04-19-2012, 10:55 PM
(This post was last modified: 04-19-2012, 10:59 PM by -.-PhanTom-.-.)
Hi
I have been playing around with the gui a bit.
For straight mode and straight + rules it is possible to select multiple wordlists (loaded) and they are then run in sequence.
However, I want to use hybrid dict+mask with multiple wordlist, that doesn't seem to be possible.... is that intentional?
Also, reading http://hashcat.net/wiki/mask_attack it seems like the mask chars are tried in alphabetical ascending order?
Wouldn't it make sense to use some kind of stats file (like in JTR) based on the cracked hashes in the pot file, to generate a priority of which the chars in mask mode are picked, based on their occurance in each char position for the max possible length per hash type?
Or this is already happening somehow?
I am trying a simple mask of "?d?d?d" and I notice that a lot of the found passwords at the beginning of each wordlist used have 971 and 972 .. it doesn't appear to be trying all digits (I don't see any passes with 000 or 101 etc) Could just be coinsidence I guess..
I have been playing around with the gui a bit.
For straight mode and straight + rules it is possible to select multiple wordlists (loaded) and they are then run in sequence.
However, I want to use hybrid dict+mask with multiple wordlist, that doesn't seem to be possible.... is that intentional?
Also, reading http://hashcat.net/wiki/mask_attack it seems like the mask chars are tried in alphabetical ascending order?
Wouldn't it make sense to use some kind of stats file (like in JTR) based on the cracked hashes in the pot file, to generate a priority of which the chars in mask mode are picked, based on their occurance in each char position for the max possible length per hash type?
Or this is already happening somehow?
I am trying a simple mask of "?d?d?d" and I notice that a lot of the found passwords at the beginning of each wordlist used have 971 and 972 .. it doesn't appear to be trying all digits (I don't see any passes with 000 or 101 etc) Could just be coinsidence I guess..