How do I add a dictionary like Rockyou?
Hi guys,

I'm quite new at this so normally I wouldn't be asking for help so early on but I'm lacking time to recover this password.

Could someone please give me an example command line of which command I'd have to issue to add a dictionary (like rockyou) to crack a phpass string?

I managed to get a simple brute force command working with some help from the Wiki but the status displayed it'd take > 10 years! I'm not sure if that's normal but surely it wouldn't decrease enough compared with the few days I have left to recover this password.

Help would be much appreciated!
if you use the gui version it'll show you the commands.
Most basic commands:

cd /path/to/binary/

./oclHashcat-plus64.bin -m 0 -a 0 /path/to/hashlist.txt /path/to/dictionary.txt

for multiple dicts in one folder:

./oclHashcat-plus64.bin -m 0 -a 0 /path/to/hashlist.txt /path/to/dictionaryfolder

for combinationattack:

./oclHashcat-plus64.bin -m 0 -a 1 /path/to/hashlist.txt /path/to/dictionary1.txt /path/to/dictionary2.txt
Hi guys,

Thanks for your replies. I got a dictionary attack working, unfortunately it has been running for 3 hours now and the time left display is 13 years.

Am I just unlucky with the password I need to crack or are my settings wrong?
What hashtype?

Hashcat should run through a 5gb dictionary in a few minutes if hashtype is MD5 and mode is normal.
Ah I must've done something wrong then. I used the GUI to select "NVIDIA (CUDA)" and selected phpass in cudahashcat-plus.

I did this cause I didn't see phpass in the normal Hashcat with "CPU only".

Should I pick MD5(phpBB3) in normal hashcat?

Thanks for your quick replies!
I think no.

I don` t know much about phpass() but this is the description:

- Hash algorithm (blowfish, DES, or MD5 in that order if available)
- Salt (random unique salt generated for each password)
- Iterations or password stretching (a specified number of iterations or rounds set as desired)


I read something about several thousand iterations but that seems to be defined by it` s user. In this case yes. Cracking takes much time. Unique salts, xxxxk iterations etc. is much computing.

So much you can see it as attackvector.
This is...quite complicated!

I did manage to use the GUI to make a command that includes the Rockyou dictionary, best64rule and MD5(phpBB3) and it actually started decrypting, it's giving me an estimated time of 60 minutes before completion.

But does this mean that what it's doing now is pretty much pointless?
Where is the hash from? There could be many variables.
It's from a Wordpress website (if that's what you mean!)

As far as I know they use a custom form of phpass (whatever that means, I read it somewhere)

edit: seems Wordpress is actually associated with -m 400 that being MD5(phpBB3)

Still, the progress is incredibly slow, it went from an hour to an estimated of 9 hours.

hashcat-cli64.exe --hash-mode 400 --rules-file C:\hashcat-gui-0.5.1\hashcat\rules\best64.rule C:\Users\Admin\Desktop\hash.txt C:\Hashcat\rockyou.txt

That's my command that started the decryption. Do you notice anything funky that could slow down the decryption? I know it takes longer the more complex the password is, but I've also seen examples that took only a few minutes so I find 9 hours quite hard to believe.