Create custom dictionary
#1
Hello everyone. 

I'm newbie in hashcat and have few questions. 

Imagine that i know one part of the user password 

1) let's say these are names of the all disney's characters

2) also i know that this password contain from one up to four different characters 

3) i know that this password contain from one up to four symbols (like @ or # etc.)

I have a txt file with the names of all Disney's characters what is the best and easiest way to create my own dictionary list? 

it should look something like

mickey124@

Thank you in advance.
#2
Welcome!

Instead of generating a custom dictionary, you're looking for a hybrid or rules-based attack, I think. With these attacks, each word in your dictionary is dynamically modified many times, based on masks or rules that you specify.

Using hashcat's attack mode 6 (word from wordlist on the left, with a mask added on the right):

Code:
$ cat wordlist.txt
mickey
minnie
goofy

$ echo -n 'mickey124@' | md5sum | awk '{print $1}' | tee targethash.txt
8ebe776415d31e5bd35a39ea710b5d0d

$ hashcat -a 6 -m 0 targethash.txt wordlist.txt ?d?d?d?s
hashcat (v3.5.0-18-g086a072) starting...

[snip]

Dictionary cache built:
* Filename..: wordlist.txt
* Passwords.: 3
* Bytes.....: 20
* Keyspace..: 99000

The wordlist or mask that you are using is too small.
This means that hashcat cannot use the full parallel power of your device(s).
Unless you supply more work, your cracking speed will drop.
For tips on supplying more work, see: https://hashcat.net/faq/morework

Approaching final keyspace - workload adjusted.          

8ebe776415d31e5bd35a39ea710b5d0d:mickey124@              
                                                         
Session..........: hashcat
Status...........: Cracked
Hash.Type........: MD5
Hash.Target......: 8ebe776415d31e5bd35a39ea710b5d0d
Time.Started.....: Tue Apr 25 05:00:13 2017 (0 secs)
Time.Estimated...: Tue Apr 25 05:00:13 2017 (0 secs)
Guess.Base.......: File (wordlist.txt), Left Side
Guess.Mod........: Mask (?d?d?d?s) [4], Right Side
Guess.Queue.Base.: 1/1 (100.00%)
Guess.Queue.Mod..: 1/1 (100.00%)
Speed.Dev.#1.....:        0 H/s (0.00ms)
Speed.Dev.#2.....:   756.6 kH/s (0.16ms)
Speed.Dev.#*.....:   756.6 kH/s
Recovered........: 1/1 (100.00%) Digests, 1/1 (100.00%) Salts
Progress.........: 4464/99000 (4.51%)
Rejected.........: 0/4464 (0.00%)
Restore.Point....: 0/3 (0.00%)
Candidates.#1....: [Copying]
Candidates.#2....: mickey703. -> goofy688@
HWMon.Dev.#1.....: Temp: 41c Fan: 35% Util:100% Core:1265MHz Mem:3004MHz Bus:8
HWMon.Dev.#2.....: Temp: 35c Fan: 32% Util: 98% Core:1163MHz Mem:2700MHz Bus:8

Started: Tue Apr 25 05:00:09 2017
Stopped: Tue Apr 25 05:00:14 2017
~
#3
(04-25-2017, 02:26 PM)devilman666 Wrote: Hello everyone. 

I'm newbie in hashcat and have few questions. 

Imagine that i know one part of the user password 

1) let's say these are names of the all disney's characters

2) also i know that this password contain from one up to four different characters 

3) i know that this password contain from one up to four symbols (like @ or # etc.)

I have a txt file with the names of all Disney's characters what is the best and easiest way to create my own dictionary list? 

it should look something like

mickey124@

Thank you in advance.

Could you please describe more in detail what you know about the password?

Will it always have this structure <name><letters or numbers><symbols>, or can the three parts of the password be combined in any order?
#4
(04-25-2017, 03:06 PM)jallis Wrote:
(04-25-2017, 02:26 PM)devilman666 Wrote: Hello everyone. 

I'm newbie in hashcat and have few questions. 

Imagine that i know one part of the user password 

1) let's say these are names of the all disney's characters

2) also i know that this password contain from one up to four different characters 

3) i know that this password contain from one up to four symbols (like @ or # etc.)

I have a txt file with the names of all Disney's characters what is the best and easiest way to create my own dictionary list? 

it should look something like

mickey124@

Thank you in advance.

Could you please describe more in detail what you know about the password?

Will it always have this structure <name><letters or numbers><symbols>, or can the three parts of the password be combined in any order?

Yes it will always have a structure like <name><numbers><symbols>
#5
Good question, jallis.

devilman666, since the order is always the same, the example that I provided should apply to your case.
~
#6
(04-25-2017, 03:02 PM)royce Wrote: Welcome!

Instead of generating a custom dictionary, you're looking for a hybrid or rules-based attack, I think. With these attacks, each word in your dictionary is dynamically modified many times, based on masks or rules that you specify.

Using hashcat's attack mode 6 (word from wordlist on the left, with a mask added on the right):

Code:
$ cat wordlist.txt
mickey
minnie
goofy

$ echo -n 'mickey124@' | md5sum | awk '{print $1}' | tee targethash.txt
8ebe776415d31e5bd35a39ea710b5d0d

$ hashcat -a 6 -m 0 targethash.txt wordlist.txt ?d?d?d?s
hashcat (v3.5.0-18-g086a072) starting...

[snip]

Dictionary cache built:
* Filename..: wordlist.txt
* Passwords.: 3
* Bytes.....: 20
* Keyspace..: 99000

The wordlist or mask that you are using is too small.
This means that hashcat cannot use the full parallel power of your device(s).
Unless you supply more work, your cracking speed will drop.
For tips on supplying more work, see: https://hashcat.net/faq/morework

Approaching final keyspace - workload adjusted.          

8ebe776415d31e5bd35a39ea710b5d0d:mickey124@              
                                                         
Session..........: hashcat
Status...........: Cracked
Hash.Type........: MD5
Hash.Target......: 8ebe776415d31e5bd35a39ea710b5d0d
Time.Started.....: Tue Apr 25 05:00:13 2017 (0 secs)
Time.Estimated...: Tue Apr 25 05:00:13 2017 (0 secs)
Guess.Base.......: File (wordlist.txt), Left Side
Guess.Mod........: Mask (?d?d?d?s) [4], Right Side
Guess.Queue.Base.: 1/1 (100.00%)
Guess.Queue.Mod..: 1/1 (100.00%)
Speed.Dev.#1.....:        0 H/s (0.00ms)
Speed.Dev.#2.....:   756.6 kH/s (0.16ms)
Speed.Dev.#*.....:   756.6 kH/s
Recovered........: 1/1 (100.00%) Digests, 1/1 (100.00%) Salts
Progress.........: 4464/99000 (4.51%)
Rejected.........: 0/4464 (0.00%)
Restore.Point....: 0/3 (0.00%)
Candidates.#1....: [Copying]
Candidates.#2....: mickey703. -> goofy688@
HWMon.Dev.#1.....: Temp: 41c Fan: 35% Util:100% Core:1265MHz Mem:3004MHz Bus:8
HWMon.Dev.#2.....: Temp: 35c Fan: 32% Util: 98% Core:1163MHz Mem:2700MHz Bus:8

Started: Tue Apr 25 05:00:09 2017
Stopped: Tue Apr 25 05:00:14 2017

Hi, 

Thank you for your answer. Question is where will be generated those password 

mickey124@

I mean, that ok i have a lost of Heroes and i have a list of rules and question is

how i should generate the final pass from those two lists. 

I see that it is an attack 6 but i see that you already have the pass and created a hash file right? 
#7
(04-25-2017, 03:02 PM)royce Wrote: Welcome!

Instead of generating a custom dictionary, you're looking for a hybrid or rules-based attack, I think. With these attacks, each word in your dictionary is dynamically modified many times, based on masks or rules that you specify.

Using hashcat's attack mode 6 (word from wordlist on the left, with a mask added on the right):

Code:
$ cat wordlist.txt
mickey
minnie
goofy

$ echo -n 'mickey124@' | md5sum | awk '{print $1}' | tee targethash.txt
8ebe776415d31e5bd35a39ea710b5d0d

$ hashcat -a 6 -m 0 targethash.txt wordlist.txt ?d?d?d?s
hashcat (v3.5.0-18-g086a072) starting...

[snip]

Dictionary cache built:
* Filename..: wordlist.txt
* Passwords.: 3
* Bytes.....: 20
* Keyspace..: 99000

The wordlist or mask that you are using is too small.
This means that hashcat cannot use the full parallel power of your device(s).
Unless you supply more work, your cracking speed will drop.
For tips on supplying more work, see: https://hashcat.net/faq/morework

Approaching final keyspace - workload adjusted.          

8ebe776415d31e5bd35a39ea710b5d0d:mickey124@              
                                                         
Session..........: hashcat
Status...........: Cracked
Hash.Type........: MD5
Hash.Target......: 8ebe776415d31e5bd35a39ea710b5d0d
Time.Started.....: Tue Apr 25 05:00:13 2017 (0 secs)
Time.Estimated...: Tue Apr 25 05:00:13 2017 (0 secs)
Guess.Base.......: File (wordlist.txt), Left Side
Guess.Mod........: Mask (?d?d?d?s) [4], Right Side
Guess.Queue.Base.: 1/1 (100.00%)
Guess.Queue.Mod..: 1/1 (100.00%)
Speed.Dev.#1.....:        0 H/s (0.00ms)
Speed.Dev.#2.....:   756.6 kH/s (0.16ms)
Speed.Dev.#*.....:   756.6 kH/s
Recovered........: 1/1 (100.00%) Digests, 1/1 (100.00%) Salts
Progress.........: 4464/99000 (4.51%)
Rejected.........: 0/4464 (0.00%)
Restore.Point....: 0/3 (0.00%)
Candidates.#1....: [Copying]
Candidates.#2....: mickey703. -> goofy688@
HWMon.Dev.#1.....: Temp: 41c Fan: 35% Util:100% Core:1265MHz Mem:3004MHz Bus:8
HWMon.Dev.#2.....: Temp: 35c Fan: 32% Util: 98% Core:1163MHz Mem:2700MHz Bus:8

Started: Tue Apr 25 05:00:09 2017
Stopped: Tue Apr 25 05:00:14 2017

I mean how did you generated this pass http://joxi.ru/LmGVR4JseDJZwr
#8
(04-25-2017, 02:26 PM)devilman666 Wrote: Hello everyone. 

I'm newbie in hashcat and have few questions. 

Imagine that i know one part of the user password 

1) let's say these are names of the all disney's characters

2) also i know that this password contain from one up to four different characters 

3) i know that this password contain from one up to four symbols (like @ or # etc.)

I have a txt file with the names of all Disney's characters what is the best and easiest way to create my own dictionary list? 

it should look something like

mickey124@

Thank you in advance.


Have a look at the comboleetor - it can do exactly what you want.  In fact, I wrote it to solve the same problem you are facing - I know some basics about the password, but I need to combine them in different ways.

http://www.jimby.name:81/comboleetor_latest/README.txt

It's a perl script so you'll need perl to run it.

Happy to answer questions either here or via email.  See email addy at end of the README.txt file.

Cheers,
Jim B.
#9
(04-25-2017, 11:45 PM)jimby Wrote:
(04-25-2017, 02:26 PM)devilman666 Wrote: Hello everyone. 

I'm newbie in hashcat and have few questions. 

Imagine that i know one part of the user password 

1) let's say these are names of the all disney's characters

2) also i know that this password contain from one up to four different characters 

3) i know that this password contain from one up to four symbols (like @ or # etc.)

I have a txt file with the names of all Disney's characters what is the best and easiest way to create my own dictionary list? 

it should look something like

mickey124@

Thank you in advance.


Have a look at the comboleetor - it can do exactly what you want.  In fact, I wrote it to solve the same problem you are facing - I know some basics about the password, but I need to combine them in different ways.

http://www.jimby.name:81/comboleetor_latest/README.txt

It's a perl script so you'll need perl to run it.

Happy to answer questions either here or via email.  See email addy at end of the README.txt file.

Cheers,
Jim B.
 
i get syntax error in kalilinux with " perl 5, version 26, subversion 1 (v5.26.1)" !