06-15-2022, 09:39 PM
Thank you both for your replies, that's very kind.
Please can you or any other helpful people bear with me whilst I ask some more questions and ask for more help.
So..... Despite what I said about checking it several times, I'd obvously got the data selection wrong in the first part: too many characters, so I didn't select the 40 bytes properly. (d'oh). I guess checking your own work isn't a good idea.
So, now - the command runs, and I get an unsuccessful (at finding the password) result. Again, to avoid any rule-breaking, I've XXXXd some bits out here. This is the output:
The wordlist or mask that you are using is too small.
This means that hashcat cannot use the full parallel power of your device(s).
Unless you supply more work, your cracking speed will drop.
For tips on supplying more work, see: https://hashcat.net/faq/morework
Approaching final keyspace - workload adjusted.
Session..........: hashcat
Status...........: Exhausted
Hash.Mode........: 14700 (iTunes backup < 10.0)
Hash.Target......: $itunes_backup$*9*5618d8XXXXdfefdXXXX4042XXXX2f3ae1...42c9**
Time.Started.....: Wed Jun 15 20:25:30 2022 (0 secs)
Time.Estimated...: Wed Jun 15 20:25:30 2022 (0 secs)
Kernel.Feature...: Pure Kernel
Guess.Base.......: File (attack.txt)
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........: 3511 H/s (1.09ms) @ Accel:8 Loops:256 Thr:512 Vec:1
Recovered........: 0/1 (0.00%) Digests
Progress.........: 187/187 (100.00%)
Rejected.........: 0/187 (0.00%)
Restore.Point....: 187/187 (100.00%)
Restore.Sub.#1...: Salt:0 Amplifier:0-1 Iteration:9984-9999
Candidate.Engine.: Device Generator
Candidates.#1....: XXXX->
Hardware.Mon.#1..: Temp: 41c Fan: 0% Util: 75% Core: 132MHz Mem:3802MHz Bus:16
I've a couple of stupid questions here, sorry.
1. My dictionary file is 187 lines long, that's some possible variations of my daughter's name, the first and only password she has used for itunes itself, my old password, mum's old password etc. BUT - I've already tried all those manually in iTunes, so is the dictionary attack ONLY doing those or is it (somehow?!) doing variations too? That may be a dumb question. If it's only doing the 187, then it's only doing what I've done already.
2. Can I get this attack to do variations on those passwords, to narrow down a brute force attack? Or is that a stupid question? We can't believe we'd have set a password longer than 15 characters by the way. If so, and there is a way of doing this, what's the syntax please?
3. If (2) cant be done or doesn't work, what's the syntax for a full brute-force attack, limiting to 15 characters please? I promise I'm not being lazy here, I could look it up myself, yes: but it's just that I've about 15 other tabs open here at the moment and I'm really confused about what's what and what to run now. I'd just love to get this done *somehow*
Thanks in advance for your patience with me.
Please can you or any other helpful people bear with me whilst I ask some more questions and ask for more help.
So..... Despite what I said about checking it several times, I'd obvously got the data selection wrong in the first part: too many characters, so I didn't select the 40 bytes properly. (d'oh). I guess checking your own work isn't a good idea.
So, now - the command runs, and I get an unsuccessful (at finding the password) result. Again, to avoid any rule-breaking, I've XXXXd some bits out here. This is the output:
The wordlist or mask that you are using is too small.
This means that hashcat cannot use the full parallel power of your device(s).
Unless you supply more work, your cracking speed will drop.
For tips on supplying more work, see: https://hashcat.net/faq/morework
Approaching final keyspace - workload adjusted.
Session..........: hashcat
Status...........: Exhausted
Hash.Mode........: 14700 (iTunes backup < 10.0)
Hash.Target......: $itunes_backup$*9*5618d8XXXXdfefdXXXX4042XXXX2f3ae1...42c9**
Time.Started.....: Wed Jun 15 20:25:30 2022 (0 secs)
Time.Estimated...: Wed Jun 15 20:25:30 2022 (0 secs)
Kernel.Feature...: Pure Kernel
Guess.Base.......: File (attack.txt)
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........: 3511 H/s (1.09ms) @ Accel:8 Loops:256 Thr:512 Vec:1
Recovered........: 0/1 (0.00%) Digests
Progress.........: 187/187 (100.00%)
Rejected.........: 0/187 (0.00%)
Restore.Point....: 187/187 (100.00%)
Restore.Sub.#1...: Salt:0 Amplifier:0-1 Iteration:9984-9999
Candidate.Engine.: Device Generator
Candidates.#1....: XXXX->
Hardware.Mon.#1..: Temp: 41c Fan: 0% Util: 75% Core: 132MHz Mem:3802MHz Bus:16
I've a couple of stupid questions here, sorry.
1. My dictionary file is 187 lines long, that's some possible variations of my daughter's name, the first and only password she has used for itunes itself, my old password, mum's old password etc. BUT - I've already tried all those manually in iTunes, so is the dictionary attack ONLY doing those or is it (somehow?!) doing variations too? That may be a dumb question. If it's only doing the 187, then it's only doing what I've done already.
2. Can I get this attack to do variations on those passwords, to narrow down a brute force attack? Or is that a stupid question? We can't believe we'd have set a password longer than 15 characters by the way. If so, and there is a way of doing this, what's the syntax please?
3. If (2) cant be done or doesn't work, what's the syntax for a full brute-force attack, limiting to 15 characters please? I promise I'm not being lazy here, I could look it up myself, yes: but it's just that I've about 15 other tabs open here at the moment and I'm really confused about what's what and what to run now. I'd just love to get this done *somehow*
Thanks in advance for your patience with me.