hashcat Forum
Wordlist approach? - Printable Version

+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Deprecated; Previous versions (https://hashcat.net/forum/forum-29.html)
+--- Forum: Old oclHashcat Support (https://hashcat.net/forum/forum-38.html)
+--- Thread: Wordlist approach? (/thread-4188.html)



Wordlist approach? - skillskills - 03-16-2015

Hey I have to say what great software! I have seen it in the past but never had a chance to try it out. Hats off to the devs and to the support staff on the forums most my questions were clearly addressed prior to me even asking them from the forums.

I do have a question on opinion and Im sure the response will be "It depends" based off the target passwords I need to get.

But what is the best method of approaching breaking passwords. Example:

Right now here is how I am cracking passwords:

List of human-passwords no rules.
List of human-passwords with \d\d at the end.
List of words no rules.
Lust of words with \d\d at the end.

Is there a better generalized method for getting more passwords on a first few passes? Should I mix up my order? (25 mins on my rig)

Currently my human-password list is 946MB in size and is made of Gmail 5 million leak, and 10 Million example passwords publication. I have stripped out usernames and emails so its purely the passwords. (4 hours on my rig)

My word list is a collection of people places and things (movies books etc). Its about 5GB and contains only lower case words.

Currently I am doing research into distributing the cracking across a number of workstations \ into my ESX cluster but I hear GPU is the way to go.


RE: Wordlist approach? - undeath - 03-16-2015

you should really use rules in your first or second round. Depending on how long the run takes use best64.rule or the cut-down version of the d3ad0ne rules (1.5k I think).


RE: Wordlist approach? - skillskills - 03-17-2015

(03-16-2015, 11:42 PM)undeath Wrote: you should really use rules in your first or second round. Depending on how long the run takes use best64.rule or the cut-down version of the d3ad0ne rules (1.5k I think).

assming the wordlist.txt has the following

aa
cows
bbbbb

the d3ad0ne rule will hash the following passwords correct?

aa
@@
aa@
@@
@a
cows
c0ws
c0w$
cow$
bbbbb

or something similar right?


RE: Wordlist approach? - atom - 03-17-2015

If you're looking for leetspeak stuff, there's also special leet speak rules in the rules folder


RE: Wordlist approach? - skillskills - 03-23-2015

Thanks for your help guys with your help I was able to get about 87% of my list.