Help with mask
#1
Hi,

I'm trying to crack a 7z password. I have the hash and have a started a brute force, but as i'm fairly sure what teh make up of the password is I thought a mask would be easier (currently estimated 124 years!!!!).

Could someone help me out?

What I know:
  1. It contains a static 5 letter word. I know what the word is but for the example lets say its 'boats'
  2. Any letter can be uppercase or lower case i.e Boats / BoAts / bOATS
  3. It can have up to 4 numbers before and/or after and im failry certain they are either 1 or 0 ie. 0101boats / 0101boats0101 / 01boats01 / boats01
  4. It may or may not have an '!' mark at the end ie. boats01!

This it the code I'm running at the moment
C:\hashcat1>Hashcat64.exe -a 3 -m 11600 hash.txt

I have the beta installed 4.1.1-2
Windows 10

Thanks
#2
wordlist.txt
Code:
boats

numbers.rule
Code:
^0
^1
$0
$1
:

exclamation_mark.rule
Code:
$!
:

toggle0.rule
Code:
T0
:

toggle1.rule
Code:
T1
:

toggle2.rule
Code:
T2
:

toggle3.rule
Code:
T3
:

toggle4.rule
Code:
T4
:

command:
Code:
hashcat -m11600 hash.txt wordlist.txt -r toggle0.rule -r toggle1.rule -r toggle2.rule -r toggle3.rule -r toggle4.rule -r numbers.rule -r numbers.rule -r numbers.rule -r numbers.rule -r exclamation_mark.rule
#3
Thanks, I think I've got it up and running well at least it states 1 day to complete rather than 124 years - progress!!!
#4
Just a note, you can severely speed up the attack because your dictionary is very small here.

Code:
hashcat --stdout wordlist.txt -r toggle0.rule -r toggle1.rule -r toggle2.rule -r toggle3.rule -r toggle4.rule -r numbers.rule -r numbers.rule | hashcat -m11600 hash.txt -r numbers.rule -r numbers.rule -r exclamation_mark.rule

This won't give you an estimated end time but you should see much higher speeds than without a pipe.
#5
Thanks I was running it on my laptop anyway. I have a gaming rig that should speed things up no end (1080ti)
#6
This particular attack only has 40000 candidates. Running the second command on your laptop will likely be faster than running the first command on your gaming rig.