I'm totally new to hashcat, but in my experimenting with hybrid wordlist + mask attacks I'm not cracking some of the hashes I would expect to. I've determined that this is because the mask part isn't using all of the charset that I'm expecting.
To simplify and confirm this behavior I created a list of hashes from "a", "A", "1", "!" and ran a mask attack with a single "?a" as the input. This results in only cracking the hashes for "a" and "1".
command
hashcat.exe -m 0 -o test.txt -a 3 test.hash
?a
I also notice that it says it's only making 32 guesses, which should be more if it's going through letters, numbers and symbols.
I think that a work around could be to just create a custom charset, but I'd rather learn what to expect from the built in's better.
In short: is there a reason why the "?a" built in charset wouldn't go through all of the other (non-hexish) built in charsets?
[
attachment=979]
Can you post your test hashes so we can reproduce your results?
(09-08-2022, 11:09 PM)SuperColin Wrote: [ -> ]I'm totally new to hashcat, but in my experimenting with hybrid wordlist + mask attacks I'm not cracking some of the hashes I would expect to. I've determined that this is because the mask part isn't using all of the charset that I'm expecting.
To simplify and confirm this behavior I created a list of hashes from "a", "A", "1", "!" and ran a mask attack with a single "?a" as the input. This results in only cracking the hashes for "a" and "1".
command
hashcat.exe -m 0 -o test.txt -a 3 test.hash ?a
I also notice that it says it's only making 32 guesses, which should be more if it's going through letters, numbers and symbols.
I think that a work around could be to just create a custom charset, but I'd rather learn what to expect from the built in's better.
In short: is there a reason why the "?a" built in charset wouldn't go through all of the other (non-hexish) built in charsets?
(09-08-2022, 11:28 PM)pdo Wrote: [ -> ]Can you post your test hashes so we can reproduce your results?
Here they are:
0cc175b9c0f1b6a831c399e269772661
7fc56270e7a70fa81a5935b72eacbe29
c4ca4238a0b923820dcc509a6f75849b
9033e0e305f247c0c3c80d0c7848c8b3
But shouldn't the number of guesses higher?
Works as expected on my system. Hmm, what's going on for you
Code:
c4ca4238a0b923820dcc509a6f75849b:1
0cc175b9c0f1b6a831c399e269772661:a
7fc56270e7a70fa81a5935b72eacbe29:A
9033e0e305f247c0c3c80d0c7848c8b3:!
Session..........: hashcat
Status...........: Cracked
Hash.Mode........: 0 (MD5)
Hash.Target......: test.txt
Time.Started.....: Thu Sep 8 17:38:11 2022 (0 secs)
Time.Estimated...: Thu Sep 8 17:38:11 2022 (0 secs)
Kernel.Feature...: Pure Kernel
Guess.Mask.......: ?a [1]
Guess.Queue......: 1/1 (100.00%)
Speed.#3.........: 349.3 kH/s (0.02ms) @ Accel:1024 Loops:95 Thr:1 Vec:4
Recovered.Total..: 4/4 (100.00%) Digests
Progress.........: 95/95 (100.00%)
Rejected.........: 0/95 (0.00%)
Restore.Point....: 0/1 (0.00%)
Restore.Sub.#3...: Salt:0 Amplifier:0-95 Iteration:0-95
Candidate.Engine.: Device Generator
Candidates.#3....: s ->
Hardware.Mon.SMC.: Fan0: 33%
Hardware.Mon.#3..: Temp: 42c
Started: Thu Sep 8 17:38:05 2022
Stopped: Thu Sep 8 17:38:13 2022
(09-08-2022, 11:30 PM)SuperColin Wrote: [ -> ] (09-08-2022, 11:28 PM)pdo Wrote: [ -> ]Can you post your test hashes so we can reproduce your results?
Here they are:
0cc175b9c0f1b6a831c399e269772661
7fc56270e7a70fa81a5935b72eacbe29
c4ca4238a0b923820dcc509a6f75849b
9033e0e305f247c0c3c80d0c7848c8b3
But shouldn't the number of guesses higher?
Your test hashes are correct, which is a good start. However I've noticed your command doesn't match the screenshot you've uploaded. For example: the screenshot shows Optimized Kernel while your command is missing the -O parameter.
Please post your full command.
Yes you are correct that the guesses should be 95 and they are on my tests. Any chance you have used -t 32 in your command?
Ok so I figured it out. I had some other flags on that I thought didn't effect the actual output and it seems like the issue was the "-t 32" flag I had on, which makes even more sense as I'm typing this out...
I actually deleted them out of the OP to reduce noise, but here was my full original command:
hashcat.exe ^
-m 0 ^
-t 32 ^
-o test.txt ^
--runtime=60 ^
--hook-threads=6 ^
--hwmon-temp-abort=99 ^
--potfile-disable ^
--increment ^
-O ^
-a 3 test.hash ?a
Deleting the -t flag fixed the issue and increased the number of guesses to 95, so that's better. I don't even know what I thought it did, but maybe this will help someone in the future, thanks for being my rubber ducky lol
(09-08-2022, 11:43 PM)hops Wrote: [ -> ]Any chance you have used -t 32 in your command?
This was the issue, thank you!
FWIW, your temperature abort should be well below 99, that's really much too hot.
(09-09-2022, 05:09 AM)royce Wrote: [ -> ]FWIW, your temperature abort should be well below 99, that's really much too hot.
Thanks for the advice, what would you suggest for an average desktop rig with a single GPU?