hashcat Forum
basic help needed - Printable Version

+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Support (https://hashcat.net/forum/forum-3.html)
+--- Forum: hashcat (https://hashcat.net/forum/forum-45.html)
+--- Thread: basic help needed (/thread-5888.html)



basic help needed - chocolate - 09-21-2016

I'm new to this program and need some basic help here. First let's say what I want to do, what I'm doing and hope someone tell me what I'm doing wrong.

-What I want is to recover a lost windows 10 x64 local password. I think I know all characters of the password, but not the order.
-So with this info I know (as an example let's say the chars I use in the password are pPaA5%mM, and the NThash is the windows account password hash) and the wiki I use this command:
Code:
hashcat64.exe -m 1000 -a3 -1 pPaA5%mM  NThash

I know for sure that I'm doing something wrong, because when 8 lenth is reached program say estimated time 1h20min. I reduced the charset from pPaA%mM to just p, and it says again that it's going to take 1h20min again, when it should take miliseconds to test pppppppp.

So the question is, what I'm doing wrong? How can I acomplish the search for this password with the info I know?


RE: basic help needed - Xanadrel - 09-21-2016

You define a charset but you don't use it.
Run hashcat without any option, read the output, see if you could have missed something (hint: the mask).


RE: basic help needed - chocolate - 09-21-2016

First thanks for the help, I knew I was doing something wrong.

Been reading this wiki (https://hashcat.net/wiki/doku.php?id=mask_attack) over and over, but or my english is not as good as I thought or I'm missing something more. Let me explain.

In that wiki mask are defined as placeholders, but here is the first problem, If I don't know the order how can I set a mask? I don't know what position the number/s or the letter/s or special characters has in the password.

I thought that If I don't define a mask it uses brute force without mask, and try every candidate from length 1 to 64 using this already defined user custom characters.

The second problem I have it's with the mask itself, imagine than now I want to use a mask, on my example:
Code:
hashcat64.exe -m 1000 -a3 -1 pPaA5%mM  NThash ?l?l?l?l?l?l?l?l

If I'm understanding this wiki right, this should give an exception as I have set the mask with letters but as there are numbers and special characters on my custom charset, this should give an error, something that it's not happening.

PD: sorry for noob question, but I'm really lost here :S


RE: basic help needed - kiara - 09-21-2016

hashcat64.exe -m 1000 -a3 -1 pPaA5%mM NThash ?1?1?1?1?1?1?1?1

1, each ?1 will try all chars candidate that u put in -1 which in ur case is pPaA5%mM
2, ?1?1?1?1?1?1?1?1 mean that ur are searching a keyspace of 8 chars

did u try the command that u wrote? (if not, try it)


RE: basic help needed - chocolate - 09-21-2016

Thanks for helping me

What I wrote it's:
Code:
?l not ?1
, after reading again the wiki I realiced about this (btw, IMO this program should use another letter not L, that in lowcase it's very similar to 1).

But again now I have another two problems:

1) If I don't know the length of the password, do I have to increase manualy from ?1 (1 char) to ?1?1 (2 chars), then to ?1?1?1 (3 chars)..., until I find a match in length and password? or is there a way to set an unkown lenth and use the brute force with this custom charset,i.e from 1 char to 12 ? (I have try -1 --increment-max=12 but with ?1 it stops at 1 char again).

2) the other problem I'm facing it's with this:

[Image: r0CdNvT.jpg]

Without using a mask this message appears for miliseconds and then dissapear after next autorefresh, I was asking myself how to show it. Now that I've use a mask in the command this stays forever, and progress does not autorefresh, I need to click enter or press s (for status)

How I can show/hide this message? How I can enable autorefresh when using masks without the need of pressing enter or s?

Thanks in advance.


RE: basic help needed - rico - 09-21-2016

Both answers are in the Options section of --help.


RE: basic help needed - chocolate - 09-21-2016

Reading one more time the wiki and focusing in the options section I found that:

--status is not part of the -h command, IMO commands not preceded by letters (-- ones) should be put all toguether at the start or at the end with some kind of separator, in the wiki/help because it leads to confusion.

Anyway, one question answered, need help with the other one, the length, I'm lost here. How to stablish the minimun and maximum legth?

I've try this:
Code:
hashcat64.exe -m 1000 -a3 -i --increment-min=1 --increment-max=12 -1 pPaA5%mM  NThash ?1

but it stops exhausted at 1 char not 12.


RE: basic help needed - rico - 09-21-2016

hashcat64.exe --help:

Code:
 Options Short / Long     | Type | Description                                     | Example
==========================+======+=================================================+=======================


--status                  |      | Enable automatic update of the status-screen         |
--status-timer            | Num  | Sets seconds between status-screen update to X       | --status-timer=1

-i, --increment           |      | Enable mask increment mode                           |
--increment-min           | Num  | Start mask incrementing at X                         | --increment-min=4
--increment-max           | Num  | Stop mask incrementing at X                          | --increment-max=8


Your mask is ?1, needs to be ?1?1?1?1?1?1?1?1?1?1?1?1


RE: basic help needed - chocolate - 09-21-2016

Thank you so much, now it finally works Smile