Posts: 247
Threads: 59
Joined: Mar 2011
12-10-2011, 03:39 PM
(This post was last modified: 12-10-2011, 04:09 PM by Kgx Pnqvhm.)
Does hashcat have a 15 character password rule limit?
A rule like "i7! $2 $3" on a 12 character word works, but fails on a 13 character word.
I'm using that "--stdout" option on a "nofind" type hash with the redirected output to a mangles.txt file for inspection.
By "fail" I mean that hashcat didn't give any error message, but no mangles were output.
If run as an attack, hashcat runs it without an error message.
What limit am I running into?
Posts: 79
Threads: 4
Joined: Nov 2011
12-11-2011, 12:04 PM
(This post was last modified: 12-11-2011, 01:01 PM by ntk.)
U apply that rule on a 12 bits word, insert character ! at the 7te position so that makes 13 bits, then add 23 at the end, so it hits 15 bits. Hascat does have a limit at 15bits.
That rule clearly fails on 13 bits word.
I am not sure which hash you try to work on, but I think one problematic issue with rule in here is that we think we are searching for the solution, so we fan out our search light, the wider the more we could see.
Our machine is not that strong, our small budget is not that deep, our time is limited, even equipped with one 5970 or dual GPU, even with 8X 16bits slots available it wastes enough time to incremental search aaaa, aaab, aaba, .... then rule would add in aa!a, Aaa!b etc where the password practically starts at boring zaz. Which rule would help you then?
Therefore I think we have to change our mindset, we should not fan out our search light with rule, which immediately make 50 times from a basic word, and take 50 times more of our try, or I am wrong here???
Even we were David or Hercules if we fight a dragon with all our power that would not guarantee a winer. If we could catch the snake by its head, don't care how big, how long it is, let it wiggles the 32, 64, 1024 ways of the GPU force, but with its head in our hand all it needs it one neck break. So our chance would be bigger, or even seeing the head alone, head not its shadows, life would give us enough time to run away if required
So I think don't widen your search light but also do spot it, the use of rule don't spot, it widens
By the way just interested what is your specs
Posts: 5,185
Threads: 230
Joined: Apr 2010
Quote:A rule like "i7! $2 $3" on a 12 character word works, but fails on a 13 character word.
can not reproduce this:
Code:
root@thumbstone:~/dev/projects/hashcat/hashcat-0.38# cat > rule
i7! $2 $3
root@thumbstone:~/dev/projects/hashcat/hashcat-0.38# cat > word
0123456789abc
root@thumbstone:~/dev/projects/hashcat/hashcat-0.38# ./hashcat-cli64.bin --stdout -r rule word
0123456!789abc23
Quote:U apply that rule on a 12 bits word, insert character ! at the 7te position so that makes 13 bits, then add 23 at the end, so it hits 15 bits. Hascat does have a limit at 15bits.
That rule clearly fails on 13 bits word.
no, hashcat does not have this limit. its not bit. its byte. or char. 1 char = 1 byte = 8 bit.
Posts: 247
Threads: 59
Joined: Mar 2011
Putting that rule into rule.rule, and your word into word.txt, then running (hashcat 0.37 on a Win7 64-bit system):
> hashcat-cli64.exe --stdout -r rule.rule word.txt
outputs just a blank line.
Clipping the last character off the word, leaving "0123456789ab" in word.txt and re-running yields:
0123456!789ab23
This is hashcat 0.37. As I said above, actual attacks work, just the "--stdout" doesn't.
Posts: 5,185
Threads: 230
Joined: Apr 2010
yes, you are right. i can reproduce this with v0.37 but in v0.38 its already fixed
thanks for reporting!