07-24-2022, 06:27 PM
If you run the brute force attack mode, you need to give it something to use for characters and a length. This is done using a ? followed by the character to indicate if you want all lower case, all upper, numbers, special characters, or a combo. You also use one of these for each character. So, say you wanted to brute force a password eight characters long that used all options, in the command you would have to have: ?a?a?a?a?a?a?a?a. Here's the chart for the character list:
? | Charset
===+=========
l | abcdefghijklmnopqrstuvwxyz [a-z]
u | ABCDEFGHIJKLMNOPQRSTUVWXYZ [A-Z]
d | 0123456789 [0-9]
h | 0123456789abcdef [0-9a-f]
H | 0123456789ABCDEF [0-9A-F]
s | !"#$%&'()*+,-./:;<=>?@[\]^_`{|}~
a | ?l?u?d?s
b | 0x00 - 0xff
If you want to run a dictionary attack you would just use -a 0.
? | Charset
===+=========
l | abcdefghijklmnopqrstuvwxyz [a-z]
u | ABCDEFGHIJKLMNOPQRSTUVWXYZ [A-Z]
d | 0123456789 [0-9]
h | 0123456789abcdef [0-9a-f]
H | 0123456789ABCDEF [0-9A-F]
s | !"#$%&'()*+,-./:;<=>?@[\]^_`{|}~
a | ?l?u?d?s
b | 0x00 - 0xff
If you want to run a dictionary attack you would just use -a 0.