hashcat Forum Support hashcat v
Known password construction

Thread Closed 
Threaded Mode
Known password construction
edo Offline
Junior Member
**
Posts: 5
Threads: 1
Joined: Mar 2018
#1
03-30-2018, 12:22 AM
Hi,

If I know that the password format is:

1 upper case
1 special character
1 number
minimum 10 characters 

So I do not want to submit candidate passwords unless they meet that criteria.

What combination of rules/masks would I use.

Thanks in advance.
Find
royce Offline
Moderator à la mode
******
Posts: 929
Threads: 4
Joined: Jan 2015
#2
03-30-2018, 03:25 AM
You'd need to generate multiple masks, using something like

https://thesprawl.org/projects/pack/#policygen
~
Find
edo Offline
Junior Member
**
Posts: 5
Threads: 1
Joined: Mar 2018
#3
03-30-2018, 05:31 AM
(03-30-2018, 03:25 AM)royce Wrote: You'd need to generate multiple masks, using something like

https://thesprawl.org/projects/pack/#policygen

digesting .. standby ... Smile
Find
edo Offline
Junior Member
**
Posts: 5
Threads: 1
Joined: Mar 2018
#4
03-31-2018, 03:08 AM
Ok - i understand how policygen can create the masks I want, but the output creates so much work it doesn't accomplish what I am thinking about. It will take 2-3 centuries to complete.

I want to start with a dictionary, apply RULES that limit the candidates to 1 special, 1 upper, 1 lower, 1 number, etc.

If the rules to reject plains could contain:
1) Reject if there is no special in the entire plain
2) AND/OR reject if there is no "number";
3) AND/OR reject if there is no "Upper Case";
4) etc

This might accomplish what I am thinking about.

Is it possible?

Thanks again in advance.
edo
Find
royce Offline
Moderator à la mode
******
Posts: 929
Threads: 4
Joined: Jan 2015
#5
03-31-2018, 03:30 AM
Ah, I misunderstood your question. Check out the 'req-include' and 'req-exclude' tools from hashcat-utils:

https://hashcat.net/wiki/doku.php?id=hashcat_utils#req
~
Find
edo Offline
Junior Member
**
Posts: 5
Threads: 1
Joined: Mar 2018
#6
04-01-2018, 12:42 AM
Royce,
Much thanks for your patience.

req-include works like I am thinking but here another example:

cat rockyou.dictionary | apply a rule set | req-include 16 | hashcat ....

Is there another utility using stdin can apply a rule-set before pumping into req-include

Any basic dictionary will not have the prerequisites of special, lower, etc until some rules are applied.

It would be great if hashcat itself had the "req-include" functionality as a command line argument.

Thanks again in advance.
edo
Find
royce Offline
Moderator à la mode
******
Posts: 929
Threads: 4
Joined: Jan 2015
#7
04-01-2018, 12:58 AM
Unless you're dealing with a very slow hash, that level of processing would be a waste of time on GPU, especially when using rules. Filter it the best you can inbound, and then use rules to permute what remains.
~
Find
edo Offline
Junior Member
**
Posts: 5
Threads: 1
Joined: Mar 2018
#8
04-01-2018, 02:01 AM
Yeah, but imagine the candidate list would be extremely high value!
Find
Thread Closed