+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Deprecated; Ancient Versions (https://hashcat.net/forum/forum-46.html)
+--- Forum: Very old oclHashcat-plus Support (https://hashcat.net/forum/forum-23.html)
+--- Thread: Complete Noob (/thread-2744.html)
Complete Noob - sweetname - 10-27-2013
So, I've downloaded oclHashcat-plus and the hashcat-gui.
I think I've got it working on what I want, but I honestly have no idea if that's true.
Basically, I have a SHA512 hash WITHOUT any salt where I know that the original text was 10 characters long and contains 2 uppercase letters, 2 digits, and the rest are lowercase letters.
I have a GTX Titan and really want to put it to work on cracking this hash. Can someone PLEASE provide me with either the command line command or else the gui options I would need to use to crack such a hash?
RE: Complete Noob - philsmd - 10-28-2013
In general you should prefer masks/hcmask files over *generating* wordlist (that fit those requirements)... but it really depends on what the requirements exactly are... Do you know the positions of the 2 digits and the 2 uppercase letters or can they be anywhere in the 10 alphanumeric string? Are there *exactly* 2 uppercase letters or at most 2 uppercase letters? What about digits (exactly or max)?
For instance if you know that the passwords starts w/ uppercase you already reduce the keyspace (and the possible masks that you need to try) a lot. The same holds if you for instance know that the passwords ends w/ 1 or 2 digits.
Your main problem is indeed that 10 character long mask together w/ sha512 (which ofc is much slower than e.g. MD5 or others) takes some time to bruteforce (if you really want to use this attack mode - maybe a filtered dictionary that fits the requirements may be a better approach? For instance if you *know* some more details about the possible password etc).
Anyway, you could use e.g. a mask file (http://hashcat.net/wiki/doku.php?id=mask_attack#hashcat_mask_files , .hcmask) in which you put all possible masks (starting for instance w/ the most likely one) and let oclHashcat run.
$ oclHashcat64 -m 1700 m1700_hash.txt -a 3 maskfile.hcmask
where the file maskfile.hcmask could contain lines like:
?u?u?l?l?l?l?l?l?d?d
?u?u?d?d?l?l?l?l?l?l
For details of mask based attack see: http://hashcat.net/wiki/doku.php?id=mask_attack
As said, the main problem is that the length is considerable (maybe too) long for a bruteforce... if instead the password would be only of e.g. length 8 this would not be much of a problem.
So also spent some time in looking on other attack modes (filtered wordlist, rules based attack etc) ...