Masked Attack Parameter for Binary
#1
How do I do a mask attack on a binary string that is hashed with MD5? 

So for example...

String:
test word spaces

Binary:
01110100 01100101 01110011 01110100 00100000 01110111 01101111 01110010 01100100 00100000 01110011 01110000 01100001 01100011 01100101 01110011

MD5:
5c61957f8dcf9360f3f996cb689608ba


String > Binary > MD5
#2
You wouldn't be able to feed the string in as a direct input. And it would be tricky to try to shape the mask to match only the binary that is valid alphanumerics, other than the fact that the first bit is 0.

But even then, it's a bit too big:

Code:
$ hashcat -m 0 -a 3 binary.hash -2 '01' 0?2?2?2?2?2?2?20?2?2?2?2?2?2?20?2?2?2?2?2?2?20?2?2?2?2?2?2?20?2?2?2?2?2?2?20?2?2?2?2?2?2?20?2?2?2?2?2?2?20?2?2?2?2?2?2?20?2?2?2?2?2?2?20?2?2?2?2?2?2?20?2?2?2?2?2?2?20?2?2?2?2?2?2?20?2?2?2?2?2?2?20?2?2?2?2?2?2?20?2?2?2?2?2?2?20?2?2?2?2?2?2?2
hashcat (v4.0.1-72-g838a7163+) starting...

OpenCL Platform #1: NVIDIA Corporation
======================================
* Device #1: GeForce GTX 1080, 2028/8113 MB allocatable, 20MCU
* Device #2: GeForce GTX 1080, 2028/8114 MB allocatable, 20MCU
* Device #3: GeForce GTX 1080, 2028/8114 MB allocatable, 20MCU
* Device #4: GeForce GTX 1080, 2028/8114 MB allocatable, 20MCU
* Device #5: GeForce GTX 1080, 2028/8114 MB allocatable, 20MCU
* Device #6: GeForce GTX 1080, 2028/8114 MB allocatable, 20MCU

OpenCL Platform #2: Advanced Micro Devices, Inc.
================================================
* Device #7: AMD FX(tm)-8350 Eight-Core Processor, skipped.

Hashes: 1 digests; 1 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates

Applicable optimizers:
* Zero-Byte
* Early-Skip
* Not-Salted
* Not-Iterated
* Single-Hash
* Single-Salt
* Brute-Force
* Raw-Hash

Password length minimum: 0
Password length maximum: 256

ATTENTION! Pure (unoptimized) OpenCL kernels selected.
This enables cracking passwords and salts > length 32 but for the price of drastically reduced performance.
If you want to switch to optimized OpenCL kernels, append -O to your commandline.

Watchdog: Temperature abort trigger set to 90c

Integer overflow detected in keyspace of mask: 0?2?2?2?2?2?2?20?2?2?2?2?2?2?20?2?2?2?2?2?2?20?2?2?2?2?2?2?20?2?2?2?2?2?2?20?2?2?2?2?2?2?20?2?2?2?2?2?2?20?2?2?2?2?2?2?20?2?2?2?2?2?2?20?2?2?2?2?2?2?20?2?2?2?2?2?2?20?2?2?2?2?2?2?20?2?2?2?2?2?2?20?2?2?2?2?2?2?20?2?2?2?2?2?2?20?2?2?2?2?2?2?2
~
#3
(12-21-2017, 05:08 AM)royce Wrote: You wouldn't be able to feed the string in as a direct input. And it would be tricky to try to shape the mask to match only the binary that is valid alphanumerics, other than the fact that the first bit is 0.

But even then, it's a bit too big:

Code:
$ hashcat -m 0 -a 3 binary.hash -2 '01' 0?2?2?2?2?2?2?20?2?2?2?2?2?2?20?2?2?2?2?2?2?20?2?2?2?2?2?2?20?2?2?2?2?2?2?20?2?2?2?2?2?2?20?2?2?2?2?2?2?20?2?2?2?2?2?2?20?2?2?2?2?2?2?20?2?2?2?2?2?2?20?2?2?2?2?2?2?20?2?2?2?2?2?2?20?2?2?2?2?2?2?20?2?2?2?2?2?2?20?2?2?2?2?2?2?20?2?2?2?2?2?2?2
hashcat (v4.0.1-72-g838a7163+) starting...

OpenCL Platform #1: NVIDIA Corporation
======================================
* Device #1: GeForce GTX 1080, 2028/8113 MB allocatable, 20MCU
* Device #2: GeForce GTX 1080, 2028/8114 MB allocatable, 20MCU
* Device #3: GeForce GTX 1080, 2028/8114 MB allocatable, 20MCU
* Device #4: GeForce GTX 1080, 2028/8114 MB allocatable, 20MCU
* Device #5: GeForce GTX 1080, 2028/8114 MB allocatable, 20MCU
* Device #6: GeForce GTX 1080, 2028/8114 MB allocatable, 20MCU

OpenCL Platform #2: Advanced Micro Devices, Inc.
================================================
* Device #7: AMD FX(tm)-8350 Eight-Core Processor, skipped.

Hashes: 1 digests; 1 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates

Applicable optimizers:
* Zero-Byte
* Early-Skip
* Not-Salted
* Not-Iterated
* Single-Hash
* Single-Salt
* Brute-Force
* Raw-Hash

Password length minimum: 0
Password length maximum: 256

ATTENTION! Pure (unoptimized) OpenCL kernels selected.
This enables cracking passwords and salts > length 32 but for the price of drastically reduced performance.
If you want to switch to optimized OpenCL kernels, append -O to your commandline.

Watchdog: Temperature abort trigger set to 90c

Integer overflow detected in keyspace of mask: 0?2?2?2?2?2?2?20?2?2?2?2?2?2?20?2?2?2?2?2?2?20?2?2?2?2?2?2?20?2?2?2?2?2?2?20?2?2?2?2?2?2?20?2?2?2?2?2?2?20?2?2?2?2?2?2?20?2?2?2?2?2?2?20?2?2?2?2?2?2?20?2?2?2?2?2?2?20?2?2?2?2?2?2?20?2?2?2?2?2?2?20?2?2?2?2?2?2?20?2?2?2?2?2?2?20?2?2?2?2?2?2?2

hashcat64.exe -a 3 -m 0 -w 2 -1 "01" -2 " " -o found.txt hash.txt ?1?1?1?1?1?1?1?1?2?1?1?1?1?1?1?1?1?2?1?1?1?1?1?1?1?1?2?1?1?1?1?1?1?1?1?2?1?1?1?1?1?1?1?1?2?1?1?1?1?1?1?1?1?2?1?1?1?1?1?1?1?1?2?1?1?1?1?1?1?1?1?2?1?1?1?1?1?1?1?1?2?1?1?1?1?1?1?1?1?2?1?1?1?1?1?1?1?1?2?1?1?1?1?1?1?1?1?2 --increment

Is it possible to increment by 9, after the initial 8 bits?

For instance, I do not want to check: ?1?1?1?1?1?1?1?1?2?1, followed by ?1?1?1?1?1?1?1?1?2?1?1, then followed by ?1?1?1?1?1?1?1?1?2?1?1?1, etc.

I would want to check for: ?1?1?1?1?1?1?1?1?2, followed by ?1?1?1?1?1?1?1?1?2?1?1?1?1?1?1?1?1, then followed by ?1?1?1?1?1?1?1?1?2?1?1?1?1?1?1?1?1?2?1?1?1?1?1?1?1?1, etc.