How to know the number of characters in a password ?
#1
Hi Everyone ,

Sometimes I want to crack a password and I don't know the exact number of characters so I always start with 8 and anytime I don't crack it I add a character but sometimes it could really take months as for brute force sometimes I have to wait 10-11 days to finish the crack and it's not sure to succes . So do you have a solution to avoid all this time wast ?


Best regards
Reply
#2
There isn't. Do you start with wordlists and rules before brute forcing? I have cracked 30+ char passwords before with wordlists. If you don't know anything about the password, brute forcing takes way too long once you get over 8 characters.
Reply
#3
starkk, length is usually unknown - but you can usually make some good guesses (and start small).

Also, brute force should be your last option. You should be trying wordlists, combinator, hybrid (wordlists+masks), wordlists+rules, and masks before you move on to brute force. Study https://hashcat.net/wiki/#core_attack_modes for hints. There's a whole world of better techniques waiting for you. Smile
Reply
#4
Along the lines of what Royce said, start small. If you have a fast enough hash type, you can brute for an entire space relatively quickly. For example for NTLM, I've been able to hit everything with the 95 characters for up to 7 chars in under 90 mins. But, NTLM is a super fast hash type. I'm not recommending using brute force, but if there's a chance of a short password, you can do something like 

-a3 ?a?a?a?a?a?a?a --increment

And that will exhaust all the US keyboard characters in a 1-7 character password. Once you start going over that, it's going to take a long time.
Reply
#5
Hi everyone ,

Thank's for the advice but anytime I wanted to crack with a worldlist I always had Exhausted as result and never succed with this technique , when I use rules for example it tooks nearly 1 month in the estimated time line . How can I deal with that ? are my worldlist not good enough ? I use Rockyou , 82 millions worldlist and crackstation human only , what do you think about those ? can you advice me some better ones ?

Best Regards
Reply
#6
I've got no advice other than what I already suggested above.
Reply
#7
No I mean do you have some advice about some good worldlists ? Some people says that Rockyou is not a really good one , what do you think about ? in my opinion it depends on how each one used it as you said with many type of attacks and rules but it's possible that i'm wrong and it's possible that there's much better worldlists .
Reply
#8
Another list that I like is from The Hacker Playbook. http://thehackerplaybook.com/get.php?type=THP-password

In addition to reading Hash Crack, The Hacker Playbook has some good password cracking tips.

In my opinion, there's nothing wrong with rockyou. I use it a lot and it usually gets me a lot of password with the type of work I do. Plus it's relatively small and fast. Great for low-hanging fruit. One thing we did was to take all the hashcat rules, remove duplicates, and put those in a single file and I run them with rockyou. I also use crackstation, but that takes a lot longer. That's something I'll run when I'm about done for the day and let it run overnight.

As Royce has said, the best password lists are ones that were actually human-generated passwords. You can also add in other things if you think they'll be helpful, like top names, cities, sports teams, etc. But actual password lists are better. You can generate your own too. Pastebin has password dumps every day. It's just a matter of finding them and scraping them before a pastebin admin deletes the paste. I'll often find those and grab the passwords and add those to my lists as well.
Reply
#9
Ah, OK. The best wordlist I know of, bang for the buck, is the hashes.org founds (the "found in plain" here: https://hashes.org/left.php).
Reply