Maskprocessor
Maskprocessor Description
Maskprocessor is a high-performance word generator with a per-position configurable charset packed into a single stand-alone binary.
For a detailed description of how masks work, see the Mask attack articles.
Advantage over Brute-Force
The reason for doing this and not to stick to the traditional Brute-Force is that we want to reduce the password candidate keyspace to a more efficient one.
Here is a single example. We want to crack the password: Julia1984
In traditional Brute-Force attack we require a charset that contains all upper-case letters, all lower-case letters and all digits (aka “mixalpha-numeric”). The Password length is 9, so we have to iterate through 62^9 (13.537.086.546.263.552) combinations. Lets say we crack with a rate of 100M/s, this requires more than 4 years to complete.
In Mask attack we know about humans and how they design passwords. The above password matches a simple but common pattern. A name and year appended to it. We can also configure the attack to try the upper-case letters only on the first position. It is very uncommon to see an upper-case letter only in the second or the third position. To make it short, with Mask attack we can reduce the keyspace to 522626262610101010 (237.627.520.000) combinations. With the same cracking rate of 100M/s, this requires just 40 minutes to complete.
Disadvantage compared to Brute-Force
There is none. One can argue that the above example is very specific but this does not matter. Even in mask attack we can configure our mask to use exactly the same keyspace as the Brute-Force attack does. The thing is just that this cannot work vice versa.
Masks
For each position of the generated password candidates we need to configure a placeholder. If a password we want to crack has the length 8, our mask must consist of 8 placeholders.
- A mask is a simple string that configures the keyspace of the password candidate engine using placeholders.
- A placeholder can be either a custom charset variable, a built-in charset variable or a static letter.
- A variable is indicated by the ? letter followed by one of the built-in charset (l, u, d, s, a) or one of the custom charset variable names (1, 2, 3, 4).
- A static letter is not indicated by a letter. An exception is if we want the static letter ? itself, which must be written as ??.
Built-in charsets
- ?l = abcdefghijklmnopqrstuvwxyz
- ?u = ABCDEFGHIJKLMNOPQRSTUVWXYZ
- ?d = 0123456789
- ?s = «space»!"#$%&'()*+,-./:;<=>?@[]^_`{|}~
- ?a = ?l?u?d?s
- ?b = 0x00 - 0xff
Custom charsets
There are four commandline-parameters to configure four custom charsets.
- --custom-charset1=CS
- --custom-charset2=CS
- --custom-charset3=CS
- --custom-charset4=CS
These commandline-parameters have four analogue shortcuts called -1, -2, -3 and -4. You can specify the chars directly on the command line.
Password length increment
A Mask attack is always specific to a password length. For example, if we use the mask ”?l?l?l?l?l?l?l?l” we can only crack a password of the length 8. But if the password we try to crack has the length 7 we will not find it. That's why we have to repeat the attack several times, each time with one placeholder added to the mask. This is transparently automated by using the ”--increment” flag.
- ?l
- ?l?l
- ?l?l?l
- ?l?l?l?l
- ?l?l?l?l?l
- ?l?l?l?l?l?l
- ?l?l?l?l?l?l?l
- ?l?l?l?l?l?l?l?l
Examples
The following commands creates the following password candidates:
command: ?l?l?l?l?l?l?l?l
keyspace: aaaaaaaa - zzzzzzzz
command: -1 ?l?d ?1?1?1?1?1
keyspace: aaaaa - 99999
command: password?d
keyspace: password0 - password9
command: -1 ?l?u ?1?l?l?l?l?l19?d?d
keyspace: aaaaaa1900 - Zzzzzz1999
command: -1 ?dabcdef -2 ?l?u ?1?1?2?2?2?2?2
keyspace: 00aaaaa - ffZZZZZ
command: -1 efghijklmnop ?1?1?1
keyspace: eee - ppp
Homepage: http://hashcat.net/wiki/doku.php?id=maskprocessor
Author: atom
License: MIT
Maskprocessor Help
Usage:
maskprocessor [options]... mask
Options:
* Startup: -V, --version Print version -h, --help Print help * Increment: -i, --increment=NUM:NUM Enable increment mode. 1st NUM=start, 2nd NUM=stop Example: -i 4:8 searches lengths 4-8 (inclusive) * Misc: --combinations Calculate number of combinations --hex-charset Assume charset is given in hex -q, --seq-max=NUM Maximum number of multiple sequential characters -r, --occurrence-max=NUM Maximum number of occurrence of a character * Resources: -s, --start-at=WORD Start at specific position -l, --stop-at=WORD Stop at specific position * Files: -o, --output-file=FILE Output-file * Custom charsets: -1, --custom-charset1=CS User-defineable charsets -2, --custom-charset2=CS Example: -3, --custom-charset3=CS --custom-charset1=?dabcdef -4, --custom-charset4=CS sets charset ?1 to 0123456789abcdef * Built-in charsets: ?l = abcdefghijklmnopqrstuvwxyz ?u = ABCDEFGHIJKLMNOPQRSTUVWXYZ ?d = 0123456789 ?s = !"#$%&'()*+,-./:;<=>?@[\]^_`{|}~ ?a = ?l?u?d?s ?b = 0x00 - 0xff
Maskprocessor Usage Example
Running the program with the mask pass?d. Here “pass” are static characters, ?d stands for numbers, and in general “pass?d” is a mask.
maskprocessor pass?d
There will be the following output:
pass0 pass1 pass2 pass3 pass4 pass5 pass6 pass7 pass8 pass9
Count the number of combinations (--combinations), for the “DANIELLE?1?1” mask, in which the user character set (-1) is set as ?u?d?l (all uppercase and lowercase letters, as well as numbers), word length from 8 up to 10 characters (-i 8:10).
maskprocessor --combinations -i 8:10 -1 ?u?d?l DANIELLE?1?1 3907
If you compiled the program from source codes, then your executable file may be named mp64.bin, therefore the command will look like:
./mp64.bin pass?d
How to install Maskprocessor
Installation on Kali Linux
The program is pre-installed on Kali Linux.
To install in the minimum version:
sudo apt install maskprocessor
Run like this:
maskprocessor
“maskprocessor: command not found” error even though the newest version of maskprocessor is already installed
When trying to use the program, the error “maskprocessor: command not found” appears, although the newest version of maskprocessor is already installed. Apparently this package is broken in Kali Linux. Therefore, if you receive this error message, install maskprocessor as follows:
sudo apt remove maskprocessor git clone https://github.com/hashcat/maskprocessor cd maskprocessor/src/ make sudo mv ./mp64.bin /usr/bin/maskprocessor maskprocessor -h
Installation on Debian, Linux Mint, Ubuntu
You can download binaries here: https://github.com/hashcat/maskprocessor/releases
After downloading, it is enough to unpack the archive and run the mp64.bin or mp32.bin file.
Or install from sources.
sudo apt install git git clone https://github.com/hashcat/maskprocessor cd maskprocessor/src/ make
Run like this:
./mp64.bin
Installation on BlackArch
The program is pre-installed on BlackArch.
sudo pacman -S maskprocessor
Run like this:
maskprocessor
Installing on Windows
Download executables: https://github.com/hashcat/maskprocessor/releases
Unpack the archive.
Open a command prompt window (Win+x and select “Windows PowerShell” there).
Drag the mp64.exe (or mp32.exe) file to the command line and press ENTER.
Maskprocessor Screenshots
Maskprocessor Tutorials
- Programs for generating wordlists
- Hacking WPA/WPA2 passwords with Aircrack-ng: dictionary attack, cooperation with Hashcat, maskprocessor, statsprocessor, John the Ripper, Crunch, hacking in Windows
- How to speed up the generation of dictionaries with passwords
- How to create dictionaries that comply with specific password strength policie (Rule-based attack)
- How to generate candidate passwords that match password strength policies (filtering words with grep)
- Best Kali Linux tools in WSL (Windows Subsystem for Linux) (Part 2)
- Advanced wordlist generating techniques
Related tools
- hashcat (Hashcat & oclHashcat) (85.2%)
- John the Ripper (77.7%)
- Johnny (77.7%)
- hashcat-utils (74%)
- princeprocessor (66.6%)
- pydictor (RANDOM - 66.6%)
Comments are Closed