Brute force with custom charset
#1
Hi. I am trying to launch a brute-force attack on a WordPress hash and i know that the password contains only letters and numbers and has length of 6-9 signs. From the wiki i figured out that i have to type this command into my oclHashcat:

oclHashcat64.exe -m400 -a 3 hash.txt -1 ?l?d

But when i do so hashcat launches brute-force attack with all Built-in charsets: ?l?u?d?s (and not the ones i need it to brute force which is ?l?d), i figured that out from the time it takes to finish the certain lengths of a password. I don't think that it takes absolutely identical amount of time to check 5 signs password in these modes "?l?d" "?l?u?d?s". Could you please indicate what do i do wrong and what exactly should i type to make a brute-force attack only with letters and digits?

Thanks in advance!
#2
you are defining a custom character set, but you are not supplying a mask that actually uses that character set.
#3
I figured that out that it has something to do with the mask... Could you please write a proper command then?
#4
From HC Wiki:
oclHashcat64 -a 3 -m 400 -i --increment-min=6 -1 ?l?d hash.txt ?1?1?1?1?1?1?1?1?1

Brute forcing a wordpress hash at those settings is a bad idea, though.
#5
(10-05-2014, 11:14 AM)Rolf Wrote: From HC Wiki:
oclHashcat64 -a 3 -m 400 -i --increment-min=6 -1 ?l?d hash.txt ?1?1?1?1?1?1?1?1?1

Brute forcing a wordpress hash at those settings is a bad idea, though.

I am not really good with cracking methods that offers hashcat. Could you offer me a better solution for my issue?
#6
Wordlist and mutation attacks are never bad to start with.
More information regarding the description and usage of attacks can be obtained from the aforementioned wiki or by launching hashcat with the "--help" flag.
#7
I have already tried wordlist attack (i have 107 GB wordlist but no success with cracking this hash). I have never heard of mutation attacks before. Got to give it a try. Thanks a lot for your help!