Question regarding brute forcing hex charsets
I came by this blog post ( regarding brute forcing passwords from other language character sets, e.g. Arabic as in the blog post. Just wanted to try it out on my computer to see how it went, but having some difficulties reproducing the example, so wondering if someone maybe can point out where the error is?

At first I tried just copying the commands as written in the blog post, but that didn't work (hashcat 4.1.0) , probably due to not specifying it's a hex-charset. Adding --hex-charset to the mix and I get a integer overflow on the mask used in the example. 

Using hex range 80-BF gives you 64 possibilities per char in pw + 4 possible base hex chars per char in pw, thus a total of 68^n possibilities where n is length of pw. 

E.g., n = 6, you should have to go through 68^6 ~= 100 billion (100*1e9) combinations. 

Using a GTX 1080 Ti (~11500 MH/s for SHA1), this shouldn't really take that long - but, it does (reduced number of chars in pw I want to try to 6 chars). Thus, I wonder what more needs to be altered in the example in order for this to work? I'm probably missing something simple, but just can't see what it is.

Command I've tried:

./hashcat64.bin -m 100 sha1list -a 3 -1 d8d9dadb -2 808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebf ?1?2?1?2?1?2?1?2?1?2?1?2 --hex-charset -O -o cracked.txt

Messages In This Thread
Question regarding brute forcing hex charsets - by voideater - 05-09-2018, 09:14 AM