+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Deprecated; Previous versions (https://hashcat.net/forum/forum-29.html)
+--- Forum: Old oclHashcat Support (https://hashcat.net/forum/forum-38.html)
+--- Thread: Custom start for bruting? (/thread-4942.html)
Custom start for bruting? - Siwon - 12-27-2015
Say I'm using this command..
oclhashcat64 -m 2500 -a 3 mycapfile.hccap ?d?d?d?d?d?d?d?d?d
Is there any command where I can specify where to start? say... 531238761, instead of 000000000?
RE: Custom start for bruting? - philsmd - 12-27-2015
Actually yes there is.
The only thing you need to make sure is that markov is *disabled*, otherwise you can't easily say at which percentage that number is being checked (that also means that if you had to run all values up to 531238761 too, markov had to be disabled for that range/run too).
Calculate the percentage:
531238761 / 10^9 = 531238761 / 1000000000 = 0.531238761
(53.12%)
Important, get the value for the whole "keyspace":
Code:
$ ./oclHashcat64.bin -m 2500 -a 3 --keyspace hashcat.hccap ?d?d?d?d?d?d?d?d?d
100000000Do some more math to get the -s value:
(total keyspace * percentage = -s value)
100000000 * 0.531238761 = 53123876
Run it:
Code:
./oclHashcat64.bin -m 2500 -a 3 -s 53123876 --markov-disable hashcat.hccap ?d?d?d?d?d?d?d?d?dNote: you must use --markov-disable (otherwise this -s value is not correct)
Note2: I always recommend that you choose the -s value a little bit lower than the calculated one (just to be very sure that we actually don't skip anything, so maybe choose a -s value around 53000000 or so. if you are concerned enough to miss anything
)
RE: Custom start for bruting? - Siwon - 12-27-2015
Fantastic, thank you. Is there a way to stop it at a certain percentage too?
Just run from 500000000 to 600000000
10^9 is 1000000000
that'll be 50% - 60% to run
Would it be -s 500000000 -l 100000000?
* Distributed:
-s, --skip=NUM Skip number of words
-l, --limit=NUM Limit number of words
--keyspace Show keyspace base:mod values and quit
RE: Custom start for bruting? - philsmd - 12-27-2015
nope. it doesn't work like that.
You always need to make it relative to the --keyspace value.
also note 100% (the total --keyspace for oclHashcat) is 100000000 (100M) and *not* 1000000000 (1G, or 10^9). That is how it is defined (just do the math, it's easy, I just gave you the formulas above).
But yes, -l can be used to limit the keyspace
RE: Custom start for bruting? - Siwon - 12-27-2015
I got it, thanks! I don't necessarily need to go by the actual number, I can go by the keyspace number.
Code:
oclhashcat64 -m 2500 -a 3 -s 50000000 -l 10000000 --session 128 --markov-disable 1013_1451021075.hccap ?d?d?d?d?d?d?d?d?
oclHashcat v2.01 starting...
Device #1: Cayman, 1024MB, 870Mhz, 22MCU
Hashes: 1 hashes; 1 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates
Applicable Optimizers:
* Zero-Byte
* Single-Hash
* Single-Salt
* Brute-Force
Watchdog: Temperature abort trigger set to 90c
Watchdog: Temperature retain trigger set to 80c
Device #1: Kernel ./kernels/4098/m02500.Cayman_1800.8_1800.8 (VM)_1449318458.kernel (538808 bytes)
Device #1: Kernel ./kernels/4098/markov_le_v2.Cayman_1800.8_1800.8 (VM)_1449318458.kernel (56988 bytes)
Device #1: Kernel ./kernels/4098/amp_a3_v2.Cayman_1800.8_1800.8 (VM)_1449318458.kernel (16156 bytes)
[s]tatus [p]ause [r]esume [b]ypass [q]uit =>
Session.Name...: 128
Status.........: Running
Input.Mode.....: Mask (?d?d?d?d?d?d?d?d?d) [9]
Hash.Target....: -
Hash.Type......: WPA/WPA2
Time.Started...: Sun Dec 27 12:34:52 2015 (1 sec)
Time.Estimated.: Sun Dec 27 13:05:10 2015 (30 mins, 16 secs)
Speed.GPU.#1...: 73421 H/s
Recovered......: 0/1 (0.00%) Digests, 0/1 (0.00%) Salts
Progress.......: 500067584/600000000 (83.34%)
Rejected.......: 0/500067584 (0.00%)
Restore.Point..: 0/100000000 (0.00%)
HWMon.GPU.#1...: 0% Util, 26c Temp, 5% Fan
[s]tatus [p]ause [r]esume [b]ypass [q]uit =>RE: Custom start for bruting? - philsmd - 12-27-2015
Also, thinking about it, it might actually not work exactly like that, since even with --markov-disable oclHashcat changes the left side most frequently e.g.:
531238761
631238761
731238761
831238761
and *not*
531238761
531238762
531238763
531238764
so 531238761 is actually tested much earlier than 53.12% (should be at around 16% already).
But the idea with -s / -l remains the same.
----
That means, to solve your initial problem to start at a certain position, the easiest way is to use a .hcmask file ( https://hashcat.net/wiki/doku.php?id=mask_attack#hashcat_mask_files ):
e.g. with content:
53?d?d?d?d?d?d?d
456789,5?1?d?d?d?d?d?d?d
6789,?1?d?d?d?d?d?d?d?d
(and with this .hcmask approach you don't even need to use --markov-disable)
Note: one big disadvantage of these reduced keyspaces within the .hcmask file is that full acceleration might not be possible (but might not be that much of a problem at all for a slow algorithm like -m 2500 = WPA/WPA2)