Dictiionary Attack - how-to-question
#17
when entering: ./hashcat -D 1 -m 14700 Manifest1.txt -a 6 -j c password.txt '?s201?d'

then it looks like (xxx replaces the password candidates):

OpenCL API (OpenCL 1.2 (Apr 18 2019 20:03:31)) - Platform #1 [Apple]
====================================================================
* Device #1: Intel(R) Core(TM) i5-4260U CPU @ 1.40GHz, 8128/8192 MB (2048 MB allocatable), 4MCU
* Device #2: HD Graphics 5000, skipped

Minimum password length supported by kernel: 0
Maximum password length supported by kernel: 256

Hashes: 1 digests; 1 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates

Applicable optimizers:
* Zero-Byte
* Single-Hash
* Single-Salt
* Slow-Hash-SIMD-LOOP

Watchdog: Hardware monitoring interface not found on your system.
Watchdog: Temperature abort trigger disabled.

Host memory required for this attack: 65 MB

Dictionary cache built:
* Filename..: password.txt
* Passwords.: 47
* Bytes.....: 290
* Keyspace..: 15510
* Runtime...: 0 secs

The wordlist or mask that you are using is too small.
This means that hashcat cannot use the full parallel power of your device(s).
Unless you supply more work, your cracking speed will drop.
For tips on supplying more work, see: https://hashcat.net/faq/morework

Approaching final keyspace - workload adjusted.

[s]tatus [p]ause [b]ypass [c]heckpoint [q]uit => s

Session..........: hashcat
Status...........: Running
Hash.Name........: iTunes backup < 10.0
Hash.Target......: $itunes_backup$*9*c3539914b749075d86f9e2b7ec0f037b8...cfd9**
Time.Started.....: Wed Apr 22 11:44:27 2020 (5 secs)
Time.Estimated...: Wed Apr 22 11:44:45 2020 (13 secs)
Guess.Base.......: File (password.txt), Left Side
Guess.Mod........: Mask (?s201?d) [5], Right Side
Guess.Queue.Base.: 1/1 (100.00%)
Guess.Queue.Mod..: 1/1 (100.00%)
Speed.#1.........: 845 H/s (2.60ms) @ Accel:32 Loops:512 Thr:1 Vec:4
Recovered........: 0/1 (0.00%) Digests
Progress.........: 4183/15510 (26.97%)
Rejected.........: 0/4183 (0.00%)
Restore.Point....: 0/47 (0.00%)
Restore.Sub.#1...: Salt:0 Amplifier:89-90 Iteration:7680-8192
Candidates.#1....: xxx -> xxx

Session..........: hashcat
Status...........: Exhausted
Hash.Name........: iTunes backup < 10.0
Hash.Target......: $itunes_backup$*9*c3539914b749075d86f9e2b7ec0f037b8...cfd9**
Time.Started.....: Wed Apr 22 11:44:27 2020 (19 secs)
Time.Estimated...: Wed Apr 22 11:44:46 2020 (0 secs)
Guess.Base.......: File (password.txt), Left Side
Guess.Mod........: Mask (?s201?d) [5], Right Side
Guess.Queue.Base.: 1/1 (100.00%)
Guess.Queue.Mod..: 1/1 (100.00%)
Speed.#1.........: 845 H/s (2.70ms) @ Accel:32 Loops:512 Thr:1 Vec:4
Recovered........: 0/1 (0.00%) Digests
Progress.........: 15510/15510 (100.00%)
Rejected.........: 0/15510 (0.00%)
Restore.Point....: 47/47 (100.00%)
Restore.Sub.#1...: Salt:0 Amplifier:329-330 Iteration:9728-9999
Candidates.#1....: xxx -> xxx

to me it looks like that based on the dictionary the password is not cracked, though -D 1 seems to be working

what if I create a dictionary that virtually contains

- all upper case letters
- all lower case letters
- all digits and
- @

and furthermore apply the increment - confining the password length between 6 and 14 characters - would this make sense and if so, how would the attacke vector look like
Reply


Messages In This Thread
Dictiionary Attack - how-to-question - by Grazze - 04-17-2020, 02:29 PM
RE: Dictiionary Attack - how-to-question - by Grazze - 04-22-2020, 11:53 AM