Hashcat Mask Options Explained

TL;DR

Setting the correct mask in hashcat is crucial for efficient password cracking. This guide explains how to determine and use the right mask based on your target password’s characteristics.

Understanding Hashcat Masks

A hashcat mask defines the character set and length of passwords it will attempt to crack. It’s a pattern that tells hashcat which characters to try in each position of the password. Incorrect masks waste time; too broad, and you’ll spend ages on unlikely combinations. Too narrow, and you might miss the actual password.

Step 1: Identify Password Characteristics

1. Length: How many characters long is the target password likely to be?
2. Character Sets: What types of characters are used?
   • Lowercase letters (a-z)
   • Uppercase letters (A-Z)
   • Digits (0-9)
   • Symbols (!@#$%^&*)

If you know the password is 8 characters long and contains lowercase letters, uppercase letters, and digits, that’s a good starting point.

Step 2: Hashcat Character Sets

Hashcat uses shorthand notation for character sets:

• ?l: Lowercase letters (a-z)
• ?u: Uppercase letters (A-Z)
• ?d: Digits (0-9)
• ?s: Symbols (!@#$%^&*)
• ?a: All characters (?l?u?d?s)

You can also define custom character sets, but we’ll focus on the standard ones for simplicity.

Step 3: Building Your Mask

1. Basic Masks: For a password of length ‘n’ using only lowercase letters:

   ?l?l?l?l?l?l?l?l

2. Mixed Character Sets: For an 8-character password with lowercase, uppercase and digits:

   ?l?u?d?l?u?d?l?u

   This mask tries all combinations of lowercase, uppercase and digits in each position.

3. Using ‘?’ for Any Character: The ‘?’ character is a wildcard that matches any character from the default set (?a). Use with caution as it significantly increases the search space.

   ?l?u?d?s?l?u?d?s

4. Mask with specific characters: If you know some characters are definitely present:

   ?l?u?d?d?l?a?d?s 

   This mask will attempt to crack passwords that have lowercase, uppercase and digits in the first four positions.

Step 4: Example Hashcat Command

Let’s say you want to crack a password hash using an 8-character mask with lowercase letters, uppercase letters, and digits against a wordlist called ‘rockyou.txt’.

hashcat -m  rockyou.txt ?l?u?d?l?u?d?l?u --force

Replace <hash_type> with the appropriate hash type (e.g., MD5, SHA256). The --force option is often needed for longer masks.

Step 5: Refining Your Mask

1. Start Broad, Then Narrow: Begin with a wider mask and observe the cracking speed. If it’s too slow, consider narrowing the mask based on any additional information you have about the password.
2. Rules: Hashcat rules can modify passwords in various ways (e.g., capitalization, adding numbers). Using rules alongside masks can improve your chances of success.

   hashcat -m  rockyou.txt ?l?u?d?l?u?d?l?u --rules best64

3. Incremental Masks: If you’re unsure about the password length, try incremental masks (e.g., cracking passwords of lengths 6, 7, and 8).

Important Considerations

• Time Estimation: Hashcat provides estimated time to crack based on your hardware and mask complexity. Pay attention to this estimate.
• Resource Usage: Complex masks require significant processing power and memory. Ensure your system can handle the load.