+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Deprecated; Previous versions (https://hashcat.net/forum/forum-29.html)
+--- Forum: Old oclHashcat Support (https://hashcat.net/forum/forum-38.html)
+--- Thread: Brute force with custom charset (/thread-3719.html)
Brute force with custom charset - TQS - 10-05-2014
Hi. I am trying to launch a brute-force attack on a WordPress hash and i know that the password contains only letters and numbers and has length of 6-9 signs. From the wiki i figured out that i have to type this command into my oclHashcat:
oclHashcat64.exe -m400 -a 3 hash.txt -1 ?l?d
But when i do so hashcat launches brute-force attack with all Built-in charsets: ?l?u?d?s (and not the ones i need it to brute force which is ?l?d), i figured that out from the time it takes to finish the certain lengths of a password. I don't think that it takes absolutely identical amount of time to check 5 signs password in these modes "?l?d" "?l?u?d?s". Could you please indicate what do i do wrong and what exactly should i type to make a brute-force attack only with letters and digits?
Thanks in advance!
RE: Brute force with custom chares - epixoip - 10-05-2014
you are defining a custom character set, but you are not supplying a mask that actually uses that character set.
RE: Brute force with custom chares - TQS - 10-05-2014
I figured that out that it has something to do with the mask... Could you please write a proper command then?
RE: Brute force with custom chares - Rolf - 10-05-2014
From HC Wiki:
oclHashcat64 -a 3 -m 400 -i --increment-min=6 -1 ?l?d hash.txt ?1?1?1?1?1?1?1?1?1
Brute forcing a wordpress hash at those settings is a bad idea, though.
RE: Brute force with custom charset - TQS - 10-05-2014
(10-05-2014, 11:14 AM)Rolf Wrote: From HC Wiki:
oclHashcat64 -a 3 -m 400 -i --increment-min=6 -1 ?l?d hash.txt ?1?1?1?1?1?1?1?1?1
Brute forcing a wordpress hash at those settings is a bad idea, though.
I am not really good with cracking methods that offers hashcat. Could you offer me a better solution for my issue?
RE: Brute force with custom charset - Rolf - 10-05-2014
Wordlist and mutation attacks are never bad to start with.
More information regarding the description and usage of attacks can be obtained from the aforementioned wiki or by launching hashcat with the "--help" flag.
RE: Brute force with custom charset - TQS - 10-05-2014
I have already tried wordlist attack (i have 107 GB wordlist but no success with cracking this hash). I have never heard of mutation attacks before. Got to give it a try. Thanks a lot for your help!