Combinator attack with a maximum length?
#1
Hello,

I have setup 2 dictionaries for my combinator attack:

-a 1 -m 2500 handshake.hccap dictionary1.dic dictionary2.dic
basically the dictionaries are the same but I want a cross-joined password list. It is working fine.

Now to reduce the number of combinations to process I only want to test the combinations that are 8-14 characters.

I know I can add left-right rules to the combinator attack like this
"If you wish to add rules to either the left or right dictionary or both at once then you can use the -j or -k commands."
https://hashcat.net/wiki/doku.php?id=combinator_attack

But even if I would succeed adding a '<14' rule, that will only add a rule to each dictionary.
I need a filter on the combined length.
Is this possible in any way with hashcat?
#2
https://hashcat.net/wiki/doku.php?id=hashcat_utils#len
#3
(12-10-2016, 03:27 AM)Xanadrel Wrote: https://hashcat.net/wiki/doku.php?id=hashcat_utils#len
Thanks a lot

I am running

hashcat-3.20\combinator.exe dictionary1.dic dictionary2.dic | len.exe 8 14 | hashcat64.exe -a 0 -m 2500 --status handshake.hccap

(I needed --status because else it wouldn't show status updates)

It doesn't show progress, it shows the amount of hashes calculated but there is no %progress or time remaining.
#4
A quick glance into my notes has the "Phraser" tool found at https://github.com/Sparell/Phraser and described at PasswordsCon 2015 Cambridge with a video titled Linguistic Cracking of Passphrases using Markov Chains-Peder Sparell.
#5
(12-10-2016, 04:00 PM)Kgx Pnqvhm Wrote: A quick glance into my notes has the "Phraser" tool found at https://github.com/Sparell/Phraser and described at PasswordsCon 2015 Cambridge with a video titled Linguistic Cracking of Passphrases using Markov Chains-Peder Sparell.

Thank you that looks like a very usefull tool.
Cross joining the dictionaries (1 with both upper and lower start characters) and a full run took about 4 hours and did not crack anything.It spits out a lot of uncommon combinations and does not give me a window to try and add digits or special characters.
#6
Hashcat can not show an ETA because it can not know the total number of password candidates you're sending in.