Need help
#1
Hello! Im totally new to Hashcat and have not used any such tool before.

I have a email adress with like ~5 missing characters and i also have the md5 hash of the full email. And i guess this would not be super hard to crack. 

I would really appreciate if someone could tell me how i should do this, and if possible give example of a full hashcat command.

Thanks.

What i got:

email: example****@gmail.com
md5 hash: 120b8510fd7091bc12f890433f65036f

GPU: Rtx 2080

Help me crack the unknown characters please. The above is just an example but the adress i got is in the exactly same format.
Reply
#2
md5 ("example1234@gmail.com") == 120b8510fd7091bc12f890433f65036f

it's against the forum rules to post hashes

you could use different types of attacks, -a 3, -a 7 (yeah even -a 1) and of course also a -a 0 attack with a --stdout pipe on the left side (e.g. -a 3 on the left) . chose the one that is the fastest and more convenient for you (e.g. less disk space needed, but still very fast speed)

I don't really understand what the real question is. Do you want to increase the length during the attack with --increment ? You could also just run several commands in sequence, like one with ?a?a?a?a and afterwards another one with ?a?a?a?a?a

For a general overview and explanation about mask attack see https://hashcat.net/wiki/?id=mask_attack

Code:
hashcat -m 0 -a 3 -w 3 -O 120b8510fd7091bc12f890433f65036f example?a?a?a?a@gmail.com

you can use mask files instead if you use a mask attack with several different mask that you want to run in sequence (like example?a?a?a?a@gmail.com and example?a?a?a?a?a@gmail.com)

Also note that the static/constant string at the start "example" isn't very good to achieve full acceleration. You could try to work around problems with speed drops with other attack modes and/or stdout/pipe

Code:
hashcat --stdout -a 3 example?a?a?a?a@gmail.com | hashcat -m 0 -w 3 -O 120b8510fd7091bc12f890433f65036f

the problem here is that with -m 0 = MD5 it doesn't really make much sense to use pipes because it will be slower in most cases Sad other hash types (slower ones) are not affected by speed reduction (bottlenecks) when using pipes
Reply
#3
(09-02-2019, 06:55 PM)philsmd Wrote: md5 ("example1234@gmail.com") == 120b8510fd7091bc12f890433f65036f

it's against the forum rules to post hashes

you could use different types of attacks, -a 3, -a 7 (yeah even -a 1) and of course also a -a 0 attack with a --stdout pipe on the left side (e.g. -a 3 on the left) . chose the one that is the fastest and more convenient for you (e.g. less disk space needed, but still very fast speed)

I don't really understand what the real question is. Do you want to increase the length during the attack with --increment ? You could also just run several commands in sequence, like one with ?a?a?a?a and afterwards another one with ?a?a?a?a?a

For a general overview and explanation about mask attack see https://hashcat.net/wiki/?id=mask_attack

Code:
hashcat -m 0 -a 3 -w 3 -O 120b8510fd7091bc12f890433f65036f example?a?a?a?a@gmail.com

you can use mask files instead if you use a mask attack with several different mask that you want to run in sequence (like example?a?a?a?a@gmail.com and example?a?a?a?a?a@gmail.com)

Also note that the static/constant string at the start "example" isn't very good to achieve full acceleration. You could try to work around problems with speed drops with other attack modes and/or stdout/pipe

Code:
hashcat --stdout -a 3 example?a?a?a?a@gmail.com | hashcat -m 0 -w 3 -O 120b8510fd7091bc12f890433f65036f

the problem here is that with -m 0 = MD5 it doesn't really make much sense to use pipes because it will be slower in most cases Sad other hash types (slower ones) are not affected by speed reduction (bottlenecks) when using pipes


Hello again!

Do you have any tips on how i can increase speed.

When i run for example:

Code:
hashcat64.exe -m 0 -a 3 -w 3 -O -1 abcdefghijklmnopqrstuvwxyz0123456789.-_ -o output.txt 120b8510fd7091bc12f890433f65036f example?a?a?a?a@gmail.com

i get 

Code:
[/color]
[color=#000000]Session..........: hashcat[/color]
Status...........: Cracked
Hash.Type........: MD5
Hash.Target......: 120b8510fd7091bc12f890433f65036f
Time.Started.....: Sat Feb 08 16:49:07 2020 (0 secs)
Time.Estimated...: Sat Feb 08 16:49:07 2020 (0 secs)
Guess.Mask.......: example?a?a?a?a@gmail.com [21]
Guess.Charset....: -1 abcdefghijklmnopqrstuvwxyz0123456789.-_, -2 Undefined, -3 Undefined, -4 Undefined
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........:  230.1 MH/s (0.96ms) @ Accel:256 Loops:1 Thr:256 Vec:4
Recovered........: 1/1 (100.00%) Digests, 1/1 (100.00%) Salts
Progress.........: 3014656/81450625 (3.70%)
Rejected.........: 0/3014656 (0.00%)
Restore.Point....: 0/81450625 (0.00%)
Restore.Sub.#1...: Salt:0 Amplifier:0-1 Iteration:0-1
Candidates.#1....: examplerana@gmail.com -> exampleg1=)@gmail.com
[color=#000000]Hardware.Mon.#1..: Temp: 53c Fan:  0% Util: 16% Core:1860MHz Mem:6800MHz Bus:16[/color]
[color=#000000]



230.1 MH/s feels quite slow on my rtx 2080, i did read that this is because of that there are some limitations to mask attacks. Is there any known way to improve the speed? For all the hashes i try to crack i have them in this format, first a known part then unknown part with known length and then a known part. 
Reply
#4
I already mentioned one way to improve the speed (with stdin/pipe). Depending on the hash type (-m x), there might be also the possibility to just use a different algorithm, e.g. salted hashes instead of unsalted

-m 0 -> -m 20 (in your specific case)

Code:
hashcat64.exe -m 20 -a 3 -w 3 -O -1 abcdefghijklmnopqrstuvwxyz0123456789.-_ -o output.txt 120b8510fd7091bc12f890433f65036f:example ?a?a?a?a@gmail.com
Reply
#5
Thanks for quick reply. I have now tested both the methods you suggested but the result with stdin was much slower than -m 0. And -m 20 was exactly the same speed as -m 0.
Reply
#6
well, it's the prefix as I already told you. The speed with -m 20 will be slower of course, because salted.

We actually also have a FAQ and some questions like this https://hashcat.net/faq/morework
just to make sure you understand the problem.

There are of course some other things you could try:
like using maskrocessor mp64.exe instead of the --stdout mode
Code:
mp64 -1 ?l?d.-_ example?1?1 | hashcat64.exe -m 0 -a 0 -w 3 -O -o output.txt -r my.rule 120b8510fd7091bc12f890433f65036f

where my.rule contains the output of:
Code:
mp64 -1 ?l?d.-_ '$?1$?1$@$g$m$a$i$l$.$c$o$m' > my.rule
note: replace the quote '' with "" depending on your operating system and shell escaping rules $xyz normally are variables and need to be quoted

you could also test to a command similar to the --stdout command from above (but without hashcat at the left side and without --stdout) and use maskprocessor on the left side without rules.

you could also test to just use rules for the whole command
Code:
hashcat64.exe -m 0 -a 3 -w 3 -O -1 ?l?d.-_ -o output.txt -r part1.rule 120b8510fd7091bc12f890433f65036f dict.txt

where part1.rule contains e.g. the appending of "example" (^e ^l ^p ^m ^a ^x ^e) and some of the random chars e.g
Code:
mp64 -1 ?l?d.-_ '^e^l^p^m^a^x^e$?1$?1' > part1.rule

and the dict.txt contains the second part
Code:
mp64 -1 ?l?d.-_ '?1?1@gmail.com' > dict.txt

or use -a 1 with 2 dicts etc etc etc


but my guess is that the mask with -m 20 will be the fastest... and it really is very fast (just like not exactly the same speed as -m 0 of course)


I also noticed that you said -1 but always used ?a, that makes absolutely no sense
Reply
#7
Thanks again for reply. I will try this as well. And about the -1 and ?a it was just because i copy pasted the example mail and hash from your earlier reply. But on my real hashes i use ?1 Big Grin
Reply