Close

http://www.passcape.com

Password Recovery Software

The best programs to recover lost and forgotten passwords
Control panel
Home > Products > Windows Passwords > Windows Password Recovery > Screenshots > Attacking hashes > Mask attack
Recovering Windows hashes - mask attack
04.05.2012
Windows Password Recovery v5.1
 Now with GPU support
09.04.2012
New blog post
 Using passwords from the Bible
13.03.2012
DPAPI secrets
 New article has been submitted
20.02.2012
Auditing 32 mln. RockYou passwords
 Brief analysis of 32 mln. passwords

Passcape RSS news feed more news »

Articles and video

You may find it helpful to read our articles on Windows security and password recovery examples. Video section contains a number of movies about our programs in action

Windows Password Recovery - Mask attack



Mask attack

Mask attack is an irreplaceable tool when you know a fragment of the password or have any specific details about it. For example, when you know that the password consists of 12 characters and ends with the qwerty, it is obvious that searching the entire 12-character range of passwords is unreasonable. All what would be required in this case is to recover the first 6 characters of the sought password. That is what mask attack is for.

In our case, we could define the following mask: %c%c%c%c%c%cqwerty. That means that the program would serially check the following combinations: aaaaaaqwerty .. zzzzzzqwerty. If the original password is 'secretqwerty', it perfectly hits our range.

The mask entry field is used for setting the rule, by which the program will try to recover the password. If the mask is set correctly, below you will see the range of characters generated by the mask. User-defined masks can be saved to disk. You can also use the mask tool to generate a dictionary (may not be available in some editions).

The mask syntax is quite trivial and consists of static (unmodifiable) and dynamic (modifiable) characters or sets. Dynamic characters/sets always have a leading %. For example, if you set the mask secret%d(1-100), the program will generate 100 passwords (secret1, secret2: secret100).

Windows Password Recovery supports the following dynamic mask sets:

  • %c  lower-case Latin characters (a..z), 26 symbols
  • %C  upper-case Latin characters (A..Z), 26 symbols
  • %#  full set of special characters (!..~ space), total 33 symbols
  • %@  small set of special characters (!@#$%^&*()-_+= space), 15 symbols
  • %?  all printable characters with ASCII codes of 32..127
  • %d  one digit (0..9)
  • %d(x-y)  numbers between x and y inclusive
  • %r(x-y)  user-defined characters with serial ASCII codes between x and y
  • %r(x1-y1,x2-y2...xn-yn)  set of several non-overlapping sequences of ASCII characters. Useful for defining custom character sets; e.g., of OEM characters.
  • %1[..9](min-max) user-defined range of variable length (from min to max) to brute-force. You can set up to 9 your own custom character sets.
  • %%  standalone static character %
When setting %r, keep in mind that the range of defined OEM characters (with character code greater than 127) is generated using the DOS encoding. 

Examples:
test%d - will generate password range test0..test9, 10 passwords total 
test%d(1980-2007) - test1980..test2007, 28 passwords 
test%r(48-57,97-122) - test0..testz, 36 passwords 
%#test%# - _test_..~test~, 1089 passwords 
%d(1-12)%r(45-47)%d(1-31)%r(45-47)%d(1980-2010) - 1-1-1980..12/31/2010, 34596 passwords 
admin%1(1-5)  - admina .. adminzzzzz, where %1 is user defined charset 1 (a..z)
%1%1%1pin%2%2%2 - aaapin000 .. zzzpin999, %1 is user character set a..z and %2 is second user-defined charset which contains characters 0..9


By switching to Dictionary generator tab, you can generate your own dictionary by a given mask, and save it to disk. However this feature available in Advanced edition of the program only.

Third tab of the mask options contains a short description of the mask syntax and a couple of simple examples.
v5.1 changes! The mask sets %u1, %u2 .. %u9 became %1, %2 .. %9 now.




Print   E-mail