How do I do a mask attack on a binary string that is hashed with MD5?
So for example...
String:
test word spaces
Binary:
01110100 01100101 01110011 01110100 00100000 01110111 01101111 01110010 01100100 00100000 01110011 01110000 01100001 01100011 01100101 01110011
MD5:
5c61957f8dcf9360f3f996cb689608ba
String > Binary > MD5
You wouldn't be able to feed the string in as a direct input. And it would be tricky to try to shape the mask to match only the binary that is valid alphanumerics, other than the fact that the first bit is 0.
But even then, it's a bit too big:
Code:
$ hashcat -m 0 -a 3 binary.hash -2 '01' 0?2?2?2?2?2?2?20?2?2?2?2?2?2?20?2?2?2?2?2?2?20?2?2?2?2?2?2?20?2?2?2?2?2?2?20?2?2?2?2?2?2?20?2?2?2?2?2?2?20?2?2?2?2?2?2?20?2?2?2?2?2?2?20?2?2?2?2?2?2?20?2?2?2?2?2?2?20?2?2?2?2?2?2?20?2?2?2?2?2?2?20?2?2?2?2?2?2?20?2?2?2?2?2?2?20?2?2?2?2?2?2?2
hashcat (v4.0.1-72-g838a7163+) starting...
OpenCL Platform #1: NVIDIA Corporation
======================================
* Device #1: GeForce GTX 1080, 2028/8113 MB allocatable, 20MCU
* Device #2: GeForce GTX 1080, 2028/8114 MB allocatable, 20MCU
* Device #3: GeForce GTX 1080, 2028/8114 MB allocatable, 20MCU
* Device #4: GeForce GTX 1080, 2028/8114 MB allocatable, 20MCU
* Device #5: GeForce GTX 1080, 2028/8114 MB allocatable, 20MCU
* Device #6: GeForce GTX 1080, 2028/8114 MB allocatable, 20MCU
OpenCL Platform #2: Advanced Micro Devices, Inc.
================================================
* Device #7: AMD FX(tm)-8350 Eight-Core Processor, skipped.
Hashes: 1 digests; 1 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates
Applicable optimizers:
* Zero-Byte
* Early-Skip
* Not-Salted
* Not-Iterated
* Single-Hash
* Single-Salt
* Brute-Force
* Raw-Hash
Password length minimum: 0
Password length maximum: 256
ATTENTION! Pure (unoptimized) OpenCL kernels selected.
This enables cracking passwords and salts > length 32 but for the price of drastically reduced performance.
If you want to switch to optimized OpenCL kernels, append -O to your commandline.
Watchdog: Temperature abort trigger set to 90c
Integer overflow detected in keyspace of mask: 0?2?2?2?2?2?2?20?2?2?2?2?2?2?20?2?2?2?2?2?2?20?2?2?2?2?2?2?20?2?2?2?2?2?2?20?2?2?2?2?2?2?20?2?2?2?2?2?2?20?2?2?2?2?2?2?20?2?2?2?2?2?2?20?2?2?2?2?2?2?20?2?2?2?2?2?2?20?2?2?2?2?2?2?20?2?2?2?2?2?2?20?2?2?2?2?2?2?20?2?2?2?2?2?2?20?2?2?2?2?2?2?2
(12-21-2017, 05:08 AM)royce Wrote: [ -> ]You wouldn't be able to feed the string in as a direct input. And it would be tricky to try to shape the mask to match only the binary that is valid alphanumerics, other than the fact that the first bit is 0.
But even then, it's a bit too big:
Code:
$ hashcat -m 0 -a 3 binary.hash -2 '01' 0?2?2?2?2?2?2?20?2?2?2?2?2?2?20?2?2?2?2?2?2?20?2?2?2?2?2?2?20?2?2?2?2?2?2?20?2?2?2?2?2?2?20?2?2?2?2?2?2?20?2?2?2?2?2?2?20?2?2?2?2?2?2?20?2?2?2?2?2?2?20?2?2?2?2?2?2?20?2?2?2?2?2?2?20?2?2?2?2?2?2?20?2?2?2?2?2?2?20?2?2?2?2?2?2?20?2?2?2?2?2?2?2
hashcat (v4.0.1-72-g838a7163+) starting...
OpenCL Platform #1: NVIDIA Corporation
======================================
* Device #1: GeForce GTX 1080, 2028/8113 MB allocatable, 20MCU
* Device #2: GeForce GTX 1080, 2028/8114 MB allocatable, 20MCU
* Device #3: GeForce GTX 1080, 2028/8114 MB allocatable, 20MCU
* Device #4: GeForce GTX 1080, 2028/8114 MB allocatable, 20MCU
* Device #5: GeForce GTX 1080, 2028/8114 MB allocatable, 20MCU
* Device #6: GeForce GTX 1080, 2028/8114 MB allocatable, 20MCU
OpenCL Platform #2: Advanced Micro Devices, Inc.
================================================
* Device #7: AMD FX(tm)-8350 Eight-Core Processor, skipped.
Hashes: 1 digests; 1 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates
Applicable optimizers:
* Zero-Byte
* Early-Skip
* Not-Salted
* Not-Iterated
* Single-Hash
* Single-Salt
* Brute-Force
* Raw-Hash
Password length minimum: 0
Password length maximum: 256
ATTENTION! Pure (unoptimized) OpenCL kernels selected.
This enables cracking passwords and salts > length 32 but for the price of drastically reduced performance.
If you want to switch to optimized OpenCL kernels, append -O to your commandline.
Watchdog: Temperature abort trigger set to 90c
Integer overflow detected in keyspace of mask: 0?2?2?2?2?2?2?20?2?2?2?2?2?2?20?2?2?2?2?2?2?20?2?2?2?2?2?2?20?2?2?2?2?2?2?20?2?2?2?2?2?2?20?2?2?2?2?2?2?20?2?2?2?2?2?2?20?2?2?2?2?2?2?20?2?2?2?2?2?2?20?2?2?2?2?2?2?20?2?2?2?2?2?2?20?2?2?2?2?2?2?20?2?2?2?2?2?2?20?2?2?2?2?2?2?20?2?2?2?2?2?2?2
hashcat64.exe -a 3 -m 0 -w 2 -1 "01" -2 " " -o found.txt hash.txt ?1?1?1?1?1?1?1?1?2?1?1?1?1?1?1?1?1?2?1?1?1?1?1?1?1?1?2?1?1?1?1?1?1?1?1?2?1?1?1?1?1?1?1?1?2?1?1?1?1?1?1?1?1?2?1?1?1?1?1?1?1?1?2?1?1?1?1?1?1?1?1?2?1?1?1?1?1?1?1?1?2?1?1?1?1?1?1?1?1?2?1?1?1?1?1?1?1?1?2?1?1?1?1?1?1?1?1?2 --increment
Is it possible to increment by 9, after the initial 8 bits?
For instance, I do not want to check: ?1?1?1?1?1?1?1?1?2?1, followed by ?1?1?1?1?1?1?1?1?2?1?1, then followed by ?1?1?1?1?1?1?1?1?2?1?1?1, etc.
I would want to check for: ?1?1?1?1?1?1?1?1?2, followed by ?1?1?1?1?1?1?1?1?2?1?1?1?1?1?1?1?1, then followed by ?1?1?1?1?1?1?1?1?2?1?1?1?1?1?1?1?1?2?1?1?1?1?1?1?1?1, etc.