+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Deprecated; Previous versions (https://hashcat.net/forum/forum-29.html)
+--- Forum: Old oclHashcat Support (https://hashcat.net/forum/forum-38.html)
+--- Thread: What attack to use? (/thread-5074.html)
Pages:
1
2
RE: What attack to use? - Marc05 - 01-23-2016
Perhaps not. As I understand it, if I have a wordlist called 3words.txt consisting of "a, b, c" and run combinator, I will end up with: ab, ac, ba, bc, ca, cb - whereas I want: abc. If that is the case, then combinaotr3 wouldn't work either with a wordlist consisting of 4 words.
I know that the password would be at least a combination of 8 words, and up to a combination of 18 words. However, if a wordlist has to be generated, and hashcat can't generate and try the password at the same time, I'd have to create a more sensible wordlist that contains the more probable password of 8 to 14 combinations. I think that would be up to 14! combinations, which at 9000 H/s is not bad.
RE: What attack to use? - epixoip - 01-23-2016
If you want "abc" then combinator3.bin is precisely what you want... If your wordlist contains the following:
Code:
apple
banana
cocknoseThen ''./combinator3.bin wordlist wordlist wordlist'' is going to generate:
Code:
appleappleapple
appleapplebanana
appleapplecocknose
applebananaapple
applebananabanana
applebananacocknose
applecocknoseapple
applecocknosebanana
applecocknosecocknose
bananaappleapple
bananaapplebanana
bananaapplecocknose
bananabananaapple
bananabananabanana
bananabananacocknose
bananacocknoseapple
bananacocknosebanana
bananacocknosecocknose
cocknoseappleapple
cocknoseapplebanana
cocknoseapplecocknose
cocknosebananaapple
cocknosebananabanana
cocknosebananacocknose
cocknosecocknoseapple
cocknosecocknosebanana
cocknosecocknosecocknoseAnd you can pipe this directly into oclHashcat via stdin if you'd like.
But now you're also saying 8-18 words? Not making much sense, especially since you also previously said the password is only 24 characters max. Anyway, all the pieces are here for you to formulate your attack.
RE: What attack to use? - Marc05 - 01-23-2016
Apologies if I'm making it hard to understand, and thanks for trying to help. In the chance that you're familiar with OTFBrutus, I could do what I'm asking with the following:
(red|blue|black|green){2-4:1}
This generates a variable-length combination pattern with no word repeating more than once; which would at least contain "redblue", and at most "greenblackbluered".
I want to do this exact thing with hashcat, except it would be (...){8-14:1}.
RE: What attack to use? - epixoip - 01-23-2016
Yeah that's not possible with hashcat or combinator.bin, you're going to have repeating words. And of course 8-14 you're going to start running into disk limitations real quick.
RE: What attack to use? - magnum - 01-29-2016
Wouldn't PRINCE be a good choice here? Pro: Super simple. Con: I believe you can't stop it from using elements more than once in a candidate.