Please note, this is a STATIC archive of website hashcat.net from 08 Oct 2020, cach3.com does not collect or store any user information, there is no "phishing" involved.

hashcat Forum

Full Version: Per position charset support
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
I'm brand new to oclhashcat, but it looks really powerful compared to the existing gpu crackers out there, especially with the dictionary/hybrid attacks thrown in.

In general i see better (higher) entropy in position 2, 3 and 4 of passwords than in position 1. If the usual complexity requirements exists (Windows; 3 of 4 character groups), maybe 50% will have first character uppercase letter, than 5-7 lowercase, and then either 2 or 4 digits at the end (date/age/year in XX or XXXX format...)

Could per position charset support be implemented in some way, in order to do smarter "bruteforcing", leaving out lots of the not-so-common combinations?

Best regards,
Per Thorsheim
securitynirvana.blogspot.com
i am not sure if i understood you 100% correctly. but if i do, then you are lucky. it is already implemented in.

using the mask you described, you need to run oclhashcat 6 times

oclHashcat.exe example.hash -1 ?l?u ?1?l?l?l ?l?l?d?d
oclHashcat.exe example.hash -1 ?l?u ?1?l?l?l ?l?l?l?d?d
oclHashcat.exe example.hash -1 ?l?u ?1?l?l?l ?l?l?l?l?d?d

oclHashcat.exe example.hash -1 ?l?u ?1?l?l?l ?l?l?d?d?d?d
oclHashcat.exe example.hash -1 ?l?u ?1?l?l?l ?l?l?l?d?d?d?d
oclHashcat.exe example.hash -1 ?l?u ?1?l?l?l ?l?l?l?l?d?d?d?d
Let me explain a bit more. I do password analysis, primarily of Windows LM/NTLM hashes. dictionary/hybrid/RT/bruteforce, you name it.

I've got some personal tools to do the analysis, one gives me this output (for NTLM passwords):
Rank Pos 1 Count 1 Pos 2 Count 2 Pos 3 Count 3
1 B 2706 r 3214 u 2668
2 A 977 a 2193 r 1554
3 T 712 e 1646 n 1463
4 M 709 o 1440 l 1161
5 S 659 i 1103 s 867
6 O 517 u 743 e 851
7 E 495 n 519 a 775
8 a 453 l 487 i 672
9 s 449 p 392 t 592
10 t 403 t 375 m 535

Read the columns; First character position, uppercase B is the most popular character, uppercase A the second most character etc. Second character position: lowercase r is the most common, than lowercase a, e, o, i etc.

In environments where complexity requirements are present, there's a 40-50% chance the most popular password format is UL....LLDD (4-6 lowercases in the middle there).

Som my feature request would be a config file, (UTF-8?), where i can either vertically or horizontally list the characters i want to test in every position:

Horizontal config:
BATMSOE
raeoiun
urnlsea

would test Bru...Ena

Best regards,
thorsheim
(06-07-2010, 11:29 PM)thorsheim Wrote: [ -> ]Let me explain a bit more. I do password analysis, primarily of Windows LM/NTLM hashes. dictionary/hybrid/RT/bruteforce, you name it.

I've got some personal tools to do the analysis, one gives me this output (for NTLM passwords):
Rank Pos 1 Count 1 Pos 2 Count 2 Pos 3 Count 3
1 B 2706 r 3214 u 2668
2 A 977 a 2193 r 1554
3 T 712 e 1646 n 1463
4 M 709 o 1440 l 1161
5 S 659 i 1103 s 867
6 O 517 u 743 e 851
7 E 495 n 519 a 775
8 a 453 l 487 i 672
9 s 449 p 392 t 592
10 t 403 t 375 m 535

Read the columns; First character position, uppercase B is the most popular character, uppercase A the second most character etc. Second character position: lowercase r is the most common, than lowercase a, e, o, i etc.

In environments where complexity requirements are present, there's a 40-50% chance the most popular password format is UL....LLDD (4-6 lowercases in the middle there).

Som my feature request would be a config file, (UTF-8?), where i can either vertically or horizontally list the characters i want to test in every position:

Horizontal config:
BATMSOE
raeoiun
urnlsea

would test Bru...Ena

Best regards,
thorsheim
Part of the answer is that you have up to 4 masks you can use so the attack would look like this:

Code:
oclHashcat.exe example.hash -1 BATMSOE -2 raeoiun -3 urnlsea ?1?2?3?l ?l?d?d
I am not sure if the program will reorder the letters before making the combinations but at least you will have the group of most important ones.
Done with oclHashcat-plus v0.09: https://hashcat.net/forum/thread-1541.html

Thread closed