05-11-2020, 12:28 AM
Hello. Been toying around with hashcat using my own network, trying to better understand how it (and many things) work by coming up with different scenarios and then testing it out. The basic wordlists and brute force attacks (with simple masks) are pretty straight forward. Coming up with more complex scenarios I can't build out what I want based on the documentation I have found so far.
For example right now I want to utilize masks to generate my wordlist but I want to customize it further to narrow down the combinations. Lets say I know the password contains an "_" and a "b" I want to use a custom charset ?l?u?d!#$^&-'"_ with a ?1?1?1?1?1?1?1?1 mask. But I want to tell it that all words must include an _ (or whatever character, or multiple characters) anywhere in the string.
I came up with this (using maskprocessor), and I assume it's technically working but it is insanely slow (the updates show Utilization is 0%). It may not be working as I intended as each iteration of hashcat's output has progress at 0, speed at 0, and the Candidates.#1 just says [Copying]
mp64 -q 2 -i 8:10 -1 ?l?u?d!#$^&-'"_ ?1?1?1?1?1?1?1?1?1?1 | hashcat64 -m 16800 -a 0 C:\hashcat-5.1.0\hash.16800 -O -w 3 -j /_
As I understand it, maskprocessor is just building a wordlist using the charset and mask. Then I'm using -j to reject anything that doesn't have an "_" (can it reject if multiple chars are missing?)
Is piping just going to be slow? Is there a better way to do this?
This is the only way I've found to combine masks and rules. I've not seen anything anywhere where a .hcmask file can be used with a .rules file. But maybe no one has created any articles about it. I'm just toying around with making more advanced attempts with limited information and working through how to think about these things.
If all of that was confusing, here is the short of it:
I want to attempt all possible combinations for a password 8 chars long (or 6-10 for a range) but only if they include an _ (or multiple characters, any arrangement... ex) must include _ and b so.... owu09_rb and b93g_o9e would be included but kgoe85_t would not).
Is it possible?
For example right now I want to utilize masks to generate my wordlist but I want to customize it further to narrow down the combinations. Lets say I know the password contains an "_" and a "b" I want to use a custom charset ?l?u?d!#$^&-'"_ with a ?1?1?1?1?1?1?1?1 mask. But I want to tell it that all words must include an _ (or whatever character, or multiple characters) anywhere in the string.
I came up with this (using maskprocessor), and I assume it's technically working but it is insanely slow (the updates show Utilization is 0%). It may not be working as I intended as each iteration of hashcat's output has progress at 0, speed at 0, and the Candidates.#1 just says [Copying]
mp64 -q 2 -i 8:10 -1 ?l?u?d!#$^&-'"_ ?1?1?1?1?1?1?1?1?1?1 | hashcat64 -m 16800 -a 0 C:\hashcat-5.1.0\hash.16800 -O -w 3 -j /_
As I understand it, maskprocessor is just building a wordlist using the charset and mask. Then I'm using -j to reject anything that doesn't have an "_" (can it reject if multiple chars are missing?)
Is piping just going to be slow? Is there a better way to do this?
This is the only way I've found to combine masks and rules. I've not seen anything anywhere where a .hcmask file can be used with a .rules file. But maybe no one has created any articles about it. I'm just toying around with making more advanced attempts with limited information and working through how to think about these things.
If all of that was confusing, here is the short of it:
I want to attempt all possible combinations for a password 8 chars long (or 6-10 for a range) but only if they include an _ (or multiple characters, any arrangement... ex) must include _ and b so.... owu09_rb and b93g_o9e would be included but kgoe85_t would not).
Is it possible?