Questions from a beginner

[aelog]

Hi all.

I have a file with 100 SHA1 hashes and I'm trying to crack them using cudaHashcat. So far I recovered 90 plaintext passwords, using rockyou as wordlist and dive.rules as rules file. The attack mode I used is the straight one.

I'm not exactly sure how to crack these 10 missing hashes. I guess these are the "hard passwords", or at least harder than the recovered ones?

Should I try to "extract" some kind of pattern from the 90 recovered passwords? And write some custom rule based on this pattern?

Searching on the forum, I found some interesting posts like this one: https://hashcat.net/forum/thread-3933.html
However I'm not sure whether it makes sense for my usecase, as rockyou seems to be already a good enough wordlist.


Thanks in advance.

[Xanadrel]

That's the thing about hashcracking, the last few % of not found hashes are the hardest to crack and take the longer.
Analysis of already cracked stuff is obviously a good thing to do for generating other candidates (even if it works better with a larger set of hashes).

[epixoip]

So you've ran through one wordlist with one rule, and you're already out of ideas? Surely you can be a bit more creative than that.

http://arstechnica.com/security/2013/05/...passwords/

[aelog]

So you've ran through one wordlist with one rule

Nope, I tried also other wordlists, but they recovered far less than 90 plaintexts.
Btw thanks for the link.

[BeanBagKing]

Something I've found very useful for those odd passwords that don't follow a dictionary/rule pattern is combinator attacks. You should know by now, looking at the 90 that you've recovered, how long the average password is. Take a few dictionaries and split them by length (splitlen). Now use combinator to combine them in ways that match your average password length.

For example, your average length is 8. Take all your 1 character passwords and combine them with your 7 character passwords. Then 7 with 1, then 2 with 6, 6 with 2, 3 with 5, etc... 4 with 4...