gurnec
commented
7 years ago For your specific case, you may want to simply use %1,5p which contains all alphanumerics plus:
!"#$%&'()*+,-./:;<=>?@[\]^_`{|}~To answer your question though, the (almost*) only character that needs to be escaped inside a %[...]-style wildcard is ], everything else can appear verbatim. (In your case above, btcrecover ignores the extra %s.)
To include ], place it immediately after the %[. It's then considered part of the replacement set, and the next ] actually ends the wildcard, e.g. the wildcard %[]x] contains two replacement characters, ] and x.
More details can be found here.
* The default delimiter which separates tokens from one another is whitespace (spaces, tabs, etc.). This cannot be included inside %[...]-style wildcards, but there are two workarounds I can describe if you need this (--delimiter and --custom-wild).
jshrek
I know brute force becomes nearly impossible as the length of the password increases, but if it was a short password, it could still be checked relatively easily up to maybe 6 or 7 characters long.
Would the following token work for brute force to include all lower case, upper case, numbers and symbols from 1 to 5 characters long?
%1,5[0-9a-zA-Z!@#&*()_+-=`~{}|;':",./<>?$%%%^]
I found that %S did not work for $, but actually including $ worked fine. Also the only symbols I can not figure out how to add in are the left and right [ square brackets ]