How good is /g/ with hashcat?
I've been reading up a lot on it, been doing research in my spare time for a couple of days now, but haven't been able to find the solution I'm looking for. Through my reading, I understand how to use the different functions such as rules, masks, wordlists, etc, but I'm not sure how to put it all together to crack a highly targeted password (roommate) which I know bits and pieces of. And yes, before anyone asks, I do have the hash already. The problem is that it's very long. (I know for sure 15-23.) It contains certain exact character sequences (Essentially words), listed below, as well as a combination of up to three at a time of the most basic/commonly used symbols, also listed below.
Words: (One or more of these)
posirv
nathan
xxz
10 or 1010 or 1010s (If one of these are in the password, the other two are guaranteed not to be)
Each of these "words" will occur up to once in the password, but not necessarily in that order.
Symbols:
!
@
*
&
#
Each of these symbols could occur up to three at a time before or after each of the words above.
So for example: these are all possibilities:
!nathan@&#xxz1010s***
nathanxxz1010@
*@posirvxxz10nathan#
posirvxxznathan*!@
I'm not too good at regular expressions so please ask me to clarify if this is unclear, but my regular expression representation of the possibilities for this password would be: (W->words S->Symbols)
[S]{0,3}[W][S]{0,3}([W][S]{0,3}){0,3}
I guess you could almost say that I'm trying to bruteforce it with a list of all of the above "items". I know how to bruteforce with a set of possible (single) characters, I know how to bruteforce with a combination attack of words in a wordlist, but I don't know how to set up the necessary rules to combine the two and limit the number of guesses to the realm of possibility based on what I know.
Oh and one last thing, it's got mixed casing so I'm probably going to have to use toggles5.rule.
Help me /g/, you're my only hope.
>>59029937
Surely there has to be an easier way to get your roommates password. Have you considered waterboarding?
He's bigger and stronger, so that's not going to be an option.
Nobody? :(
>>59029937
Do a keylogger. Hardware based if it's a desktop. Just put it inline with the keyboard one day and retrieve it the next
>>59030077
Laptop
And plus, I legitimately want to know how to do this with hashcat out of pure interest
https://hashcat.net/wiki/doku.php?id=rule_based_attack
TL;DR it's going to be complicated anyway.