08-15-2021, 11:30 AM
(08-14-2021, 07:10 PM)atom Wrote: Nothing, that's exactly the expected behavior. The first 4 byte are used as amplifiers. If you really need to brute force the first 4 byte you can use hybrid rules in -a 0 mode for almost full speed.
Thank you.
I couldn't make it with rules in -a 0, because I found no way to append in byte mode when used with --hex-charset.
What worked was generating a dictionary
Code:
$PSDefaultParameterValues['Out-File:Encoding'] = 'utf8'
0..255 | % {
$L1 = [System.Convert]::ToString($_,16).PadLeft(2,'0')
0..255 | % {
$L2 = [System.Convert]::ToString($_,16).PadLeft(2,'0')
echo ('000102030405060708090A0B0C0D0E0F'+$L1+$L2) >> prependmask.txt
}
}and using -a 6
Code:
.\hashcat.exe -m 100 -w 3 -O -a 6 b89eaac7e61417341b710b727768294d0e6a277b --hex-charset prependmask.txt ?b?b?bThe only problem is in -a 6 mode I get "Integer overflow detected in keyspace of mask" with only 4 ?b regardless of the dictionary size. In -a 3 mode overflow happens with 8 ?b. So to test for 6 bytes I have to add another loop to the dictionary generation.