Posts: 18
Threads: 1
Joined: Apr 2020
I am new to hashcat - currently I am trying to get my (forgotten) itunes password from a itunes backup iOS 9 or older ("-m 14700") and I was wondering if anyone could tell me how to start a dictionary attack - I created a text file "password.txt" - containing passwords I recently used, the passwords are separated by comma ","
so what I did:
./hashcat -d 2 -m 14700 hash.txt -a 0 password.txt
I wonder whether the password.txt file is properly created and whether the syntax "-a password.txt" is correct - thnx in advance
Posts: 803
Threads: 135
Joined: Feb 2011
04-17-2020, 06:15 PM
(This post was last modified: 04-17-2020, 06:15 PM by Mem5.)
You don't need -a 0 (optional)
Why -d 2 ? if you have several GPUs it's better to run hashcat on all GPUs (what you don't do here)
Posts: 18
Threads: 1
Joined: Apr 2020
there are 2 built-in GPU´s -
* Device #1: Intel(R) Core(TM) i5-4260U CPU @ 1.40GHz, skipped
* Device #2: HD Graphics 5000, 1472/1536 MB (384 MB allocatable), 40MCU
so I chose -d 2 because -d 1 is skipped, maybe I am wrong -
you mean I skip -d 2 then both GPU´s will be running ?
concerning -a 0, I learned that I have to specify an attack mode and -a 0 is a dictionary attack -
you mean if I skip -a 0 then password.txt will be used as dictionary attack ?
Posts: 2,301
Threads: 11
Joined: Jul 2010
-a 0 is default, so you can omit it. But adding it is not going to cause any problems.
The words in your wordlist must be delimited by a newline character not a comma.
Posts: 18
Threads: 1
Joined: Apr 2020
-a 0 copied
concerning the words in a wordlist, my list contains 36 words and a special character, I thought that the attack mode -a 0 password.txt would do all the combinations of these words, if not how can I make the dictionary attack combine all the words listed in a text file ? I am asking because running the dictionary attack based on this list is a 3-second run, which is very short
Posts: 2,267
Threads: 16
Joined: Feb 2013
04-18-2020, 09:34 PM
(This post was last modified: 04-18-2020, 09:34 PM by philsmd.)
you need to explain more clearly what you are trying to do.
What does combining mean in your situation ? how many words combined, any separator between the words, can one word occur multiple times within one password candidate (also next to each other) etc, etc, etc ?
What do you mean by the special characters ? where are these chars used ? only at the beginning ? one at the end ? in between the words ?
There is too little detail to give a clear answer.
Maybe you can just create or generate a wordlist since itunes algos (both -m 14700 and -m 14800) are slow (difficult to crack) algos anyway (otherwise, for fast algos like MD5 etc, a mask/hybrid/rule attack would probably be preferred)... althrough -m 14700 is actually much faster, so you are kind of lucky there.
The password candidate list can be generated with any programming/scripting language (like python/perl etc) i.e. pre-computed... as long as it is NOT too many combinations, because otherwise it would be a problem with disk space and I/O etc.
Posts: 18
Threads: 1
Joined: Apr 2020
What I am trying to do: I am trying to crack my itunes version 9 backup password in order to get my fotos back, I did this in 2016. I think the password length is between 6 and 14 characters.
What I did up to now: I created a hash file
How I created the hash file: I started a perl script against my manifest.plist.
Then I registered at hashcat.net to learn more about hashcat dictionary OR mask attack which were told to be the only feasible means cracking passwords.
I usually create passwords in a way that the first word of the password starts with an upper-case letter followed by lower-case letters.
Then some of my recents passwords had the special character "@" followed by the current year, which was likely 2016, so the special character was in the between two expressions.
the command I entered was: ./hashcat -m 14700 Manifest1.txt -a 0 password.txt
The Manifest1.txt is the hash file created by the perl script.
The password.txt is the wordlist that contains all the words, special character (@) and digits that I have used in 2016, all these are listed line by line, no comma separatiion or similar
I understood dictionary attack in a way that all expressions listed are combined.
If dictionary attack fails I would then try mask attack. That´s why I am asking.
thnx in advance
Posts: 2,301
Threads: 11
Joined: Jul 2010
A dictionary attack runs each word in your dictionary and applies rules if you specified any. What you describe would be a combinator attack but even that doesn't really fit your use case well.
You want a hybrid attack dict + mask.
Like this:
./hashcat -m 14700 Manifest1.txt -a 0 -j c password.txt '?s201?d'
Posts: 18
Threads: 1
Joined: Apr 2020
04-20-2020, 12:44 PM
(This post was last modified: 04-20-2020, 01:00 PM by Grazze.)
i entered the command:
./hashcat -m 14700 Manifest1.txt -a 0 -j c password.txt '?s201?d'
I received:
?s201?d: No such file or directory
Is ?s201?d supposed to be a file ?
Posts: 2,301
Threads: 11
Joined: Jul 2010
04-20-2020, 01:06 PM
(This post was last modified: 04-20-2020, 01:06 PM by undeath.)
whops, minor typo on my part. Should be -a 6 not -a 0
?s201?d is a mask