Combinator Attack Question
#1
Good day to you all.

I tried my best (spent a whole evening) to get the jist of john the ripper or hashcat but I feel I need your help.

The thing is: I  got a password protected 7zip-file which contains a simple .txt file. 
A 7zip file that I know the password of...well, kinda. I know of which characters it consists of. Also the pattern I kind of remember. 

I guess this is the process I need to use (and explained in more simple terms if possible):
https://hashcat.net/wiki/doku.php?id=combinator_attack  

This is how the password would look like. It starts with one or more '?' symbols, proceeds with a capital letter, the following letters switch, then '66' or '66666', continues with one or more '#' symbols and ends again with one or more '?' symbols.

This is one possible pattern: 
?LoveIsAllAround66##?

As someone else stated: "You have to feed hashcat the correct password via wordlists, rules, brute force, or masking or a combination of any of those! The art is getting the correct password through hashcat in as few guesses as possible. "

So I need to piece together a powershell code or wordlist to generate a list of all possible permutations, combinations and patterns, right? As described in the wiki above I need 2 dictionaries with all the characters I remember. Also rules. 

I got the hashcode but I don't need to check for random passwords. I know it is much to ask but would somebody be so kind to explain to me which code/command I would type to make use of my remembered information? 

Thanks for all the insights I get!
Reply
#2
(03-09-2021, 12:49 AM)Nairozed Wrote: Good day to you all.

I tried my best (spent a whole evening) to get the jist of john the ripper or hashcat but I feel I need your help.

The thing is: I  got a password protected 7zip-file which contains a simple .txt file. 
A 7zip file that I know the password of...well, kinda. I know of which characters it consists of. Also the pattern I kind of remember. 

I guess this is the process I need to use (and explained in more simple terms if possible):
https://hashcat.net/wiki/doku.php?id=combinator_attack  

This is how the password would look like. It starts with one or more '?' symbols, proceeds with a capital letter, the following letters switch, then '66' or '66666', continues with one or more '#' symbols and ends again with one or more '?' symbols.

This is one possible pattern: 
?LoveIsAllAround66##?

As someone else stated: "You have to feed hashcat the correct password via wordlists, rules, brute force, or masking or a combination of any of those! The art is getting the correct password through hashcat in as few guesses as possible. "

So I need to piece together a powershell code or wordlist to generate a list of all possible permutations, combinations and patterns, right? As described in the wiki above I need 2 dictionaries with all the characters I remember. Also rules. 

I got the hashcode but I don't need to check for random passwords. I know it is much to ask but would somebody be so kind to explain to me which code/command I would type to make use of my remembered information? 

Thanks for all the insights I get!

Have a look at comboleetor.pl.  It can do what you want.  As long as you know the snippets of words or text or numbers that you used in the password, it can put together all the combinations.

https://www.jimby.name/techbits/recent/comboleetor/

There's a training preso about it here:

https://www.jimby.name/techbits/recent/c...tation.pdf

In fact, it was exactly this scenario that forced me to write comboleetor.pl in the first place - a 7zip file for which I had lost the password.

It worked for me.  I put in all my favorite numbers and favorite text snippets I use in passwords all the time, and ran it.

The output was about 2 million lines long of all the password combinations.  hashcat found the password in less than 10 minutes.

Hope it works for you.
Reply