Posts: 33
Threads: 16
Joined: Dec 2016
05-22-2017, 06:47 AM
(This post was last modified: 05-22-2017, 06:52 AM by matt99.)
I get the error message:
Integer overflow detected in keyspace of mask: ?a?a?a?a?a?a?a?a?a?a?a
when i try tu bruteforce the md5 hash of a password, which is 11 chars (alphanumeric with special character)
Code:
hashcat -m 0 -a 3 the_md5-hash_of_a_11_provide_long_password ?a?a?a?a?a?a?a?a?a?a?a
Where is the mistake in my syntax? Is the keyspace too long for a bruteforce? That would be weird but the only possibility which I can imagine with those error messages. Thanks in advice.
Posts: 5,185
Threads: 230
Joined: Apr 2010
Indeed ?a x 11 BF is not feasible therefore it doesn't matter if it overflows or not which is why hashcat works as it works. You need to try more clever attacks based on wordlists.
Posts: 33
Threads: 16
Joined: Dec 2016
True. 7 character bruteforcing with ?a?a?a?a?a?a?a works fine. Some social-engineering would be clever now. You never stop learning.
Thanks!
Posts: 32
Threads: 2
Joined: May 2017
(05-22-2017, 08:41 AM)atom Wrote: Indeed ?a x 11 BF is not feasible therefore it doesn't matter if it overflows or not which is why hashcat works as it works. You need to try more clever attacks based on wordlists.
Shouldn't the software evaluate any potential issues that could lead to overflows and return an error message in the first place?
Posts: 5,185
Threads: 230
Joined: Apr 2010
(05-23-2017, 03:32 PM)kjs Wrote: (05-22-2017, 08:41 AM)atom Wrote: Indeed ?a x 11 BF is not feasible therefore it doesn't matter if it overflows or not which is why hashcat works as it works. You need to try more clever attacks based on wordlists.
Shouldn't the software evaluate any potential issues that could lead to overflows and return an error message in the first place?
This error message is from hashcat. It detected the overflow and reported it to the user. Not sure how the software can do it better than that.
Quote:Integer overflow detected in keyspace of mask: ?a?a?a?a?a?a?a?a?a?a?a
Posts: 32
Threads: 2
Joined: May 2017
(05-23-2017, 03:38 PM)atom Wrote: (05-23-2017, 03:32 PM)kjs Wrote: (05-22-2017, 08:41 AM)atom Wrote: Indeed ?a x 11 BF is not feasible therefore it doesn't matter if it overflows or not which is why hashcat works as it works. You need to try more clever attacks based on wordlists.
Shouldn't the software evaluate any potential issues that could lead to overflows and return an error message in the first place?
This error message is from hashcat. It detected the overflow and reported it to the user. Not sure how the software can do it better than that.
Quote:Integer overflow detected in keyspace of mask: ?a?a?a?a?a?a?a?a?a?a?a
Yes, but can't you detect that an overflow would occur based on the input mask and the CPU architecture?
Posts: 5,185
Threads: 230
Joined: Apr 2010
No, because it's not the related to a CPU architecture. It's the variables datatype that counts.
Posts: 32
Threads: 2
Joined: May 2017
Ok, 64-bit or 128-bit uint?
Posts: 2,936
Threads: 12
Joined: May 2012
@kjs: Wait, you're over on Hashkiller advertising Hashcat rigs for sale, but you don't even know what datatypes Hashcat uses internally? Good luck with that, I'm sure your customers have much faith in your ability to provide competent support.
Posts: 32
Threads: 2
Joined: May 2017
(05-24-2017, 04:33 AM)epixoip Wrote: @kjs: Wait, you're over on Hashkiller advertising Hashcat rigs for sale, but you don't even know what datatypes Hashcat uses internally? Good luck with that, I'm sure your customers have much faith in your ability to provide competent support.
What is your problem exactly?