09-27-2017, 02:34 PM
(This post was last modified: 09-27-2017, 02:36 PM by rsberzerker.
Edit Reason: Fixed typo
)
2) Depends on the hashtype.
3) You are using the parameter --outfile-format 2
From the wiki:
You may want 3, not 2. Or just leave that parameter out and you should get 3.
5) A good wordlist is a very subjective thing. There is no one magical place to get them. The rockyou list is a good starting point, unabridged dictionaries are also good. I found some census data and used that for a name dictionary. There's dictionaries based on the bible, and even ones based on wikipedia. You can even use previously cracked passwords as a wordlist. There is also a program out there (I forget it's name) that will make a wordlist from scraping a website. If the hashes came from a specialized website, this can be quite effective.
But wordlists alone won't get you very far. I noticed your command lacks rules. Use them. Hashcat comes with lots good sets. Best64 is called best for a reason. It may not crack the most passwords of the included rulesets, but for the time spent, it gives the best hashes cracked/minute of all the ones I've tested so far. You can also try multiple rule sets. The rate of cracking will go down, but you will [likely] crack more.
3) You are using the parameter --outfile-format 2
From the wiki:
Code:
- [ Outfile Formats ] -
# | Format
===+========
1 | hash[:salt]
2 | plain
3 | hash[:salt]:plain
4 | hex_plain
5 | hash[:salt]:hex_plain
6 | plain:hex_plain
7 | hash[:salt]:plain:hex_plain
8 | crackpos
9 | hash[:salt]:crack_pos
10 | plain:crack_pos
11 | hash[:salt]:plain:crack_pos
12 | hex_plain:crack_pos
13 | hash[:salt]:hex_plain:crack_pos
14 | plain:hex_plain:crack_pos
15 | hash[:salt]:plain:hex_plain:crack_posYou may want 3, not 2. Or just leave that parameter out and you should get 3.
5) A good wordlist is a very subjective thing. There is no one magical place to get them. The rockyou list is a good starting point, unabridged dictionaries are also good. I found some census data and used that for a name dictionary. There's dictionaries based on the bible, and even ones based on wikipedia. You can even use previously cracked passwords as a wordlist. There is also a program out there (I forget it's name) that will make a wordlist from scraping a website. If the hashes came from a specialized website, this can be quite effective.
But wordlists alone won't get you very far. I noticed your command lacks rules. Use them. Hashcat comes with lots good sets. Best64 is called best for a reason. It may not crack the most passwords of the included rulesets, but for the time spent, it gives the best hashes cracked/minute of all the ones I've tested so far. You can also try multiple rule sets. The rate of cracking will go down, but you will [likely] crack more.