Articles in this section

See more

How to use a Mask Attack

Avatar
Yana Gourenko
  • Updated
Follow

Using a Mask Attack

Mask attack checks passwords that match a specific pattern. This attack allows users to skip unnecessary character combinations and reduces the time spent on brute-force password recovery.

To set up a Mask attack, click the ‘+’ button on the Attack Settings page and select “Mask” from the “Basic Attacks” list:

Using_Mask_Attack.jpg

 

Setting a mask

A password mask is a string that displays the position of character candidates in a password. This string consists of known characters and/or tokens, which set a range of character candidates for a single position. A token looks like ‘?l’, where ‘?’ is a special symbol and ‘l’ is the identification of a symbol set, i.e., the range of character candidates (‘l’ stands for “lowercase letters”). Refer to section “Using a Mask file” for more information on the mask syntax rules. 

For example, mask “?l2020” generates passwords like “a2020”, “b2020”, “c2020”, etc., i.e., one lowercase letter followed by a known part “2020”.

To specify a mask, click “Masks” and type a mask string in the field:

Setting_Mask.jpg

NOTE: The Mask attack is specific to password length, so if the length of the password is unknown, you will need to specify multiple masks.

To specify multiple masks, click the “+Add Mask” button or use a mask file.

 

Built-in symbol sets

Passware Kit recognizes the following tokens that define a symbol set:

  • ?l (lowercase letters)= abcdefghijklmnopqrstuvwxyz
  • ?u (uppercase letters) = ABCDEFGHIJKLMNOPQRSTUVWXYZ
  • ?d (digits) = 0123456789
  • ?h (digits in HEX)= 0123456789abcdef
  • ?H (digits in HEX) = 0123456789ABCDEF
  • ?s (symbols) = «space»!"#$%&'()*+,-./:;<=>?@[\]^_`{|}~
  • ?a (lowercase letters+uppercase letters+digits+symbols) = ?l?u?d?s

Lowercase and uppercase letters are defined in accordance with the language selected in the “Settings” section:

Built-in_Symbol_sets.jpg

A sample mask for 13-character passwords like “My2020Photos!”, with a known part “Photos”  is displayed below:

?u?l?d?d?d?dPhotos?s

 

Custom symbol sets

You can specify up to four custom symbol sets (?1-?4) to reduce the number of character candidates in a certain position in the password. 

For example, for passwords like “My2020Photos!”, if you know that there is a year inserted in the middle of the password, rather than just random digits, you can specify the mask as:

?u?l?1?d?d?dPhotos?s

where ‘?1’ is a custom symbol set 1 defined as “12”. Configured this way, the software will check only the combinations of digits from “1000” to “2999”, and skip combinations “0000-0999” and “3000-9999”. 

A custom symbol set can also contain built-in symbol sets, e.g., set “?l123” specifies character candidates as: “abcdefghijklmnopqrstuvwxyz123”.

To specify a custom symbol set, click “Custom Symbol Sets” and type the characters in the “Set 1” / “Set 2” / etc. fields:

Custom_Symbol_set.jpg

Setting custom symbol sets for each mask

Up to four custom symbol sets can be specified directly in a mask string. In this case, the range of characters is placed at the beginning of a mask string and is separated from mask tokens with a comma. The general format of the mask string is:
[?1,][?2,][?3,][?4,]mask

In our example, the mask string looks like:
12,?u?l?1?d?d?dPhotos?s

where “12” is a symbol set 1.

Specifying the symbol sets directly in a mask string can reduce the range of password combinations. For example, to search for a year range of 1970-2029 in a sample password “My2020Photos!”, you can set two masks:

Different_Custom_Symbol_set.jpg


Using a mask file

It might be useful to specify multiple masks for the same password recovery attack. The most convenient way to do this is to create a plaintext mask file, where each line presents a separate mask. The contents of a sample mask file look like:

Using_Mask_File.jpg
The general syntax rules are:

  • A comma ‘,’ is a separator between the different fields, e.g., between a custom symbol set and a mask.
  • If you use “\,” the comma will be interpreted as a literal character, not as a separator. 
  • To make a comment, use symbol ‘#’ at the beginning of the line. Otherwise, it will be interpreted by the software as a mask string.
  • To use a question mark ‘?’ as a symbol within a mask, rather than as a special symbol within a token, type an additional question mark: “??”.

The Mask attack of Passware Kit is compatible with Hashcat mask files (.hcmask).

After you set up a Mask attack, note that the total number of passwords to check differs depending on the mask settings:
Total_number.jpg

Click “Add attack” to add the Mask attack and proceed to password recovery.

 

Related articles

Comments

0 comments

Please sign in to leave a comment.