What am I missing?

[slawson]

I have used hashcat quite a bit in the past, but it's been a while so I might be missing something simple.  

I am using hashcat 4.1.0.  I used fgdump to dump a list of hashes.  Just to get my feet wet again, I created a simple text file with the password that I know matches to a username.  For example sake let's say the password is password.

For some reason hashcat is not cracking the password using my password file.  Here is the syntax I am using.

hashcat64 -a 0 -m 1000 dumpfile.pwdump password.txt

It recognizes the hashes and my password file, but it won't crack it.  But when I use the following brute force syntax it cracks it:

hashcat64 -a 3 -m 1000 dumpfile.pwdump passwor?a

Any ideas?

[undeath]

make sure your password file has no BOM.

[slawson]

Wow, I knew it had to be something simple. I created a simple text file in UTF-8 format and it worked. Do all ANSI and UNICODE text files have a BOM?

Thanks.

[undeath]

The BOM is always optional and its presence depends on your text editor. Notepad++ has an option to explicitly enable/disable it. BOM is almost exclusively used for unicode. https://en.wikipedia.org/wiki/Byte_order_mark