I'd like to run a mask attack wherein I know the length of a given password and also that there will be no more than 2 occurrences of a specific charset (i.e. certain symbols). What util or type of attack would help me limit the occurrence symbols in a mask attack? Thanks for any tips.
maskprocessor (
https://github.com/hashcat/maskprocessor) has 2 options:
-q, --seq-max=NUM Maximum number of multiple sequential characters
-r, --occurrence-max=NUM Maximum number of occurrence of a character
(-q filters out all password candidates that have *more or equal* characters than the value specified directly next to each other, -r instead checks if the password candidate does not have more or equal identical characters within the *whole* password candidate/line)
You could simply pipe the output of maskprocessor to hashcat, e.g.
Code:
mp64 -q 3 ?a?a?a?a?a | hashcat -m 0 -a 0 -w 4 hash.txt
Thanks for your help. Can the maskprocessor limit the occurrence of a defined set of characters though? So let’s say I want to define a charset as such:
Code:
--custom-charset1=%#=+
And I want to generate all possibilities that contain none, one, or two occurrences of any character from that charset.
So for instance, these would be valid possibilities:
Code:
bnkrwcvt
bnk#wcvb
bnk#wcv%
bnk#wcv#
bnk++wcv
While the following would be an invalid possibility (as it contains three occurrences of charset1):
Can I specify which characters I want to use with the --occurrence-max option?