+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Support (https://hashcat.net/forum/forum-3.html)
+--- Forum: hashcat (https://hashcat.net/forum/forum-45.html)
+--- Thread: Need help (/thread-8624.html)
Need help - kX73bWKgVB - 09-02-2019
Hello! Im totally new to Hashcat and have not used any such tool before.
I have a email adress with like ~5 missing characters and i also have the md5 hash of the full email. And i guess this would not be super hard to crack.
I would really appreciate if someone could tell me how i should do this, and if possible give example of a full hashcat command.
Thanks.
What i got:
email: example****@gmail.com
md5 hash: 120b8510fd7091bc12f890433f65036f
GPU: Rtx 2080
Help me crack the unknown characters please. The above is just an example but the adress i got is in the exactly same format.
RE: Need help - philsmd - 09-02-2019
md5 ("example1234@gmail.com") == 120b8510fd7091bc12f890433f65036f
it's against the forum rules to post hashes
you could use different types of attacks, -a 3, -a 7 (yeah even -a 1) and of course also a -a 0 attack with a --stdout pipe on the left side (e.g. -a 3 on the left) . chose the one that is the fastest and more convenient for you (e.g. less disk space needed, but still very fast speed)
I don't really understand what the real question is. Do you want to increase the length during the attack with --increment ? You could also just run several commands in sequence, like one with ?a?a?a?a and afterwards another one with ?a?a?a?a?a
For a general overview and explanation about mask attack see https://hashcat.net/wiki/?id=mask_attack
Code:
hashcat -m 0 -a 3 -w 3 -O 120b8510fd7091bc12f890433f65036f example?a?a?a?a@gmail.comyou can use mask files instead if you use a mask attack with several different mask that you want to run in sequence (like example?a?a?a?a@gmail.com and example?a?a?a?a?a@gmail.com)
Also note that the static/constant string at the start "example" isn't very good to achieve full acceleration. You could try to work around problems with speed drops with other attack modes and/or stdout/pipe
Code:
hashcat --stdout -a 3 example?a?a?a?a@gmail.com | hashcat -m 0 -w 3 -O 120b8510fd7091bc12f890433f65036fthe problem here is that with -m 0 = MD5 it doesn't really make much sense to use pipes because it will be slower in most cases
other hash types (slower ones) are not affected by speed reduction (bottlenecks) when using pipes
RE: Need help - kX73bWKgVB - 02-08-2020
(09-02-2019, 06:55 PM)philsmd Wrote: md5 ("example1234@gmail.com") == 120b8510fd7091bc12f890433f65036f
it's against the forum rules to post hashes
you could use different types of attacks, -a 3, -a 7 (yeah even -a 1) and of course also a -a 0 attack with a --stdout pipe on the left side (e.g. -a 3 on the left) . chose the one that is the fastest and more convenient for you (e.g. less disk space needed, but still very fast speed)
I don't really understand what the real question is. Do you want to increase the length during the attack with --increment ? You could also just run several commands in sequence, like one with ?a?a?a?a and afterwards another one with ?a?a?a?a?a
For a general overview and explanation about mask attack see https://hashcat.net/wiki/?id=mask_attack
Code:hashcat -m 0 -a 3 -w 3 -O 120b8510fd7091bc12f890433f65036f example?a?a?a?a@gmail.com
you can use mask files instead if you use a mask attack with several different mask that you want to run in sequence (like example?a?a?a?a@gmail.com and example?a?a?a?a?a@gmail.com)
Also note that the static/constant string at the start "example" isn't very good to achieve full acceleration. You could try to work around problems with speed drops with other attack modes and/or stdout/pipe
Code:hashcat --stdout -a 3 example?a?a?a?a@gmail.com | hashcat -m 0 -w 3 -O 120b8510fd7091bc12f890433f65036f
the problem here is that with -m 0 = MD5 it doesn't really make much sense to use pipes because it will be slower in most cases
Hello again!
Do you have any tips on how i can increase speed.
When i run for example:
Code:
hashcat64.exe -m 0 -a 3 -w 3 -O -1 abcdefghijklmnopqrstuvwxyz0123456789.-_ -o output.txt 120b8510fd7091bc12f890433f65036f example?a?a?a?a@gmail.comi get
Code:
[/color]
[color=#000000]Session..........: hashcat[/color]
Status...........: Cracked
Hash.Type........: MD5
Hash.Target......: 120b8510fd7091bc12f890433f65036f
Time.Started.....: Sat Feb 08 16:49:07 2020 (0 secs)
Time.Estimated...: Sat Feb 08 16:49:07 2020 (0 secs)
Guess.Mask.......: example?a?a?a?a@gmail.com [21]
Guess.Charset....: -1 abcdefghijklmnopqrstuvwxyz0123456789.-_, -2 Undefined, -3 Undefined, -4 Undefined
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........: 230.1 MH/s (0.96ms) @ Accel:256 Loops:1 Thr:256 Vec:4
Recovered........: 1/1 (100.00%) Digests, 1/1 (100.00%) Salts
Progress.........: 3014656/81450625 (3.70%)
Rejected.........: 0/3014656 (0.00%)
Restore.Point....: 0/81450625 (0.00%)
Restore.Sub.#1...: Salt:0 Amplifier:0-1 Iteration:0-1
Candidates.#1....: examplerana@gmail.com -> exampleg1=)@gmail.com
[color=#000000]Hardware.Mon.#1..: Temp: 53c Fan: 0% Util: 16% Core:1860MHz Mem:6800MHz Bus:16[/color]
[color=#000000]230.1 MH/s feels quite slow on my rtx 2080, i did read that this is because of that there are some limitations to mask attacks. Is there any known way to improve the speed? For all the hashes i try to crack i have them in this format, first a known part then unknown part with known length and then a known part.
RE: Need help - philsmd - 02-08-2020
I already mentioned one way to improve the speed (with stdin/pipe). Depending on the hash type (-m x), there might be also the possibility to just use a different algorithm, e.g. salted hashes instead of unsalted
-m 0 -> -m 20 (in your specific case)
Code:
hashcat64.exe -m 20 -a 3 -w 3 -O -1 abcdefghijklmnopqrstuvwxyz0123456789.-_ -o output.txt 120b8510fd7091bc12f890433f65036f:example ?a?a?a?a@gmail.comRE: Need help - kX73bWKgVB - 02-08-2020
Thanks for quick reply. I have now tested both the methods you suggested but the result with stdin was much slower than -m 0. And -m 20 was exactly the same speed as -m 0.
RE: Need help - philsmd - 02-08-2020
well, it's the prefix as I already told you. The speed with -m 20 will be slower of course, because salted.
We actually also have a FAQ and some questions like this https://hashcat.net/faq/morework
just to make sure you understand the problem.
There are of course some other things you could try:
like using maskrocessor mp64.exe instead of the --stdout mode
Code:
mp64 -1 ?l?d.-_ example?1?1 | hashcat64.exe -m 0 -a 0 -w 3 -O -o output.txt -r my.rule 120b8510fd7091bc12f890433f65036fwhere my.rule contains the output of:
Code:
mp64 -1 ?l?d.-_ '$?1$?1$@$g$m$a$i$l$.$c$o$m' > my.ruleyou could also test to a command similar to the --stdout command from above (but without hashcat at the left side and without --stdout) and use maskprocessor on the left side without rules.
you could also test to just use rules for the whole command
Code:
hashcat64.exe -m 0 -a 3 -w 3 -O -1 ?l?d.-_ -o output.txt -r part1.rule 120b8510fd7091bc12f890433f65036f dict.txtwhere part1.rule contains e.g. the appending of "example" (^e ^l ^p ^m ^a ^x ^e) and some of the random chars e.g
Code:
mp64 -1 ?l?d.-_ '^e^l^p^m^a^x^e$?1$?1' > part1.ruleand the dict.txt contains the second part
Code:
mp64 -1 ?l?d.-_ '?1?1@gmail.com' > dict.txtor use -a 1 with 2 dicts etc etc etc
but my guess is that the mask with -m 20 will be the fastest... and it really is very fast (just like not exactly the same speed as -m 0 of course)
I also noticed that you said -1 but always used ?a, that makes absolutely no sense
RE: Need help - kX73bWKgVB - 02-08-2020
Thanks again for reply. I will try this as well. And about the -1 and ?a it was just because i copy pasted the example mail and hash from your earlier reply. But on my real hashes i use ?1
