03-10-2021, 07:09 PM
Hi
I'm new to this field, read some hascat wiki and hashcat forum and watched youtube information. I have not yet understood everything but I got an idea how it works. I was able to crack my own testhashes, so far i got the basic concept and usage of hashcat. Unfortunately I am struggling with increasing difficulty.
In our company (half public sector) we had a security training and the company offered us a challenge to crack one specific hash. It is likely a simple password, but not a short one). The password i sfollowing some standard Active Directory complexity settings but has a minimal lenght of 12 characters. I'm trying to find a good approach how to put my handy on it. I also installed The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali) Linux and did my first experiments with it (beginner but like it).
Bruteforce seems to be not suitable, (minimum 12 chracters long, could be even longer).
What I did:
- collected a wordlist (dictionary) of our local language
- collected a wordlist (cewl) from our homepage
- combined these two lists into one single wordlist.
I would like to attack the hash, but struggling how to do it with rulesets/masks. May I ask if anyone could recommend a good guide how to approach it? Like a tutorial or good website explaining how to do it?
I think it would make sense somehow build a dictionary with some Baseword from the dictionary and numbers/special characters but lost a bit how to do it. Experimented with princeprocessor but didn't got very far with this. Or somehow with mask or combine it.
Any recommendations?
Kind Regards,
Manuell
I'm new to this field, read some hascat wiki and hashcat forum and watched youtube information. I have not yet understood everything but I got an idea how it works. I was able to crack my own testhashes, so far i got the basic concept and usage of hashcat. Unfortunately I am struggling with increasing difficulty.
In our company (half public sector) we had a security training and the company offered us a challenge to crack one specific hash. It is likely a simple password, but not a short one). The password i sfollowing some standard Active Directory complexity settings but has a minimal lenght of 12 characters. I'm trying to find a good approach how to put my handy on it. I also installed The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali) Linux and did my first experiments with it (beginner but like it).
Bruteforce seems to be not suitable, (minimum 12 chracters long, could be even longer).
What I did:
- collected a wordlist (dictionary) of our local language
- collected a wordlist (cewl) from our homepage
- combined these two lists into one single wordlist.
I would like to attack the hash, but struggling how to do it with rulesets/masks. May I ask if anyone could recommend a good guide how to approach it? Like a tutorial or good website explaining how to do it?
I think it would make sense somehow build a dictionary with some Baseword from the dictionary and numbers/special characters but lost a bit how to do it. Experimented with princeprocessor but didn't got very far with this. Or somehow with mask or combine it.
Any recommendations?
Kind Regards,
Manuell