Integer overflow detected while brute forcing
#1
I get the error message:
Integer overflow detected in keyspace of mask: ?a?a?a?a?a?a?a?a?a?a?a

when i try tu bruteforce the md5 hash of a password, which is 11 chars (alphanumeric with special character)
Code:
hashcat -m 0 -a 3 the_md5-hash_of_a_11_provide_long_password ?a?a?a?a?a?a?a?a?a?a?a



Where is the mistake in my syntax? Is the keyspace too long for a bruteforce? That would be weird but the only possibility which I can imagine with those error messages. Thanks in advice.
#2
Indeed ?a x 11 BF is not feasible therefore it doesn't matter if it overflows or not which is why hashcat works as it works. You need to try more clever attacks based on wordlists.
#3
True. 7 character bruteforcing with ?a?a?a?a?a?a?a works fine. Some social-engineering would be clever now. You never stop learning.
Thanks!
#4
(05-22-2017, 08:41 AM)atom Wrote: Indeed ?a x 11 BF is not feasible therefore it doesn't matter if it overflows or not which is why hashcat works as it works. You need to try more clever attacks based on wordlists.

Shouldn't the software evaluate any potential issues that could lead to overflows and return an error message in the first place?
#5
(05-23-2017, 03:32 PM)kjs Wrote:
(05-22-2017, 08:41 AM)atom Wrote: Indeed ?a x 11 BF is not feasible therefore it doesn't matter if it overflows or not which is why hashcat works as it works. You need to try more clever attacks based on wordlists.

Shouldn't the software evaluate any potential issues that could lead to overflows and return an error message in the first place?

This error message is from hashcat. It detected the overflow and reported it to the user. Not sure how the software can do it better than that.

Quote:Integer overflow detected in keyspace of mask: ?a?a?a?a?a?a?a?a?a?a?a
#6
(05-23-2017, 03:38 PM)atom Wrote:
(05-23-2017, 03:32 PM)kjs Wrote:
(05-22-2017, 08:41 AM)atom Wrote: Indeed ?a x 11 BF is not feasible therefore it doesn't matter if it overflows or not which is why hashcat works as it works. You need to try more clever attacks based on wordlists.

Shouldn't the software evaluate any potential issues that could lead to overflows and return an error message in the first place?

This error message is from hashcat. It detected the overflow and reported it to the user. Not sure how the software can do it better than that.

Quote:Integer overflow detected in keyspace of mask: ?a?a?a?a?a?a?a?a?a?a?a

Yes, but can't you detect that an overflow would occur based on the input mask and the CPU architecture?
#7
No, because it's not the related to a CPU architecture. It's the variables datatype that counts.
#8
Ok, 64-bit or 128-bit uint?
#9
@kjs: Wait, you're over on Hashkiller advertising Hashcat rigs for sale, but you don't even know what datatypes Hashcat uses internally? Good luck with that, I'm sure your customers have much faith in your ability to provide competent support.
#10
(05-24-2017, 04:33 AM)epixoip Wrote: @kjs: Wait, you're over on Hashkiller advertising Hashcat rigs for sale, but you don't even know what datatypes Hashcat uses internally? Good luck with that, I'm sure your customers have much faith in your ability to provide competent support.

What is your problem exactly?