Looking for options.
#1
Hi.

I am trying to figure out if there is a better way to crack my password.

Lets assume my password consists of 3 copies of the same word but each one of them has different case... alongside special characters. 
This is the syntax I am trying to achieve.

*JoE@GmaiL.Com*joE@gMaiL.cOm*JOE@GMAiL.COM*
or
#JoE@GmaiL.Com#joE@gMaiL.cOm#JOE@GMAiL.COM#

Now.. I've been using combinator3 to combine all 3 wordlists .. 
Each file consists of 25K entries. 

File 1 and 2 are exactly the same.
ex:
#JoE@GmaiL.Com
#JOE@gmaiL.cOm
#joE@GmAiL.COM

File 3:
#JoE@GmaiL.Com#
#JOE@gmaiL.cOm#
#joE@GmAiL.COM# 



I cant create one big file using combinator because its TB of space.. (I tried splitting and compressing but that takes as long as the cracking process itself.)
I've resorted to to splitting the last file into chunks of 5000 lines.. allowing me to run for 2 days.. (power outages permitting and no restore point.) 

Syntax used:
./combinator3.bin Full.file Full.file 5000lines.file | ./hashcat -a0 -m xxxxx passwd.hash

The above nets me a 30% performace hit.. vs standard attack without combinator. (5 GPUs)
On my 2nd node .. this nets me a 80% performance hit.. (11 GPUs) (Seems like cpu dependant) 


I've been running it like this for the last 3 years... 

Is there a better (smarter) way to attack this ?
Any help would be appreciated.


Thanks
Remski
Reply
#2
There is often multiple ways to do something with hashcat, I would do it like this:

Use the basic combinator.bin (2 files only) to generate the first wordlist file (should be small enough to fit on storage), then transform the third 25k entries to rules (append or prepend) and use hashcat with the first wordlist and these rules.

It should be quite faster since more work can be done by the GPUs, and you should be able to also pause/resume attack since there will be no more piping.
Reply
#3
Hi.

I actually tried to see if "combinator2.bin" would be any faster...
I merged 2 files with combinator2 and wanted to run that with the other 3rd file..
When I run the test ... it didnt print anything...  
I tried downloading and compiling another version, with the same results.
Seems like there is a file limit or something as nothing is printed in the OS error log. (the combined file has 600mln lines)


As for rules.. I just tried a test... and seems that with the -a1 mode it creates the same set of candidates... 
So I merged the first 2 files with combinator2 and the 3rd file is getting parsed just like combinator would..

./hashcat -a1 ./Part1_and2.out ./Part3.out --stdout


I'll check the speeds once my current run sets are done.

Thanks for the great hint !!!
Remski



(02-07-2023, 10:43 AM)Xanadrel Wrote: There is often multiple ways to do something with hashcat, I would do it like this:

Use the basic combinator.bin (2 files only) to generate the first wordlist file (should be small enough to fit on storage), then transform the third 25k entries to rules (append or prepend) and use hashcat with the first wordlist and these rules.

It should be quite faster since more work can be done by the GPUs, and you should be able to also pause/resume attack since there will be no more piping.
Reply