+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Deprecated; Ancient Versions (https://hashcat.net/forum/forum-46.html)
+--- Forum: Very old oclHashcat-plus Support (https://hashcat.net/forum/forum-23.html)
+--- Thread: DES random generated bforcing (/thread-1143.html)
DES random generated bforcing - pierzi - 05-05-2012
Hello
I'd like to ask for best way to crack 6 signs random generated DES hashes (lower/upper alpha) examples below:
Code:
8r7CzL
AXMKD5
AgCdzb
BFQh5A
DHKrTq
EfTq49
Jjpqws
KVyq6Z
LrU4QE
NUZzAt
TEDn5S
VSuZR7i know that i could use simple mask attack with ?1?1?1?1?1?1 and ?l?d?u settings, also hybrid attack (ex 3 signs dict + 3 signs mask) but this methods aren't to efficient because of checking a lot of unnecessary candidates like aaaaaa aaaaab.... and so on.
Maybe some of You knows better methods to handle with those type of passwords?
Thanks in advance for any information
RE: DES random generated bforcing - M@LIK - 05-05-2012
BruteForcing ?l?u?d=6 won't take so long. (maybe not if salted).
However, for your request, you can use this way:
Random, unique, pure words
: D
RE: DES random generated bforcing - undeath - 05-06-2012
there is no guarantee for a "total random word" not to equal "aaaaaa"
RE: DES random generated bforcing - phillips321 - 05-07-2012
Thats what i was thinking, just because 'aaaaaa' looks unrandom it is just as possible as 'ZgHtRe'
aaaaaa - ZZZZZZ
26*26*10 per character position
* length of 6
not that many possiblities
RE: DES random generated bforcing - undeath - 05-07-2012
(05-07-2012, 10:08 AM)phillips321 Wrote: 26*26*10 per character position
* length of 6
check your math: (26+26+10)^6
RE: DES random generated bforcing - =||=cat - 05-11-2012
i would like to know the best approach too..
i would say in that case, evaluating from the sample, to find patterns...
like...first char uppercase maximum digit chars 2 and play with it
good luck
RE: DES random generated bforcing - undeath - 05-12-2012
what exactly is it you don't understand about "random"? There is no pattern. A random password can also be "aaaaaaa" or "hello1". It is just exactly the same probability.
RE: DES random generated bforcing - pierzi - 05-12-2012
Thanks for all answers
As for definition of "random" in this case we won't have any passwords which:
1) have only lower alpha, upper alpha or digits - all passwords contains at least two types of signs (in most of cases - all 3 of them),
2) no "human readable" words like hello1,
3) signs won't repeat next to each other - no passwords like 3xxWt7.
4) Using use rules like ?l?u?d?l?u?d is also quite useless - we would have to try all possible combination for them - it won't save our precious time
I think that good solution might be creating 3 digits wordlist but without useless candidates like aaa,aab and so on (don't have idea how to create it) and then use it with Hybrid attack with ?l?u?d
RE: DES random generated bforcing - =||=cat - 05-12-2012
Quote:what exactly is it you don't understand about "random"? There is no pattern. A random password can also be "aaaaaaa" or "hello1". It is just exactly the same probability.dont need a draw mate, thanks anyway...
aint an excuse though but maybe i called it random by mistake(english aint my native language), perhaps patterned gens fits better somehow.
the thing is i've several samples of like 10000 decrypted hashes(indeed are small samples) and i can find patterns there, apparently it was used the same gen script, as for example in a 8 charset,
i cant see more than 3 digits neither 2 same lowercases next to each other and other ones i cant recall right now.
so about randomness i agree with you, the odds are the very same for every char but maybe, generically speaking, the automated process avoid some strings in some way.
@pierzi
indeed all my samples handshake those conditions you posted.
in the end we're just willing to do some progress with these kind of hashes that's all.
cheers!