hashcat Forum

Hi all,

I know the password will combine of upper, lower, number and @#. And maybe the length of pass is around 11 characters. So my command look like this.
 
hashcat -m 1000 -a 3 -1 '?I?u?d@#' ?1?1?1?1?1?1?1?1?1?1?1 --increment --increment-min=5 --increment-max=11 --outfile-format 2 --status --status-timer=20 hash.txt
 
But it show "Token length exception". 

Anyone know what is wrong with my command.

 Could you help me with this.

Thanks
Alexb

The hash.txt contains invalid hashes

Seeing as you are using -m 1000 it is likely you got a password dump in the format "krbtgt:502:aad3b435b51404eeaad3b435b51404ee:abcdef0123456789abcdef0123456789:::" or
"krbtgt:abcdef0123456789abcdef0123456789".
You need to make sure it looks like the example on https://hashcat.net/wiki/doku.php?id=example_hashes so just the abcdef0123456789abcdef0123456789 (NTLM hash) part.

Also ?I (capital i) is not a valid mask, you probably mean ?l (lowercase L).

(02-14-2019, 10:11 AM)atom Wrote: [ -> ]The hash.txt contains invalid hashes

Hi Atom,

This is my contents of hash.txt:

Administrator:500: 8D555B3D983AB93077BC38A7A4D8DAA0:E50CC22AAAFEE5373594A225CB8CBF0E:::
Guest:501: DFFCEE3882D1608A3725CAD618DFF5DE:164B17B7A000331C38B8FA7E1EB938BC:::
:503:156A9AB34CD8542F6CDA483988CF2F06:06B252803DC70FAB3436AB49844A1CF9:::
:1002:1B70ABF29B3FF7DF159768026B0A481C:B5275416649B46CA1FD93B75F49B93CF:::

And the value is extract by using pwdump7:

C:\tmp\pwdump7>PwDump7.exe > hash.txt
Pwdump v7.1 - raw password extractor
Author: Andres Tarasco Acuna
url: http://www.514.es

C:\tmp\pwdump7>

if invalid so what make it invalid , please help me. ( I am using windows server 2016 standard) i just make space between 500: 8D5 since it change to emotion icon

Thanks

(02-14-2019, 10:21 AM)DanielG Wrote: [ -> ]Seeing as you are using -m 1000 it is likely you got a password dump in the format "krbtgt:502:aad3b435b51404eeaad3b435b51404ee:abcdef0123456789abcdef0123456789:::" or
"krbtgt:abcdef0123456789abcdef0123456789".
You need to make sure it looks like the example on https://hashcat.net/wiki/doku.php?id=example_hashes so just the abcdef0123456789abcdef0123456789 (NTLM hash) part.

Also ?I (capital i) is not a valid mask, you probably mean ?l (lowercase L).

Thanks DanienlG, i will check it

and by the way, does windows using NTLM to hash?

this syntax is wrong:


the correct syntax is

i.e. the hash file must be specified before the mask (positional arguments). The mask must be after the hash file.
See --help

(02-14-2019, 11:10 AM)philsmd Wrote: [ -> ]this syntax is wrong:

Code:

hashcat -m 1000 -a 3 ... ?1?1?1?1?1?1?1?1?1?1?1 ... hash.txt

the correct syntax is

Code:

hashcat -m 1000 -a 3 .... hash.txt ?1?1?1?1?1?1?1?1?1?1?1

i.e. the hash file must be specified before the mask (positional arguments). The mask must be after the hash file.
See --help

Code:

Usage: hashcat [options]... hash|hashfile|hccapxfile [dictionary|mask|directory]...

Thanks Philsmd, now it is running after change to the correct syntax

Don't forget to -O, with a mask of length 11 you will get a drastic performance increase.

Hello, I'm trying to decipher a password but I'm not very informed on the subject and I don't even know how to start, if someone could help me I would really appreciate it, this is the password (it's nothing important):$y$j9T$xxxxxxxxxxxxxxxx$xxxxxxxxxxxxxxxxxx:19243:0:99999:7:::