Incrementing Brute Force Attack?
#1
Question 
Hello!

I'm fairly a newb to oclHashcat and recently purchased a NVIDIA Geforce GTX 970 for gaming and cracking hashes. I just have a few questions before using cudaHashcat for password recoveries and such.

1. Is the GTX 970 (ZOTAC AMP! Omega) a good GPU for cracking hashes?

2. How would I go about using an incrementing brute force attack on IPB 2+ hashes? What I mean when I say this is to start use a mask or some sort for both lowercase and uppercase letters and numbers without having to manually change the mask or any options once the other is completed. Example:
a
b
...
z
0
1
...
aa
ab

But here's the catch. I need to start at 3 characters and increment to 32. Would using Hashkiller.co.uk's HashcatGUI help? What would the options be set to?

Thanks! Happy New Year!
#2
GTX 970 has decent Perf/Watt ratio.

For incremental brute force, look at http://hashcat.net/wiki/doku.php?id=mask_attack

You're not going to be able to brute force past 9 characters, let alone 32.
#3
Would knowing the salts to these hashes make a difference? I know everything I need to know (hash, salt, type), all I need to do is crack it. What would be the best way to crack a hash in terms of success?
#4
(01-01-2015, 07:30 AM)epixoip Wrote: You're not going to be able to brute force past 9 characters, let alone 32.

Epixoip is right. True brute forcing past about 8 characters is not practical. You'll hit a wall. See this Password cracking wall picture.

You'll have to be more intelligent about your attacks. Like many computer topics, there is some art mixed in with the science. There are many approaches to >8 character passwords. I've cracked some 16 character passwords. I didn't use brute force.

For the moment, and this will likely change, here is my approach:

1) Brute force 1-6 all characters (?a)
2) Brute force 7-8 only lowercase
3) Brute force 7-8 only uppercase
4) Brute force 3 letters + 4 digits
5) Brute force 1-12 digits only
6) Wordlists + above through best64 (and maybe d3ad0ne)
7) Hybrid - 2-3 digits or symbols to wordlists
8) Hybrid - 4 digits to wordlists
9) Hybrid - 3 digits or lowercase to wordlists
10) Hybrid - 1-2 symbols in front of wordlists
11) Take recovered and run Markov

Your card is better than mine, so you might take step 1 up to 7 characters. If so, adjust the other steps 2-4. And yes, there some overlap in step 5, but for me, the time lost re-checking those hashes is less than it would take to exclude them.
#5
If you have more than one hash you probably won't be able to brute force past length 5 or 6.

Depending on exactly how many unique salts you have, you may not be able to do any of the things rsberzerker suggested.