+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Support (https://hashcat.net/forum/forum-3.html)
+--- Forum: hashcat (https://hashcat.net/forum/forum-45.html)
+--- Thread: No idea how to succeed cracking hashes (/thread-6941.html)
No idea how to succeed cracking hashes - forkbomb - 10-19-2017
Greetings!
I'm new here, but I've used hashcat before.
My problem, which is giving me a huge headache, is that I can't succesfully crack anything!
I'm here to ask for help and advices.
So far, my use of hashcat has been with wordlists, straight attacks, but as you can imagine, I found nothing.
I would love to crack some hashes, but I don't know how to move. Can you please help me, telling how do you do it?
For example, how can you crack an MD5? I am 100% sure you use a rule or something like that, but I have no idea. Also, my wordlists are big (>5Gb), so I think they are pretty useless if I'm not sure the password is inside that file.
Another example, how to crack a wpa2? Usually, I search for the router name, find some passwords and make a mask on that. But what if that has been changed? how can I crack it?
Hope you can help me, because I'm lost.
RE: No idea how to succeed cracking hashes - Flomac - 10-20-2017
(10-19-2017, 02:16 PM)forkbomb Wrote: Also, my wordlists are big (>5Gb), so I think they are pretty useless if I'm not sure the password is inside that file.
That's not a wordlist, that's a piece of junk. I calls these "lucklists"
You need much smaller wordlists with unique AND useful "words" in it. Producing candidates with rules, mask and so on is the much better way.
Bad wordlists look like this:
summer23
summer25
summer26
summer41
...
Problem is: What if the password contains summer29? It's not in the wordlist and will not be found.
A rule that combines words like summer with the numbers 0-99 is much more effective, in terms of results and speed.
Many people use the famous Rockyou.txt as a wordlist and that is a good start. With ~135MB is quite handy.
RE: No idea how to succeed cracking hashes - DDNK - 10-21-2017
(10-20-2017, 12:05 PM)Flomac Wrote:(10-19-2017, 02:16 PM)forkbomb Wrote: Also, my wordlists are big (>5Gb), so I think they are pretty useless if I'm not sure the password is inside that file.
That's not a wordlist, that's a piece of junk. I calls these "lucklists"
You need much smaller wordlists with unique AND useful "words" in it. Producing candidates with rules, mask and so on is the much better way.
Bad wordlists look like this:
summer23
summer25
summer26
summer41
...
Problem is: What if the password contains summer29? It's not in the wordlist and will not be found.
A rule that combines words like summer with the numbers 0-99 is much more effective, in terms of results and speed.
Many people use the famous Rockyou.txt as a wordlist and that is a good start. With ~135MB is quite handy.
Do you have an effective, simple, way of downsizing wordlists of these sizes? I think the process is called "stemming" or something - don't have much time to research into it at the moment.
RE: No idea how to succeed cracking hashes - forkbomb - 10-21-2017
(10-20-2017, 12:05 PM)Flomac Wrote: That's not a wordlist, that's a piece of junk. I calls these "lucklists"
You need much smaller wordlists with unique AND useful "words" in it. Producing candidates with rules, mask and so on is the much better way.
Bad wordlists look like this:
summer23
summer25
summer26
summer41
...
Problem is: What if the password contains summer29? It's not in the wordlist and will not be found.
A rule that combines words like summer with the numbers 0-99 is much more effective, in terms of results and speed.
Many people use the famous Rockyou.txt as a wordlist and that is a good start. With ~135MB is quite handy.
Thank you all for the help!
As I imagined, it's not simple at all. I just see many ppl finding lots of hashes in a single search and I thought it would be easy.
Do you have any suggestion on how to make an effective rule?
(10-21-2017, 05:40 PM)DDNK Wrote: Do you have an effective, simple, way of downsizing wordlists of these sizes? I think the process is called "stemming" or something - don't have much time to research into it at the moment.
I'm interested too. Thanks to highlight this, hope someone can help.
RE: No idea how to succeed cracking hashes - Flomac - 10-23-2017
(10-21-2017, 05:40 PM)DDNK Wrote: Do you have an effective, simple, way of downsizing wordlists of these sizes? I think the process is called "stemming" or something - don't have much time to research into it at the moment.
I don't. Too much depends on what you want to crack. I personally use totals from Wikipedia and remove all the non-latin-letter-words. It gives me a wide variety of words that can be combined with various masks etc.
RE: No idea how to succeed cracking hashes - xkcd3301 - 10-24-2017
(10-19-2017, 02:16 PM)forkbomb Wrote: Greetings!
I'm new here, but I've used hashcat before.
My problem, which is giving me a huge headache, is that I can't succesfully crack anything!
I'm here to ask for help and advices.
So far, my use of hashcat has been with wordlists, straight attacks, but as you can imagine, I found nothing.
I would love to crack some hashes, but I don't know how to move. Can you please help me, telling how do you do it?
For example, how can you crack an MD5? I am 100% sure you use a rule or something like that, but I have no idea. Also, my wordlists are big (>5Gb), so I think they are pretty useless if I'm not sure the password is inside that file.
Another example, how to crack a wpa2? Usually, I search for the router name, find some passwords and make a mask on that. But what if that has been changed? how can I crack it?
Hope you can help me, because I'm lost.
About the WPA2 part, it is considered a "strong" hash, meaning that it will result in slow cracking speed even on high-end equipments, so brute forcing is pretty much out of the question, considering the fact, that it also requires passwords to be at least 8 characters long.
Best result would be achieved by using a good combination of dictionary and rules as mentioned above.
Also, You seem to forget, that hashcat isn't a guarantee for 100% success, just a tool, which can be successful at times. There is always a chance that Your target password is 12+ in length and made entirely of random characters by a password manager, meaning You will never be able to crack it in thousands of years, even if a weak hash algorithm (i.e. MD5) is used..
So asking something like "how can you crack an MD5?" seems a bit sloppy and out of context to me, You should read the wiki first!
RE: No idea how to succeed cracking hashes - atom - 10-25-2017
Note that most default wpa passwords base on known key generations which make them perfectly brute-force able on a single GPU and 90% of the users don't change it.