Learning to crack 7z archives
#1
Hello everyone! I've come here seeking some clarity on the use of oclhashcat. I've spent my free time for the last few days reading a great deal on how to use this program and it seems like it could be a fun tool to use. I realize that there are likely many forum posts with questions similar to my own but I feel it necessary for my learning process to be involved in some kind of discussion with someone who understands the subject matter.

That being said I've created a 7z archive with a password so that I could learn effective ways to break into 7z archives. I have a fairly elementary understanding of hashcat, but am new to this so forgive me if my questions seem a bit obvious.

So what I have done so far is read and watched many tutorials on this subject, and discovered that I need to find a way to get the 'non-hash' (as I've seen it called) of my archive. After a bit of research I found that it isn't particularly difficult to do this, and managed to get a text output using 7z2hashcat.exe! Ok so that was simple enough, and every tutorial on the planet covers the next part. I went out and found 527MB of wordlists and decided I'd gather them all up with the mindset that maybe they'd be useful. I then ran the oclhashcat exe by entering the line "cudahashcat64.exe -m 11600 -output-file=cracked.txt --remove hash.txt wordlists"

Everything seems to work fine. I waited approximately 45 minutes for a general English wordlist to finish, but alas I was not given any clue to what the password is. "Of course it shouldn't be so easy!" I told myself. This leads me to my questions. The password to the archive I have made is happy123, which in my mind would mimic a fairly common password structure. Now this is where I've run into a bit of an impasse due to the specifics of my question. I'd like to know how, given my current resources, I could refine my guesses to be a bit more effective. As far as I'm aware the program would default to a mask attack unless I specified otherwise. What would be the best attack mode for such a situation? How are some ways I could configure my attacks to be more effective in recovering the password?

I also have a slightly less pressing question. When I ran the aforementioned line, I was getting somewhere around 250 H/s. I have a NVidia 770 gtx. Does this seem normal? I see videos of people using the same wordlists for similar activities but they get results in only 3 or so minutes where it takes me roughly an hour to run through just one wordlist comprised of about 350000 words. If I were to go through the entirety of my wordlists it would take days to finish this way. I'd imagine that this is due to some user error or oversight but I just thought I'd ask.

Thanks in advance to anyone who decides to help me out here, I really do appreciate it!

-Travis, one hungry dude.
#2
7zip is a very slow algorithm, so your attacks have to be very targeted. Also your GPU is not very good for hash cracking, so you have to be even smarter about your attacks than those with better-performing GPUs.

If you have no idea what the password is, then it would be best to run a small wordlist ordered by frequency/probability combined with best64.rule.
#3
Hmm ok, I'll give that a go. I'm also sporting an intel 4790k, do you think it would be quicker to use that instead of my gpu? That's initially what I had wanted to do but the latest version of hashcat didn't support 7z so I was forced to work with oclhashcat, though I'm sure there's a way.
#4
No, your GPU should be several times faster than your CPU for this.
#5
Alright, I had been thinking that would be the case. I appreciate the advice, I'll know soon if this rule set makes any headway.