hashcat Forum

Hello, I'm completely new to hashcat and trying to get up to speed as fast as I can.  The sheer number of options in hashcat are making it difficult for me to choose what is the best way to extract a password.  If someone can help point me in the right direction I'd really appreciate it.

The only information I know:

• It's a .rar file so -m 13000
  
• I have 2 possible usernames
  
• I have the hashed password
  

Unfortunately this is all I have to go by so far.  I've tried running commands using the usernames (prepended) with hashcat inputting the remaining characters as uppercase, lowercase, and numbers in every combination for each name.  This was unsuccessful.

I started using a dictionary attack (rockyou) where the only rule was that it should use an 8 character password.  After looking at the length of time this would take to complete, I quickly exited that mode.

Is there any way to figure out how many characters are in the password?

Can someone please help me figure out more precise commands to crack this password?  Like I said before, with so many options available I'm not really sure where to go next.  The random attempts I've made either haven't worked, or take so long it's not even worth running.

Thank you in advance for your help!

If you are new and unusure about using hashcat and accomplishing the task at hand, the best strategy is to create a RAR file which you KNOW the password for and test that you have properly setup the workspace correctly. This way if something isn't properly functioning between your hardware and hashcat you will find that out really quickly. 

Once you have that part sorted out then you can look at the built in options for different attacks within hashcat. There is no way to determine a specific hash to its password length. You can investigate the password requirements which may give more details as where to start but if there is no requirements you will be left guessing from 1 to infinite characters unfortunately.