hashcat Forum

Full Version: Complete Noob
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
So, I've downloaded oclHashcat-plus and the hashcat-gui.

I think I've got it working on what I want, but I honestly have no idea if that's true.

Basically, I have a SHA512 hash WITHOUT any salt where I know that the original text was 10 characters long and contains 2 uppercase letters, 2 digits, and the rest are lowercase letters.

I have a GTX Titan and really want to put it to work on cracking this hash. Can someone PLEASE provide me with either the command line command or else the gui options I would need to use to crack such a hash?
In general you should prefer masks/hcmask files over *generating* wordlist (that fit those requirements)... but it really depends on what the requirements exactly are... Do you know the positions of the 2 digits and the 2 uppercase letters or can they be anywhere in the 10 alphanumeric string? Are there *exactly* 2 uppercase letters or at most 2 uppercase letters? What about digits (exactly or max)?
For instance if you know that the passwords starts w/ uppercase you already reduce the keyspace (and the possible masks that you need to try) a lot. The same holds if you for instance know that the passwords ends w/ 1 or 2 digits.

Your main problem is indeed that 10 character long mask together w/ sha512 (which ofc is much slower than e.g. MD5 or others) takes some time to bruteforce (if you really want to use this attack mode - maybe a filtered dictionary that fits the requirements may be a better approach? For instance if you *know* some more details about the possible password etc).

Anyway, you could use e.g. a mask file (http://hashcat.net/wiki/doku.php?id=mask...mask_files , .hcmask) in which you put all possible masks (starting for instance w/ the most likely one) and let oclHashcat run.
$ oclHashcat64 -m 1700 m1700_hash.txt -a 3 maskfile.hcmask

where the file maskfile.hcmask could contain lines like:

For details of mask based attack see: http://hashcat.net/wiki/doku.php?id=mask_attack

As said, the main problem is that the length is considerable (maybe too) long for a bruteforce... if instead the password would be only of e.g. length 8 this would not be much of a problem.
So also spent some time in looking on other attack modes (filtered wordlist, rules based attack etc) ...