+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Support (https://hashcat.net/forum/forum-3.html)
+--- Forum: hashcat (https://hashcat.net/forum/forum-45.html)
+--- Thread: markov mode (/thread-9243.html)
markov mode - nemon - 05-22-2020
Hello. Until recently, I used JTR. Now I decided to try hashcat and I don’t understand how to run it in "markov" mode.
In JTR, I generated the stats dictionary from wordlist. In the config of John, I prescribe the path to the generated stats file
. And start the john command:
Code:
john --format=Raw-MD5 --markov:265:0:0:10 hash.txtFor hashcat, I created the hcstat2 file according to this instruction https://hashcat.net/wiki/doku.php?id=hashcat_utils#hcstat2gen
How to use this file similar to JTR, those. so that you can specify the level of markov and the length of the password you are looking for?
RE: markov mode - philsmd - 05-22-2020
maybe you are looking for the command line argument:
Code:
--markov-thresholdsee --help output of hashcat.
normally the length of the password candidates is determined by the mask length (or in case of dictionary attack -a 0 with rules, the rules can truncate etc).
RE: markov mode - nemon - 05-22-2020
As I understand it, this is how to work with the old version of hcstat. And it works
Code:
sp64 --pw-max 10 --threshold=13 hc.hcstat | hashcat64 -O -a0 -m0 hash.txtCode:
hashcat64 -a3 -O -m0 --markov-hcstat2=top2b.hcstat2 -t265 --potfile-disable hash.txt .\masks\rockyou-1-60.hcmaskRE: markov mode - nemon - 05-22-2020
And more about Markov testing on JTR and HC. I took a wordlist of 10,000 passwords. I made a second file with MD5 hashes from this passwords. From the wordlist file I made stats files for JTR and for HC.
Next I started JTR with the command below
Code:
john --fork=4 --format=Raw-MD5 --markov:265:0:0:10 10000_hash.txtI looked at what JTR wrote at launch: lvl=265 len=10 pwd=169,013,300,254
Using the matching method, I found out that statsprocessor generates 149,346,699,502 passwords from a previously created stats file at --pw-max 10 --threshold=13. Which is approximately equal to the number of passwords when JTR is running early.
Accordingly I started HC with the parameters
Code:
sp64 --pw-max 10 --threshold=13 10000_hc.hcstat | hashcat64 -O -a0 -m0 10000_hash.txtIf this comparison of password matching between two programs is not correct, I apologize. In this case, how do I compare correctly or what am I doing wrong?
RE: markov mode - undeath - 05-22-2020
Why are you using statsprocessor instead of hashcat's native markov support? Piping words in will almost always be slower. Also, you should specify a mask.
RE: markov mode - nemon - 05-23-2020
(05-22-2020, 10:25 PM)undeath Wrote: Why are you using statsprocessor instead of hashcat's native markov support? Piping words in will almost always be slower. Also, you should specify a mask.Because I never figured out how to properly use Markov mode in HC. Please tell me how to correctly set the password search command using the Markov method for hash disclosure with a password length limit of 10 characters? I would be very grateful.
RE: markov mode - nemon - 05-23-2020
I think I figured out how to work with the Markov method in HC. But the result was not very good. Let knowledgeable people correct me if I made a mistake in the method of comparison.
Code:
john --fork=4 --format=Raw-MD5 --markov:265:0:0:7 test_10000_hash.txtCode:
hashcat64 -a3 -m0 -w3 -O --markov-hcstat2=test_10000.hcstat2 -t29 -i --increment-min=1 --increment-max=7 -1 ?a test_10000_hash.txt ?1?1?1?1?1?1?1Code:
john --fork=4 --format=Raw-MD5 --markov:265:0:0:10 test_10000_hash.txtCode:
hashcat64 -a3 -m0 -w3 -O --markov-hcstat2=test_10000.hcstat2 -t14 -i --increment-min=1 --increment-max=10 -1 ?a test_10000_hash.txt ?1?1?1?1?1?1?1?1?1?1The parameter "--markov-threshold " I selected so that the number of generated passwords coincides with JTR. That is, if the number of generated passwords is approximately equal according to the Markov method, the HC has fewer successful attempts.
As I said above, if my comparisons are not correct, please point out errors in the comparison method.