Posts: 3
Threads: 1
Joined: Dec 2022
Hiya
For a school assignment, (yes ethical hacking is a course for me
) I'm trying to crack a Win7 ntlm hash.
I know the password... it's MyPet123
The command should be this for me:
hashcat -m 1000 -a 6 BBEB311FF8BBB2335C520F767DD67E81 /usr/share/wordlists/rockyou.dic -1 ?u -2 ?l -3 ?d ?1?2?1?2?2?3?3?3
But I'm running into max keyspace, integer overflow.
If I try to reduce the length of the password so making the mask ?1?2?1?2?2?3?3, it's trying candidates with length of 11.
What am I missing here?
Many thanks!
Posts: 121
Threads: 1
Joined: Apr 2022
12-05-2022, 09:49 PM
(This post was last modified: 12-05-2022, 09:51 PM by b8vr.)
The length of the candidate will be the length of the candidate from the wordlist + your mask, so if you have a mask of 7-8 characters, you will quickly get candidates of length 11 and above.
Also, why use -1, -2 and -3 on so simple masks? Just use ?u?l?u?l?l?d?d?d
I guess what you really want here is the -a3 and not the -a6.
Posts: 3
Threads: 1
Joined: Dec 2022
(12-05-2022, 09:49 PM)b8vr Wrote: The length of the candidate will be the length of the candidate from the wordlist + your mask, so if you have a mask of 7-8 characters, you will quickly get candidates of length 11 and above.
Also, why use -1, -2 and -3 on so simple masks? Just use ?u?l?u?l?l?d?d?d
I guess what you really want here is the -a3 and not the -a6.
Yes ?u?l?u?l?l?l?d?d?d is the mask I tried first but I didn't know it's appending this mask to the wordlist instead of incorporating it in the total password mask. Thanks for that!
Now Brute forcing it since I know the composition of the PW would work better you are right. However I created a mask list with policygen for passwords that consist of 2 caps, 4 lowers and 3 numbers. Is there a way to combine this with a wordlist?
So for example a wordlist consists of only lower letters but looks at the provided masks and tries the word with each possible combination of 2 caps and additional numbers? That would really rock!
Posts: 121
Threads: 1
Joined: Apr 2022
You need rules for that. That can't be done with masks. See
https://hashcat.net/wiki/doku.php?id=rule_based_attack
Posts: 3
Threads: 1
Joined: Dec 2022
(12-06-2022, 08:07 PM)b8vr Wrote: You need rules for that. That can't be done with masks. See https://hashcat.net/wiki/doku.php?id=rule_based_attack
Beautiful, thanks!