Possible development to support three wordlists at once?
#11
you're not talking about the 1Password competition, are you? https://hashcat.net/forum/thread-7480.html

That's not "hmac-sha256" but pbkdf2 (with hmac-sha256) with 100k iterations. That's a whole different league. 13mb wordlist with that? lol
#12
In case any of you were wondering, this is for the 1password competition:[https://bugcrowd.com/onepasswordgame]. I was just wanting to try it out to see how well I can do with bugcrowd and Penetration Testing in general.
#13
(06-16-2018, 12:36 AM)undeath Wrote: you're not talking about the 1Password competition, are you? https://hashcat.net/forum/thread-7480.html

That's not "hmac-sha256" but pbkdf2 (with hmac-sha256) with 100k iterations. That's a whole different league. 13mb wordlist with that? lol
However, I was attempting to complete one of the non-sampled ones.
#14
I'm pretty sure they were using the "AgileWords.txt" wordlist you can find on the competition's github repo. That's a whole lot smaller than your wordlist. And still, even with a decent hardware cluster this is going to take months to crack a single of those hashes. Do the math yourself.

PS: please use the edit function instead of multi-posting
#15
(06-16-2018, 12:47 AM)undeath Wrote: I'm pretty sure they were using the "AgileWords.txt" wordlist you can find on the competition's github repo. That's a whole lot smaller than your wordlist. [1] And still, even with a decent hardware cluster this is going to take months to crack a single of those hashes. Do the math yourself.

[2] PS: please use the edit function instead of multi-posting
1: Yeah, that is the sad truth. But as a proof of concept, I do still want to at least get on the right track to being able to have the words separated by spaces.
2:Ok, will do.
#16
There is no hashcat-native way of doing combinator3 with rules. A simple solution would be creating an intermediate wordlist with a space appended to each line, then creating a second intermediate wordlist containing the result of combining the first intermediate one with itself (as said before, with a 13mb wordlist this is infeasible) and then using the second one in a normal combination attack with the original one.

A slightly more technical solution would be modifying the combinator3 source code to fit your needs and pipe that to hashcat.
#17
(06-16-2018, 12:58 AM)undeath Wrote: There is no hashcat-native way of doing combinator3 with rules. A simple solution would be creating an intermediate wordlist with a space appended to each line, then creating a second intermediate wordlist containing the result of combining the first intermediate one with itself (as said before, with a 13mb wordlist this is infeasible) and then using the second one in a normal combination attack with the original one.

Alright, I understand what you are talking about. May you supply me reference code that I can wrap my head around for that?
#18
Code:
sed 's/$/ /g' wordlist.txt > with-space.txt
combinator.bin with-space.txt with-space.txt > comb-with-space.txt
hashcat -a1 hash.txt comb-with-space.txt wordlist.txt
#19
(06-16-2018, 01:06 AM)undeath Wrote:
Code:
sed 's/$/ /g' wordlist.txt > with-space.txt
combinator.bin with-space.txt with-space.txt > comb-with-space.txt
hashcat -a1 hash.txt comb-with-space.txt wordlist.txt

Alright, thank you undeath. I will reply with the results.

Edit: so far the txt file is 5gb XD
#20
Star 
Thank you undeath. Like you said, it will take forever. Below is my current status update:

Session..........: 2018-06-15
Status...........: Running
Hash.Type........: PBKDF2-HMAC-SHA256
Hash.Target......: sha256:100000:itFxKrXWMtjE2sB7eS67Fw==:o6i4645znIb2...EewmY=
Time.Started.....: Fri Jun 15 16:52:19 2018 (1 min, 12 secs)
Time.Estimated...: Sat Mar 08 12:13:16 2081 (62 years, 266 days)
Guess.Base.......: File (D:\hashcat-stuff\HashcatGUI_1.00r3\comb-with-space.txt), Left Side
Guess.Mod........: File (D:\hashcat-stuff\hashcat-4.1.0\agile.txt), Right Side
Speed.Dev.#1.....:     3110 H/s (6.04ms) @ Accel:32 Loops:16 Thr:640 Vec:1
Recovered........: 0/1 (0.00%) Digests, 0/1 (0.00%) Salts
Progress.........: 122880/6156660823552 (0.00%)
Rejected.........: 0/122880 (0.00%)
Restore.Point....: 0/335915584 (0.00%)
Candidates.#1....: aardvark aardvark abaci -> abandon quilting abaci
HWMon.Dev.#1.....: Temp: 67c Fan: 72% Util: 92% Core:1657MHz Mem:3504MHz Bus:16

Anyone else viewing this thread with the same question. Please use undeath's 
Code:
$ sed 's/$/ /g' wordlist.txt > with-space.txt
 
Code:
$ combinator.bin with-space.txt with-space.txt > comb-with-space.txt
and royce's 
Code:
# Convert salt and hash from hex to raw and then to base64:
$ echo -n '00bb202b205f064e30f6fae101162a2e' | xxd -p -r | base64
ALsgKyBfBk4w9vrhARYqLg==
$ echo -n '91976be95cd28e55e580ee9f69a2139202a9b65eabfbbf33c99bc42e3665564d' | xxd -p -r | base64
kZdr6VzSjlXlgO6faaITkgKptl6r+78zyZvELjZlVk0=

# Prepare hashfile in the expected format for hashcat
$ cat test.hash
sha256:100000:ALsgKyBfBk4w9vrhARYqLg==:kZdr6VzSjlXlgO6faaITkgKptl6r+78zyZvELjZlVk0=

# Perform simple attack, piping in expected plaintext. The hash is cracked as expected.
$ echo 'tanbark artistic callus' | hashcat --quiet -m 10900 -a 0 test.hash
sha256:100000:ALsgKyBfBk4w9vrhARYqLg==:kZdr6VzSjlXlgO6faaITkgKptl6r+78zyZvELjZlVk0=:tanbark artistic callus
with the above status update to gauge whether you have the power to hash it, or not.