New with Hashcat
#1
Hello,

  I made a horrible mistake and I locked myself out of my disk.  The password that generated by PASS was 10 Char to maybe 15 Char.
example:
.rAp/$J9=u

  Now I don't know what is the best approach for this is. Whether it is to generate a list of 1.000.000 10 CHAR then 11 and then 12 and ect  And get lucky.  Or is there a way to deal with this or should I simply wait for the years to come for a more powerful machine to come or give up entirely!!  There was alot of stuff....  

Thanks
Reply
#2
what kind of disk? what kind of encryption? truecrypt, veracrypt, luks?

the only way for truly random generated passwords is bruteforce or a maskattack, any ideas about the settings?

most passwordgenerators have an option for dropping ambiguous chars like i l I or 0 o O for example
Reply
#3
(08-24-2021, 01:55 PM)Snoopy Wrote: what kind of disk? what kind of encryption? truecrypt, veracrypt, luks?

the only way for truly random generated passwords is bruteforce or a maskattack, any ideas about the settings?

most passwordgenerators have an option for dropping ambiguous chars like i l I or 0 o O for example

Thank you for your response
HD
LUKS

For the moment I have used passgen and created 10 character alphanumeric 10Millions running as we speak.
Reply
#4
(08-24-2021, 01:55 PM)Snoopy Wrote: what kind of disk? what kind of encryption? truecrypt, veracrypt, luks?

the only way for truly random generated passwords is bruteforce or a maskattack, any ideas about the settings?

most passwordgenerators have an option for dropping ambiguous chars like i l I or 0 o O for example

However, I think I understand the goal of Maskattack and it would be to reduce time of cracking the password.  But I don't know which slots needs to be manipulated.  Right now I am purely guessing in the dark with what I remember of what that password is.
Reply
#5
well hashcat could do this for you on the fly without any need for a premade wordlist

bruteforce and mask-attack is more or less the same, you can use a masks like ?a?a?a?a?a?a?a?a?a?a to mimic plain bruteforce

also you can tell hashcat to start with 10 chars minimum, but luks is considerd slow and bruteforcing will be for sure not really sucesssful

try running hashcat -b -m 14600
and see your guessing rate
Reply
#6
(08-24-2021, 06:33 PM)Snoopy Wrote: well hashcat could do this for you on the fly without any need for a premade wordlist

bruteforce and mask-attack is more or less the same, you can use a masks like ?a?a?a?a?a?a?a?a?a?a to mimic plain bruteforce

also you can tell hashcat to start with 10 chars minimum, but luks is considerd slow and bruteforcing will be for sure not really sucesssful

try running hashcat -b -m 14600
and see your guessing rate

I am currently running this 
hashcat64.bin -m 14600 -a 0 -w 3 LUKS_Partition.001 Dictionary.txt -o luks_password.txt
Hash rate is at 75.  If I make a cracking rig couldn't that augment my chance with a better video card? 

What is hashcat -b ?
Reply
#7
hashcat -b is benchmark mode, you can "test" your hardware and see your expected maximum hashrate (this is always my first step to see how "good" my attack is performing

try pausing your session and run

hashcat -b -m 14600 -D 1,2

in a new shell, this will benchmark on both [D]evicetypes, GPU and CPU, see output for maximum hashrates
Reply
#8
(08-24-2021, 06:33 PM)Snoopy Wrote: well hashcat could do this for you on the fly without any need for a premade wordlist

bruteforce and mask-attack is more or less the same, you can use a masks like ?a?a?a?a?a?a?a?a?a?a to mimic plain bruteforce

also you can tell hashcat to start with 10 chars minimum, but luks is considerd slow and bruteforcing will be for sure not really sucesssful

try running hashcat -b -m 14600
and see your guessing rate

Also I believe that last character was the letter x or X  how can I state that this letter needs to be present as the last character? 
btw thanks for your help.
Reply
#9
there is more than one answer to this

when using dictionary attack (as you are doing right now), you can combine your dictionary with rules, see
https://hashcat.net/wiki/doku.php?id=rule_based_attack

so in your case this would be a rule-file with just 2 rules
$X
$x

this tells hashcat to append one upper X or lower x to each pw-candidate you are trying

or when using mask-attack you can specify up to 4 different charset so

-1 Xx and mask ?a?a?a?a?1 means 4 times all possible chars, 5th char only X or x

EDIT:
Hashmode: 14600 - LUKS (Iterations: 163044)

Speed.#1.........:    3079 H/s (89.54ms) @ Accel:32 Loops:512 Thr:512 Vec:1
Speed.#2.........:    2833 H/s (44.74ms) @ Accel:8 Loops:1024 Thr:512 Vec:1
Speed.#5.........:      337 H/s (57.12ms) @ Accel:512 Loops:256 Thr:1 Vec:4
Speed.#*.........:    6249 H/s

not a real cracking rig, but luks is just slow...
Reply
#10
(08-24-2021, 08:29 PM)Snoopy Wrote: there is more than one answer to this

when using dictionary attack (as you are doing right now), you can combine your dictionary with rules, see
https://hashcat.net/wiki/doku.php?id=rule_based_attack

so in your case this would be a rule-file with just 2 rules
$X
$x

this tells hashcat to append one upper X or lower x to each pw-candidate you are trying

or when using mask-attack you can specify up to 4 different charset so

-1 Xx and mask ?a?a?a?a?1 means 4 times all possible chars, 5th char only X or x

EDIT:
Hashmode: 14600 - LUKS (Iterations: 163044)

Speed.#1.........:    3079 H/s (89.54ms) @ Accel:32 Loops:512 Thr:512 Vec:1
Speed.#2.........:    2833 H/s (44.74ms) @ Accel:8 Loops:1024 Thr:512 Vec:1
Speed.#5.........:      337 H/s (57.12ms) @ Accel:512 Loops:256 Thr:1 Vec:4
Speed.#*.........:    6249 H/s

not a real cracking rig, but luks is just slow...
Reply