Using hashcat with maskprocessor - here: veracrypt
#1
Hello Smile
I have forgotton a part of my password for a VeraCrypt Container. So I want to find it again with the mask processor.
For doing that I used following command
Code:
hashcat -a 3 13711 partIremember?d?s --increment 17:19 /path/to/the/My\Volume
because it's burned on a dvd.
For that I've got the following answer
Code:
hashcat (v5.1.0) starting...

* Device #1: WARNING! Kernel exec timeout is not disabled.
            This may cause "CL_OUT_OF_RESOURCES" or related errors.
            To disable the timeout, see: https://hashcat.net/q/timeoutpatch
* Device #2: Not a native Intel OpenCL runtime. Expect massive speed loss.
            You can use --force to override, but do not report related errors.
OpenCL Platform #1: NVIDIA Corporation
======================================
* Device #1: Quadro K1200, 1010/4043 MB allocatable, 4MCU

OpenCL Platform #2: The pocl project
====================================
* Device #2: pthread-Intel(R) Core(TM) i7-7700 CPU @ 3.60GHz, skipped.

Hash '13711': Token length exception
No hashes loaded.
Started:
Stopped:


Is there anybody who could give me a hint, what I've made wrong?

TIA

Snoop
Reply
#2
Is the container mounted? You'll need to provide the path to the raw file, the raw device, or else extract the first 512 bytes and save that to a file to provide to hashcat.

Also, from your cmdline ... if you don't remember 17 to 19 additional characters, you won't crack it any time soon.
~
Reply
#3
Good evening royce Smile!
Thank you for your answer!
(08-18-2019, 05:19 PM)royce Wrote: Is the container mounted?
No, it isn't mounted.
You'll need to provide the path to the raw file, the raw device, or else extract the first 512 bytes and save that to a file to provide to hashcat.[/quote Wrote:How do I extract the first 512 bytes?

[quote=Also, from your cmdline ... if you don't remember 17 to 19 additional characters, you won't crack it any time soon.
Oh no, that seems to be one mistake. I don't remember 4 to 6 additional characters. 17 to 19 is the total length Wink.
Reply
#4
You're missing "-m" in front of the hash mode and "--increment 17:19" is absolutely the wrong syntax. Where did you find that?
Reply
#5
Ha! I think I've just always wanted that syntax; didn't even give me pause. Big Grin
~
Reply
#6
(08-18-2019, 07:13 PM)undeath Wrote: You're missing "-m" in front of the hash mode and "--increment 17:19" is absolutely the wrong syntax. Where did you find that?
Ok, thank you undeath Smile! I just can't tell you, where I found this. But I've read it in a howto - anywhere. What would be the right syntax, when I'm looking for 4 to 6 unknown characters?

TIA

Best
Snoop
Reply
#7
Code:
hashcat -h | grep increment
-i, --increment                |      | Enable mask increment mode                           |
     --increment-min            | Num  | Start mask incrementing at X                         | --increment-min=4
     --increment-max            | Num  | Stop mask incrementing at X                          | --increment-max=8
Reply
#8
(08-19-2019, 12:24 PM)undeath Wrote:
Code:
hashcat -h | grep increment
-i, --increment                |      | Enable mask increment mode                          |
    --increment-min            | Num  | Start mask incrementing at X                        | --increment-min=4
    --increment-max            | Num  | Stop mask incrementing at X                          | --increment-max=8

Code:
hashcat -a 3 -m 13711 part_I_remember?a?s --increment-min=4 --increment-max=6

right? Smile
Thank you in every case!
Reply
#9
you need to add --increment too
the --increment command line switch enables the increment feature (and min/max options are further restrictions/limits)
Reply
#10
(08-19-2019, 01:35 PM)philsmd Wrote: you need to add --increment too
the --increment command line switch enables the increment feature (and min/max options are further restrictions/limits)

Thank you Phil Smile!

Code:
hashcat -a 3 -m 13711 part_I_remember?d?s --increment --increment-min=4 --increment-max=6

I'm going to try it!
Reply