+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Deprecated; Previous versions (https://hashcat.net/forum/forum-29.html)
+--- Forum: Old oclHashcat Support (https://hashcat.net/forum/forum-38.html)
+--- Thread: Suggest me some tips and good "small" wordlist for a Hybrid attack (/thread-4265.html)
Suggest me some tips and good "small" wordlist for a Hybrid attack - giog7789 - 04-07-2015
Lately I have realized that many dictionaries is not good , but better to focus on quality (I have around 40gb of useless dictionarys).
Now i think that the best way is to try a Hybrid attack with small wordlists with 4-5-6-7, and a digit mask (?)
Now some questions:
- I have literally every wordlist on this planet (probably), can you now suggest some wordlist usefull with the Hybrid attack?
- I'm working on DesUnix passw, should i also try dict+mask that try >8 characters?
- Can you suggest some good rules over Base64?
- For Hybrid attacks Dict+mask or mask+dict, what you suggest as mask and as dict words length? (this is the important question for me)
Whatever your help is well appreciated. Thanks!
RE: Suggest me some tips and good "small" wordlist for a Hybrid attack - atom - 04-07-2015
(04-07-2015, 11:09 AM)giog7789 Wrote: [*] I have literally every wordlist on this planet (probably), can you now suggest some wordlist usefull with the Hybrid attack?
A good wordlist for hybrid is rockyou.txt it's sorted by occurance so you can head -XXXX it to the size you want while keeping the quality. But that's actually not needed as it's not too big.
(04-07-2015, 11:09 AM)giog7789 Wrote: [*] I'm working on DesUnix passw, should i also try dict+mask that try >8 characters?
For descrypt it makes no sense to check any passwords length > 8. It will not work. However, check this article:
https://hashcat.net/wiki/doku.php?id=frequently_asked_questions#i_don_t_want_oclhashcat_to_reject_words_from_my_wordlist_if_they_are_too_long_can_it_truncate_them_instead
(04-07-2015, 11:09 AM)giog7789 Wrote: [*] Can you suggest some good rules over Base64?
A good new rule is dive.rule but its big!
(04-07-2015, 11:09 AM)giog7789 Wrote: [*] For Hybrid attacks Dict+mask or mask+dict, what you suggest as mask and as dict words length? (this is the important question for me)
For -a 6 I'm using -1 ?l?d?s ?1?1?1 as symbols are most of the time on the end of the password, like !!! or so
For -a 7 it's different, also note that the first char often is uppercased. I'd use something like -1 ?l?d?u ?1?1?1
RE: Suggest me some tips and good "small" wordlist for a Hybrid attack - giog7789 - 04-07-2015
Thanks a lot Atom!
Last question.
Can i see the word hashcat is reading (trying) at a given time to see if I set everything well ?
(something like JtR do. Example: abcd90.....abcde01)
RE: Suggest me some tips and good "small" wordlist for a Hybrid attack - atom - 04-07-2015
No, mostly because with oclHashcat it's not a serial process, so there's no "current" password.