Posts: 5
Threads: 1
Joined: Apr 2016
04-15-2016, 08:18 PM
(This post was last modified: 04-15-2016, 08:20 PM by roggerx.)
I've been following
this guide to get the plist and ended up generating a hash using
this hash generator . I'm running hashcat 2.00 and also referenced this
video
I tried running this command
Code:
hashcat-cli64.exe -m 7100 -output-file=cracked.txt --remove hash.txt wordlists/
I end up getting
Code:
C:\Users\xxxxxxx\hashcat-2.00>hashcat-cli64.exe -m 7100 -output-file=cracked.txt --remove hash.txt wordlists/
Initializing hashcat v2.00 with 12 threads and 32mb segment-size...
Skipping line: ・ソ$ml$xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx(signature unmatched)
No hashes loaded
Any idea what might be causing the problem?
Posts: 2,936
Threads: 12
Joined: May 2012
Looks like you have some garbage characters before the start of the hash? hash.txt needs to be a plain ascii text file with no encoding, and only the hash itself should be in the file.
Posts: 5
Threads: 1
Joined: Apr 2016
(04-15-2016, 08:25 PM)epixoip Wrote: Looks like you have some garbage characters before the start of the hash? hash.txt needs to be a plain ascii text file with no encoding, and only the hash itself should be in the file.
Thank you! That was the answer. Resaving the text file solved the problem.
Posts: 5
Threads: 1
Joined: Apr 2016
04-16-2016, 04:14 PM
(This post was last modified: 04-16-2016, 04:16 PM by roggerx.)
I'm currently looking into experimenting with mask attack. I'm reading the wiki right now and have a few questions .
Would the command
Code:
command: -a 3 -1 ?l?d ?1?1?1?1?1
be used for searching for a password that would contain only lowercase letter and numbers?
Another question I have is does hashcat run until it finds the password or until it's finished running through all possible options?
Posts: 2,936
Threads: 12
Joined: May 2012
The options you provided would search for loweralphanumeric passwords that are exactly five characters long. With these options, hashcat will run until it either finds the password, or has exhausted the entire loweralphanumeric len 5 keyspace.
Posts: 5
Threads: 1
Joined: Apr 2016
Thanks! So if I do something like this
Code:
hashcat-cli64.exe -m 7100 -a 3 --increment --increment-min 4 --increment-max 10 -output-file=cracked.txt --remove hash.txt -1 ?l?d ?1?1?1?1?1
Posts: 2,301
Threads: 11
Joined: Jul 2010
no, it would throw a syntax error because you're missing a dash in front of "output-file". After you fix that it will run 4-5 length because that's where your mask ends.
Posts: 5
Threads: 1
Joined: Apr 2016
04-17-2016, 11:17 AM
(This post was last modified: 04-17-2016, 11:31 AM by roggerx.)
(04-17-2016, 12:26 AM)undeath Wrote: no, it would throw a syntax error because you're missing a dash in front of "output-file". After you fix that it will run 4-5 length because that's where your mask ends.
Thanks for that. I misunderstood the "
?l?d"before the mask as being part of it. So this would do it?
Code:
hashcat-cli64.exe -m 7100 -a 3 --increment --increment-min 4 --increment-max 10 --output-file=cracked.txt --remove hash.txt -1 ?l?d ?1?1?1?1?1?1?1?1?1?1
The more I read the wiki the more questions I have. In this part for example.
Quote:Here is a single example. We want to crack the password: Julia1984
In traditional Brute-Force attack we require a charset that contains all upper-case letters, all lower-case letters and all digits (aka “mixalpha-numeric”). The Password length is 9, so we have to iterate through 62^9 (13.537.086.546.263.552) combinations. Lets say we crack with a rate of 100M/s, this requires more than 4 years to complete.
In Mask attack we know about humans and how they design passwords. The above password matches a simple but common pattern. A name and year appended to it. We can also configure the attack to try the upper-case letters only on the first position. It is very uncommon to see an upper-case letter only in the second or the third position. To make it short, with Mask attack we can reduce the keyspace to 52*26*26*26*26*10*10*10*10 (237.627.520.000) combinations. With the same cracking rate of 100M/s, this requires just 40 minutes to complete.
Is that 40 minutes with a specific type of command like
Code:
-a 3 -1 ?l?u ?1?l?l?l?l?l19?d?d
or just something like
Code:
-a 3 ?a?a?a?a?a?a?a?a
