hashcat Forum
Quick bruteforce char set help - Printable Version

+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Deprecated; Previous versions (https://hashcat.net/forum/forum-29.html)
+--- Forum: Old oclHashcat Support (https://hashcat.net/forum/forum-38.html)
+--- Thread: Quick bruteforce char set help (/thread-4006.html)



Quick bruteforce char set help - scrybe - 01-23-2015

I'm trying bruteforce a password with a known length of 16 chars only. Any of the 16 can be uppercase alpha or numeric. There are no special chars, no lowercase, etc. If someone could tell me the easiest way to get this result, I'd appreciate it.

I'm sure this has been explained somewhere, so excuse the duplication - I wasn't able to track down an answer to this specific question, though I'm sure it's an easy one.


RE: Quick bruteforce char set help - philsmd - 01-23-2015

See https://hashcat.net/wiki/doku.php?id=mask_attack

First you define the custom charset:
-1 ?u?d
which means: define a custom charset (see https://hashcat.net/wiki/doku.php?id=mask_attack#custom_charsets ), to use upper letters and digits
then think about the length and define the mask:
?1?1?1?1?1?1?1?1?1?1?1?1?1?1?1?1
this means: use the custom charset (defined in first step with -1) and use a length of 16 (hence 16 times ?1)

the full command then would be:
oclHashcat64.exe -m 0 -a 3 -1 ?u?d file_containing_the_hash.txt ?1?1?1?1?1?1?1?1?1?1?1?1?1?1?1?1


So now comes the bummer:
brute-forcing, or better said using a mask attack of length 16, is not (really) feasible.
Think about the keyspace, it would be (26 + 10) * (26 + 10) * ... * (26 * 10) = 36 * 36 * 36 * 36 * 36 * 36 * 36 * 36 * 36 * 36 * 36 * 36 * 36 * 36 * 36 * 36 or if you want 36 ^ 16 ( to the power of 16) =
7958661109946400884391936
Even an enormous huge rig wouldn't finish that keyspace very soon ;(


RE: Quick bruteforce char set help - scrybe - 01-23-2015

Thanks for the help - much obliged. I knew it would be massive, but I needed to understand how the masking worked with the custom char sets.

Which brings me to another question: Can I run hashcat against multiple .hccap files at once? Like the way you'd crack a massive list of hashes and thus increase the likelihood of finding a weak pass?


RE: Quick bruteforce char set help - philsmd - 01-23-2015

Completely different question also should be addressed in separate forum threads (with meaningful title).

Anyway, I will answer the question (and close the thread):
the answer, is as always given in the wiki https://hashcat.net/wiki/ (and also uncountable number of times in the forum):
https://hashcat.net/wiki/doku.php?id=hccap

yes you just concatenate the singe .hccap files. There are even the commands for windows/linux in the wiki