02-07-2012, 10:02 AM
(02-07-2012, 01:52 AM)fatalx Wrote: So I've got...
oclHashcat-lite64.exe -m 3000 --pw-min=8 --pw-max=8 --custom-charset1=?u?d?s?F 1D735ED099DEC228B79AE2610DD89D4C ?1?1?1?1?1?1?1Y
But it just instantly comes back as "Exhausted".
This is because it cracks each half of the hash independently, and because each half is at most 7 characters and you specified a minimum of 8, there are no possible valid combinations.
I've been thinking about the same issue of how to attack the first half if you already know the second half. The only thing I can think of is to add the 8th character (1st in the second half) to your mask for the 1st character overall, the 9th added to the 2nd character mask, etc.
So if the plain is 'PASSWORD' and you already got 'D' using another tool, you could do a mask like this:
Code:
-1 PD -2 ASWOR ?1?2?2?2?2?2?2
So basically knowing the second half of the hash only helps you if those characters aren't already included in the mask you're using for the first half of the hash.
On the other hand, it only takes about 200 minutes to brute-force the entire 7-character ?u?d?s space for LM, which will give you both sides (I did it this afternoon on a 14-character LM password).