Copy to : Everyone Ebook By DonXirus

Copy to : Everyone Ebook By DonXirus

cracking Using Keywords email search
This Method is simple and Gives a good result. The importance of this way is to get the keyword
search from the target you are trying to crack exactly, for example i want to crack Instagrame
accounts, what is the keyword search for that target, So what i have to do is to make a new
Instagram account, or just use a early created instagram account. Then Go to the inbox
messages and check for the received emails from instagram, to find the keyword search like this:

As you can see the messages from instagram, now click on each email received from instagram
and click on show details to get the keyword search as on the screen bellow .

now you will get some informations like on the screen bellow
Copy to : Everyone Ebook By DonXirus

easy our 2 keywords search are : no-reply@mail.instagram.com and mail.instagram.com.

So what Next ? now we will do the same on every received email from our target in my case
« Instagram » my result is this :

1- no-reply@mail.instagram.com
2- mail.instagram.com
3- security@mail.instagram.com

So maybe there is more keyowrds like this, the point is to get as much keywords search as you can,
Now the question is why are we doing this ?

So this method is good for people who aren’t able to get private combos, or for people who want to
use the publix combos, i did apply this method on world of tanks ( Wargaming) and instagram
accounts, and i get a good result ( private accounts).

Now the method is to use those keyowrds on some keyword search checkers like AIO accounts
checker, Woxy Checker, and other tools.

Everyone will said ohh we all knew how to use those tools, and this method is public, So if you are
smart enough, you will find that everyone has been used the same keyword search, not like our
method, for example i want to crack League of legends accounts, i will find in AIO accounts checker
just one keyword search (account@email.leagueoflegends.com) like this one on the screen bellow
Copy to : Everyone Ebook By DonXirus

So if we are trying to use a public

combo list, we can’t find better
result and all accounts checked
using this keyword, will get you a
fucked accounts (public), but if you
do add more keywords, maybe you
will get some new accounts that
has not cracked using this keyword
@email.leagueoflegends.com the
question is why ?

Because when i did crack world of

tanks accounts and instagram i did
get some private accounts that no
one has been touch before, on the
same public combo list, that
everyone has been used before,
and the result was like this screen
bellow :

1- Means i did get the accounts that everyone has been get like me using the public keyword
search @instagram.com, and i did get another accounts on the same public combo list with
the new keywords, no-reply@mail.instagram.com and security@mail.instagram.com.
Copy to : Everyone Ebook By DonXirus
Now you started understand what i’m talking about, and if not i will continue explaining this. Ok so its
easy not that hard, The Answer is just that some emails not content the keyword search
@instagram.com in the received email, that’s mean AIO checker can’t find this keyword on the
emails, then it will just passe the search for the next accounts on the combo list, but if you do add
some new keywords search, so AIO will check every email and look for those keyowrds inside the
emails. Then the result will be like this, 13 accounts for the keyword search @instagram.com, 18
accounts on the combo list using the keyword search security@mail.instagram.com, 25 accounts
on the combo list using the keyword search no-reply@mail.instagram.com, and like that you can
find more new private accounts on the public shity combo list.

So this method can work for everything, any target, and i use this method to crack bitcoin accounts,
Gaming accounts, Streaming accounts , and more ... as you did see, the result was different while
using more new keywords search than using the famous public keyword that everyone has been
used before.
Copy to : Everyone Ebook By DonXirus
2 New Google Dorking Methods
1- Twin Dorks
This method is is good, when we are trying to get many things for the same target, like
searching Shopping Urls related to to amazon and ebay at the same time,or for gaming like
fortnite and Pubg, so those targets must be the same interest. Lets take the first example, and
work on it, to make Twin Dorks...

So first of all i need to know that twin dorks are not like other dorks methods, cause i need to
be more specific, about keywords and parameters. I need to make some good keywords but i
will be in need of 2 functions, So our Dork Will be like that :

intext:ebay & intext:amazon.php?customers=  (SF) (KW) & (SF) (KW) (PT)(PP)

as you can see the result is like on the screen bellow

This method will help you to get related urls to different targets, means if you are trying to make
shopping dorks, you will be able to make dorks for ebay and amazon in the same Dorks list, no need
to make separated Dorks. Using the & Option, Now you understad how this method works, what
you need now, is to think about some good combinations, i did add some for you, but there is
too many ways on how to use this method, so surprise me and show me your good skills, by
going so fare in this, its an easy method, no need to explaine more, as you are now the good
dorkers team in nulled, you did understand the first Ebook, and it’s the Base of Dorks Making,
Copy to : Everyone Ebook By DonXirus
so every new method, will be easy for you to understand it, and get the secret behind it at the
first look ...

.(PT)?(PP)= "(KW)" & "X(KW)"

.(PT)?(PP)= (DE) & "(KW)"

"(KW)" & (DE).(PT)?(PP)=

(DE) & "(KW)".(PT)?(PP)=

Twin dorks Combinations 
"(KW)" & "X(KW)" (PP)= .(PT)?

(PP)= .(PT)? "(KW)" + (DE)

(PP)= "(KW)" & "X(KW)".(PT)?

.(PT)? "(KW)" & "X(KW)" (PP)=

.(PT)? "(KW)" & "X(KW)" (PP)=

.(PT)?(PP)= (SF)"(KW)" & "X(KW)"

(SF)"(KW)" & "X(KW)".(PT)?(PP)=

(SF)"(KW)" & "X(KW)" (PP)= .(PT)?

(PP)= .(PT)? (SF)"(KW)" & "X(KW)"

Now Lets see how to use Dorky Dorker to create this type of dorks.

First we need to choose our target in my case i will use shopping websites, amazon & ebay, then i
will make some common keywords for shopping

 Common keywords : Shop, Customers, Product, Shopping, Sells ...

Then i will use those Keywords as parameters and not in keywords part, our keywords are just 2
Amazon & ebay.

Second Lets make some Page types If i’m using Sib panel to dump and scan urls so my page types
must be only

 Page Types for Sib Panel : PHP? Asp? Aspx?

Cause Sib Panel support only urls content .php? .asp? and .aspx? if we are using other tools like
sqli dumper so we can use the normal page types we are using all the time.

Third we will chooose the best combinations for our Twin Dorks like i mentioned up,

.(PT)?(PP)= "(KW)" & "X(KW)"

.(PT)?(PP)= (DE) & "(KW)"

"(KW)" & (DE).(PT)?(PP)=

Copy to : Everyone Ebook By DonXirus
(DE) & "(KW)".(PT)?(PP)=

"(KW)" & "X(KW)" (PP)= .(PT)?

(PP)= .(PT)? "(KW)" + (DE)

(PP)= "(KW)" & "X(KW)".(PT)?

.(PT)? "(KW)" & "X(KW)" (PP)=

.(PT)? "(KW)" & "X(KW)" (PP)=

.(PT)?(PP)= (SF)"(KW)" & "X(KW)"

(SF)"(KW)" & "X(KW)".(PT)?(PP)=

(SF)"(KW)" & "X(KW)" (PP)= .(PT)?

(PP)= .(PT)? (SF)"(KW)" & "X(KW)"

But we will replace later the X word with Ebay cause i didn’t find a way to combine two words in dorky,
i usualy make things complicated xD but maybe you know how, anyway just follow me and we will
make it, what you need to understand is that we will use ebay as Xword and amazon as original
keyword, so i need to do this :

 keyword preset

Fourth, as we can see i did use domains in the first combinationso i need t choose wich countries am i looking
for, in my case i will use :

Domains :  De Fr It Us Pl

Done, so now we have everything we need, the next step is just to copy and paste in the presets on dorky
dorker like on the screen bellow :
Copy to : Everyone Ebook By DonXirus
Then open Dorky and generate your dorks to get a list like this
First Generated list
So now we will just replace the x"Amazon" with

"Ebay" to get the final list like this :

The Final Edited List

Fially i want to tell you that this method ; isn’t just for making twin dorks, but for getting vulnerable
Urls too, cause you should know that after many researchs about vulnerabilities i found that every
vulnerable Urls content the two symboles « ? » , « & » cause they are used exactly for data transfer
means exchange informations betwen users and the server, and thats exactly our Goal, users
informations or called « email ; pass » , « user : pass » = Combolist.
Copy to : Everyone Ebook By DonXirus
2- google search query
This method is about Getting tons of shit informations from google, and it’s good if you are a good
Spamer, Getting real good accounts as target, i will take as example Instagram, so everyone knows
that instagram is the famous money making service in 2019, which can get you a stable work, i will
not teach you how to spam or crack instagram accounts, but i will show you how to get a filtered
information, about what you are trying to get from google exactly, i did saw many people using this
method, but not in the right way, mean’s bad dorks method, so lets start :

Lets say, i want from google to search for me, every user who has 300k+ followers, verifed account,
what else ? registred with hotmail email, what niche food or clothing, lets try just this and see what is
the usefule dork to get all this !! follow me :

site:Instagram.com intext:@gmail.com intext:300k followers intext:Food

(Site): (Website target) (SF) (email provider) (SF) (K Followers) (SF) (Niche)

so as you can see i did get exactly what i want from google search, so now lets check the first target
and see if it’s what we did search about exactly ?!!
Copy to : Everyone Ebook By DonXirus

it’s exactly what i want to get, so now it’s time to get tons of accounts and start spaming, or what ever
you want, but what you need to know exactly about this method, is that we can use it not just for
instagram or spaming ways, but for other things that we need, i can’t tell you what, but there is more
good things behind this method, so be creative and smart, then see what you can make or get using
this great method, Good Luck
Copy to : Everyone Ebook By DonXirus

Everything you need to know about

Hashcat Windows: how to use the
program for cracking passwords
In this manual, I highlighted the most basic steps of Hashcat using and detailed the main
operating modes of the program. This instruction is designed for absolute beginners.
How to run and use hashcat (an instruction for hacking
passwords)
Hashcat is a program for hacking passwords, it's a powerful application with lots of features.
However, this is not the easiest to use program, therefore you need to spend time learning it.
In this manual, the most typical situations with hashcat are described.
Like ‘how to run hashcat’, and rather complex, like the correct composition of masks, custom
character sets, program options, problem solving and so on.
The peculiarity of hashcat is the very high speed of brute-force passwords, which is achieved
through the simultaneous use of all video cards, as well as central processors in the system.
It is possible to work if several video cards or video adapters of different manufacturers are
installed (for example, AMD and NVIDIA).

When I click on hashcat64.exe a black window flashes,

and then disappears
Hashcat is a command-line utility. So it does not have a graphical interface in the form of a
familiar window. Therefore, Windows users may think that the program is launched in an
unusual way.
To start the program, open the command window (or PowerShell). To do this, press Win+x,
and select Windows PowerShell:
Copy to : Everyone Ebook By DonXirus

Then you can act in two ways.

The first option: you can just drag-n-drop the executable file into the command window. The
executable file is hashcat64.exe or hashcat32.exe depending on your system.
The second option: on the command line, you can change the current working directory to the
one where executable hashcat files are located. For example, my program is located in the
folder C:\Users\Alex\Downloads\hashcat-4.1.0\, to change the current working folder, use
the cd command, after which the folder to which you specify the desired folder, in my case
the command looks like this:
1 cd C:\Users\Alex\Downloads\hashcat-4.1.0\

As you can see from the screenshot, the folder C:\WINDOWS\system32 is changed to
C:\Users\Alex\Downloads\hashcat-4.1.0.
Now to start the program it is enough to type the name of the executable file indicating the
current folder. The current folder is indicated by a period (.), Then you need to put a
backslash, it looks like this:
Copy to : Everyone Ebook By DonXirus
1 .\hashcat64.exe

Since we did not enter any options, nothing happens, only a brief hint is displayed.
Throughout the instruction, we will run the executable hashcat file with options. The simplest
option is -h, if you write it, you will get a reference for using the program:
1 .\hashcat64.exe -h

Download hashcat
Download hashcat from the official site by the link: https://hashcat.net/hashcat/
You will see:

The site has hashcat binaries and hashcat sources. The first is binary (executable) files, the
second is the source code. We need binaries, i.e. hashcat binaries.
How to install hashcat
Hashcat does not require installation, since it is a portable program. It is enough to unpack
the downloaded archive. If you have problems with unpacking the .7z format, then use the
program 7-Zip(archiver with a high compression ratio).
To run hashcat, it is necessary that the latest drivers for video cards are installed.
Drivers for hashcat
The following drivers are required for video cards:
 AMD GPUs on Windows require "AMD Radeon Software Crimson Edition" (15.12 or later)
 Intel CPUs require "OpenCL Runtime for Intel Core and Intel Xeon Processors" (16.1.1 or later)
 Intel GPUs on Windows require "OpenCL Driver for Intel Iris and Intel HD Graphics"
Copy to : Everyone Ebook By DonXirus
 NVIDIA GPUs require "NVIDIA Driver" (367.x or later)
Most likely, drivers for AMD and NVIDIA graphics cards in Windows are already installed, or
you know how to do it.
Therefore, I will only talk about OpenCL Runtime and the OpenCL driver installation.
OpenCL Runtime includes driver the Windows driver, so you only need to download one file
with OpenCL Runtime for Intel Coree, Intel Xeon Processors for Windows, for example, the
latest version is now: ‘OpenCL ™ Runtime 16.1.2 for Intel® Core ™ and Intel® Xeon®
Processors for Windows (64-bit & 32-bit)’.
The latest version of this package can be found on the official Intel
website: https://software.intel.com/en-us/articles/opencl-drivers#latest_CPU_runtime
Hashcat options
Working with programs in the command-line interface is very different from working in the
graphical user interface. In the GUI, we press different buttons, move switches, etc. This is
not the case with programs with a command-line interface. But at the same time the
command line utility can have even greater capabilities than a similar program with a window
interface. In order to control the functionality of console utilities, options are used.
In the output of the help you probably noticed a lot of information. This information is mostly
devoted to the options.
Options are specified after the file name separated by a space. Some options require
specifying a certain value. Some are used without values (such options are also called
‘flags’).
Options can be used one at a time or several at a time. With the help of options you can very
accurately configure the program, use it at maximum capacity.
With one option we have already metб it is the -h option, which displays program help, then
we'll get acquainted with even more options and their possible values.
The next one is the -b option.
Running the hashcat benchmark
The -b option starts the hashcat benchmark. This benchmark measures the speed at which
passwords are checked.
Running the benchmark will be successful only if the drivers are installed correctly and
everything is all right. Therefore, a benchmark is also a way to do a system and hashcat
check.
To run the brute-force speed check on the most popular algorithms on the command line
type:
1 .\hashcat64.exe -b
Copy to : Everyone Ebook By DonXirus

To stop prematurely, press CTRL+c. This shortcut stops all command-line utilities
immediately. Remember this combination!
Speed is displayed for each device separately, as well as for all devices combined
(line Speed.Dev.#*).
Example:
Copy to : Everyone Ebook By DonXirus

.
2- Hashmode: 2500 - WPA/WPA2 (Iterations: 4096)
3- Speed.Dev.#1.....: 5591 H/s (46.19ms) @ Accel:512 Loops:256 Thr:1 Vec:4
4- Speed.Dev.#2.....: 22374 H/s (69.23ms) @ Accel:128 Loops:32 Thr:256 Vec:1
5- Speed.Dev.#3.....: 171 H/s (1205.03ms) @ Accel:1024 Loops:128 Thr:1 Vec:4
6- Speed.Dev.#*.....: 28136 H/s

Which device exactly corresponds a number is written at the very beginning when the
program is launched, for example:
OpenCL Platform #1: Intel(R) Corporation

========================================

1 * Device #1: Intel(R) Core(TM) i7-3630QM CPU @ 2.40GHz, 4085/16342 MB allocatable, 8MCU

2 OpenCL Platform #2: Advanced Micro Devices, Inc.

. ================================================

3 * Device #2: Capeverde, 1523/2048 MB allocatable, 10MCU

4 * Device #3: Intel(R) Core(TM) i7-3630QM CPU @ 2.40GHz, 4085/16342 MB allocatable, 8MCU

Warnings and errors when running hashcat

Immediately upon starting the benchmark, errors can start to be output. For example:
1 * Device #3: Not a native Intel OpenCL runtime. Expect massive speed loss.

2 You can use --force to override, but do not report related errors.

The error says that it is not the native runtime environment of OpenCL that is used, and a
significant speed loss is expected. For this reason, OpenCL devices will be skipped (in the
screenshot below it is visible by the word ‘skipped’). If we want to use them anyway, we need

to add the --force option.

Running a benchmark with two options:

.\hashcat64.exe -b --force
If you still miss some devices, then you can add one more option -D. After this option, you
need to add a digit or digits indicating the type of device:
# | Device Type
Copy to : Everyone Ebook By DonXirus
===+=============

1- 1 | CPU
2- 2 | GPU
3- 3 | FPGA, DSP, Co-Processor

Pay attention to a very important point: an uppercase letter is used for the option. Options are
case sensitive. An uppercase letter may have another, even completely different meaning
than lowercase letter.
So, 1 is the central processor, and 2 is the graphics processor, then the full command, along
with the selection of all devices available for me, will look like this:
1 .\hashcat64.exe -b --force -D 1,2

The hashcat GUI

There are no official graphical interfaces for hashcat. Nevertheless, there are several
interfaces that were created by enthusiasts. The most relevant is
this: https://www.hashkiller.co.uk/hashcat-gui.aspx
To install the hashcat GUI, download the archive from the page to which the link above is
linked.
Unzip the downloaded archive, it already includes:
 hashcat-utils-1.0
 cap2hccap
Requirements for the hashcat GUI:
 only Windows operating system
 dotNET Framework: v4
 hashcat version 3.00 or later
Hashcat you need to download separately, as shown above. Also you need to have the
necessary drivers installed.
After you unpack the Hashcat GUI and Hashcat itself, you need to move the Hashcat folder to
the Hashcat GUI folder. It should look like the following folder structure:
Copy to : Everyone Ebook By DonXirus

The folder with Hashcat-hashcat-4.1.0 is highlighted. Note that you do not need to rename
the directory with a hashcat.

Double-click the HashcatGUI.exe file to start the program. Look at the Hashcat GUI:

In my opinion, it is complicated. In my subjective sense, it is easier to achieve the desired

result in the command line than in the graphical interface, in which, by the way, some
features are missing.
Moreover, without understanding the concepts of Hashcat, it's unlikely that you will be able to
do something even in the graphical interface. Therefore, continue reading this article, and we
will return to the graphical interface later on the pages of the miloserdov.org web-site.
How to use hashcat
The program runs as follows:
1 hashcat [options]... hash|hashfile|hccapxfile [dictionary|mask|directory]...

Here hashcat is the name of the executable file, in my examples it is .\hashcat64.exe.

Divided by the space, options follow the executable file.
The symbol | (pipe) in this case means logical ‘OR’. Therefore, hash, OR file with a hash, OR
file hccapx file follows after the options. And then dictionary OR mask OR directory follows
the hash, depending on the chosen attack.
Copy to : Everyone Ebook By DonXirus
Consider the use of the program on specific examples. Suppose we have a hash
of 53ab0dff8ecc7d5a18b4416d00568f02, which must be cracked. This hash is known to
have been obtained with the MD5 hash algorithm (i.e. it is MD5 hash). It is also known that
the encrypted string consists of only small letters of the English alphabet and has a length of
six to ten characters.
Next, we will show you how to launch a password attack using a variety of tricks.

Specifying the hash type

Different hashes are computed using different algorithms. Similarly, their cracking is
performed using different algorithms. In order to correctly launch an attack in Hashcat, you
must specify the type of attacked hash. To do this, use the -m option, after which you must
specify a number corresponding to the selected hash type.
In the baseline, we are given that the provided hash is MD5. So on the
page https://en.kali.tools/?p=155we are looking for ‘MD5’:

Opposite the found hash, look at the column ‘#’, i.e. number. In this case, this number is ‘0’.
So, to the Hashcat launch command, you need to add -m 0, it is the option and its value.
If we were given a SHA1 hash, then its number would be 100 and to the Hashcat launch
command we would add -m 100 and similarly for any other algorithm.
Typically, a hash type is known from the source where this hash was obtained. In case the
type of attacked hash is not known reliably, you can try to guess it with the help of specialized
tools.

Hashcat Attack Modes

Hashcat supports various attack modes, the most common are:
 Dictionary attack when a list of words is used as password candidates
 Mask attack (brut-force), when candidates in passwords are generated based on the described criteria.
Use the -a option to specify the attack mode. With it, you can specify any type of attack
supported in Hashcat, the most popular is a dictionary attack which is indicated by the
number 0, and a mask attack (brute force) which is indicated by the number 3.
So if we run a dictionary attack, then we specify -a 0, and if we run mask attack, then we
specify -a 3.
Dictionary Attack in Hashcat
The attack starts with the dictionary as follows:
1 hashcat [options] hash|hashfile|hccapxfile path_to_dictionary

To crack our hash, create a small dictionary: an ordinary text file named dictionary.txt and
copy into it:
Expand
Copy to : Everyone Ebook By DonXirus
Note: By the way, with Hashcat comes with an example of a dictionary, it's
called example.dict.
So, at this stage we have everything you need to launch an dictionary attack. We collect
everything together:
1 .\hashcat64.exe -m 0 -a 0 53ab0dff8ecc7d5a18b4416d00568f02 dictionary.txt

Here:
 .\hashcat64.exe is a executable file
 -m 0 is an option that sets the MD5 hash type
 -a 0 is an option, which value triggers a dictionary attack
 53ab0dff8ecc7d5a18b4416d00568f02 is a hash to be cracked
 dictionary.txt is a path to the dictionary file.
Since the dictionary is very small, the program will finish its work very quickly:

The result of the program:

1. 53ab0dff8ecc7d5a18b4416d00568f02:hackware
2. Session..........: hashcat
3. Status...........: Cracked
4. Hash.Type........: MD5
5. Hash.Target......: 53ab0dff8ecc7d5a18b4416d00568f02
6. Time.Started.....: Mon Mar 05 07:23:25 2018 (0 secs)
7. Time.Estimated...: Mon Mar 05 07:23:25 2018 (0 secs)
8. Guess.Base.......: File (dictionary.txt)
9. Guess.Queue......: 1/1 (100.00%)
10. Speed.Dev.#1.....: 17783 H/s (0.04ms) @ Accel:1024 Loops:1 Thr:1 Vec:4
11. Speed.Dev.#2.....: 0 H/s (0.00ms) @ Accel:256 Loops:1 Thr:256 Vec:1
12. Speed.Dev.#3.....: 12530 H/s (0.03ms) @ Accel:1024 Loops:1 Thr:1 Vec:4
13. Speed.Dev.#*.....: 30313 H/s
14. Recovered........: 1/1 (100.00%) Digests, 1/1 (100.00%) Salts
15. Progress.........: 24/48 (50.00%)
Copy to : Everyone Ebook By DonXirus
16. Rejected.........: 0/24 (0.00%)
17. Restore.Point....: 0/48 (0.00%)
18. Candidates.#1....: aaaaaaaaaa -> dancing2009
19. Candidates.#2....: [Copying]
20. Candidates.#3....: danciotu -> hackware
21. HWMon.Dev.#1.....: N/A
22. HWMon.Dev.#2.....: Util: 37% Core: 800MHz Mem:1000MHz Bus:16
23. HWMon.Dev.#3.....: N

The first line is 53ab0dff8ecc7d5a18b4416d00568f02: hackware contains the attacked

hash and after the colon the hacked password, in this case it is hackware.
On the successful hacking says the Status ………..: Cracked line
Hash does not need to be specified in the command line, it can be written to a file, then when
the attack is launched, the path to the file containing the hash is specified. For example,
create a hashmd5.txt file and copy into it 53ab0dff8ecc7d5a18b4416d00568f02.
Then the command to run will be:
1 .\hashcat64.exe -m 0 -a 0 hashmd5.txt dictionary.txt

The command contains the same options as the previous one, but instead of directly hash,
we specified the path to the file containing the hash to crack.
Note: since for educational purposes we crack the same hash in different ways, in case you
repeat the examples, you will see the message:
1 INFO: All hashes found in potfile! Use --show to display them.

It means that the hash that you are trying to crack has already been cracked before. All
compromised hashes are stored in the hashcat.potfile file in the same directory as Hashcat.
This is a plain text file, you can open it and see the contents, in my case it's:
1 53ab0dff8ecc7d5a18b4416d00568f02:hackware

This file can be deleted to start attack anew on the same hash in different ways.
There is also the option --show, after which you need to specify the hash of interest:
1 .\hashcat64.exe --show 53ab0dff8ecc7d5a18b4416d00568f02

and if it is found in the hashcat.potfile file, then information about the cracked password will
be displayed.

Mask attack in hashcat (brute-force attack in hashcat)

In Hashcat there is no such mode as brut-force. He was assimilated by the mask attack. This
is a more flexible type of attack, which allows you to implement brut-force through finely tuned
criteria.
In general, the mask attack has the following form:
1 hashcat [options]... hash|hashfile|hccapxfile mask
Copy to : Everyone Ebook By DonXirus
Therefore, it is similar to the previous one, but instead of the dictionary a mask is indicated.

How to make masks in Hashcat

For composing masks, character sets are used. The character sets in Hashcat come in two
flavors:
 Built-in Charsets
 User-defined Charsets
Let's begin our acquaintance with the built-in charsets, for many cases, they are enough.
1
? | Charset
2 ===+=========

3 l | abcdefghijklmnopqrstuvwxyz

4 u | ABCDEFGHIJKLMNOPQRSTUVWXYZ

5 d | 0123456789

6 h | 0123456789abcdef

7 H | 0123456789ABCDEF

8 s | !"#$%&'()*+,-./:;<=>?@[\]^_`{|}~

9 a | ?l?u?d?s

b | 0x00 - 0xff
10

The first column denotes a symbolic symbol set. For use in masks, a question mark must be
placed before this designation. For example, ?u means all uppercase letters, ?d means all
digits.
Suppose we know that the password consists of four characters, the first two characters are
uppercase letters, and the third and fourth characters are digits, then the mask will be as
follows:
1 ?l?l?h?h

To crack the password from our hash given as an example, we need to create a mask
consisting of eight characters, each of which is a small letter. This is the mask: ?l?l?l?l?l?l?l?l
1 .\hashcat64.exe -m 0 -a 3 53ab0dff8ecc7d5a18b4416d00568f02 ?l?l?l?l?l?l?l?l

Here:
 .\hashcat64.exe is an executable file
 -m 0 is an option that sets the MD5 hash type
 -a 3 is an option, which value triggers the mask attack
 53ab0dff8ecc7d5a18b4416d00568f02 is a hash to be cracked
Copy to : Everyone Ebook By DonXirus
 ?l?l?l?l?l?l?l?l is a mask that specifies the generation of eight-character passwords consisting of small
letters.

Less than a minute later the password was successfully cracked:

Pay attention to the line:

1 Progress.........: 15724838912/208827064576 (7.53%)

That is, 15724838912 variants of passwords from 208827064576 of the total number of
variants were tested.

Mask for unknown password length

The password length is not always known exactly. Even by the condition of our task, the
password has a length of six to ten characters.
In order to generate passwords of different lengths, the following options are available:
1 Options Short / Long | Type | Description | Example

2 -i, --increment | | Enable mask increment mode |

3 --increment-min | Num | Start mask incrementing at X | --increment-min=4

4 --increment-max | Num | Stop mask incrementing at X | --increment-max=8

The -i option is optional. If it is used, it means that the length of candidates for passwords
should not be fixed, it should increase by the number of characters.
The --increment-min option is also optional. It determines the minimum length of candidates
for passwords. If the -i option is used, the --increment-min value is 1 by default.
And the --increment-max option is optional. It determines the maximum length of candidates
for passwords. If the -i option is specified, but the --increment-max option is omitted, then its
default value is the mask length.
Rules for using mask increment options:
Copy to : Everyone Ebook By DonXirus
 Before using --increment-min and --increment-max, you must specify the -i option
 the value of the --increment-min option can be less than or equal to the value of the --increment-
maxoption, but can not exceed it
 the length of the mask can be larger in the number of characters or equal to the number of characters
specified by the --increment-max option, but the mask length can not be less than the character length set
by --increment-max.
So, we will correct the launch command for our task (the password has a length of six to ten
characters):
.\hashcat64.exe -m 0 -a 3 -i --increment-min=6 --increment-max=10
1
53ab0dff8ecc7d5a18b4416d00568f02 ?l?l?l?l?l?l?l?l?l?l

This command is similar to the previous one, but three new options have been added
(explained just above):
 -i
 --increment-min=6
 --increment-max=10
And also the mask length is increased to 10 characters: ?l?l?l?l?l?l?l?l?l?l (as required by
the rules for using increment options).
It took a bit more time to complete the search, as candidates in passwords of 6 (+1 seconds
on my gland) and 7 symbols (+22 seconds) were tested in addition:
Copy to : Everyone Ebook By DonXirus

Note the new value of the Status line:

1 Status...........: Exhausted

It means that all the password candidates was tested, but none proved true.
Copy to : Everyone Ebook By DonXirus

Password cracking when some characters are known

There are situations when some of the password symbols are known. For example, we are
given the same hash 53ab0dff8ecc7d5a18b4416d00568f02 and somehow we got to know
that the first three characters in the password are ‘hac’. Then you can specify these
characters directly in the mask:
1 hac?l?l?l?l?l?l?l

The command is:

.\hashcat64.exe -m 0 -a 3 -i --increment-min=6 --increment-max=10
1
53ab0dff8ecc7d5a18b4416d00568f02 hac?l?l?l?l?l?l?l

Known symbols can be placed anywhere in the mask: in the beginning, in the middle, in the
end; these can be single characters or groups of characters.

User-defined Charsets in Hashcat

Above, already listed are built-in character sets, which are usually enough. However, you can
specify up to four of your own custom sets.
Suppose we know that the first three characters in the password are digits, and not all, but
only numbers from 0 to 4, the fourth character is only uppercase letters, and the fifth and sixth
characters are the letters from a to h, as well as the numbers from 5 up to 9.
If in the mask for the first three characters we just indicate the numbers, then obviously not
suitable candidates for passwords (containing in the first three positions the numbers that are
not in the range from 0 to 4) will be also tested. We must exclude obviously inappropriate
passwords. This can be done using custom character sets.
There are four user-defined character sets in total. They are specified in options and denoted
by numbers. But in the options, a hyphen is placed before the digit (for example, the first user
set is -1), and a question mark is placed in the mask before the digit (for example, the use of
symbols from the first user set is ?1).
So, to solve the problem, we start by setting the required number of user sets in the options.
These sets can consist of directly listed characters, you can also use built-in character sets,
for example ?l or ?d or ?u(in any combination).
The first custom character set for our task (only numbers from 0 to 4):
1 -1 01234

The second user-defined character set (letters from a to h, as well as numbers from 5 to 9)
1 -2 abcdefgh56789

Let me remind you - custom character sets are written among the options (before the mask
and before the hash).
Now create a mask (the first three characters in the password are numbers, not all, but only
the numbers from 0 to 4, the fourth character is only uppercase letters, and the fifth and sixth
characters are the letters from a to h, as well as the numbers from 5 to 9):
1 ?1?1?1?u?2?2
Copy to : Everyone Ebook By DonXirus
We will disassemble the mask:- the first three characters are designated as ?1?1?1 (these
are units, and not a lowercase letter L, they are digits ‘1’) are symbols from the first user set.
Next goes ?u, this is a built-in character set, denoting only capital letters. The next two
characters are designated as ?2?2, these are symbols from the second user set.
When specifying custom sets, you can use the notation of built-in character sets, for example:
1 -1 ?l?u

denotes the first user set consisting only of large and small Latin letters.
And
1 -1 ?l?u?d

means the first user set consisting only of large and small Latin letters, as well as numbers.
As already shown above, you can use custom and built-in character sets in any combination
in the mask.

How to show passwords (create a dictionary) in Hashcat

without launching a cracking
After creating complex masks, especially with the use of custom character sets, we would like
to check whether we did everything correctly. Also, thanks to the flexibility of the Hashcat
syntax, it is convenient to use it for generating dictionaries by any criteria.
In order to only show passwords without starting cracking, the --stdout option is used. This
option requires -a 3 (masd attack mode). Since cracking does not start in this case, you do
not need to specify any hashes.
An example of generating passwords for the above-mentioned task (it is known that the first
three characters in the password are numbers, not all, but only numbers from 0 to 4, the
fourth character is only uppercase letters, and the fifth and sixth characters are the letters
from a to h, as well as numbers from 5 to 9):
1 .\hashcat64.exe --stdout -a 3 -1 01234 -2 abcdefgh56789 ?1?1?1?u?2?2

Since many passwords will be created (more than half a million), instead of displaying on the
screen, they can be saved to a file. To do this, after the main command, you need to put the
symbol > (means redirecting the output to a file) and write the file name. For example, to save
all passwords to the lab1.dicfile, which will be created in the same folder as the executable
hashcat64.exe:
1 .\hashcat64.exe --stdout -a 3 -1 01234 -2 abcdefgh56789 ?1?1?1?u?2?2 > lab1.dic

Samples of hashes
The Hashcat program includes not only help, but also hash examples. They can be useful if
you have difficulty in correctly writing the hash format.
To display all examples of hashes at once, run the program with the option --example-
hashes:
1 .\hashcat64.exe --example-hashes

You can see a sample of one particular hash. For example, I need to find out what a hash
looks like to crack the RAR5 password; then I turn to the help page of the
program https://en.kali.tools/?p=1558 and search for RAR5 (use CTRL+f). I find that the
Copy to : Everyone Ebook By DonXirus
number of this hash is 13000; Next, I run the program with the option --example-hashes and
the already-known option -m (after which the hash mode number is specified)
1 .\hashcat64.exe --example-hashes -m 13000

So, to crack passwords from RAR5 archives, the hash should look like:
1 $rar5$16$38466361001011015181344360681307$15$00000000000000000000000000000000$8$cc7a30

Password List for HshCat

The best password list for hashcat or any other tools to decrypt passwords is this :
https://weakpass.com/wordlist
Try to download everything in this website like that you will have a good passwords list and
you can decrypt like 80% of any combo list especialy those passwords with green and
orange color ( Rate ), But you need at least 350Gb or hard drive.

After that you will be able to use hashcat

and decrypt passwords 100%
Copy to : Everyone Ebook By DonXirus

Thanks for Buying!

Thank you for buying this E-Book,
I really hope it helped you. If you have any issues with this,
contact me on discord DonXirus ツ#1827. For Support
I hope you’ll buy from me in the future!
Join our discord server: https://discord.gg/wtMZEQt

To Benefit from upcoming methods and updates

&
Take advantage from upcoming Chapiters V1.xx

Have A Nice Day