0

I need to use brute force to crack the password. I know about the password that it has exactly 1 capital letter (A-Z), exacly 1 number (1-9) and exacly 10 lowercase letters (from a to z). I have Python script that generates this type of passwords, but I don't know how to turn it into a hashcat mask.

Python code:

import random

random.seed(None)

lowers = 'qwertyuiopasdfghjklzxcvbnm'
uppers = 'QWERTYUIOPASDFGHJKLZXCVBNM'
number = '0123456789'

length = 12

while True:
  uprspot = random.randint(0, length-1)
  numspot = uprspot

  while uprspot == numspot:
    numspot = random.randint(0, length-1)

  strgen = ""

  for i in range (0, length):

    if i == uprspot:
      strgen += random.choice(uppers)

    elif i == numspot:
      strgen += random.choice(number)

    else:
      strgen += random.choice(lowers)

  print(strgen)
aster
  • 1

1 Answers1

1

You can't do that with a single hashcat mask, but you can make multiple masks. You need to use a multiset permutation for this. There are 132 possibilities, so need to generate a .hcmask file with 132 lines like this (in Python with sympy):

from sympy.utilities.iterables import multiset_permutations
import os

contents = os.linesep.join(list(map(lambda b: "".join(b), list(multiset_permutations(['?d', '?u', '?l', '?l', '?l', '?l', '?l', '?l', '?l', '?l', '?l', '?l'])))))

file = open("scan.hcmask", "w")
file.write(contents)
file.close()

Then use the .hcmask file in hashcat

This would require 26¹¹ · 10 · 132 ≈ 2⁶² hash computations, which would require about one to two years to crack assuming 70 GH/s.

Jenessa
  • 1,086
  • 1
  • 8
  • 13