+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Support (https://hashcat.net/forum/forum-3.html)
+--- Forum: hashcat (https://hashcat.net/forum/forum-45.html)
+--- Thread: Estimated time difference using --increment vs. mask length? (/thread-6028.html)
Estimated time difference using --increment vs. mask length? - v3rd1ct - 11-10-2016
Hello,
I am running hashcat to crack some NTLM passwords for testing. I noticed that there is a huge difference in estimated time when running hashcat with --increment parameter vs. providing a password length mask.
Here is an example...
Code:
hashcat64.exe -a 3 -m 1000 --potfile-path test.pot --username -1 ?u?l?d!@#$ test.ntlm.txt ?1?1?1?1?1?1?1?1?1
Session.Name...: hashcat
Status.........: Aborted
Input.Mode.....: Mask (?1?1?1?1?1?1?1?1?1) [9]
Custom.Chars...: -1 ?u?l?d!@#$, -2 Undefined, -3 Undefined, -4 Undefined
Hash.Target....: File (test.ntlm.txt)
Hash.Type......: NTLM
Time.Started...: Thu Nov 10 08:39:58 2016 (3 secs)
Time.Estimated.: Fri Dec 09 11:09:17 2016 (29 days, 2 hours)
Speed.Dev.#1...: 9450.0 MH/s (11.20ms)
Recovered......: 191/651 (29.34%) Digests, 0/1 (0.00%) Salts
Recovered/Time.: CUR:N/A,N/A,N/A AVG:0.00,0.00,0.00 (Min,Hour,Day)
Progress.......: 29560960000/23762680013799936 (0.00%)
Rejected.......: 0/29560960000 (0.00%)
Restore.Point..: 6656000/5455160701056 (0.00%)We then run it using the --increment parameter and set it to start/end at 9 characters.
Code:
hashcat64.exe -a 3 -m 1000 --potfile-path test.pot --username -1 ?u?l?d!@#$ --increment --increment-min 9 --increment-max 9 test.ntlm.txt
Session.Name...: hashcat
Status.........: Aborted
Input.Mode.....: Mask (?1?2?2?2?2?2?2?3?3) [9]
Custom.Chars...: -1 ?u?l?d!@#$, -2 Undefined, -3 Undefined, -4 Undefined
Hash.Target....: File (test.ntlm.txt)
Hash.Type......: NTLM
Time.Started...: Thu Nov 10 08:40:49 2016 (12 secs)
Time.Estimated.: Thu Nov 10 15:49:12 2016 (7 hours, 8 mins)
Speed.Dev.#1...: 9395.9 MH/s (11.64ms)
Recovered......: 191/651 (29.34%) Digests, 0/1 (0.00%) Salts
Recovered/Time.: CUR:N/A,N/A,N/A AVG:0.00,0.00,0.00 (Min,Hour,Day)
Progress.......: 118717378560/241505293049856 (0.05%)
Rejected.......: 0/118717378560 (0.00%)
Restore.Point..: 49674240/101643641856 (0.05%)How come the estimated time is so much different yet both are 9 character using the same "-1 ?u?l?d!@#$" (upper, lower, digits, and only !@#$ special characters).
I must not be understanding something correctly, anyone able to point me in the right direction?
Why is a password length of 9 characters defined as ?1?1?1?1?1?1?1?1?1 much longer to crack vs. the same password length defined as --increment --increment-min 9 --increment-max 9 ?
RE: Estimated time difference using --increment vs. mask length? - Xanadrel - 11-10-2016
Pay attention, masks are different for the two attacks, so yes, estimated times will be different.
Actually defining the mask for the second one could be a great idea.
RE: Estimated time difference using --increment vs. mask length? - v3rd1ct - 11-10-2016
That makes sense now, thank you. So with the --increment it is using a mask = (?1?2?2?2?2?2?2?3).
Just so i understand this fully, by adding "-1 ?u?l?d!@#$" I am defining the character range only for the ?1 in the mask above.
What will ?2 and ?3 in the mask above use?
RE: Estimated time difference using --increment vs. mask length? - Xanadrel - 11-10-2016
https://hashcat.net/wiki/doku.php?id=frequently_asked_questions#when_i_run_an_attack_with_-a_3_and_i_do_not_specifying_a_mask_i_see_it_working_but_what_is_it_doing
RE: Estimated time difference using --increment vs. mask length? - v3rd1ct - 11-10-2016
I already looked at the wiki/faq, you pointing me back there is not helping.
What would be helpful if you could answer my question instead of sending me back in a loop.
When we run:
Code:
hashcat64.exe -a 3 -m 1000 --potfile-path oppy.pot --username -1 ?u?l?d!@#$ --increment --increment-min 9 --increment-max 9 oppy.ntlm.txtThe input mode mask is:
Code:
Input.Mode.....: Mask (?1?2?2?2?2?2?2?3?3) [9]I already set..
?1 = ?u?l?d!@#$
What is the default character set used for ?2 and ?3...
Before you point me back to other links, I did read everything related "Hashcat mask" and I am still confused, as such I came here looking for answers not links.
RE: Estimated time difference using --increment vs. mask length? - Xanadrel - 11-10-2016
(11-10-2016, 09:24 PM)v3rd1ct Wrote: I already looked at the wiki/faq, you pointing me back there is not helping.It's not about looking, it's about reading.
(11-10-2016, 09:24 PM)v3rd1ct Wrote: The input mode mask is:Still, you need to actually read, I don't post links for fun and giggles, it's because you people keep asking the same questions, so we try our best to compile all the answers in a FAQ (you know, not reinventing the wheel and shit).
Code:Input.Mode.....: Mask (?1?2?2?2?2?2?2?3?3) [9]
I already set..
?1 = ?u?l?d!@#$
What is the default character set used for ?2 and ?3...
What would be helpful if you could answer my question instead of sending me back in a loop.
Before you point me back to other links, I did read everything related "Hashcat mask" and I am still confused, as such I came here looking for answers not links.
I have also another pro tip about links, I myself spent quite some time on the Internet, and know some things, when you follow a link, it leads to a page, and sometimes there may be more links on that page, leading to even more answers.
tl;dr:
Go on the link I posted in my previous post (reminder: https://hashcat.net/wiki/doku.php?id=frequently_asked_questions#when_i_run_an_attack_with_-a_3_and_i_do_not_specifying_a_mask_i_see_it_working_but_what_is_it_doing) and read even only the first line of that paragraph, there is a link which leads to the answers (yes you can even follow it).