+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Deprecated; Previous versions (https://hashcat.net/forum/forum-29.html)
+--- Forum: Old hashcat Support (https://hashcat.net/forum/forum-20.html)
+--- Thread: [ noobie :) ] Any estimates on times? I have no idea what I am doing (/thread-959.html)
Pages:
1
2
[ noobie :) ] Any estimates on times? I have no idea what I am doing - deathkitten - 02-28-2012
Hi I am completely new to this stuff (I am the deathkitten here and here if you CTRL+F I am mostly an activist hehe I'm better at talking than programming
) I just found out about this on google when I was trying to look for a way to recover password I used on a very old wordpress (v2.6) years ago - Is there any way to get an estimate of how long it can take to recover? I know it depends on whether it gets lucky or not, but like a minimum and maximum possible time kind of thing depending on the type and length etc? Has anyone made a post here or a list on the wiki of how long they generally take or anything like that? Also I was looking through the wiki at http://hashcat.net/wiki/oclhashcat_plus and I noticed that there is no bit in Default Values which says what the default value for "attack-mode" is? in
Quote:Supported attack modes, directI notice that they don't all match up with
Brute-Force attack
Combinator attack
Dictionary attack
Fingerprint attack
Hybrid attack
Mask attack
Permutation attack
Rule-based attack
Quote:* Attack modes:and it doesn't seem to explain which article is about which type - and even when I look at the articles about the different "attack" types they don't say what mode number they are either!
0 = Straight
1 = Combination
3 = Brute-force
4 = Permutation
6 = Hybrid dict + mask
7 = Hybrid mask + dict
I am not sure which one is the default "straight" one? I am not sure if I should use it or not or if it should be brute force since I am only trying to find one password out, not try a lot or whatever and hope that someone used a bad dictionary password, like I am guessing the dictionary thing is for?
Quote:Status.......: Running
Input.Mode...: Piped
Hash.Target..: [REDACTED]
Hash.Type....: phpass, MD5(Wordpress), MD5(phpBB3)
Time.Running.: 1 hour, 48 mins
Time.Util....: 6511468.1ms/0.0ms Real/CPU, 0.0% idle
Speed........: 0 c/s Real, 0 c/s GPU
Recovered....: 0/1 Digests, 0/1 Salts
Progress.....: 0
Rejected.....: 0
HW.Monitor.#1: 35% GPU, 43c Temp
Status.......: Running
Input.Mode...: Piped
Hash.Target..: [REDACTED]
Hash.Type....: phpass, MD5(Wordpress), MD5(phpBB3)
Time.Running.: 1 hour, 48 mins
Time.Util....: 6521481.3ms/0.0ms Real/CPU, 0.0% idle
Speed........: 0 c/s Real, 0 c/s GPU
Recovered....: 0/1 Digests, 0/1 Salts
Progress.....: 0
Rejected.....: 0
HW.Monitor.#1: 41% GPU, 43c Temp
Status.......: Running
Input.Mode...: Piped
Hash.Target..: [REDACTED]
Hash.Type....: phpass, MD5(Wordpress), MD5(phpBB3)
Time.Running.: 1 hour, 48 mins
Time.Util....: 6531494.5ms/0.0ms Real/CPU, 0.0% idle
Speed........: 0 c/s Real, 0 c/s GPU
Recovered....: 0/1 Digests, 0/1 Salts
Progress.....: 0
Rejected.....: 0
HW.Monitor.#1: 54% GPU, 43c Temp
edit: By the way the views on this forum do not work properly it adds views to the thread even if it's just me refreshing it, lol
RE: [ noobie :) ] Any estimates on times? I have no idea what I am doing - atom - 02-28-2012
you are missing a dictionary
RE: [ noobie :) ] Any estimates on times? I have no idea what I am doing - deathkitten - 02-28-2012
Ah thanks, is there a best one to get?
Does brute force need a dictionary too, I thought that one was just it trying everything?
RE: [ noobie :) ] Any estimates on times? I have no idea what I am doing - atom - 02-28-2012
no! read the wiki pages.
RE: [ noobie :) ] Any estimates on times? I have no idea what I am doing - deathkitten - 02-28-2012
Oh I have been, I linked some stuff in the first post - I can't find any dictionaries there?
The mask one seems a bit like designed if you can remember or know somehow what format the password is going to be in, than properly random
In the first post I was also saying how the wiki doesn't seem to explain which type the "straight" one is?
RE: [ noobie :) ] Any estimates on times? I have no idea what I am doing - atom - 02-28-2012
straight = dictionary plus you have the options to add rules
a good dictionary is rockyou.txt (google it)
RE: [ noobie :) ] Any estimates on times? I have no idea what I am doing - radix - 02-28-2012
Try skullsecurity. He maintains the best list of public lists out there.
RE: [ noobie :) ] Any estimates on times? I have no idea what I am doing - ntk - 02-29-2012
>>> 62*62*62*62*62*62*62*62/(100000*3600*24*365)
69L
which mean at a speed of 100.000 c/s try to crack a 8 character long mix-alpha-numeric password will take you, if you are unlucky, 69 years and if you are extremely lucky one second. That is the conventional way of BF, if I am not very wrong.
Not to discourage you. But in my opinion such password of following examples e.g.
b$y$ucu@@nh (meaning e replaced with $ and a replaced with @), Ame6bHg, kfg1h@2g, !he"ime £oday,miluveiss$ck won't hardly be in any list.
aMt7ygDz that is a default password of plusnet, BT router, delivered within the box in February 2010, customer could change to longer, more complicate but thought not necessary. This PW won't be in any list. Test your download files with unix find/grep/fastgrep/pcregrep/awk then you will see.
4jYki3hD is a default router password within a BT delivery box my friend received 8 months ago. and hundred thousand of similar PW like them sent out every week since then for sure.
Around me are 21 networks they are all WPA2 but one WPA. Believe me their PW are not in list. Whether using rainbow table or not, super WPA dict 13 Giga, Mega dict sorted/dreamlined of 52G or not you won't find. Those conventional BF days are yesterday. That is UK today.
RE: [ noobie :) ] Any estimates on times? I have no idea what I am doing - deathkitten - 02-29-2012
So dictionary is pointless unless you have a very large amount of passwords and hoping one person is stupid, right?
But bruteforce is also pointless? *argh*
RE: [ noobie :) ] Any estimates on times? I have no idea what I am doing - radix - 02-29-2012
(02-29-2012, 02:34 AM)deathkitten Wrote: So dictionary is pointless unless you have a very large amount of passwords and hoping one person is stupid, right?
But bruteforce is also pointless? *argh*
Absolutely not. Dictionary attacks are the best way to whittle a list down. Bruteforce is a dumb process that a long time to complete in most cases.