Mask + Brute Force with repeated password
#1
Hey everyone,

New to the forums here, and have found a bunch of great information so far!  I am just getting familiar with using masks and customs rules, and haven't been able to find an exact answer to my question:

I know the beginning and end of my password, but want to brute force the middle portion.  However for every brute force guess, I want to duplicate the characters in the middle because I know I repeated my "subpassword" twice.  For example:

[know this part of the password] +  bruteforce + bruteforce + [know this part of the password]

I would like to increment up to a character length of 8 (for a total of 16 in the "subpassword")

so one guess might be: [known] + pass123pass123 + [known]

Thanks in advance for any help, and hopefully this makes sense!
#2
What hash mode are you attacking? If it's a slow one the easiest way would be to have a rule double the word and append + prepend the known part. If you want to combine that with a mask attack you can use maskprocessor or hashcat's stdout to pipe in your words.
#3
I am attacking hash mode 14600 (LUKS), which I understand is relatively slow. Do you mind providing an example of what that would look like? I'm still learning my way around the commands
#4
How do I make a rule that doubles the word? So for example if my wordlist was:

tree
bottle
canoe

Then it would try:

treetree
bottlebottle
canoecanoe

If anyone can help me out on this, that would be awesome! Thanks in advance
#5
https://hashcat.net/wiki/doku.php?id=rule_based_attack
#6
Thank you for the help, I was able to get this working, HOWEVER when my subpassword is 15 characters or longer, hashcat seems unable to apply the duplicate rule. Any ideas why hashcat would not be able to handle duplicating a word that is over 15 characters? Any thoughts are much appreciated!
#7
can you post your full command line?
#8
hashcat -a 6 wordlist.txt -1 ?l?u?d?s ?1?1?1?1 --increment --increment-min 1 --increment-max 4 --stdout --session mask | hashcat -r duplicate.rule --stdout --session duplicate | hashcat -m 14600 file.img -r footer.rule --session hdrfooter

Where duplicate.rule is a file containing simply "d" (no quotes), for duplicate. Also tried with p1. 

It takes a wordlist, adds a brute forced string of 1 to 4 characters at the end, pipes that to another instance of hashcat, duplicates the string, then pipes that to a final instance of hashcat that adds a header and footer and runs on my file. It works, unless the string generated in the first step is longer than 15 characters, in which case it doesn't duplicate it.

Thanks again.
#9
How do you know that it doesn't duplicate whenever the length is greater than 15? How did you test it?

if I run something like this:
Code:
echo abcdefghijklmnopqrstuvwxyz | hashcat --stdout -r duplicate.rule

the output is as expected.

You might only think that it never duplicate long enough words because hashcat didn't reach these words yet. Your attack could take very long until it reaches words that are that long etc.

It also doesn't make much sense to use 2 pipes in your specific situation, you could just run this:
Code:
hashcat --stdout --increment -a 6 -1 ?l?u?d?s wordlist.txt ?1?1?1?1 | hashcat -m 14600 -r duplicate.rule -r footer.rule file.img

or even chage footer.rule to already include the duplicate rule and therefore run:
Code:
hashcat --stdout --increment -a 6 -1 ?l?u?d?s wordlist.txt ?1?1?1?1 | hashcat -m 14600 -r footer_with_duplicate.rule file.img

where footer_with_duplicate.rule also contains the d-rule in each and every line.

Again, to test/troubleshoot this I would suggest to test with a few words (maybe even make tests without the increment option) and see what the output of --stdout looks like etc.
There is no such limit that it couldn't be longer than 15.