Cracking pdf file with arabic password using hashcat
#3
(11-21-2017, 05:58 PM)philsmd Wrote: You do not need --hex-salt. This has nothing to do with salts.

If anything you would need --hex-charset, but that is not necessariy and only needed if you define a custom charset (-1, -2, -3 or -4) or a custom mask.

The only thing you need is the information of the encoding.
Hashcat even has a --encoding-to and --encoding-from option to facilitate the conversion between different encodings.

If your password seems to be only 1 character long, it doesn't mean that it only uses 1 byte. Depending on the character encoding, only a very few characters (the most common for that specific language) are encoded with 1 byte.
Therefore, a password that only consist of 1 character could be using multiple bytes and hashcat (and all underlying hashing algorithms) work with bytes (therefore the length that hashcat shows e.g. in mask attack is always showing the bytes, not the characters).

I think you should try different encodings and try to understand character encoding.

sorry for my english but if you look at my question again in raw hashes like md5 it worked for me following the given link steps using --hex-charset, for elaborating:
i used 
Code:
echo -n م | md5sum
to generate md5 hash and then 
Code:
hashcat -a 0 -m 0 md5hash --hex-charset -1 d8d9 -2 808182838485 ?1?2
so the word م in hex is D985 and hashcat successfully recovered it but when tried it with files like pdf format it is not recovering it the steps i used was
pdf2jhon.py then removed the filename from the generated hash text file then entered 
Code:
hashcat -a 0 -m [b]10500 [/b] [b]hash.txt[/b] --hex-charset -1 d8d9 -2 808182838485 ?1?2


Messages In This Thread
RE: Cracking pdf file with arabic password using hashcat - by elias - 11-21-2017, 06:44 PM