Posts: 40
Threads: 4
Joined: May 2018
Once someone has gotten up to speed on the basics of hashcat, like using various rules/wordlists, playing with masks, finding that ones that seem to work best, what would you suggest that a noob learn next? PRINCE? Or is there something else in between? Trying to learn to be good and efficient at pw cracking. Looking for a suggestion from the experts.
Thanks.
Posts: 930
Threads: 4
Joined: Jan 2015
07-06-2018, 08:35 PM
(This post was last modified: 07-06-2018, 08:41 PM by royce.)
One of the most educational experiences I've had with hashcat was when I did this:
* working a large general list using all of the techniques that I knew,
* running PRINCE, random rules, or junk wordlists against the remaining hashes,
* studying why I had missed the new founds,
* and adding general attacks for those new founds to my list of techniques - repeat as needed.
This is very empowering because you can dig into the emerging patterns yourself - it's self-propelled.
It also matters to put your list of techniques in order by efficiency, and to study how to scientifically measure that efficiency using --debug-mode (to see which rules are working) and --outfiles plus the 'crackpos' value (to see how many attempts it took to find your plain).
~
Posts: 40
Threads: 4
Joined: May 2018
Awesome. Thank you Royce. And you're right about the emerging patterns. I'm really enjoying "discovering" which masks work best for me. As an example, I just ran a data set of 137,000 passwords I've recently cracked through a mask generator and found the top ones, then went back and used these masks against "exhausted" hash files and voila, cracking more hashes!