06-15-2023, 12:13 AM
(06-14-2023, 06:50 PM)Snoopy Wrote: first, NEVER EVER USE --force (this can lead to wrong hashcomputing and thus wrong passes -> total garbage)
for the rest:
attack mode 3 is plain bruteforce, so your wlist.txt is skipped without warning
you are looking for https://hashcat.net/wiki/doku.php?id=hybrid_attack
attack mode 6 and be aware of the right order for the options in attack mode 6 -> dict then mask/maskfile
last:
when using --stdout yout dont need to provide an hash just try
hashcat -a6 --stdout wlist.txt mask.hcmask
many thanks
it works like a charm
a few questions:
if using --stdout specifying the hash name is somewhat useless...right?
-a6 can that option be applied to any type of hash? in this case it was SSHA (salt+passwd)..I mean ..earlier my comamnd was -m 111 because that was the
right flag for that type of hash