Open jshrek opened 7 years ago
For your specific case, you may want to simply use %1,5p
which contains all alphanumerics plus:
!"#$%&'()*+,-./:;<=>?@[\]^_`{|}~
To answer your question though, the (almost*) only character that needs to be escaped inside a %[...]
-style wildcard is ]
, everything else can appear verbatim. (In your case above, btcrecover ignores the extra %
s.)
To include ]
, place it immediately after the %[
. It's then considered part of the replacement set, and the next ]
actually ends the wildcard, e.g. the wildcard %[]x]
contains two replacement characters, ]
and x
.
More details can be found here.
* The default delimiter which separates tokens from one another is whitespace (spaces, tabs, etc.). This cannot be included inside %[...]
-style wildcards, but there are two workarounds I can describe if you need this (--delimiter
and --custom-wild
).
Great thanks for info!
I know brute force becomes nearly impossible as the length of the password increases, but if it was a short password, it could still be checked relatively easily up to maybe 6 or 7 characters long.
Would the following token work for brute force to include all lower case, upper case, numbers and symbols from 1 to 5 characters long?
%1,5[0-9a-zA-Z!@#&*()_+-=`~{}|;':",./<>?$%%%^]
I found that %S did not work for $, but actually including $ worked fine. Also the only symbols I can not figure out how to add in are the left and right [ square brackets ]