+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Deprecated; Ancient Versions (https://hashcat.net/forum/forum-46.html)
+--- Forum: Very old oclHashcat-plus Support (https://hashcat.net/forum/forum-23.html)
+--- Thread: custom charset reality check (/thread-1791.html)
custom charset reality check - piffdos - 11-28-2012
Hi All,
Just wanted to do a reality check after doing a password attack on 3 sha512crypt password hashes for a competition.
I chose to do a dictionary + mask attack because I thought I knew what the password started with (the dictionary) plus 4 numbers followed by a dash -, then 4 uppercase letters.
I set "--custom-charset1=-" the mask was then ?d?d?d?d?1?u?u?u?u
My question is, did my custom charset work? how can I confirm that the hashes that hashcat tested were in fact, what I wanted to test for? Is one character "-" in a custom charset valid?
thanks in advance
RE: custom charset reality check - radix - 11-28-2012
Depending on how long your dictionary words were, I would guess that most attempts were skipped. oclHashcat has a char limit and you are only leaving room for 6 letter dictionary words.
RE: custom charset reality check - piffdos - 11-28-2012
Thanks Radix, the dictionary file only had one word, a four character dictionary word. If my guess was correct then the password should be a 13 character password, format XYZ-1234-ABCD, that should be under the 15 character limit.
(11-28-2012, 12:18 AM)radix Wrote: Depending on how long your dictionary words were, I would guess that most attempts were skipped. oclHashcat has a char limit and you are only leaving room for 6 letter dictionary words.
RE: custom charset reality check - epixoip - 11-28-2012
if it only has one word you don't need to do a hybrid attack, you can just do a mask attack. also, while it is valid, you don't really need to use a custom charset for just one character. so, brute forcing the mask "word?d?d?d?d-?u?u?u?u" will work just fine.
RE: custom charset reality check - piffdos - 11-29-2012
Thanks epix! I will try it that way also, just to be sure.
(11-28-2012, 10:21 AM)epixoip Wrote: if it only has one word you don't need to do a hybrid attack, you can just do a mask attack. also, while it is valid, you don't really need to use a custom charset for just one character. so, brute forcing the mask "word?d?d?d?d-?u?u?u?u" will work just fine.