06-25-2014, 01:27 PM
(This post was last modified: 06-25-2014, 01:28 PM by vladimir125.)
Hello everyone,
I'm moving my first steps with hashcat, so please forgive me if I posted in the wrong section or I'm saying something "stupid".
At the moment I'm trying to crack a list of about 1k md5 hashes using a dictionary attack, I have collected several wordlists and merged them in a single one.
Sadly, but as expected, I could only recover 50 of these hashes: I tried to play with rules and combine them, but I'm not doing any significant progress (just 1-2 more password were found).
So my question is: when you get stuck, how do you move on?
Do you improve your wordlist, create new rules or fallback to bruteforce?
Speaking of which, I have found several "wordlists" that are full of random chars, are they useful or not? Isn't that the same output that you could get from a masked/bruteforce attack?
Finally, how do you deal with found passwords?
Let's say you find the password S3cr3t123, what do you do with that?
First of all, are you going to include it in any wordlist? After all, in the same way you just found it, you'll be able to find it again...
And if you add it, do you pre-process it in any way? I was thinking of "cleaning" it to secret, so other rules could use it.
Sorry for the swarm of questions
I'm moving my first steps with hashcat, so please forgive me if I posted in the wrong section or I'm saying something "stupid".
At the moment I'm trying to crack a list of about 1k md5 hashes using a dictionary attack, I have collected several wordlists and merged them in a single one.
Sadly, but as expected, I could only recover 50 of these hashes: I tried to play with rules and combine them, but I'm not doing any significant progress (just 1-2 more password were found).
So my question is: when you get stuck, how do you move on?
Do you improve your wordlist, create new rules or fallback to bruteforce?
Speaking of which, I have found several "wordlists" that are full of random chars, are they useful or not? Isn't that the same output that you could get from a masked/bruteforce attack?
Finally, how do you deal with found passwords?
Let's say you find the password S3cr3t123, what do you do with that?
First of all, are you going to include it in any wordlist? After all, in the same way you just found it, you'll be able to find it again...
And if you add it, do you pre-process it in any way? I was thinking of "cleaning" it to secret, so other rules could use it.
Sorry for the swarm of questions