Noob: Cracking SHA1 with known partial
#1
Hi Guys, 

First time posting on this kind of forum, so go easy on me please. 

I want to see how fast I can brute force a SHA1 hash based on an input of between 53 and 55 characters. 

Essentially I want to retrieve a shared key value which is inserted into a hash function surrounded by non-secret content

e.g. PublicInfo|foo|sharedkey|bar|1234

I know the first 8 characters, and I know the final 37 of the SHA1 input. 
I also know that the missing 8-10 characters are alphanumeric only (no special characters) 

Can i get hashcat to spit out the correct 8-10 characters to produce the hash I have? 

What is involved in getting this setup to run?
#2
Sure, just do a mask attack. Since the unknown content is variable-length you'd probably use an hcmask file.
#3
I feel like I've set something wrong here as the The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali) VM i'm running this on suggests Estimated >10 years.

I don't think I have enforced the 8-10 character limit

Command: hashcat -m 100 -a 3 -n 64 --custom-charset1=?u?l?d hashes.txt mask.hcmask -o hash_cracked.txt

Mask: Input.Mode: Mask (ZZZ0430|?1?1?1?1?1?1?1?1?1?1||0|Test Reference|1.00|20160518055758) [56]

How long should I reasonably expect this to take?
#4
The only thing you're really doing wrong is using a virtual machine. There's zero reason to do that, there's a hashcat for every OS.

The other problem is that you didn't really specify in your first post what hardware you have. I see now that you're obviously using only CPU, and I don't know why you think you would be able to brute force 62^8 + 62^9 + 62^10 on CPU.

With a single GTX 970, length 8 will take you 1 week; length 9 will take you 1.4 years; length 10 will take you 81 years. Using faster GPUs and more of them will cut your search time down.
#5
Thanks Epixoip.

I'm now home which allows me to try to do this properly - with cudaHashcat 2.01 against my 2x GTX970's.

After patching my windows registry to avoid the errors i believe I am ready to get cracking.

Problem is that cudahashcat is now skipping my mask because "it is larger than the maximum password length" - Am i doing something wrong here?

Command: cudaHashcat64.exe -m 100 -a 3 --custom-charset1=?u?l?d hashes.txt mask.hcmask -o hash_cracked.txt
Input.Mode.....: Mask (ZZZ0430|?1?1?1?1?1?1?1?1?1?1|0|Test Reference|1.00|20160518055758)

Any help in kicking this process off would be amazing.

*edit*
P.S. I did read this: https://hashcat.net/wiki/doku.php?id=fre..._questions and still have no idea if what I'm doing should/shouldn't work
#6
You said 53-55 chars but your mask is 57 chars...
#7
(05-19-2016, 10:10 AM)epixoip Wrote: You said 53-55 chars but your mask is 57 chars...

The mask in the file does not have the brackets around it? Inside the file the character count is 65 which ignoring the ?'s matches the 55 limit. 

Copy + Paste of Mask File: 

ZZZ0430|?1?1?1?1?1?1?1?1?1?1|0|Test Reference|1.00|20160518055758