09-29-2012, 08:56 AM
thank you for explaining this epixoip. I was under the impression that SHA1 = md5(md5($salt).$pass)? the subject's a typo. Thank you for letting me know that I'm wasting my time using the Quadro.
So something simply like this in addition to using something like passwordpro rules?
hashcat-cli64.exe --hash-mode 6 --attack-mode 1 --output-file C:\recovered.txt --rules-file C:\rules\passwordspro.rule C:\hashes.txt C:\wordlist.dic --pw-min 8 --pw-max 8
and then step up the min max until a solution is found...
For Markov chains I assume (I just downloaded it) I use the statsprocessor
(since this http://hashcat.net/wiki/doku.php?id=markov_attack is tbd)
http://hashcat.net/wiki/doku.php?id=statsprocessor
so with statsproc do I use something like:
--pw-min 8 --pw-max 8 hashcat.hcstat ?l?l?l?l?l?l?l?l to generate a list and then try it
then maybe
--pw-min 8 --pw-max 8 hashcat.hcstat ?u?u?u?u?u?u?u?u
then maybe
--pw-min 8 --pw-max 8 hashcat.hcstat ?a?a?a?a?a?a?a?a
Then rinse and repeat in +1 integers for min max until 18?
Therefore generating 30 different wordlists?
Is that how the statsproc works?
Then use each wordlist one at a time with haschat until solution found?
I'm amazed at how some make it look so easy.. as it seems it takes as much and if not more time than app reverse engineering. So is that what you mean by a plan of attack (if this even qualifies as one lol)? am I way off the beaten path or am I headed in the right direction?
Thank you
So something simply like this in addition to using something like passwordpro rules?
hashcat-cli64.exe --hash-mode 6 --attack-mode 1 --output-file C:\recovered.txt --rules-file C:\rules\passwordspro.rule C:\hashes.txt C:\wordlist.dic --pw-min 8 --pw-max 8
and then step up the min max until a solution is found...
For Markov chains I assume (I just downloaded it) I use the statsprocessor
(since this http://hashcat.net/wiki/doku.php?id=markov_attack is tbd)
http://hashcat.net/wiki/doku.php?id=statsprocessor
so with statsproc do I use something like:
--pw-min 8 --pw-max 8 hashcat.hcstat ?l?l?l?l?l?l?l?l to generate a list and then try it
then maybe
--pw-min 8 --pw-max 8 hashcat.hcstat ?u?u?u?u?u?u?u?u
then maybe
--pw-min 8 --pw-max 8 hashcat.hcstat ?a?a?a?a?a?a?a?a
Then rinse and repeat in +1 integers for min max until 18?
Therefore generating 30 different wordlists?
Is that how the statsproc works?
Then use each wordlist one at a time with haschat until solution found?
I'm amazed at how some make it look so easy.. as it seems it takes as much and if not more time than app reverse engineering. So is that what you mean by a plan of attack (if this even qualifies as one lol)? am I way off the beaten path or am I headed in the right direction?
Thank you