Shulou(Shulou.com)05/31 Report--

In this issue, the editor will bring you an analysis of how to use the mixed mode in hashcat. The article is rich in content and analyzes and narrates it from a professional point of view. I hope you can get something after reading this article.

In the process of deciphering the password, my colleague found that there are a lot of similar sina0001,tencent2013,yaho0628,sohu1988,xiaoming2008 in the password library. Such a password. Of course, we can use the blasting mode and use the command "- increment- increment-min 8-increment-max 12? a?a?a?a?a?a?a?a?a?a?a?a" to blow up, but in this case, the key space is huge, the blasting time is very long, and the probability of blasting exit order is very low. Dictionary mode and combination mode can not deal with this situation very well. Is there any better way to deal with this situation? The mixed mode in hashcat can handle this situation well.

Mixed mode is a combined attack that combines dictionary files with brute force cracking mode. Mixed mode is a combination of dictionary + mask mode (command parameter is-a 6) and mask + dictionary mode (command parameter is-a 7).

Next, we will introduce the command combinations in these two modes:

Dictionary + mask attack mode (- a 6)

Dictionary + mask mode is an attack mode that uses the combination of passwords and mask characters in the dictionary to generate new passwords and burst passwords. Dictionary + mask mode is a simple addition of dictionary mode and brute force cracking mode, but it effectively expands the password space that needs to be exhausted. Next, we use a few simple examples to describe the meaning of the dictionary + mask pattern (- a 6), and then take you step by step through the complex application of this pattern.

Take the situation mentioned above as an example, first organize the enterprise name into a dictionary. Second, the following numbers may be randomly generated or metaphorically generated, which can be generated using masks.

Before we explain the dictionary + mask mode, let's talk about the combination of dictionary and mask in this mode: each line in the dictionary is combined with the mask to form a new set of passwords:

Single dictionary + mask

(1) single dictionary + single mask

The commands for password blasting using a single dictionary file combined with a specific mask string are as follows: (2) single dictionary + mask character set

In the previous article, we introduced the use of hashcat's 8 built-in character sets for password blasting in brute force cracking mode, and the hashcat built-in character set to participate in blasting in dictionary + mask mode. The following command is a combination of a single dictionary file and mask characters of length 2 to decipher the password. This command indicates that the mask is 2 digits, the first is lowercase letters and the second is numbers, with a total of 26 "10" 260 combinations. Each password in the dictionary file is combined with a mask to form a new password.

We introduce the method of brute force cracking with custom mask in blasting mode, that is, when the built-in character set of hashcat can not meet the needs of users, we use custom mask to attack. Here are two examples of commands that attack with a custom mask

(3) single dictionary + custom mask character

The command for combining a single dictionary file with a custom mask character set of length 4 is as follows:

The custom mask-1 is a combination of lowercase letters and numbers with a length of 4. The mask is defined in the same way as the brute force cracking mode.

(4) single dictionary + mask file

A single dictionary file is combined with a custom mask file to break the password. Using mask files, you can use many symbolic characters without causing an error.

Special note: in dictionary + mask mode, only one mask file can be used when using a mask file. when using multiple mask files, hashcat will regard the contents of the previous mask file as a dictionary and only recognize the contents of the last mask file as a mask. As shown in the following figure, only the char2 file is used as the mask file and char1 as the dictionary.

Multiple dictionaries + masks

In the case of multiple dictionaries, you can use multiple dictionary files or multiple dictionaries under the dictionary directory.

(1) multiple dictionaries + mask characters

Multiple dictionary files are combined with a specific mask string "12345". The command for password blasting is as follows:

(2) Dictionary directory + mask characters

All dictionary files in the dictionary directory are combined with a specific mask character set "12345". The command for password blasting is as follows:

(3) Multi-dictionary + mask character set

Two dictionaries dic and dic1 are combined with a two-digit mask, the first bit of the mask is lowercase letters, and the second bit of the mask includes uppercase letters, lowercase letters and numbers. There are 26 mask combinations and 62 mask combinations. (4) multiple dictionaries + custom mask

Two dictionary files dic and dic1, combined with the mask defined by parameter 1. 1 defines a mask length of 4, and each mask character belongs to a collection of lowercase characters and all characters (uppercase, lowercase, numbers).

(5) multiple dictionaries + mask files

The command to break the password by combining the two dictionary files with the file where the mask is stored is as follows:

(5) Dictionary + custom mask

The dictionary file is combined with a mask character set of a specified length range to decipher the password. Single dictionary, multiple dictionaries and dictionary files are valid in this command. Here is an example of a command in the case of multiple dictionaries:

Mask + dictionary attack mode (- a 7)

The content of the mask + dictionary mode (the parameter is represented as-a 7) is the same as that of the dictionary + mask mode, except that the positions of the dictionary and the mask are interchanged. The way of combination is changed from dictionary and mask combination to mask and dictionary combination. Instead of detailing the meaning of each command in this section, we will only briefly introduce the form of commands in this mode.

Mask + single dictionary

(1) single mask (characters, such as 12345) + single dictionary

(2) built-in mask character set + single dictionary

(3) Custom mask + single dictionary

(4) Mask file + single dictionary

Mask + multiple dictionaries

(1) Mask + multiple dictionaries (2) built-in mask character set + multiple dictionaries (3) Custom mask character set + multiple dictionaries (4) Mask files + multiple dictionaries pay special attention to: when using mask files and dictionaries, only one mask file can be used, and when using multiple mask files, hashcat will combine the second mask file as a dictionary.

(5) Comprehensive utilization

Note: the minimum increment-min is 1 and cannot be 0.

The above is the analysis of how to use the mixed mode in hashcat shared by the editor. If you happen to have similar doubts, please refer to the above analysis to understand. If you want to know more about it, you are welcome to follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.