First Attempt, does this look alright?
#1
-a 3 -m 1400 example0.hash -1 123456789 -2 0123456789- -3 abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789- -4 abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789 ?4?4?4?4?4?4?4?4?4?4?4?4?4?4?4?4?4?4?4?4?4?4?4

--increment --increment-min=22 --increment-max=23
Reply
#2
I need the answers to look like this:

17-8fjOpaYiIg1594919960
4-zXjJVWdxtf1594920068
Reply
#3
How do I add a space in case the password is a 22 character password?
Reply
#4
you could use mask files https://hashcat.net/wiki/doku.php?id=mas...mask_files

or just set

-1 "012345 6789" for the first byte of your mask (i.e. any set of chars, charset, that has a space in it).

btw: it depends on the operating system which type of quotes (" vs ') is best for quoting a space.... therefore I would suggest to just use the .hcmask file syntax and you are always fine

Alternatively to the extra charset, you could just use 2 different masks and therefore lines in the mask file (.hcmask), one with the space and one without, an example for fixed 8-byte length password with prepending space:
Code:
?l?u,?d?d?1?1?1?1?1?1
?l?u, ?d?1?1?1?1?1?1
Reply
#5
Yes thanks Phil, but do you see anything wrong with my command line
Reply
#6
yeah, your command doesn't make sense to me at all.

Why would you define all those custom charsets (-1 , -2 , -3 , -4) and only use ?4 in your mask ? That seems to be a misunderstanding/problem of the syntax

if you set -1 you normally would use ?1 in your mask
if you set -2 you normally would use ?2 in your mask
if you set -3 you normally would use ?3 in your mask
if you set -4 you normally would use ?4 in your mask

your final masks only uses ?4, this kind of shows that you are not really understanding what a custom charset is and that it's not enough to only define it (with -1 , -2 , -3 , -4) but you also need to use it in the mask (or within other custom charsets)
Reply
#7
True, then my re-edited command would be:

?1?2?3?4?4?4?4?4?4?4?4?4?4?4?4?4?4?4?4?4?4?4?4
Reply
#8
The main problem now is that it's quite a long password.

We "normally"/generally say that a length of 8-9 is the max that can be brute-forced (but attention: this depends a lot on hash type and/or the charset final keyspace etc).

Maybe there is a different way to attack these hashes. a more clever approach, without "brute-force".

Are the passwords really random ? Sometimes it makes sense to step back a little bit and see if the attack is even feasible and how long it would take and if there are some alternatives etc.
Reply
#9
hashcat has predefined character sets and I highly recommend them over specifying each letter by itself. Also, the command in the first post seems to have ?1=?2 and ?3=?4 that doesn't make sense. Moreover, the mask you posted "?1?2?3?4?4?4?4?4?4?4?4?4?4?4?4?4?4?4?4?4?4?4?4" doesn't accurately reflect the kind of candidates you expect.

Quote:17-8fjOpaYiIg1594919960
4-zXjJVWdxtf1594920068

-1 ?l?u?d ?d-?1?1?1?1?1?1?1?1?1?1?d?d?d?d?d?d?d?d?d?d
-1 ?l?u?d ?d?d-?1?1?1?1?1?1?1?1?1?1?d?d?d?d?d?d?d?d?d?d

those masks would fit the candidates you posted.

As philsmd has already written, your keyspace still is way too large and it is impossible to complete the attack.
Reply