Known password construction
#1
Hi,

If I know that the password format is:

1 upper case
1 special character
1 number
minimum 10 characters 

So I do not want to submit candidate passwords unless they meet that criteria.

What combination of rules/masks would I use.

Thanks in advance.
#2
You'd need to generate multiple masks, using something like

https://thesprawl.org/projects/pack/#policygen
~
#3
(03-30-2018, 03:25 AM)royce Wrote: You'd need to generate multiple masks, using something like

https://thesprawl.org/projects/pack/#policygen

digesting .. standby ... Smile
#4
Ok - i understand how policygen can create the masks I want, but the output creates so much work it doesn't accomplish what I am thinking about. It will take 2-3 centuries to complete.

I want to start with a dictionary, apply RULES that limit the candidates to 1 special, 1 upper, 1 lower, 1 number, etc.

If the rules to reject plains could contain:
1) Reject if there is no special in the entire plain
2) AND/OR reject if there is no "number";
3) AND/OR reject if there is no "Upper Case";
4) etc

This might accomplish what I am thinking about.

Is it possible?

Thanks again in advance.
edo
#5
Ah, I misunderstood your question. Check out the 'req-include' and 'req-exclude' tools from hashcat-utils:

https://hashcat.net/wiki/doku.php?id=hashcat_utils#req
~
#6
Royce,
Much thanks for your patience.

req-include works like I am thinking but here another example:

cat rockyou.dictionary | apply a rule set | req-include 16 | hashcat ....

Is there another utility using stdin can apply a rule-set before pumping into req-include

Any basic dictionary will not have the prerequisites of special, lower, etc until some rules are applied.

It would be great if hashcat itself had the "req-include" functionality as a command line argument.

Thanks again in advance.
edo
#7
Unless you're dealing with a very slow hash, that level of processing would be a waste of time on GPU, especially when using rules. Filter it the best you can inbound, and then use rules to permute what remains.
~
#8
Yeah, but imagine the candidate list would be extremely high value!