Bruteforce mode doesn't find the password
#1
Hi, 

I do some test with Kerberos in my own lab. 

I have a hash from a 7 characters password that I can crack in dictionary mode with hashcat, if I put the password in my password file. 

I delete the content of potfile and if I try to crack the hash with brute force mode, hashcat doesn't manage to find it. 

Everything is going well. There is no error message. Hashcat go to next guess.queue 8 characters.

I don't understand, so if someone can help, it will be nice


The password : L@b1234
The command line : .\hashcat.exe -m 18200 -a  3 -O -w 4 --opencl-device-types 1,2 .\hash2.txt
or.\hashcat.exe -m 18200 -a  3 .\hash2.txt

the hash :  $krb5asrep$23$user1lab@LAB:e27e5d3b2aa3e5577a2030dcfd1fe58e$8b3f5a37ac8364821129ce637ad553a99cca12f1bbfccb0652eeb405d11b6be1335c27930ac92af342352c0384666d8edc9bf52ad792102bf27a84ae9ffff4f88ea9e54517e34b1863edc8e6b446937d6d886f08ecb218dc5583c2c4890dc6fa6b8fcb7bf55b7bf9725ca87b0623ab4547fd844203e6756ad71d3d6201534d252bd69d337ab578b49c2ce03a72f560b05d68425ca2e9e0f98bc3926eccdc893ca002786647bfdee0016f0383579124b1d8383482dbadea4b2494cbc84718064a5d17ae5c348d772a40006e7c06c9711a376e715ba02866ab8434584607e0b7f5f75415d12d79914e
Reply
#2
You didn't specify a mask in your command so hashcat used the default built in mask, which does not cover your password. You will need to specify a mask which contains your passwords in its keyspace for it to crack. Please see: https://hashcat.net/wiki/doku.php?id=mask_attack
Reply
#3
Ok, thanks for your answer. I didn't know that. I will try tomorrow
Reply
#4
L@b1234

As Chick3n mentioned, -1 ?l?d?u -2 ?l?d ?1?2?2?2?2?2?2 is the default keyspace for -a3.
In order for your attack to hit, you'll need to specify something which includes ?a or ?s such as: ?u?s?l?d?d?d?d or: ?a?a?a?d?d?d?d.
Reply