1Password - need help using hashcat
#11
That's not at all how that works.

First, it would be $HEX[c2] and $HEX[a7], not what you have above.

Moreover, $HEX[] encoding only works for wordlists, not masks.

Maybe what you meant was --hex-charset -1 c2 -2 a7 Password?1?2
#12
(05-02-2017, 02:15 AM)epixoip Wrote: That's not at all how that works.

First, it would be $HEX[c2] and $HEX[a7], not what you have above.

Moreover, $HEX[] encoding only works for wordlists, not masks.

Maybe what you meant was --hex-charset -1 c2 -2 a7 Password?1?2

I never got the $HEX to work. I'm using the GUI Interface.

I set Charset 1: c2
I set Charset 2: a7
I check "Assume charset is given in HEX"

Then i enter the mask, in which all constant signs of my password needs to be entered in HEX.

So my mask is:

First step:
50617373776F7264 (=Password in HEX)

Second step:
50617373776F7264?1?2 (adding the custom charset)

This results in a working crack of my demonstration password which includes the "§" sign.

Anything else with $HEX[c2] and so on did not work. Neither in the GUI nor in a custom charset file. I tried all available encodings like UTF8 and so one, like anything TextMate offered me.

So the hex encoded string worked.

But now i'm stuck.

- i only know the signs i used in my password
- i now some parts of the password which are 100% there, like "ThisPart"OfMyPassword - ThisPart is 100% there and not interrupted by a special character
- i don't know if i used special chars at any logical intersection of my password
  !Password
  1Password§
  Password§
  Any of this could be the one.

So actually i need a wordlist in hex, which contains the workaround for the "§" sign as it's represented in C2A7 - confirmed via my demonstration hash. But i need a wordlist which contains all possibilities even those, where for example the special chars must not always be there. In my example above it could be !Password, but it could also be Password without any special char.

My password is around 23 characters, so this is all just for clarification what i want to achieve.

Even though i could generate multiple maps where one the special chars i used is not present, i'm struggling deeply to create a map for it. I only can ad 4 custom charsets but 2 are already used to just represent the § sign.

So i'm unable to do something like this (in HEX):

C2A7Password (of course encoded to hex)
C2A7 OR C2A7!#
As i already use 2 custom charsets and the map would mix C2 with ! or C2 with #. When it actually should mix C2A7 with ! or C2A7 with # or nothing at all.
#13
Ok, my learning curve continues.

If i don't use custom charsets and a mask but just go with a dictionary, there's no problem with the sign "§". Hashcat can crack the password without any issue.

The issue is now, that i need a tool to generate a dictionary:

§Password
Password!
§Password!

(just as an example)
#14
I would really appreciate some help.

The situation is now:

- hashcat masks with custom charsets don't work because of the § sign
- feeding hashcat with generated wordlists inlcuding the § sign works just fine with my demo setup
- i used crunch to generate a custom wordlist but crunch can only use one custom charset

I need to do the following:

§ or ! or %
Password
# or " or &

The best solution would be if the tool could generate

§ or ! or % or NOTHING
Password
# or " or & or NOTHING

So i got hashcat ready, i got a quite good GFX card and i tried crunch but it doesn't fit my purpose very well.

Please help Smile
#15
given your number of possibilities you could even try them by hand. If you want to use hashcat you can create a wordlist for the first set of special characters and then run a hybrid attack (mode 6).
#16
(05-05-2017, 12:42 AM)ForgotMP1P Wrote: I would really appreciate some help.

The situation is now:

- hashcat masks with custom charsets don't work because of the § sign
- feeding hashcat with generated wordlists inlcuding the § sign works just fine with my demo setup
- i used crunch to generate a custom wordlist but crunch can only use one custom charset

I need to do the following:

§ or ! or %
Password
# or " or &

The best solution would be if the tool could generate

§ or ! or % or NOTHING
Password
# or " or & or NOTHING

So i got hashcat ready, i got a quite good GFX card and i tried crunch but it doesn't fit my purpose very well.

Please help Smile

So, if I understand you correctly, you want to be able to generate a list of candidate passwords that contain these special characters, particularly non-ascii characters such as §  into your password candidates.

The comboleetor.pl script can generate the lists according to your specifications.  I don't have special character support right now, but I might be able to work that in.  I'll check to see what's involved.

Cheers,
Jim B.
#17
Hi Jim!

Yes, the special characters are the issue with the mask in hashcat.
If in addition your script could also create a wordlist with this option:

Custom Charset 1: §!" (?1 will indicate to use this charset)
Custom Charset 2: Tt (?2 for using this charset)
Rule to generate

?1 OR NOTHING
Fixed part of the Password: GreatScript
?2 OR NOTHING

This would be the most awesome script i can imagine
#18
I was extremely bored and therefor hacked together this very complicated python3 script:

Code:
CHARSET_PREP = '"!§'
CHARSET_APP = 'tT'
BASEWORD = 'GreatScript'

print(BASEWORD)
for c1 in list(CHARSET_PREP):
    print(c1 + BASEWORD)
    for c2 in list(CHARSET_APP):
        print(c1 + BASEWORD + c2)
for c2 in list(CHARSET_APP):
    print(BASEWORD + c2)
#19
Hi,

looks very nice, but the whole situation is more complicated. Your script definitely is great.

Actually my password is something like this:

%Hash!Cat#Is!Very&Awesome§

The script would be awesome if it just can do the following in addition:

% OR NOTHING
Hash
! OR NOTHING
Cat
# OR NOTHING
...

But not only incremental like the first one not but the rest, each combination should be covered like:

%HashCat#Is!VeryAwesome
#20
In that case generate a list with each word and the special character appended/prepended and apply combinator from hashcat utils until all words have been combined.