Cracking MySQL/MariaDB Hashes
#1
I've been trying to crack some MySQL/MariaDB hashes with no success. Is there any recommendation for having a better chance at this? 

Also, are these options --increment-min=4 --increment-max=8 not supported again because hashcat threw out an error below.

Increment-min is only supported when combined with -i/--increment
Reply
#2
--increment-min and --increment-max are command line arguments that can be used in a mask attack (-a 3. Well, it is also supported in -a 6 and -a 7 actually, but always together with masks).

if you use --increment-min and/or --increment-max you also need to specify the --increment command line flag.
an example would be
Code:
hashcat -m 0 -a 3 -w 3 --increment --increment-min 4 --increment-max 7 -2 ?l?d hashes.txt ?2?2?2?2?2?2?2?2?2

Note: the mask itself, in this case ?2?2?2?2?2?2?2?2?2 which was defined in this example to use all lowercase letters and digits, must be *at least* as long as --increment-max, but can be longer

... and no, there is no bullet-proof way to say "this is how you 100% crack all of these hashes", but you might research what are the best ways to target a specific hash lists which was discussed a lot of times within this forum (and in several external blog posts etc). In general, a small but very targetted and well-working (non-crap, overblown) dictionary together with special and/or well-known/good rules is a good start.

On the other hand, if you say that you have a lot of hashes but crack none of them (it wasn't clear from your description above), then you indeed might be doing something wrong or there is a very special password policy (but in my experience one does also crack several hashes - the low hanging fruits - even if the password policy is very restrictive given that the hash list comprises a lot of hashes, at least some thousands).
Reply
#3
Thank you for your tip. I can see what I was doing wrong. I didn't specify the increment flag argument before using --increment-min=4 --increment-max=8 respectively. The hashes are just 8 and still not able to crack anyone yet. I'm going to try again with your new suggestion and see what I come up with.
Reply