Posts: 40
Threads: 11
Joined: Feb 2018
01-22-2020, 03:35 PM
Hello,
I'm trying to come up with an use-case for dictionaries of passwords converted to HEX. The only pro I see is an possibility to have password on multiple different encoding in a single file and the con that the dictionary require 2-times the storage space of the original dictionary(s). Am I missing something? Is there any other use-case for this feature?
Regards,
Azaran
Posts: 40
Threads: 11
Joined: Feb 2018
Posts: 2,267
Threads: 16
Joined: Feb 2013
01-28-2020, 01:56 PM
(This post was last modified: 01-28-2020, 01:59 PM by philsmd.)
there are at least 2 ways to use "hex" passwords within dictionaries in hashcat:
1. use --hex-wordlist
2. use $HEX[] within the lines
these options are very similar and different at the same time: i.e. they both have their advantages.
for instance if you use $HEX[] you do not need to convert every line into hexadecimal (e.g. do not use $HEX[] in lines where it is not needed, only use it for lines where required/meaningful).
with --hex-wordlist you have the advantage that you do not need to use "$HEX[" at the start and "]" at the end.
In general, you should only use a feature if it makes sense to you and has some advantages...
if you do not need HEX, you probably shouldn't use it.
There are many use cases where passwords converted to hexadecimal would make sense... e.g. for some hash types that have "binary" data (like RC4 keys for office colliders, or DES/3DES keys etc)... of course also encoding issues could be prevented (but I wouldn't say it's the best and most common use case: you could just use --encoding-from/--encoding-to with -a 0 dictionary attack instead), but yeah, sometimes it makes sense also for quickly testing some multi-byte or similar passwords etc.
so I guess there is no general answer to your question: it's just sometimes very useful to have this feature (but if you do not see any reason to use it, you don't have to use it)
Posts: 40
Threads: 11
Joined: Feb 2018
I was just trying to get some information from people using it in practice and you've pointed out some interested use-cases. Thanks phil.