Posts: 4
Threads: 1
Joined: Nov 2018
Hello, I am new to hashcat and after searching for a little bit I am not able to locate the syntax I would need to get the answer I am looking for.
I believe the hash name is bcrypt.
I have a hash that starts with the following $2y$12$....(60 total characters) and I have a salt which ends with == but has 32 characters.
the syntax used is
hashcat64.exe -a 0 -m 3200 $2y$12$.....
I then get an error message of "timeout in stdin mode".
any help would be appreciated.
Posts: 2,301
Threads: 11
Joined: Jul 2010
Posts: 803
Threads: 135
Joined: Feb 2011
Read help/wiki/usage.
You missed something do to (dictionnary attack ? mask ? etc.), that's why hashcat is waiting for your input in stdin.
Posts: 4
Threads: 1
Joined: Nov 2018
11-22-2018, 04:38 PM
(This post was last modified: 11-22-2018, 05:13 PM by sleclerc.)
Thank you for your response,
If I would like to brute force attack this hashed password what command structure would I used?
-I know nothing about the length or characters used. upper/lower case, special character, numbers
if I use the following command hashcat -m 3200 -a 3 -1 ?a hashes.txt ?1?1?1?1?1?1?1?1?1?1
-m 3200 bcrypt encryption
-a 3 brute force
-1 pattern ?a = upper/lower, special characters and numbers
hashes.txt is my file with the hashes
I get the following message
integer overflow detected in keyspace of mask: ?1?1?1?1?1?1?1?1?1?1?1?1
how do I brute force the password if I don't know the length or characters used, but I do have the salt used.
Posts: 2,301
Threads: 11
Joined: Jul 2010
brute-forcing bcrypt is not feasible.
Posts: 4
Threads: 1
Joined: Nov 2018
just to confirm if I have the hash $2y$12$... and the salt I am not able to decrypt bcrypt?
Posts: 2,301
Threads: 11
Joined: Jul 2010
Hashing is not encrpytion. You cannot decrypt a hash. There is no guaranteed way ever to crack a hash. I'm not saying you cannot crack bcrypt. But brute-force is not feasible.
Posts: 803
Threads: 135
Joined: Feb 2011
What's your GPU card?
Do some math. Aasssuming you have a GTX 1080 Ti, you will try ~23'000 passwords per seconds.
You said "I don't know the length or characters used".
Assuming mixalpha+digits => 62 characters
62 at length 5 will take 11 hours to bruteforce. You can do it.
62 at length 6 will take 28 days to bruteforce. You still can do it..
62 at length 7 will take ~5 years to bruteforce. Good luck.
Quote:But brute-force is not feasible.
+1
Posts: 2,301
Threads: 11
Joined: Jul 2010
(11-23-2018, 12:14 AM)Mem5 Wrote: Assuming you have a GTX 1080 Ti, you will try ~23'000 passwords per seconds.
With cost factor 12? I think you're being a little too optimistic
Posts: 2,936
Threads: 12
Joined: May 2012
Heh yeah, 23 KH/s is for cost of 5. At cost 12 the speed is 2^7 times slower at roughly 179 H/s.
