Posts: 8
Threads: 1
Joined: Dec 2022
Hi Guys, i have this kind of hash $P$BpDZXXXXXXXX.... which is for me -m 400, i managed to decrypt few of them with rockyou.txt with straight attack mode -a 0 but i really want to decrypt most of them. Any advices ? With rules ? or another wordlist php pass targeted ?
Thanks for all your future advices.
Posts: 385
Threads: 1
Joined: Aug 2020
Try an attack with rules and here you have a lot of ready-made dictionaries
www.weakpass.com
Posts: 8
Threads: 1
Joined: Dec 2022
(12-13-2022, 11:14 PM)marc1n Wrote: Try an attack with rules and here you have a lot of ready-made dictionaries www.weakpass.com
Many Thanks for your quick answer, and what dictionnaries do you recoomend for what i am looking for ?
Posts: 385
Threads: 1
Joined: Aug 2020
(12-13-2022, 11:16 PM)ivan7 Wrote: (12-13-2022, 11:14 PM)marc1n Wrote: Try an attack with rules and here you have a lot of ready-made dictionaries www.weakpass.com
Many Thanks for your quick answer, and what dictionnaries do you recoomend for what i am looking for ?
Two large:
hashesorg2019
and
rockyou2021.txt
Posts: 8
Threads: 1
Joined: Dec 2022
You're amazing thanks so much ! I will try with best64.rule, and do you think another rule more efficient with php pass ?
Tanks so much for your advices
Posts: 385
Threads: 1
Joined: Aug 2020
(12-13-2022, 11:39 PM)ivan7 Wrote: You're amazing thanks so much ! I will try with best64.rule, and do you think another rule more efficient with php pass ?
Tanks so much for your advices
I don't know the rule specifically under php but dive.rule is very good
Posts: 8
Threads: 1
Joined: Dec 2022
This is what i did hashcat.exe -m 400 -a 0 -O -o "resultsfull.txt" "hashed.txt" "rockyou2021.txt" -r rules/dive.rule
but i have 10 years estimated time lol
I have a threadripper processor Cpu, is it more efficient in my case to use my cpu in order to save time ?
Posts: 385
Threads: 1
Joined: Aug 2020
12-14-2022, 10:43 AM
(This post was last modified: 12-14-2022, 10:45 AM by marc1n.)
(12-14-2022, 08:23 AM)ivan7 Wrote: This is what i did hashcat.exe -m 400 -a 0 -O -o "resultsfull.txt" "hashed.txt" "rockyou2021.txt" -r rules/dive.rule
but i have 10 years estimated time lol
I have a threadripper processor Cpu, is it more efficient in my case to use my cpu in order to save time ?
For this hash, it is recommended to use a GPU for example the result of one RTX 3090 Speed.#1.........: 20669.7 kH/s
Here you can rent yourself a GPU vast.ai for hours
Posts: 889
Threads: 15
Joined: Sep 2017
beside the already given answers
rules and wordlist are not effective against a specific hashtype but for well known passwords and passwords modifications, regardless of the hashtype
you said you were able to get some clear text passwords, how do they look like? do they follow any pattern? assume that the used crm or whatever has a passord policy like, at least 8 chars, 1 number, 1 special char or whatever or look the passwords like standard human passphrases?
what kind of language was used or where does the hashes come from? for sure you will get some cracked passes with an english dictionary, but aussume the hashes are from a german, french, spanish whatever site, you have to adopt to the targeted language as well
Posts: 8
Threads: 1
Joined: Dec 2022
Thanks for your answer @Snoopy, yes, passwords i cracked, looks like Alfie2008, or Jamesbond1 or Sonic123.
Language is phpass, phpBB3 (MD5), Joomla >= 2.5.18 (MD5), WordPress (MD5) and yes it's english like passes.
So according to you i have to use for exemple -i --increment-min=5 --increment-max=8 and ?a