Posts: 5
Threads: 1
Joined: Mar 2018
Hi,
If I know that the password format is:
1 upper case
1 special character
1 number
minimum 10 characters
So I do not want to submit candidate passwords unless they meet that criteria.
What combination of rules/masks would I use.
Thanks in advance.
Posts: 930
Threads: 4
Joined: Jan 2015
You'd need to generate multiple masks, using something like
https://thesprawl.org/projects/pack/#policygen
~
Posts: 5
Threads: 1
Joined: Mar 2018
(03-30-2018, 03:25 AM)royce Wrote: You'd need to generate multiple masks, using something like
https://thesprawl.org/projects/pack/#policygen
digesting .. standby ...
Posts: 5
Threads: 1
Joined: Mar 2018
Ok - i understand how policygen can create the masks I want, but the output creates so much work it doesn't accomplish what I am thinking about. It will take 2-3 centuries to complete.
I want to start with a dictionary, apply RULES that limit the candidates to 1 special, 1 upper, 1 lower, 1 number, etc.
If the rules to reject plains could contain:
1) Reject if there is no special in the entire plain
2) AND/OR reject if there is no "number";
3) AND/OR reject if there is no "Upper Case";
4) etc
This might accomplish what I am thinking about.
Is it possible?
Thanks again in advance.
edo
Posts: 930
Threads: 4
Joined: Jan 2015
Ah, I misunderstood your question. Check out the 'req-include' and 'req-exclude' tools from hashcat-utils:
https://hashcat.net/wiki/doku.php?id=hashcat_utils#req
~
Posts: 5
Threads: 1
Joined: Mar 2018
Royce,
Much thanks for your patience.
req-include works like I am thinking but here another example:
cat rockyou.dictionary | apply a rule set | req-include 16 | hashcat ....
Is there another utility using stdin can apply a rule-set before pumping into req-include
Any basic dictionary will not have the prerequisites of special, lower, etc until some rules are applied.
It would be great if hashcat itself had the "req-include" functionality as a command line argument.
Thanks again in advance.
edo
Posts: 930
Threads: 4
Joined: Jan 2015
Unless you're dealing with a very slow hash, that level of processing would be a waste of time on GPU, especially when using rules. Filter it the best you can inbound, and then use rules to permute what remains.
~
Posts: 5
Threads: 1
Joined: Mar 2018
Yeah, but imagine the candidate list would be extremely high value!