Проблема Брутфорс паролей на кириллице

Andrew Ohlopkov

Andrew Ohlopkov

Member
19.12.2019
19
0
Здравствуйте.
Подскажите пожалуйста начинающему: как подбирать пароли на русском языке? Как я понял, в Хэшкэт добавляются пользовательские кодировки charset ... я пробовал - ничего не получилось.. что-то, видимо, неправильно писал.. Умеете? Покажите код пожалуйста..
а в других инструментах? например, в aircrack? просто словари с русскими словами загружать чтоли??
 
f22

f22

Red Team
05.05.2019
1 182
96
как подбирать пароли на русском языке?
-a 3 -1 charsets/standard/Russian/ru_ISO-8859-5.hcchr

@S3TH: You really need to understand hashcat's definitions of:
1. mask attack


2. built-in and custom charsets
3. rules (which in hashcat's term is a completely different attack), please don't ever mix this up again
4. .hcchr files
5. difference between charset definition and the use of built-in and custom charsets within a mask

There is no such thing like "I just insert the rest in the second line of a file". The format of .hcchr files is very clear, 1 single line containing all the characters that you can use to define a custom charset.

Therefore, it is not possible to use the 2nd line at all.

You can't just mix up the definition of custom charsets with their application/use within a mask. The charset's definition is used to tell oclHashcat/hashcat which chars the (maximum) 4 custom charsets ?1,?2,?3,?4 should hold. The mask instead clearly defines how built-in, custom charsets and static "strings" are used to generate the password candidates (so to speak, a per-position definition).

That means, you can define up to 4 custom charsets + use the built-in charsets + use static/constant/fixed characters within your mask.
An example that uses all of these features, for instance, would be:
Code:
-a 3 -1 charsets/standard/Russian/ru_ISO-8859-5.hcchr -2 ?l?dABC -3 abcdef?d -4 ?1?d ?1?1?1?2fix?3?4?4

What this does is:

1. "-1 charsets/standard/Russian/ru_ISO-8859-5.hcchr": this first part sets the custom charset 1 (?1, set via -1 --- ONE not the lowercase letter l --- or --custom-charset1) to some russian characters defined within the .hcchr file within the charsets/standard/Russian/ folder of oclHashcat (some often used charsets are shipped with oclHashcat/hashcat). Note: the files have 1 single line which defines all characters of the language (or all characters you want to use)

2. "-2 ?l?dABC": this defines the 2nd custom charset (?2, set with -2 or --custom-charset2) to the built-in charsets ?l (all lower case latin letters) and ?d (all digits) and the 3 upper case letters "A", "B", and "C" (all three of these 3 letters are now also part of the 2nd custom charset).

3. "-3 abcdef?d": this defines the 3rd custom charset (?3, set with -3 or --custom-charset3) as "all lowercase hexadecimal characers", i.e. lowercase a-f plus all numbers from 0 to 9

4. "-4 ?1?d": this means that the custom charset 4 (?4, set with -4 or --custom-charset4) contains all russian characters that were defined with the custom charset 1 (?1, set with -1 --- again the number not the lowercase letter l --- or --custom-charset1) plus all numbers from 0-9 (defined with the built-in charset ?d)

5. "?1?1?1?2fix?3?4?4": this is the mask! It defines, for each and every position of the password, the list of characters that should be used. The mask itself can vary in length, the length of the mask defines the (default) length of the password candidates (note: --increment, --increment-min, --increment-max can "override" this default length).
If you do not know the length of the passwords that you want to crack, you either try all lengths manually or use --increment (attention: --increment for this particular mask will work like the following: first try ?1, then ?1?1, then ?1?1?1, then ?1?1?1?2, ?1?1?1?2f ... ?1?1?1?2fix?3?4?4, this way of incrementing might or might not make sense in every situation, therefore it could make sense to "increment it manually" - by running 1 mask with a specific length at a time, sequentially - or use .hcmask files).
This mask says: at the first position of the password use all characters defined by ?1 (russian characters), use at position 2 all russian characters (too), as well as at position 3 of the password. At position 4 instead (because of the before mentioned definition of the second custom charset ?2, set by -2 or --custom-charset2) the passwords should contain the letters "A", "B", "C" plus all numbers plus all lowercase latin letters. Position 5, 6, and 7 are "constant" in this case and only contain the letters "f", followed by "i", followed by the letter "x" (such that the word "fix" is part of each password candidate starting with position 5).
The position 8 instead is defined via the mask as "use the custom charset ?3" (defined by -3 or --custom-charset3), i.e. all (lowercase) hexadeximal characters.
Finally, position 9 and 10 of all password candidates should use the custom charset ?4 (defined by -4 or --custom-charset4). Custom charset 4 was defined like this: "all russian characters defined by the russian .hcchr specified" plus all numbers from 0-9.

Note: you can use built-in charsets directly within your mask (they do not need to be part of any custom charset), e.g. this mask "?1?1?1?a?a" is a perfectly valid mask. Therefore, you can use fixed/static characters within your mask, as well as custom and built-in charsets. (the main example of this post didn't use built-in charsets directly within the mask).

I admit that this example is a little bit more elaborated/complicated compared to a normal use-case of mask attacks. But it should explain very well the different concepts/features involved (or what a user can use to generate password candidates with a mask attack).
One thing that I didn't mention so far is that one can define a list of masks (which are all run one at a time, sequentially, conceptually as if a user runs oclHashcat/hashcat with each and every mask one after the other on the command line) within a .hcmask file. Each line of these files is a separate line, they are independent.

To conclude, no there is no such thing as "F*ck it, I just use the second line of that stupid file. I have no clue wherelse I should put the rest of chars I want to run".

The documentation, in this case especially this page , clearly explains/shows (with examples) what a mask, custom charsets, .hcchr files etc are.

Now I hope this was worth writing down, not only for you to understand these concepts, but also to have something I/we can link to if other new users have severe difficulties to read/understand the documentation.
I especially hope this is worth the incoming rant against me, i.e. several people accusing me of "holding hands" Wink

в aircrack? просто словари с русскими словами загружать чтоли??
На русском языке нельзя установить wifi пароль.
 
Andrew Ohlopkov

Andrew Ohlopkov

Member
19.12.2019
19
0
-a 3 -1 charsets/standard/Russian/ru_ISO-8859-5.hcchr

@S3TH: You really need to understand hashcat's definitions of:
1. mask attack


2. built-in and custom charsets
3. rules (which in hashcat's term is a completely different attack), please don't ever mix this up again
4. .hcchr files
5. difference between charset definition and the use of built-in and custom charsets within a mask

There is no such thing like "I just insert the rest in the second line of a file". The format of .hcchr files is very clear, 1 single line containing all the characters that you can use to define a custom charset.

Therefore, it is not possible to use the 2nd line at all.

You can't just mix up the definition of custom charsets with their application/use within a mask. The charset's definition is used to tell oclHashcat/hashcat which chars the (maximum) 4 custom charsets ?1,?2,?3,?4 should hold. The mask instead clearly defines how built-in, custom charsets and static "strings" are used to generate the password candidates (so to speak, a per-position definition).

That means, you can define up to 4 custom charsets + use the built-in charsets + use static/constant/fixed characters within your mask.
An example that uses all of these features, for instance, would be:
Code:
-a 3 -1 charsets/standard/Russian/ru_ISO-8859-5.hcchr -2 ?l?dABC -3 abcdef?d -4 ?1?d ?1?1?1?2fix?3?4?4

What this does is:

1. "-1 charsets/standard/Russian/ru_ISO-8859-5.hcchr": this first part sets the custom charset 1 (?1, set via -1 --- ONE not the lowercase letter l --- or --custom-charset1) to some russian characters defined within the .hcchr file within the charsets/standard/Russian/ folder of oclHashcat (some often used charsets are shipped with oclHashcat/hashcat). Note: the files have 1 single line which defines all characters of the language (or all characters you want to use)

2. "-2 ?l?dABC": this defines the 2nd custom charset (?2, set with -2 or --custom-charset2) to the built-in charsets ?l (all lower case latin letters) and ?d (all digits) and the 3 upper case letters "A", "B", and "C" (all three of these 3 letters are now also part of the 2nd custom charset).

3. "-3 abcdef?d": this defines the 3rd custom charset (?3, set with -3 or --custom-charset3) as "all lowercase hexadecimal characers", i.e. lowercase a-f plus all numbers from 0 to 9

4. "-4 ?1?d": this means that the custom charset 4 (?4, set with -4 or --custom-charset4) contains all russian characters that were defined with the custom charset 1 (?1, set with -1 --- again the number not the lowercase letter l --- or --custom-charset1) plus all numbers from 0-9 (defined with the built-in charset ?d)

5. "?1?1?1?2fix?3?4?4": this is the mask! It defines, for each and every position of the password, the list of characters that should be used. The mask itself can vary in length, the length of the mask defines the (default) length of the password candidates (note: --increment, --increment-min, --increment-max can "override" this default length).
If you do not know the length of the passwords that you want to crack, you either try all lengths manually or use --increment (attention: --increment for this particular mask will work like the following: first try ?1, then ?1?1, then ?1?1?1, then ?1?1?1?2, ?1?1?1?2f ... ?1?1?1?2fix?3?4?4, this way of incrementing might or might not make sense in every situation, therefore it could make sense to "increment it manually" - by running 1 mask with a specific length at a time, sequentially - or use .hcmask files).
This mask says: at the first position of the password use all characters defined by ?1 (russian characters), use at position 2 all russian characters (too), as well as at position 3 of the password. At position 4 instead (because of the before mentioned definition of the second custom charset ?2, set by -2 or --custom-charset2) the passwords should contain the letters "A", "B", "C" plus all numbers plus all lowercase latin letters. Position 5, 6, and 7 are "constant" in this case and only contain the letters "f", followed by "i", followed by the letter "x" (such that the word "fix" is part of each password candidate starting with position 5).
The position 8 instead is defined via the mask as "use the custom charset ?3" (defined by -3 or --custom-charset3), i.e. all (lowercase) hexadeximal characters.
Finally, position 9 and 10 of all password candidates should use the custom charset ?4 (defined by -4 or --custom-charset4). Custom charset 4 was defined like this: "all russian characters defined by the russian .hcchr specified" plus all numbers from 0-9.

Note: you can use built-in charsets directly within your mask (they do not need to be part of any custom charset), e.g. this mask "?1?1?1?a?a" is a perfectly valid mask. Therefore, you can use fixed/static characters within your mask, as well as custom and built-in charsets. (the main example of this post didn't use built-in charsets directly within the mask).

I admit that this example is a little bit more elaborated/complicated compared to a normal use-case of mask attacks. But it should explain very well the different concepts/features involved (or what a user can use to generate password candidates with a mask attack).
One thing that I didn't mention so far is that one can define a list of masks (which are all run one at a time, sequentially, conceptually as if a user runs oclHashcat/hashcat with each and every mask one after the other on the command line) within a .hcmask file. Each line of these files is a separate line, they are independent.

To conclude, no there is no such thing as "F*ck it, I just use the second line of that stupid file. I have no clue wherelse I should put the rest of chars I want to run".

The documentation, in this case especially this page , clearly explains/shows (with examples) what a mask, custom charsets, .hcchr files etc are.

Now I hope this was worth writing down, not only for you to understand these concepts, but also to have something I/we can link to if other new users have severe difficulties to read/understand the documentation.
I especially hope this is worth the incoming rant against me, i.e. several people accusing me of "holding hands" Wink


На русском языке нельзя установить wifi пароль.
Спасибо, понял. Про кириллицу я спросил для брута word/zip/exel.
Есть опыт в этом направлении?
 
f22

f22

Red Team
05.05.2019
1 182
96
Про кириллицу я спросил для брута word/zip/exel.
Всё зависит от инструмента. Я бы на твоём месте банально пробовал.
Создаёшь запароленный документ, где используются символы русского алфавита,
А потом нужной программой пытаешься его взломать - получилось, значит, работает, нет - ищешь другую.
 
Мы в соцсетях: