How to increment in the middle of a mask?
#1
How do I increment a single custom charset instead of the whole mask.

I am trying to crack passwords with the following mask:
  • Start with one capital letter.
  • Followed by 5 to 10 lower case letters.
  • Followed by 2 to 4 decimal numbers.
  • Ending with one exclamation (!) sign.
Translating to the following combination: Aaaaaa11! - Zzzzzzzzzzz9999!

I try doing this by creating custom charsets for the lower case letters and the decimal numbers, but for some reason it sets the increment option to the whole mask.

The command I use is:
Code:
hashcat -m [xxxx] [hashfile] -a 3 -1 ‘?l?l?l?l?l?l?l?l?l?l’ --increment --increment-min=5 --increment-max=10 -2 ‘?d?d?d?d’ --increment --increment-min=2 --increment-max=4 ‘?u?1?2!’

What am I doing wrong?
Or is this currently impossible with hashcat? If so, what would be the advised method to crack the mask listed above?
Reply
#2
Masks, and the incrementing if them, are both per-position - you would need multiple masks to represent the range it looks like you're wanting:

?u?l?l?l?l?l?d?d?s would cover Aaaaaa11! through Zzzzzz99}
?u?l?l?l?l?l?l?d?d?s would cover Aaaaaaa11! through Zzzzzzz99}

etc
~
Reply
#3
(07-04-2020, 11:58 PM)royce Wrote: Masks, and the incrementing if them, are both per-position - you would need multiple masks to represent the range it looks like you're wanting:

?u?l?l?l?l?l?d?d?s would cover Aaaaaa11! through Zzzzzz99}
?u?l?l?l?l?l?l?d?d?s would cover Aaaaaaa11! through Zzzzzzz99}

etc

Hi Royce, thanks for your quick reply! Is it possible to insert multiple masks in one hashcat command and make hashcat go through them one by one?
Reply
#4
Yes, you can put them in a file, and then use the filename instead of the mask.
~
Reply
#5
Why did you cross-post this question on the Security SE?

https://security.stackexchange.com/quest...-of-a-mask
~
Reply
#6
Hi Royce, your solution worked fine. Thanks for your help!

After doing a lot of searching myself I noticed that a lot of information on hashcat is provided on both Security SE and this forum. So I figured, why not post on both.
Also, hope you are not offended by the username on SE. It's just a throwaway account, made just for this question.

I planned to resolve the issue on both of them and cross-link to the solution. But for some reason I made the post as a guest and therefor can't officialy resolve the issue there. I posted with a different account.
Reply