7zip Advice
#1
Dear Forum,

I have a 7zip file which I know contains an 8 alphanumeric character password. I tried using a Mask attack on an extracted 7zip hash but it is telling me I have 10 years before bruteforce cracks it. Below is the line of code I used, any advice for me?

cudahashcat64.exe -m 11600 -a 3 -o cracked.txt --outfile-format=2 --remove hash.txt -1 ?l?u?d ?1?1?1?1?1?1?1?1

With two 980 TIs, it is estimating 10 years. I really thought it would be much faster but I am only getting 13,261 hashes per second (which I assume is the number of guesses per second). Shouldn't this guess number be in the millions with modern computing?

Point me in the right direction guys, how would you do this?

Amanwithplan
#2
7zip is an extremely slow algorithm. If you think 13 KH/s is slow, you should see what the speed is on CPU instead of your 2x 980Ti...

By the way, "10 years" is just the maximum ETA hashcat will display. If you do the math, your attack will really take 62^8 / 13261 / 86400 / 365 =~ 522 years.

So as you can see, mask attacks are really out of the question for 7zip. Best stick to highly-targeted wordlists + rules.
#3
(02-24-2016, 09:58 AM)epixoip Wrote: 7zip is an extremely slow algorithm. If you think 13 KH/s is slow, you should see what the speed is on CPU instead of your 2x 980Ti...

By the way, "10 years" is just the maximum ETA hashcat will display. If you do the math, your attack will really take 62^8 / 13261 / 86400 / 365 =~ 522 years.

So as you can see, mask attacks are really out of the question for 7zip. Best stick to highly-targeted wordlists + rules.

Can you recommend a rules string?
#4
It doesn't really work like that. You're going to have to use your brain on this one.
#5
(02-24-2016, 11:02 PM)epixoip Wrote: It doesn't really work like that. You're going to have to use your brain on this one.

http://www.youtube.com/watch?v=rGouLqVXkS8&t=0m14s
#6
if this is a downloaded 7zip from some where, and not a private 7zip file, you could google where to dL.
it could use part or all of the domain name in its PW. Why? so that no one has to ask "I've just download your file what is the password?"

With direct internal combis generator, asking for all combis end with ".com" like this
cudahashcat64.exe -m 11 600 -a 3 -o cracked.txt --outfile-format=2 --remove hash.txt -1 ?l?u?d ?1?1?1?1'.com'

Or better (and this is an area brains need to come in) use Maskprocessor this way
MP | filter box | cudahashcat64.exe

like:

MP ? | (filter box out think no need like double u, not double l -'hello..., mueller could be used', must end .com and somewhere before there is an . -but which position that is the question-) | cudahashcat64.exe -a 0 ...

It may be nonsense, but it results in a very smaller key space compare to 65^8. if you are lucky, you got the password short time. If not, no harm done, you still have none PW.

I with 2 Titans I would divide the key space in two fields
- easy field (yahoo.com mine.com, not more double repeat, same character not occurred more than 3x aabaa will fail etc.
- difficult field ($%aG111&.%Odd, ...)

Then tackle the easy field, either alone because you already has 2xTitans why not; or consider distribution attack. First the easy field, you could be lucky and get your PW there. (this is divide to conquer)

if you must attack the larger chunk, then definitely apply Hashoctopus to distribute/ cut down the work load in manageable slices (do the pack of wolfs attack)

and DO remember you want is to search for the PW (der Hase) you do not want to run all possible combis, so one more thing you can add in to your armor: Let the wolfs confuse "der Hase" by running pairwise one up one down ...

Can you image the fields with the wolfs combing up down, with der hase (the PW= the password=the rabbit=the bait=the ...) somewhere in between. Divide it to conquer, run the wolfs, comb the field ... SMART or not smart I dont know. The rabbit should tell the story or the wolfs??? I would bet on wolfs.