Help with specific password scheme
#1
I'm trying to find the best way to create a rule/mask for a very specific password scheme.

The scheme goes like this - 4 numbers + english word + 3 symbols + english word + 1 digit.

What would be the best way to accomplish this? I was initially looking at -a 6 and -a 7 attacks but they only prepend and append. Could this also be done with just one English dictionary wordlist? Or will I need to make a copy of it, and load it to combine with the first english dictionary?
Reply
#2
A hybrid attack might be fine. If you generate the wordlist on the fly, no need to store it anywhere. I'd do it with everything but the first four digits prepended and then pipe the output of that script into hashcat, running in hybrid mask+wordlist attack with -a 7 ?d?d?d?d.

You could also emulate either that, or other parts of the attack, with rules. Running more rules on GPU is good for speed.

in the ./rules/ directory, there are rulesets called 'prepend_d.rule' and 'append_d.rule'. You could basically add this four times (-r prepend_d.rule -r prepend_d.rule -r prepend_d.rule -r prepend_d.rule -r append_d.rule) to the attack. But that might not be enough to fully utilize your GPUs if it's a fast hash.

Depending on the size of the English dictionary, and the speed of your hash, it might be efficient to generate rules for the last part (english word + 1 digit), so that each rule is of the form

Code:
^w ^o ^r ^d ^0
^w ^o ^r ^d ^1
^w ^o ^r ^d ^2

etc

A 60,000-word dictionary + a single digit would be 600,000 rules, which might or might not fit on your target platform. If it will fit, it should supply a lot of work to the GPUs, even for faster hashes.

You can also mix - some rules applied with your script, and some applied with hashcatThe more you can run as rules the better, but you might have to tinker with it to see what works best for your target platform.

If it was me, I'd probably try the prepend_d.rule x 4 and append_d.rule first to see if they fully utilize your GPU(s). If so, there's no need to get fancier.
~
Reply
#3
Thanks, Royce! In your example, do you mean to write a script to output all words in the English dictionary wordlist in that form factor?

Example:

Code:
^a ^p ^p ^l ^e ^0  --- (iterating the last digit by 1 until 9)
^p ^ e ^a ^r ^0  --  (iterating the last digit by 1 until 9)

How can this also be done to create the 3 symbols between the two English words?
Reply
#4
The rules would probably have to stop there, because the number of combinations would probably go up pretty quickly - adding three specials to the previous calculation would be 600K rules x (35^3) would be 25,725,000,000 rules!
~
Reply