11-10-2016, 06:51 PM
Hello,
I am running hashcat to crack some NTLM passwords for testing. I noticed that there is a huge difference in estimated time when running hashcat with --increment parameter vs. providing a password length mask.
Here is an example...
We then run it using the --increment parameter and set it to start/end at 9 characters.
How come the estimated time is so much different yet both are 9 character using the same "-1 ?u?l?d!@#$" (upper, lower, digits, and only !@#$ special characters).
I must not be understanding something correctly, anyone able to point me in the right direction?
Why is a password length of 9 characters defined as ?1?1?1?1?1?1?1?1?1 much longer to crack vs. the same password length defined as --increment --increment-min 9 --increment-max 9 ?
I am running hashcat to crack some NTLM passwords for testing. I noticed that there is a huge difference in estimated time when running hashcat with --increment parameter vs. providing a password length mask.
Here is an example...
Code:
hashcat64.exe -a 3 -m 1000 --potfile-path test.pot --username -1 ?u?l?d!@#$ test.ntlm.txt ?1?1?1?1?1?1?1?1?1
Session.Name...: hashcat
Status.........: Aborted
Input.Mode.....: Mask (?1?1?1?1?1?1?1?1?1) [9]
Custom.Chars...: -1 ?u?l?d!@#$, -2 Undefined, -3 Undefined, -4 Undefined
Hash.Target....: File (test.ntlm.txt)
Hash.Type......: NTLM
Time.Started...: Thu Nov 10 08:39:58 2016 (3 secs)
Time.Estimated.: Fri Dec 09 11:09:17 2016 (29 days, 2 hours)
Speed.Dev.#1...: 9450.0 MH/s (11.20ms)
Recovered......: 191/651 (29.34%) Digests, 0/1 (0.00%) Salts
Recovered/Time.: CUR:N/A,N/A,N/A AVG:0.00,0.00,0.00 (Min,Hour,Day)
Progress.......: 29560960000/23762680013799936 (0.00%)
Rejected.......: 0/29560960000 (0.00%)
Restore.Point..: 6656000/5455160701056 (0.00%)We then run it using the --increment parameter and set it to start/end at 9 characters.
Code:
hashcat64.exe -a 3 -m 1000 --potfile-path test.pot --username -1 ?u?l?d!@#$ --increment --increment-min 9 --increment-max 9 test.ntlm.txt
Session.Name...: hashcat
Status.........: Aborted
Input.Mode.....: Mask (?1?2?2?2?2?2?2?3?3) [9]
Custom.Chars...: -1 ?u?l?d!@#$, -2 Undefined, -3 Undefined, -4 Undefined
Hash.Target....: File (test.ntlm.txt)
Hash.Type......: NTLM
Time.Started...: Thu Nov 10 08:40:49 2016 (12 secs)
Time.Estimated.: Thu Nov 10 15:49:12 2016 (7 hours, 8 mins)
Speed.Dev.#1...: 9395.9 MH/s (11.64ms)
Recovered......: 191/651 (29.34%) Digests, 0/1 (0.00%) Salts
Recovered/Time.: CUR:N/A,N/A,N/A AVG:0.00,0.00,0.00 (Min,Hour,Day)
Progress.......: 118717378560/241505293049856 (0.05%)
Rejected.......: 0/118717378560 (0.00%)
Restore.Point..: 49674240/101643641856 (0.05%)How come the estimated time is so much different yet both are 9 character using the same "-1 ?u?l?d!@#$" (upper, lower, digits, and only !@#$ special characters).
I must not be understanding something correctly, anyone able to point me in the right direction?
Why is a password length of 9 characters defined as ?1?1?1?1?1?1?1?1?1 much longer to crack vs. the same password length defined as --increment --increment-min 9 --increment-max 9 ?