Charset descrypt / crypt(3) - Non-printable password?
#1
Hi,

I try to find a preimage of a crypt(3) aka "descrypt" hash. I did a bruteforce of 1-8 char length with all 95 printable ASCII characters, but no luck. I now assume that the password consists of non-printable characters, too.

While the mask:
Code:
?b?b?b?b?b?b?b?b


searches from 0x00 to 0xFF (256 values) I only need 0x00 to 0x7F (128 values) as crypt(3) is limited to this keyspace.
https://linux.die.net/man/3/crypt

How to build such a charset? Currently, my crypt3.hcchr looks like this, is it correct?

Code:
user@pc:~# cat crypt3.hcchr
000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F

(A single line, no line breaks at the end)

I start hashcat like this
Code:
./hashcat64.bin -a 3 -m 1500 --session=mysession myhash.lst --hex-charset --custom-charset1=charsets/crypt3.hcchr masks/mymask.hcmask -o found.cracked
#2
You must have some nice setup over there if you searched through that keyspace. On my 3x1080 I'd expect that to take around a month to finish.

Anyway the charset looks good. Do not forget -w 3
#3
(11-29-2016, 09:50 PM)atom Wrote: You must have some nice setup over there if you searched through that keyspace. On my 3x1080 I'd expect that to take around a month to finish.

Anyway the charset looks good. Do not forget -w 3

You can have a look at next week ;-)
https://twitter.com/m33x/status/797196646828441600