Posts: 47
Threads: 27
Joined: Apr 2019
The Enigma was cracked much due to the human factor and the human errors.
So I thought: How about making a mask that will run a brute force attack that will cover most of the human laziness?
My first thoughts:
1. Password length set to 8-10 chars.
2. First letter may be uppercase or lowercase.
3. Last 1-3 chars is probably lowercase or numbers.
What's your thoughts about this approach, and what should be included, without making a mask that takes "forever" to run?
Posts: 930
Threads: 4
Joined: Jan 2015
09-21-2019, 06:42 PM
(This post was last modified: 09-21-2019, 06:43 PM by royce.)
That's exactly what hashcat does when using attack mode 3 (brute force, -a 3), and a mask is not specified.
It defaults to this mask:
-1 ?l?d?u -2 ?l?d -3 ?l?d*!$@_ ?1?2?2?2?2?2?2?3?3?3?3?d?d?d?d
~
Posts: 47
Threads: 27
Joined: Apr 2019
09-21-2019, 06:44 PM
(This post was last modified: 09-21-2019, 06:51 PM by Pilsener.)
Can this mask be set to increment the length of 8-10 chars?
Posts: 930
Threads: 4
Joined: Jan 2015
Yes, by default if you specify no other parameters other than -a 3, it will automatically increment until exhaustion. IF you want it to terminate earlier, you'd have to specify an --increment-max.
~
Posts: 47
Threads: 27
Joined: Apr 2019
09-21-2019, 06:52 PM
(This post was last modified: 09-21-2019, 07:05 PM by Pilsener.)
What util should I use to make a mask according to my specs listed above? (head is not fully operational after being at work today).
Posts: 930
Threads: 4
Joined: Jan 2015
09-21-2019, 07:15 PM
(This post was last modified: 09-21-2019, 07:15 PM by royce.)
No utility necessary - honest.
Study the default, understand how it works, and then adapt it to your needs.
~
Posts: 47
Threads: 27
Joined: Apr 2019
I think I need to make a masks file to cover it exactly as I want, but mask processor does not have the options I need.
Posts: 2,267
Threads: 16
Joined: Feb 2013
09-21-2019, 07:50 PM
(This post was last modified: 09-21-2019, 07:53 PM by philsmd.)
just create the hashcat mask file (a.hcmask) manually:
Code:
?l?u,?l?d,?1?a?a?a?a?2?2?2
?l?u,?l?d,?1?a?a?a?a?a?2?2?2
?l?u,?l?d,?1?a?a?a?a?a?a?2?2?2
Code:
hashcat -m 2500 -a 3 -w 3 hash a.hcmask
note: of course you can modify this in any shape or form you like, e.g. using ?l (lowercase letters) instead of ?a (which is much huger, i.e. ?l?u?d?s)
Posts: 47
Threads: 27
Joined: Apr 2019
09-21-2019, 08:02 PM
(This post was last modified: 09-21-2019, 08:13 PM by Pilsener.)
I made a hcmask-file looking like this:
?l?l?l?l?l?l?l?l
?l?l?l?l?l?l?l?l?l
?l?l?l?l?l?l?l?l?l?l
?u?l?l?l?l?l?l?l
?u?l?l?l?l?l?l?l?l
?u?l?l?l?l?l?l?l?l?l
?l?l?l?l?l?l?l?d
?l?l?l?l?l?l?d?d
?l?l?l?l?l?d?d?d
?l?l?l?l?l?l?l?l?d
?l?l?l?l?l?l?l?d?d
?l?l?l?l?l?l?d?d?d
?l?l?l?l?l?l?l?l?l?d
?l?l?l?l?l?l?l?l?d?d
?l?l?l?l?l?l?l?d?d?d
?u?l?l?l?l?l?l?d
?u?l?l?l?l?l?d?d
?u?l?l?l?l?d?d?d
?u?l?l?l?l?l?l?l?d
?u?l?l?l?l?l?l?d?d
?u?l?l?l?l?l?d?d?d
?u?l?l?l?l?l?l?l?l?d
?u?l?l?l?l?l?l?l?d?d
?u?l?l?l?l?l?l?d?d?d
I think it covers all the combinations I wanted.
Worth a try. It says it will take 11 days to complete, which is acceptable.
But I'm still interested in suggestions for modifications.
Posts: 2,267
Threads: 16
Joined: Feb 2013
09-21-2019, 09:04 PM
(This post was last modified: 09-21-2019, 09:06 PM by philsmd.)
lol, it will take 11 days just for the first one
that's also why brute-force is not usually the best strategy, but it of course depends a lot on the info you have and especially how confident you are that the passwords are 100% randomly generated and not human-choosen
btw: sometimes it's better to prefer masks with larger keyspace, because they can be accelerated better (depending also on the hash type etc). e.g. ?l?l?l?l?l?l?l?l and ?u?l?l?l?l?l?l?l is equivalent as ?l?u,?1?l?l?l?l?l?l?l , but the second one might peform (sligthly) better, of course a set of ?a?a?a... at the start would allow even more acceleration