03-01-2017, 03:56 PM
I'm a new registered user, but I've been learning a lot from the forums over the last couple of years, so let me start off by saying thank you to everyone who works on this project.
I have a system with two AMD Pro Duos that I use for demo purposes at my school, and I'm running the attack against a large file of NTLM hashes. I've recently found that some hashes are not getting identified by hashcat during bruteforce runs, but are later showing up as a result of combinator or appending/prepending attacks.
Steps taken:
1) quick bruteforce with NTLM up to 12 characters and confirmed they dump to the potfile
2) append/prepend attack
3) combinator attack
I'm seeing passwords that are less than 12 chars and composed of u/l/d show up in steps 2 & 3 that should've easily been caught by the bruteforce attack.
What am I missing?
I have a system with two AMD Pro Duos that I use for demo purposes at my school, and I'm running the attack against a large file of NTLM hashes. I've recently found that some hashes are not getting identified by hashcat during bruteforce runs, but are later showing up as a result of combinator or appending/prepending attacks.
Steps taken:
1) quick bruteforce with NTLM up to 12 characters and confirmed they dump to the potfile
2) append/prepend attack
3) combinator attack
I'm seeing passwords that are less than 12 chars and composed of u/l/d show up in steps 2 & 3 that should've easily been caught by the bruteforce attack.
What am I missing?