Posts: 4
Threads: 1
Joined: Jan 2020
Hello, im wondering if there is a way to use custom rules Or masks?
Im trying to crack my talltalk router wifif password from the handshake.
I know my password is 8 charecters long and is a combination of 5 uppercase letters and 3 numbers.
I see in the bruteforce it is trying all hashes ,example- abcdefgh, jkmnpqrt.
Is there a way to make it only search with a max of 5 uppers and 3 numbers in any order
Example- A3B4CDE6, 9TA4VYQ6
Posts: 383
Threads: 0
Joined: Nov 2017
01-26-2020, 06:26 AM
(This post was last modified: 01-26-2020, 06:28 AM by slyexe.)
(01-26-2020, 04:32 AM)Leaver77 Wrote: Hello, im wondering if there is a way to use custom rules Or masks?
Im trying to crack my talltalk router wifif password from the handshake.
I know my password is 8 charecters long and is a combination of 5 uppercase letters and 3 numbers.
I see in the bruteforce it is trying all hashes ,example- abcdefgh, jkmnpqrt.
Is there a way to make it only search with a max of 5 uppers and 3 numbers in any order
Example- A3B4CDE6, 9TA4VYQ6
If you want to limit your keyspace simply append a new custom charset using -1 to -4.
Check out the Wiki for more info
https://hashcat.net/wiki/doku.php?id=hashcat
So example would be say I have a password with only vowels and digits and one special character of ! which is in total 8 characters. I could create a custom mask by doing this:
hashcat -m 2500 -a 3 -1 aeiouAEIOU123456890! hash.txt ?1?1?1?1?1?1?1?1
Lets say you know the first 5 characters of the password are vowels and last 3 are digits only between 1-5 we can create 2 customs charsets to use.
hashcat -m 2500 -a 3 -1 aeiouAEIOU -2 12345 hash.txt ?1?1?1?1?1?2?2?2
Hope this helps and answers your question.
Posts: 4
Threads: 1
Joined: Jan 2020
Thanks for your reply. Im already using -1 ABCDEFGHJKMNPQRTUVWXY346789
Should the numbers be in -2 not in -1?
When im looking at the hashes it is trying, its trying everything, i dont want it to look
Through hashes with 0 or 1 or 2 or 4 or 5 or 6 or 7 or 8 numbers. Only 3.
The 3 numbers that are there could be in any position.
Posts: 4
Threads: 1
Joined: Jan 2020
(01-26-2020, 02:21 PM)Leaver77 Wrote: Thanks for your reply. Im already using -1 ABCDEFGHJKMNPQRTUVWXY346789
Should the numbers be in -2 not in -1?
When im looking at the hashes it is trying, its trying everything, i dont want it to look
Through hashes with 0 or 1 or 2 or 4 or 5 or 6 or 7 or 8 numbers. Only 3.
The 3 numbers that are there could be in any position.
My masks are ?1?1?1?1?1?1?1?1
Posts: 4
Threads: 1
Joined: Jan 2020
If there is a way to make it search the 8 character password using min and max of 5 uppercase letters in random positions and min and max of 3 numbers in random positions. This would speed up cracking time significantly. Instead of looking through all the hashes in any random order like this... 87989943, BB48N679,BBBBBN98 . They would all have 5 uppercase and 3 numbers like this ... TAM43PR9, 8Q6MTW3D. not in fixed positions like this.. W9K8DS4H, Q4H6GW8K.
Posts: 35
Threads: 3
Joined: Dec 2019
(01-26-2020, 05:24 PM)Leaver77 Wrote: If there is a way to make it search the 8 character password using min and max of 5 uppercase letters in random positions and min and max of 3 numbers in random positions. This would speed up cracking time significantly. Instead of looking through all the hashes in any random order like this... 87989943, BB48N679,BBBBBN98 . They would all have 5 uppercase and 3 numbers like this ... TAM43PR9, 8Q6MTW3D. not in fixed positions like this.. W9K8DS4H, Q4H6GW8K.
We can generate a hcmask file which has every possible way of arranging 5 upper, 3 digits to make 8 chars, e.g.
ABCDEFGHIJKLMNOPQRSTUVWXYZ,0123456789,?1?1?1?1?1?2?2?2
ABCDEFGHIJKLMNOPQRSTUVWXYZ,0123456789,?1?1?1?1?2?1?2?2
...
then run with -a3 hash.txt mask.hcmask
I guess the lazy way to generate would be to generate all possible combinations and then filter out any which don't match the 5 / 3 split criterion. The proper way would be to use recursion and only generate valid patterns.
(I might have a pop at this later, as it's pretty similar to the default on my home router.)
Posts: 35
Threads: 3
Joined: Dec 2019
This should do what you want? Basically walks the binary tree of choices - either capital or digit until we run out of one or the other.
#!/usr/bin/python3
def talktalkmask(mask,caps,digits):
if (caps>=1):
talktalkmask(mask+'?1',caps-1,digits)
if (digits>=1):
talktalkmask(mask+'?2',caps,digits-1)
if caps==0 and digits==0:
print("ABCDEFGHIJKLMNOPQRSTUVWXYZ,0123456789,"+mask)
talktalkmask('',5,3)