A penetration tester has obtained password hashes and has intelligence suggesting a common password structure: an 8-character password consisting of a capital letter, followed by five lowercase letters, and ending with two digits. Which of the following hashcat mask patterns would be the MOST efficient for cracking these passwords?
A mask attack is the most efficient method when a password's structure is known. The mask ?u?l?l?l?l?l?d?d precisely targets the described 8-character pattern: ?u for a single uppercase letter, ?l for a lowercase letter (repeated five times), and ?d for a single digit (repeated twice). The mask ?a?a?a?a?a?a?a?a represents a standard brute-force attack testing all character types in all positions, making it far less efficient. The masks ?l?l?l?l?l?l?l?l and ?d?d?d?d?d?d?d?d are incorrect because they only test for all-lowercase or all-digit passwords, respectively, and do not match the known pattern.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a hashcat mask attack?
Open an interactive chat with Bash
How does the `?u?l?l?l?l?l?d?d` mask match the password structure?
Open an interactive chat with Bash
Why is the `?a?a?a?a?a?a?a?a` mask inefficient for this scenario?