Using a combo of masks and rules
#1
Hello.  Been toying around with hashcat using my own network, trying to better understand how it (and many things) work by coming up with different scenarios and then testing it out.  The basic wordlists and brute force attacks (with simple masks) are pretty straight forward.  Coming up with more complex scenarios I can't build out what I want based on the documentation I have found so far.

For example right now I want to utilize masks to generate my wordlist but I want to customize it further to narrow down the combinations.  Lets say I know the password contains an "_" and a "b"  I want to use a custom charset ?l?u?d!#$^&-'"_  with a ?1?1?1?1?1?1?1?1 mask.  But I want to tell it that all words must include an _ (or whatever character, or multiple characters) anywhere in the string.

I came up with this (using maskprocessor), and I assume it's technically working but it is insanely slow (the updates show Utilization is 0%).  It may not be working as I intended as each iteration of hashcat's output has progress at 0, speed at 0, and the Candidates.#1 just says [Copying]

mp64 -q 2 -i 8:10 -1 ?l?u?d!#$^&-'"_ ?1?1?1?1?1?1?1?1?1?1 | hashcat64 -m 16800 -a 0 C:\hashcat-5.1.0\hash.16800 -O -w 3 -j /_

As I understand it, maskprocessor is just building a wordlist using the charset and mask.  Then I'm using -j to reject anything that doesn't have an "_"  (can it reject if multiple chars are missing?)

Is piping just going to be slow? Is there a better way to do this? 

This is the only way I've found to combine masks and rules.  I've not seen anything anywhere where a .hcmask file can be used with a .rules file.  But maybe no one has created any articles about it.  I'm just toying around with making more advanced attempts with limited information and working through how to think about these things.

If all of that was confusing, here is the short of it: 
I want to attempt all possible combinations for a password 8 chars long (or 6-10 for a range) but only if they include an _ (or multiple characters, any arrangement... ex) must include _ and b so.... owu09_rb and b93g_o9e would be included but kgoe85_t would not).

Is it possible?
Reply
#2
I should add I created a mask file for this, and it's not so bad when you only want to check for one "floating" mandatory character, but when throwing multiple into the mix the list of masks will get long and I'm not sure if there is anything to autogen that. So what I had the first time around in an hcmask file was this:

abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!#$&-'",?1?1_?1?1?1?1?1?1?1?1?1?1
abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!#$&-'",?1?1?1_?1?1?1?1?1?1?1?1?1
abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!#$&-'",?1?1?1?5_?1?1?1?1?1?1?1?1
abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!#$&-'",?1?1?1?1?1_?1?1?1?1?1?1?1
abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!#$&-'",?1?1?1?1?1?1_?1?1?1?1?1?1
abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!#$&-'",?1?1?1?1?1?1?1_?1?1?1?1?1
abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!#$&-'",?1?1?1?1?1?1?1?1_?1?1?1?1
abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!#$&-'",?1?1?1?1?1?1?1?1?1_?1?1?1
abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!#$&-'",?1?1?1?1?1?1?1?1?1?1_?1?1
abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!#$&-'",?1?1?1?1?1?1?1?1?1?1?1_?1

But maybe even this isn't the most efficient method..
Reply
#3
That's pretty much how you have to do things with masks. Note that custom charsets support all the included charsets as well.

Instead of
abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!#$&-'"
you can use
?l?u?d!#$&-'"

For generating more complex hcmask files have a look at policygen from PACK: https://github.com/iphelix/PACK
Reply
#4
(05-11-2020, 01:06 AM)undeath Wrote: That's pretty much how you have to do things with masks. Note that custom charsets support all the included charsets as well.

Instead of
abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!#$&-'"
you can use
?l?u?d!#$&-'"

For generating more complex hcmask files have a look at policygen from PACK: https://github.com/iphelix/PACK

Thanks!  I discovered the shorthand later and it does make things easier to read.  Although, I can see myself excluding some letters at some point so eventually I'll go back to longer charset lists.

so would using maskprocessor just be out of the question?  Am I attempting to use it in a way it wasn't really intended to be used?  Or maybe I'm justing using it wrong which is what's making it so slow.  PACK doesn't seem to have a "must include these characters" option so I don't see it generating what I need.  It also only seems to support the included charsets so I'd have to later convert all of those references to the custom one. :\
Reply