hashcat
advanced password recovery

ivan7 · 12-13-2022, 11:09 PM

Hi Guys, i have this kind of hash $P$BpDZXXXXXXXX.... which is for me -m 400, i managed to decrypt few of them with rockyou.txt with straight attack mode -a 0 but i really want to decrypt most of them. Any advices ? With rules ? or another wordlist php pass targeted ?

Thanks for all your future advices.

~~marc1n~~ · 12-13-2022, 11:14 PM

Try an attack with rules and here you have a lot of ready-made dictionaries www.weakpass.com

ivan7 · 12-13-2022, 11:16 PM

(12-13-2022, 11:14 PM)marc1n Wrote: Try an attack with rules and here you have a lot of ready-made dictionaries www.weakpass.com

Many Thanks for your quick answer, and what dictionnaries do you recoomend for what i am looking for ?

~~marc1n~~ · 12-13-2022, 11:27 PM

(12-13-2022, 11:16 PM)ivan7 Wrote:
(12-13-2022, 11:14 PM)marc1n Wrote: Try an attack with rules and here you have a lot of ready-made dictionaries www.weakpass.com

Many Thanks for your quick answer, and what dictionnaries do you recoomend for what i am looking for ?

Two large:

hashesorg2019
and
rockyou2021.txt

ivan7 · 12-13-2022, 11:39 PM

You're amazing thanks so much ! I will try with best64.rule, and do you think another rule more efficient with php pass ?

Tanks so much for your advices

~~marc1n~~ · 12-13-2022, 11:54 PM

(12-13-2022, 11:39 PM)ivan7 Wrote: You're amazing thanks so much ! I will try with best64.rule, and do you think another rule more efficient with php pass ?

Tanks so much for your advices

I don't know the rule specifically under php but dive.rule is very good

ivan7 · 12-14-2022, 08:23 AM

This is what i did hashcat.exe -m 400 -a 0 -O -o "resultsfull.txt" "hashed.txt" "rockyou2021.txt" -r rules/dive.rule

but i have 10 years estimated time lol

I have a threadripper processor Cpu, is it more efficient in my case to use my cpu in order to save time ?

~~marc1n~~ · (This post was last modified: 12-14-2022, 10:45 AM by marc1n.)

(12-14-2022, 08:23 AM)ivan7 Wrote: This is what i did hashcat.exe -m 400 -a 0 -O -o "resultsfull.txt" "hashed.txt" "rockyou2021.txt" -r rules/dive.rule

but i have 10 years estimated time lol

I have a threadripper processor Cpu, is it more efficient in my case to use my cpu in order to save time ?

For this hash, it is recommended to use a GPU for example the result of one RTX 3090 Speed.#1.........: 20669.7 kH/s

Here you can rent yourself a GPU vast.ai for hours

Snoopy · 12-14-2022, 02:36 PM

beside the already given answers

rules and wordlist are not effective against a specific hashtype but for well known passwords and passwords modifications, regardless of the hashtype

you said you were able to get some clear text passwords, how do they look like? do they follow any pattern? assume that the used crm or whatever has a passord policy like, at least 8 chars, 1 number, 1 special char or whatever or look the passwords like standard human passphrases?

what kind of language was used or where does the hashes come from? for sure you will get some cracked passes with an english dictionary, but aussume the hashes are from a german, french, spanish whatever site, you have to adopt to the targeted language as well

ivan7 · 12-14-2022, 03:08 PM

Thanks for your answer @Snoopy, yes, passwords i cracked, looks like Alfie2008, or Jamesbond1 or Sonic123.

Language is phpass, phpBB3 (MD5), Joomla >= 2.5.18 (MD5), WordPress (MD5) and yes it's english like passes.

So according to you i have to use for exemple -i --increment-min=5 --increment-max=8 and ?a

Login
Username/Email:
Password:	Lost Password?
	Remember me

hashcat advanced password recovery

hashcat
advanced password recovery