Crack JWT HS256 with hashcat with Intel I9
#1
I have JWT with HS256 algorithm that I want to crack with hachcat using brute force.

I run : hashcat pass.txt -m 16500 -a3 --session my_session

1) I got warning 

Quote:The wordlist or mask that you are using is too small.
This means that hashcat cannot use the full parallel power of your device(s).
Unless you supply more work, your cracking speed will drop.
For tips on supplying more work, see: https://hashcat.net/faq/morework

Approaching final keyspace - workload adjusted

I don't have a wordlist or make, I just want to brute force.
What does this warning? 

2) How much time this crack will take on Intel I9 PC? Is that possible to crack and brute force all the options with original PC?

Thank you all!
.
Reply
#2
-a3 is bruteforece yes, but you didnt specify an attackmask
try

hashcat -a3 -m16500 --session my_session --increment pass.txt ?a?a?a?a?a?a?a?a

this will start a bruteforceattack with all ascii signs start with lenght one, after that length 2, till reaching length 8
Reply
#3
(05-20-2022, 09:58 AM)Snoopy Wrote: -a3 is bruteforece yes, but you didnt specify an attackmask
try

hashcat -a3 -m16500 --session my_session --increment pass.txt ?a?a?a?a?a?a?a?a

this will start a bruteforceattack with all ascii signs start with lenght one, after that length 2, till reaching length 8
If I didn't  specify an attackmask so what will be the attack  mask? All the options not?
Reply
#4
if you didnt specify an attackmask you test your hash versus an empty word, so your wordlist is just one empty string ''

?a means is one position all possible 95 ascii signs which is bruteforce, you have to provide a mask for bruteforce because you could also just bruteforce ?l which means just lower ascii chars
Reply
#5
(05-20-2022, 03:01 PM)Snoopy Wrote: if you didnt specify an attackmask you test your hash versus an empty word, so your wordlist is just one empty string ''

?a means is one position all possible 95 ascii signs which is bruteforce, you have to provide a mask for bruteforce because you could also just bruteforce ?l which means just lower ascii chars
I thank you about your help but when I didn't set any attack mask ,hashcat find key like 1234 so it's really run

I don't know  what are all the options for HA256 but I want to run on all over the options, even not ascii
How can I do that please?

By the way I tried ?a?a?a?a?a?a?a?a
And I got
Minimum password length supported by kernel: 0
Maximum password length supported by kernel: 256

Hashes: 1 digests; 1 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates

Is that OK? why ascii chars are only 16 bits
Reply
#6
(05-20-2022, 04:46 PM)Jojo koko Wrote:
(05-20-2022, 03:01 PM)Snoopy Wrote: if you didnt specify an attackmask you test your hash versus an empty word, so your wordlist is just one empty string ''

?a means is one position all possible 95 ascii signs which is bruteforce, you have to provide a mask for bruteforce because you could also just bruteforce ?l which means just lower ascii chars
I thank you about your help but when I didn't set any attack mask ,hashcat find key like 1234 so it's really run

I don't know  what are all the options for HA256 but I want to run on all over the options, even not ascii
How can I do that please?

By the way I tried ?a?a?a?a?a?a?a?a
And I got
Minimum password length supported by kernel: 0
Maximum password length supported by kernel: 256

Hashes: 1 digests; 1 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates

Is that OK? why  ascii chars are only 16 bits

i think hashcat uses a standardmask when not providing a mask, but i didnt checked
yes hahscat uses the following masks when not providing any mask
UPDATE:
?1?2
...
?1?2?2?2?2?2

with the follwing charset -1 ?l?d?u, -2 ?l?d, -3 ?l?d*!$@_, -4 Undefined

im not quite sure when ?3 is used because it seems hc just addes another ?2 when incrementing

well you could use ?h for all possible hex but this would result in an enormous keyspace, in fact it would be great if you know anything about the used charset, for example in germany there are some special chars like äöü, when used in passes you will not be able to crack even such a short word like germnan öl (oil) because ascii didnt cover this an you will need a custom charset

for a first run try the following with added options
Code:
-w3 -O --increment
and ?a?a?a?a?a?a?a?a as mask

-O is important using optimized kernel, supports length up to 55 which is quite enough for a mask of lenght 1to8

ignore the data for bitmaps, take a look at keyspace or progress
Reply