hashcat Forum Support hashcat v
Rule for omitting duplicates in bruteforce attack?

Thread Closed 
Threaded Mode
Rule for omitting duplicates in bruteforce attack?
veggiebiker2500 Offline
Junior Member
**
Posts: 9
Threads: 3
Joined: Apr 2018
#1
04-22-2018, 07:28 PM
Hi, I'm trying to crack a handshake using a bruteforce attack....I know the password has 12 characters uppercase+numbers, which is a lot of permutations, but I also know that all the characters in the password are unique, so I don't want hashcat wasting it's energy going through passwords with duplicate chars. Is there a rule or function I can use? I didn't find any in the wiki

Here's my code so far...
hashcat64.exe -m 2500 -a 3 capture.hccapx -1 ?u?d  ?1?1?1?1?1?1?1?1?1?1?1?1

I appreciate any help!
Find
royce Offline
Moderator à la mode
******
Posts: 929
Threads: 4
Joined: Jan 2015
#2
04-22-2018, 07:51 PM (This post was last modified: 04-22-2018, 07:55 PM by royce.)
I encourage you to calculate how much of a difference in total keyspace this would make - and how long your attack will take even if these duplicates were removed.

Here is a value that might be helpful with your calculation.

Code:
$ mp64 --combinations -1 ?u?d ?1?1?1?1?1?1?1?1?1?1?1?1
4738381338321616896

This - (26+10)^12 - is how many guesses it will take to exhaust the keyspace.

Taking this number, and dividing it by hashes/second rate of your platform, should make it clear that your attack, even if you could cut the time in half (which would be much better than the keyspace reduction you're trying to do), will take a very very long time to run.

But I still encourage you to do the math for yourself, because it's hard to assimilate/believe until you do it yourself. Always do the math. Smile
~
Find
undeath Offline
Sneaky Bastard
******
Posts: 2,301
Threads: 11
Joined: Jul 2010
#3
04-22-2018, 08:25 PM (This post was last modified: 04-22-2018, 08:27 PM by undeath.)
(04-22-2018, 07:51 PM)royce Wrote: even if you could cut the time in half (which would be much better than the keyspace reduction you're trying to do), will take a very very long time to run.

Actually, if my math isn't off, it would cut the attack space almost by eight. However, your point still stands. The attack space is way too large.

36! / (36-12)! / 4738381338321616896 ~ 0.127
Find
royce Offline
Moderator à la mode
******
Posts: 929
Threads: 4
Joined: Jan 2015
#4
04-22-2018, 08:55 PM
Yep, that looks right to me. I need to upgrade napkins. Smile
~
Find
veggiebiker2500 Offline
Junior Member
**
Posts: 9
Threads: 3
Joined: Apr 2018
#5
04-23-2018, 03:18 PM
Yeah, I was just using a general example and didn't realize that a 12 char passcode would take years even on a gaming PC. But lets assume it's only a 6 char password...
hashcat64.exe -m 2500 -a 3 capture.hccapx -1 ?u?d ?1?1?1?1?1?1

What should I add to make it eliminate dupes?
Find
royce Offline
Moderator à la mode
******
Posts: 929
Threads: 4
Joined: Jan 2015
#6
04-23-2018, 04:35 PM
Generally speaking, there's no efficient way to eliminate duplicates within hashcat itself. You'd have to write an external candidate-password generator, and pipe that into hashcat.
~
Find
veggiebiker2500 Offline
Junior Member
**
Posts: 9
Threads: 3
Joined: Apr 2018
#7
04-23-2018, 05:05 PM
(04-23-2018, 04:35 PM)royce Wrote: Generally speaking, there's no efficient way to eliminate duplicates within hashcat itself. You'd have to write an external candidate-password generator, and pipe that into hashcat.

Gotcha. Yeah, I was thinking maybe making a crunch list as a second option. Thanks for the advice!
Find
Thread Closed