Beruflich Dokumente
Kultur Dokumente
advanced
password
recovery
Recent changes
Mask Attack
Description
Try all combinations from a given keyspace just like in BruteForce attack, but more specific.
Login
Sitemap
Table of Contents
Mask Attack
Description
Advantage over Brute-Force
Disadvantage compared to BruteForce
Masks
Output
Built-in charsets
Custom charsets
Examples
Example
Password length increment
Hashcat charset files
Hashcat mask files
Example
Charsets in hex
Supported by
Masks
For each position of the generated password candidates we need to congure a placeholder. If a
password we want to crack has the length 8, our mask must consist of 8 placeholders.
A mask is a simple string that congures the keyspace of the password candidate engine
using placeholders.
A placeholder can be either a custom charset variable, a built-in charset variable or a static
letter.
A variable is indicated by the ? letter followed by one of the built-in charset (l, u, d, s, a) or
one of the custom charset variable names (1, 2, 3, 4).
A static letter is not indicated by a letter. An exception is if we want the static letter ?
itself, which must be written as ??.
Output
Optimized due its partially reverse algorithms, password candidates are generated in the
following order:
aaaaaaaa
aaaabaaa
aaaacaaa
.
.
.
aaaaxzzz
aaaayzzz
aaaazzzz
baaaaaaa
baaabaaa
baaacaaa
.
.
.
baaaxzzz
baaayzzz
baaazzzz
.
.
.
zzzzzzzz
NOTE: This shows that the rst four letters are increased rst and most often. The exact number
however can vary, especially in a smaller keyspace, but it is xed until a keyspace has been
scanned completly.
NOTE: If you use oclHashcat you can press s while cracking to see the progress. You also see a
number of '*' chars in the Plain.Text section. The number of '*' chars tell us how many chars it
actually uses in the current attack. Range can go from one to four.
Built-in charsets
?l = abcdefghijklmnopqrstuvwxyz
?u = ABCDEFGHIJKLMNOPQRSTUVWXYZ
?d = 0123456789
?s = space!"#$%&'()*+,-./:;<=>?@[\]^_`{|}~
?a = ?l?u?d?s
?b = 0x00 - 0xff
Custom charsets
All hashcat derivates have four commandline-parameters to configure four custom charsets.
--custom-charset1=CS
--custom-charset2=CS
--custom-charset3=CS
--custom-charset4=CS
These commandline-parameters have four analogue shortcuts called -1, -2, -3 and -4. You can
specify the chars directly on the command line or use a so-called hashcat charset le (plain text
le with .hcchr extension which contains the chars/digits to be used on the 1st line of the le).
See examples below:
Examples
The following commands all dene the same custom charset that consists of the chars
abcdefghijklmnopqrstuvwxyz0123456789 (aka lalpha-numeric):
-1
-1
-1
-1
-1
abcdefghijklmnopqrstuvwxyz0123456789
abcdefghijklmnopqrstuvwxyz?d
?l0123456789
?l?d
loweralpha_numeric.hcchr # file that contains all digits + chars (abcdefghijklmnopqrst
The following command defines a charset that consists of the chars 0123456789abcdef:
-1 ?dabcdef
The following command defines a full 7-bit ascii charset (aka mixalpha-numeric-all-space):
-1 ?l?d?s?u
The following command sets the first custom charset (-1) to russian language specific chars:
-1 charsets/special/Russian/ru_ISO-8859-5-special.hcchr
Example
The following commands creates the following password candidates:
command: -a 3 ?l?l?l?l?l?l?l?l
keyspace: aaaaaaaa - zzzzzzzz
command: -a 3 -1 ?l?d ?1?1?1?1?1
keyspace: aaaaa - 99999
command: -a 3 password?d
keyspace: password0 - password9
command: -a 3 -1 ?l?u ?1?l?l?l?l?l19?d?d
keyspace: aaaaaa1900 - Zzzzzz1999
command: -a 3 -1 ?dabcdef -2 ?l?u ?1?1?2?2?2?2?2
keyspace: 00aaaaa - ffZZZZZ
command: -a 3 -1 efghijklmnop ?1?1?1
keyspace: eee - ppp
?l?l?l?l?l?l
?l?l?l?l?l?l?l
?l?l?l?l?l?l?l?l
[mask] contains ?1,?2,?3 or ?4 references without those being set via [?1], [?2], [?3], [?4], there
might be unexpected outcomes. Therefore, this should be avoided if possible.
If for instance [?2] was not set because not needed, the comma that would be normally following
[?2] should also be omitted. See examples below:
Example
The following example.hcmask le contains some valid example lines which show how to use
this feature:
?d?l,test?1?1?1
abcdef,0123,ABC,789,?3?3?3?1?1?1?1?2?2?4?4?4?4
company?d?d?d?d?d
?l?l?l?l?d?d?d?d?d?d
Charsets in hex
This can be done by some of the hashcat tools using the --hex-charset flag.
hashcat: Supported.
oclHashcat: Supported.
maskprocessor: Supported.
Supported by
This attack is currently supported by:
hashcat
oclHashcat
maskprocessor
Note: mask files are currently only supported by oclHashcat
Back to top