Newbie question on using hashcat64
#1
Hi!

I'm sorry if this is covered somewhere, I've been searching the forum here and using google but couldn't find the answer.

I have a Windows 7 (or maybe it was 10) NTLMv2 hash that I'm having trouble cracking.   I've reset the password for the user, but was interested in figuring out what the old password was.   The password hint was my cheating ex-whore.   The user name was Taylor, and we might know what the password could be.

I've tried multiple wordlists and am running hashcat on those lists, which is going to take another 162 days or so on this laptop.    I temporarily paused hashcat and created a new wordlist that has 10 words.

The shortest is 5 characters in length.   The longest is 22.

I know this is a very simple question, but I can't really find the answer.   I want to try using hashcat64 with that wordlist, but perform a full toggle-case attack on it and I'm not sure how to do that.

I do not want to use a rule that assumes the person did not use all capital letters with a long password.   They could have.    So I'd like to just have it try every word in the dictionary, and then change the cases, one by one.

What would be a good command line to accomplish this?   So far, I have:

Code:
hashcat64 -D 1,2,3 -w 4 -O --status --session="Cheyanne Attack" --restore-file-path=c:\temp\cheyanne.restore -a 3 -m 1000 c:\temp\hash.txt wordlists\cheyanne.txt -o c:\temp\cheyanne_results.txt

I don't think this is right though.   I think this will just use the words in the list.   I see references to --stdout when I search for how to do this, but hashcat64 --help shows:
Code:
--stdout      Do not crack a hash, instead print candidates only

This doesn't seem to imply that it'd in fact change the case of every word in the list.   Could someone please point me in the right direction?   Thank you.
#2
What wrong with toggle rules (in rules folder)? Also note that a wordlist that has 10 words is too less to keep your gpu busy. I'd suggest using toggle rules in stdout mode and redirect the output into a file which you then use as wordlist in combination with a different ruleset.
#3
(02-15-2018, 02:05 PM)atom Wrote: What wrong with toggle rules (in rules folder)? Also note that a wordlist that has 10 words is too less to keep your gpu busy. I'd suggest using toggle rules in stdout mode and redirect the output into a file which you then use as wordlist in combination with a different ruleset.

Thank you for the reply.   It is my understanding the ruleset would be used for someone who tried creating a complex password, using up to a maximum of 5 capital characters, to try and prevent someone from logging in.   I'm not certain this is the case.

I think we just have a long username and they could have capitalized all of it, or used a passphrase with certain words capitalized.

I have tried all the toggle rulesets and came back with nothing with what we think the password might be.   I'd rather just quickly test these ten or so words, with all versions of capitalization possible, before I continue with my brute-force attempts.

I have much larger wordlists that I'm using rulesets on, but they take time.   For example, because the password hints that it's a persons name, I downloaded a few wordlists that contain a lot of female names.   Then I've downloaded a few other word lists and combine them or try combinations from each list.

Thanks!