?l?l?l?l?d

would give the same results as

?l?l?l?l?l?l?l?l?a

I've hit ~1000 masks or so, so it isn't quite so easy to just dump out already done ones when I'm doing custom mask sets (?1?2?3 etc).

Any ideas, or dev suggestions is welcome. Thanks!
#2
Have you done the other basic attack modes before going on to masks attack?

http://hashcat.net/forum/thread-1609-pos...ml#pid9158

I will normally done that first and then do some analysis using PACK and use the masks generated from PACK to do masks attack.

https://thesprawl.org/projects/pack/

Best regards,
Azren
#3
Yea I've ran dict, rules, fingerprint, hybrid attacks, and already bruted 1-8 length with ?a mask. I'm to the point where I'm hitting masks that get fair recovery speeds, just keeping track of which ones I've already hit isn't so easy to manage.

My target is currently at ~97% cracked for uniq hashes, or just over 99% of the dump as a whole. I know I'll never hit 100% but I'm aiming for 98-99%. Trying to build some new attacks/ideas to get the harder hashes to crack done.

Latest one was to process all the current cracks to every 5 chunk segment, and run it though a dupe remover/counter to only include the ones used atleast 2 times (uniq hash results only) and use the hybrid attack to mask the right and left side of them. It's the best attack I've tested since I went over 95% cracked. I guess you could call this a hybrid fingerprint attack.

I only have 1.5 days left for this attack, and my 2nd crack pc is almost done with it's attack (mask based) so I'll have to think of something new to do or go to straight brute force till I think of something.

Pack is an interesting program, I've made a quick program to do the same basic idea as the mask gen. Basically converted the cracked hashes to their related mask, then did a count + sort on them, then took the top ~15k masks and used open office calc to calculate the attack time, and effectiveness (keyspace/total cracks). I've hit them for the last couple of days, which is why I'm looking for a way to deal with the next batch of masks so I'm not duping efforts.

EDIT: Pack is a really an interesting collection of tools, I'll have to play around with them. A lot of ideas that were floating around in my head are covered pretty close to what I was thinking (reverse crack -> source word, efficient rule/word list combos etc). Forgot to mention, thanks for the link!