Posts: 3
Threads: 1
Joined: May 2020
05-10-2020, 06:36 AM
Hello I'm very new to this
I'm trying to crack a 4 letter password (bcrypt hash) with the possibility of containing noncapital, capital letters and numbers
example: FvL6, wm4n
This is the cmd I ran
hashcat64.exe -m 3200 -a 3 -w 2 --custom-charset1=?l?u?d -i --increment-min 4 --increment-max 4 Ha123.txt ?a?a?a?a -o Cracked.txt
But estimated time was not practical. It was wondering if I'm doing something wrong.
Thank you for helping me and hopefully, my post isn't breaking any rules.
Posts: 407
Threads: 2
Joined: Dec 2015
You are doing it correctly, bcrypt is just designed to be that slow on purpose. There really isn't much else you can do. It might be easier to load your GPU to 100% util if you just generate all the candidates with mask processor and put them in a file, but it's possible that this doesnt help at all and its the same speed..
Posts: 2,267
Threads: 16
Joined: Feb 2013
The command makes no sense.
Defining any custom charset like --custom-charset1 (or short -1) without using it within the mask doesn't make any sense and is actually quite a common user mistake.
It would make more sense to use
-1 ?l?u?d and then a mask with ?1?1?1?1
BTW: I always try to mention the problems if I find some within user commands, otherwise other users just go ahead and blindly copy-paste (parts of) commands
Posts: 803
Threads: 135
Joined: Feb 2011
I'll add that ?a contains symbols, which you don"t want according to your passwords ("FvL6, wm4n")
Posts: 25
Threads: 0
Joined: May 2020
As a comparison:
$ hashcat --keyspace -a 3 ?a?a?a?a
857375
$ hashcat --keyspace -a 3 -1 ?l?u?d ?1?1?1?1
238328
So you're doing about 4x as much work by using ?a?a?a?a. Probably not enough of a reduction to go from "heat death of the universe" to "by lunchtime", but still worth fixing.
Posts: 3
Threads: 1
Joined: May 2020
(05-10-2020, 07:29 AM)philsmd Wrote: The command makes no sense.
Defining any custom charset like --custom-charset1 (or short -1) without using it within the mask doesn't make any sense and is actually quite a common user mistake.
It would make more sense to use
-1 ?l?u?d and then a mask with ?1?1?1?1
BTW: I always try to mention the problems if I find some within user commands, otherwise other users just go ahead and blindly copy-paste (parts of) commands
Thanks a bunch, I have fixed that and it reduced the time considerably.
I was also wondering if you can make a rule to include only a single number for each word or no number at all.
I hope that's possible and isn't so much to ask. Thank you so much for taking the time to help me.
Posts: 2,301
Threads: 11
Joined: Jul 2010
Pure masks don't support this but you can create a hcmask file with policygen from PACK:
https://github.com/iphelix/PACK
Posts: 3
Threads: 1
Joined: May 2020
(05-11-2020, 01:04 AM)undeath Wrote: Pure masks don't support this but you can create a hcmask file with policygen from PACK: https://github.com/iphelix/PACK
Can I use pack to create a wordlist that fits my potential word candidates? then I use it later for wordlist attack and what's the command line for it please?
I got to work only by typing "python3" and not "python" is that okay?
My rules are
--minlength 4 --maxlength 4
Capital letters and non capital letters
One number max each word or no numbers at all