HEXed dictionary
#3
there are at least 2 ways to use "hex" passwords within dictionaries in hashcat:
1. use --hex-wordlist
2. use $HEX[] within the lines

these options are very similar and different at the same time: i.e. they both have their advantages.

for instance if you use $HEX[] you do not need to convert every line into hexadecimal (e.g. do not use $HEX[] in lines where it is not needed, only use it for lines where required/meaningful).

with --hex-wordlist you have the advantage that you do not need to use "$HEX[" at the start and "]" at the end.


In general, you should only use a feature if it makes sense to you and has some advantages...
if you do not need HEX, you probably shouldn't use it.

There are many use cases where passwords converted to hexadecimal would make sense... e.g. for some hash types that have "binary" data (like RC4 keys for office colliders, or DES/3DES keys etc)... of course also encoding issues could be prevented (but I wouldn't say it's the best and most common use case: you could just use --encoding-from/--encoding-to with -a 0 dictionary attack instead), but yeah, sometimes it makes sense also for quickly testing some multi-byte or similar passwords etc.

so I guess there is no general answer to your question: it's just sometimes very useful to have this feature (but if you do not see any reason to use it, you don't have to use it)
Reply


Messages In This Thread
HEXed dictionary - by azaran - 01-22-2020, 03:35 PM
RE: HEXed dictionary - by azaran - 01-28-2020, 01:11 PM
RE: HEXed dictionary - by philsmd - 01-28-2020, 01:56 PM
RE: HEXed dictionary - by azaran - 01-28-2020, 03:29 PM