newbie need help in setting hashcat command with some rules
#1
Hi,

I am trying to crack a password which has below characteristics, but donot know how to set this hashcat rule.
Can some one help me in this?


Password length: 12

In that I know 6 cheaters but donot know which position which charter can present, but these below all 6 characters present in password 

six known letters: 5 e 7 g t
Reming six unknown: English keyboard.

How to set this logic in hashcat. Can some one help me how to set this logic using hashcat ?

Hash type: Ethereum 

hashcat hash mode = m 15700

hash : 
[hash removed by philsmd]
Reply
#2
Entire keyboard?

-1 ?l?u?d?s ?1?1?1?1?1?1?1?1?1?1?1?1

Will be a bitch to break.
Reply
#3
blu427 : do not post hashes, it's against the forum rules
ntrain2k : please avoid giving wrong/bad advice, your mask makes no sense

if you define a custom charset with -1 , you would need to use ?1 within the mask
Reply
#4
thank you for quick reply.

but these 6 charters definitely exist in password, how to set this in hashcat.

six known letters: V 5 e 7 g t
Reply
#5
Thank you Phil, I noted that, I never post hashes again.

And Hopefully I will get some help how to run this logic in hashcat.
Reply
#6
you could use permute from hashcat-utils (input dict containing "V5e7gt" without quotes) to generate all the permutations for the 6 chars.

After that you need to add the remaining six ?1 e.g. a mask file like this:

Code:
?l?u?d,?1?1?1?1?1?1V5e7gt
?l?u?d,?1?1?1?1?1?15Ve7gt
?l?u?d,?1?1?1?1?1?1eV57gt
?l?u?d,?1?1?1?1?1?1Ve57gt
?l?u?d,?1?1?1?1?1?15eV7gt
?l?u?d,?1?1?1?1?1?1e5V7gt

etc etc etc

you need to change the position of the ?1 to any position in the mask, e.g. also "?15eV7gt?1?1?1?1?1" and "V5e7gt?1?1?1?1?1?1" and "?1V?15?1e?17?1g?1t" etc is possible.

but it's still very, very difficult to run all of these hashcat mask file masks, especially because your hash is using SCRYPT.

It's probably better if you try to remember much more from the password



another method could be to use this as input to permute from hashcat-utils:
ABCDEFV5e7gt

the A and B and C and D and E and F are of course fake here

and you could later replace the output of permute with a "sed" command to e.g. ?1

Code:
permute < dict.txt | sed 's/[A-F]/?1/g' | sort -u

but you will get of course again very, very many combinations.

One optimization could also be to define -1 to not include the characters V5e7gt , this can be done in the first field of your .hcmask file (instead of using ?u or ?d or ?l you just define the chars that you want without the characters that you think are not repeated).
Reply
#7
Thank you Phil, really very helpful information.

But charteres 'V 5 e 7 g t' Not always included not in same order and not always together. any charters may come in any order any position.

that is the challenge I m facing in setting up hashcat.
Reply
#8
that's exactly what the "permute" tool tries to solve... it permutes the position... I already mentioned a permutation of the whole thing with the ABCDEF trick (as replacement for the ?1, which would be 2 bytes, which will later on be replaced with ?1 in a sed command, see method explained above)
Reply
#9
Again, I want to emphasize that this is a theoretical solution, but it's not very practical...

You can't just run a very long 6 unknown bytes mask against an SCRYPT hash.... that's already very infeasible.
The fact that you know some of the 12 characters, doesn't make the problem much smaller or feasible (and you btw don't even know the position and order of them, which is also very bad)...

It's already hard to crack length 3,4,5 random bytes with SCRYPT hashes (depending on the N, r, p settings)...

so again, while above I try to explain how you could approach such a problem in theory, it's not very useful/practical here, because you are trying to crack 6 unknown bytes against a SCRYPT hash with high cost factor.
Reply
#10
(10-21-2020, 02:37 PM)philsmd Wrote: blu427 : do not post hashes, it's against the forum rules
ntrain2k : please avoid giving wrong/bad advice, your mask makes no sense

if you define a custom charset with -1 , you would need to use ?1 within the mask

Sorry about that, not enough coffee and fat fingers.

Fixed it.
Reply