0

I'm trying to unlocking my encrypted external harddisk because I have lost my paper with the password. With the help of user3439894 I have a short program to injecting a wordlist and unlocking the external harddisk but I need help again to build a shorter wordlist because the password contains many characters.

Hopefully I can remember the keywords from my password but to have a more secure password, I have make leetspeak mix with some upper case, lower case and special characters.

Here is the shape of my password that I'm trying to guess: MyP4s5wOrdhardTOgue5s107 but It could be something like this mypASSWOrdhARDTOgueS5789 or like this mypASSWOrdhardTOgue5s074...

Does anyone knows how is it possible to make a customised wordlist with a program like "John the ripper" or "hash cat" to build something like a mask or character combinator attack and avoiding to listing all the unusefull letters to reduce the numbers of combination.

Julihan
  • 1
  • 1
  • 2

2 Answers2

1

Yes, there is a program called 'crunch' that allows you to specify exactly what you need and it will generate a wordlist that you will then later pass into John The Ripper or hashcat. You can tell crunch to include or exclude specific letters,symbols and numbers. You can tell it which letters in which positions should be capital or lowercase. The possibilities are really endless, so I would definitely take the time to read the manpage I linked. Anytime I need to brute-force a hash, this is my go to because it reduces the time significantly.

Read the documentation thoroughly and look at the examples they provide and you should be able to construct a worldist to your exact specifications.

Crunch: http://manpages.ubuntu.com/manpages/zesty/man1/crunch.1.html

nd510
  • 1,738
  • 1
  • 10
  • 15
0

While you can use hashcat with a ruleset to toggle case or perform leet-speak substitutions, if your password is as long as your example then it may not be feasible.

For example, in the toggles5.rule that ships with hashcat, toggling only 5 positions out of a 15 characters long has 4943 different possibilities, and it grows quickly from there. Once you get up beyond a few hundred thousand rules, you will reach the limitations of your GPU.

That being said, here's the basic idea, and here's part of a way to generate the rules you need.

Royce Williams
  • 9,128
  • 1
  • 31
  • 55