9

Let's say I've an hash of this type:

test::::4e45c7bab093d7011e9b3a5df7d9fa88212beac5ac9c8c47:d6ff3373aa353f3b:123456

I would like to bruteforce it using hashcat, but I'm failing to set the correct mask.

Here's what I'm executing:

hashcat -m 5500 test.txt -a 3 $MASK

It's right so far? In that case I would need only to set properly the $MASK.

One mask should be like this:

length min = 8 characters
length max = 20 characters
must contain at least one lower case character (a-z)
must contain at least one upper case character (A-Z)
must contain at least one number (0-9)

and the second mask should be like the previous one plus these two constraints:

must contain at least one special character
must NOT contain one or more identical consecutive characters

P.S. I'm not using dictionary attack because I've downloaded the huge dictionary of crackstation (15GB) and didn't work out on many hashes

Thanks.

MeaMelone
  • 93
  • 1
  • 1
  • 3

1 Answers1

7

Complexity rules like these cannot be natively captured by a single mask. Instead, a list of many masks that fit the criteria must be generated using other tools, such as the policygen tool from the PACK toolkit. 

$ policygen --minlength=8 --maxlength=20 \
  --mindigit=1 --minlower=1 --minupper=1 --maxspecial=0 -o test1.masks

$ policygen --minlength=8 --maxlength=20 \
  --mindigit=1 --minlower=1 --minupper=1 --maxspecial=1 -o test2.masks

(Note that these examples don't include your "one or more identical consecutive characters" constraint, because A) this dramatically increases the complexity of the masks, almost to the point of impossibility, and B) it does very little to speed up the cracking process, so it's not worth including.)

You then pass hashcat that file containing the masks:

hashcat -m 5500 -a 3 test.txt test1.masks
hashcat -m 5500 -a 3 test.txt test2.masks

Be aware, however, that bruteforcing longer lengths (like 12, let alone 20) will take longer than you have. If you haven't already, I recommend that you try other methods (dictionaries, hybrid, etc.) before resorting to brute force.

Royce Williams
  • 9,128
  • 1
  • 31
  • 55
  • 1
    Thank you. I'll try this tool. In the meantime, do you have some huge dictionary to recommend? So far I've tried only the one by crackstation. Hybrid never tried, again if you have any suggestion please let me know. – MeaMelone May 07 '17 at 15:44
  • The hashcat wiki should give you a good start: https://hashcat.net/wiki/#core_attack_modes – Royce Williams May 07 '17 at 20:42