02-15-2018, 04:20 AM
(This post was last modified: 02-15-2018, 04:27 AM by Spork Schivago.)
Hi!
I'm sorry if this is covered somewhere, I've been searching the forum here and using google but couldn't find the answer.
I have a Windows 7 (or maybe it was 10) NTLMv2 hash that I'm having trouble cracking. I've reset the password for the user, but was interested in figuring out what the old password was. The password hint was my cheating ex-whore. The user name was Taylor, and we might know what the password could be.
I've tried multiple wordlists and am running hashcat on those lists, which is going to take another 162 days or so on this laptop. I temporarily paused hashcat and created a new wordlist that has 10 words.
The shortest is 5 characters in length. The longest is 22.
I know this is a very simple question, but I can't really find the answer. I want to try using hashcat64 with that wordlist, but perform a full toggle-case attack on it and I'm not sure how to do that.
I do not want to use a rule that assumes the person did not use all capital letters with a long password. They could have. So I'd like to just have it try every word in the dictionary, and then change the cases, one by one.
What would be a good command line to accomplish this? So far, I have:
I don't think this is right though. I think this will just use the words in the list. I see references to --stdout when I search for how to do this, but hashcat64 --help shows:
This doesn't seem to imply that it'd in fact change the case of every word in the list. Could someone please point me in the right direction? Thank you.
I'm sorry if this is covered somewhere, I've been searching the forum here and using google but couldn't find the answer.
I have a Windows 7 (or maybe it was 10) NTLMv2 hash that I'm having trouble cracking. I've reset the password for the user, but was interested in figuring out what the old password was. The password hint was my cheating ex-whore. The user name was Taylor, and we might know what the password could be.
I've tried multiple wordlists and am running hashcat on those lists, which is going to take another 162 days or so on this laptop. I temporarily paused hashcat and created a new wordlist that has 10 words.
The shortest is 5 characters in length. The longest is 22.
I know this is a very simple question, but I can't really find the answer. I want to try using hashcat64 with that wordlist, but perform a full toggle-case attack on it and I'm not sure how to do that.
I do not want to use a rule that assumes the person did not use all capital letters with a long password. They could have. So I'd like to just have it try every word in the dictionary, and then change the cases, one by one.
What would be a good command line to accomplish this? So far, I have:
Code:
hashcat64 -D 1,2,3 -w 4 -O --status --session="Cheyanne Attack" --restore-file-path=c:\temp\cheyanne.restore -a 3 -m 1000 c:\temp\hash.txt wordlists\cheyanne.txt -o c:\temp\cheyanne_results.txt
I don't think this is right though. I think this will just use the words in the list. I see references to --stdout when I search for how to do this, but hashcat64 --help shows:
Code:
--stdout Do not crack a hash, instead print candidates only
This doesn't seem to imply that it'd in fact change the case of every word in the list. Could someone please point me in the right direction? Thank you.