understanding dictionary/mask attack
#1
Hello folks,
I have a question about the dictionary/mask attack that i have not really understand well.
Suppose i have a ntlm hash for a password that 12 chars long as example: "123qweasdzxc" id say crack it with dictionary attack, i get my dictionary/wordlist file "rock you.txt" that word isn't inside it so i will write it myself and updating the file so i make sure the password is in dict file. i ran the command to launch it:
cudahashcat -m 1000 hashlist rockyou.txt rockyou.txt
incredible surprise but the hash is not cracked, how can it be possible i say ? i writes inside the real password and not get it ?
My question is : What the mean on dict left and dict right ? every hash is trying to be cracked is automatically splitted in half ? like 12char long is 6left and 6right ? Will be the same meaning if i try to crack a 20char long password ? 10left and 10right ?i can use a different oclhashcat to crack it i know, i just trying to understand how can this dictionary/mask attack works.

Any help is welcome.
Regards
#2
read this article: http://ob-security.info/?p=56
#3
(09-27-2011, 12:49 PM)atom Wrote: read this article: http://ob-security.info/?p=56

thanks for the reply atom, i finally understood how it works, and i also see where i was wrong, my example of password was like : pippopippo02\ on my command line i used both dict 1&2 and surprised the problem was the character "\" as last char that is not recognized by the dict2.txt. Is it possible that the dictionary file don't support the symbols (tried with \! and they don't work always get status exhausted).Thats strange since i add symbol manually don't you think ? Are there any limitations of use with symbols inside the dict files ? i guess will try with mask attack on the right.

Thanks again for the answer
#4
I think that you have misunderstood your problem. Your problem is that for NTLM (and DCC but not other algos), the maximum word length on the left and right is 7 characters each. Any word greater than 7 characters is skipped. So if your setup was pippo on the left dictionary and pippo02\ on the right dictionary, the latter will be skipped because it's 8 chars long (become 7 characters if you remove the \). The proper way to test it would be to have pippop on the left and ippo02\ on the right.
#5
(09-27-2011, 06:56 PM)mastercracker Wrote: I think that you have misunderstood your problem. Your problem is that for NTLM (and DCC but not other algos), the maximum word length on the left and right is 7 characters each. Any word greater than 7 characters is skipped. So if your setup was pippo on the left dictionary and pippo02\ on the right dictionary, the latter will be skipped because it's 8 chars long (become 7 characters if you remove the \). The proper way to test it would be to have pippop on the left and ippo02\ on the right.

Thanks for the reply master, yes i think the problem was related to the NTLM hash since i tried with your example pip pop on the left & ippo02\ on the right and worked perfectly!!.