Combinator
#1
Hey guys!! I've been using hashcat on my GTX 1660TI and I've had a lot of fun. I have been working on stepping up my cracking game lately and I am getting tripped up right now.
I want to do a hybrid attack where I have 2 dictionaries, and I combine them. BUT I want to add 0000-9999 to the end of each iteration. How would I go about doing that? The first dictionary is 3 words long, and the second dictionary is 4 words long. The password is 2 words and 0000-9999 at the end.

hashcat -a 1 -m 0 hash.txt word1.txt word2.txt -k '$?d $?d'
this does not work.







Help please? Thanks
Reply
#2
(05-19-2020, 08:40 PM)mkIV Wrote: Hey guys!! I've been using hashcat on my GTX 1660TI and I've had a lot of fun. I have been working on stepping up my cracking game lately and I am getting tripped up right now.

I want to do a hybrid attack where I have 2 dictionaries, and I combine them. BUT I want to add 0000-9999 to the end of each iteration. How would I go about doing that? The first dictionary is 3 words long, and the second dictionary is 4 words long. The password is 2 words and 0000-9999 at the end.



hashcat -a 1 -m 0 hash.txt word1.txt word2.txt -k '$?d $?d'
this does not work.














Help please? Thanks


Do you want to add the the exact 9 characters: 0000-9999 or do  you want them to act as a mask attack? like generate between 0000 to 9999.
Reply
#3
[/quote]


Do you want to add the the exact 9 characters: 0000-9999 or do  you want them to act as a mask attack? like generate between 0000 to 9999.
[/quote]
I'd like to generate the numbers between 0000 through 9999 after combining the dictionary words
dictionary 1:
A
Aa

dictionary 2:

C
Cc


0000
0001
0002
ect...


Would make:
AC0000
AC0001
...
AC9999
ACc0000
ACc0001
...
ACc9999
AaC0000
AaC0001
...
AaC9999

ect...
Reply
#4
It's not directly supported. For best performance in your case do it like this:

1. create combined.txt
hashcat -a1 word1.txt word2.txt --stdout -o combined.txt

2. pipe in hybrid combined + mask
hashcat -a6 combined.txt ?d?d?d?d --stdout | hashcat -a 0 -m 0 hash.txt
Reply
#5
@undeath
Why would you use the pipe ?
wouldn‘t work this also:

Hashcat -a6 combined.txt ?d?d?d?d -m 0 hash.txt
Reply
#6
It would work that way but since there are only 3*4=12 words it would be very slow.
Reply
#7
(05-20-2020, 04:29 PM)undeath Wrote: It would work that way but since there are only 3*4=12 words it would be very slow.

i made a little test on my laptop (m18300) ,.. 23.000 Hash/s vs 36 Hashes/s, thats a huge difference.

whats exactly happen with the pipe?

does hashcat generate the whole passwordlist and than send it to the secanond hashcat instance in one block, oder will it pipe every single line?
or what´s the bottleneck if you write the command without the pipe ?
Reply
#8
it's all about acceleration, read: https://hashcat.net/faq/morework

if there is much I/O slowdown, but little new input for hashcat, the GPU can't really accelerate, it will stay idle... instead if you provide a lot of work for hashcat very fast, it can keep the GPUs busy (i.e. accelerate to its max).
Reply
#9
The case at hand doesn't have much to do with I/O but hashcat's scheduler/parallelisation. Without having any idea about how hashcat's implementation actually works I think you can imagine it to schedule one word (the famous "left side", important for hashcat's speed) per core, meaning hashcat will only work with twelve cores of your GPU, leaving most of the cores unused (a typical GPU has several thousand cores). Such kind of unwanted "optimisation" cannot happen when using straight wordlist attacks. You can observe similar slowdowns when using very small wordlists with lots of rules.
Reply