Will I encounter an overflow with this command ?
#1
Hey hello everyone Smile


I'm trying to reverse a bcrypt hash running this :

Code:
hashcat -a 3 -m 3200 /path/to/hash.txt -o /path/to/plain.txt --session 1 -1 '?l?u?d!_@' -i --increment-min=6 --increment-max=14 --hwmon-temp-abort=95 ?1?1?1?1?1?1?1?1?1?1?1?1?1?1

Will this create an overflow when trying 10+ characters ? If so, how to prevent this ?

I'm also a bit confused with the
Code:
--session 1
, how do I restore it ?

Thank you.
Reply
#2
1. If you try to brute force bcrypt, you're going to have a bad time.

2. You don't need --increment-max, your mask is 14 characters long so it will organically end there whenever it reaches that point, which will likely be several thousand years after the death of our sun. May want to add some shielding.

3. Keyspace is stored as uint64, your charset has 65 chars. floor(log(2^64 - 1) / log(65)) == 10 chars. Anything over that will overflow unless you use -t.

4. --session 1 --restore
Reply
#3
(09-03-2021, 06:17 PM)epixoip Wrote: 1. If you try to brute force bcrypt, you're going to have a bad time.

2. You don't need --increment-max, your mask is 14 characters long so it will organically end there whenever it reaches that point, which will likely be several thousand years after the death of our sun. May want to add some shielding.

3. Keyspace is stored as uint64, your charset has 65 chars. floor(log(2^64 - 1) / log(65)) == 10 chars. Anything over that will overflow unless you use -t.

4. --session 1 --restore

1. Yes, I'm aware. Running for understanding purposes.
2. Next big bang !
3. Gonna dig the -t now.
4. Thank you very much.
Reply