Posts: 2
Threads: 1
Joined: Nov 2022
I am using mode 3200 for bcrypt.
Passwords requirements:
- 7 characters long
- Must have letters (upper and/or lower) and numbers.
The closest I've been able to come up with is using a mask:
Code:
hashcat -a 3 -m 3200 -1 ?l?u?d hashes.txt ?1?1?1?1?1?1?1
The problem is that this will generate a lot of passwords that only have numbers or only have letters. All passwords must have both, and bcrypt is slow.
Posts: 120
Threads: 1
Joined: Apr 2022
11-13-2022, 02:06 AM
(This post was last modified: 11-13-2022, 02:11 AM by b8vr.)
My initial suggestion would be to run something like
hashcat -a 3 -1 ?l?u?d ?1?1?1?1?1?1?1 --stdout > m3200candidates.txt
and then use grep to output all those that does not contain only numbers or only letters. I'm not strong with grep, though, so not sure exactly how to do it....
Maybe something like
hashcat -a 3 -1 ?l?u?d ?1?1?1?1?1?1?1 --stdout | grep -v [a-zA-Z]{7} | grep -v [0-9]{7} > m3200candidates.txt
Posts: 2
Threads: 1
Joined: Nov 2022
(11-13-2022, 02:06 AM)b8vr Wrote: My initial suggestion would be to run something like
hashcat -a 3 -1 ?l?u?d ?1?1?1?1?1?1?1 --stdout > m3200candidates.txt
and then use grep to output all those that does not contain only numbers or only letters. I'm not strong with grep, though, so not sure exactly how to do it....
Maybe something like
hashcat -a 3 -1 ?l?u?d ?1?1?1?1?1?1?1 --stdout | grep -v [a-zA-Z]{7} | grep -v [0-9]{7} > m3200candidates.txt
I was able to replicate that using crunch. The problem is that I believe it would be about 17TB of data. So I was hoping to avoid a wordlist.
Posts: 120
Threads: 1
Joined: Apr 2022
11-13-2022, 11:17 AM
(This post was last modified: 11-13-2022, 11:21 AM by b8vr.)
What if you create a list of 6 character candidates, how large would that be?
Then you could create a rule file where you append each of the allowed characters like
$0
$1
$2
.
.
$9
$a
$b
.
.
$z
$A
$B
.
.
$Z
It would mean, though, that you would miss out on some candidates like abcdef0, 123456G etc.
Another option could be to create your wordlist with digits and lowercase only, and then use a mix of toggle rules.
Now that I think about it.... Maybe create 2 wordfiles. One with all possible 3 character candidates and one with all 4 character candidates and then run them together in a combinator attack -a1 in hashcat?
Posts: 63
Threads: 10
Joined: Nov 2017
(11-13-2022, 01:26 AM)Pusher Wrote: I am using mode 3200 for bcrypt.
Passwords requirements:
- 7 characters long
- Must have letters (upper and/or lower) and numbers.
The closest I've been able to come up with is using a mask:
Code:
hashcat -a 3 -m 3200 -1 ?l?u?d hashes.txt ?1?1?1?1?1?1?1
The problem is that this will generate a lot of passwords that only have numbers or only have letters. All passwords must have both, and bcrypt is slow.
You could always look into policygen in the PACK suite of tools:
https://github.com/iphelix/pack