|
First Attempt, does this look alright?
|
07-16-2020, 07:31 PM
(This post was last modified: 07-16-2020, 08:02 PM by FPTHHrw6mKhNZwL6.)
-a 3 -m 1400 example0.hash -1 123456789 -2 0123456789- -3 abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789- -4 abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789 ?4?4?4?4?4?4?4?4?4?4?4?4?4?4?4?4?4?4?4?4?4?4?4
--increment --increment-min=22 --increment-max=23
07-16-2020, 07:36 PM
I need the answers to look like this:
17-8fjOpaYiIg1594919960 4-zXjJVWdxtf1594920068
07-16-2020, 07:40 PM
How do I add a space in case the password is a 22 character password?
you could use mask files https://hashcat.net/wiki/doku.php?id=mas...mask_files
or just set -1 "012345 6789" for the first byte of your mask (i.e. any set of chars, charset, that has a space in it). btw: it depends on the operating system which type of quotes (" vs ') is best for quoting a space.... therefore I would suggest to just use the .hcmask file syntax and you are always fine Alternatively to the extra charset, you could just use 2 different masks and therefore lines in the mask file (.hcmask), one with the space and one without, an example for fixed 8-byte length password with prepending space: Code: ?l?u,?d?d?1?1?1?1?1?1
07-16-2020, 08:26 PM
Yes thanks Phil, but do you see anything wrong with my command line
07-16-2020, 08:29 PM
yeah, your command doesn't make sense to me at all.
Why would you define all those custom charsets (-1 , -2 , -3 , -4) and only use ?4 in your mask ? That seems to be a misunderstanding/problem of the syntax if you set -1 you normally would use ?1 in your mask if you set -2 you normally would use ?2 in your mask if you set -3 you normally would use ?3 in your mask if you set -4 you normally would use ?4 in your mask your final masks only uses ?4, this kind of shows that you are not really understanding what a custom charset is and that it's not enough to only define it (with -1 , -2 , -3 , -4) but you also need to use it in the mask (or within other custom charsets)
07-16-2020, 09:27 PM
True, then my re-edited command would be:
?1?2?3?4?4?4?4?4?4?4?4?4?4?4?4?4?4?4?4?4?4?4?4
07-16-2020, 11:19 PM
The main problem now is that it's quite a long password.
We "normally"/generally say that a length of 8-9 is the max that can be brute-forced (but attention: this depends a lot on hash type and/or the charset final keyspace etc). Maybe there is a different way to attack these hashes. a more clever approach, without "brute-force". Are the passwords really random ? Sometimes it makes sense to step back a little bit and see if the attack is even feasible and how long it would take and if there are some alternatives etc. 
07-17-2020, 11:56 AM
hashcat has predefined character sets and I highly recommend them over specifying each letter by itself. Also, the command in the first post seems to have ?1=?2 and ?3=?4 that doesn't make sense. Moreover, the mask you posted "?1?2?3?4?4?4?4?4?4?4?4?4?4?4?4?4?4?4?4?4?4?4?4" doesn't accurately reflect the kind of candidates you expect.
Quote:17-8fjOpaYiIg1594919960 -1 ?l?u?d ?d-?1?1?1?1?1?1?1?1?1?1?d?d?d?d?d?d?d?d?d?d -1 ?l?u?d ?d?d-?1?1?1?1?1?1?1?1?1?1?d?d?d?d?d?d?d?d?d?d those masks would fit the candidates you posted. As philsmd has already written, your keyspace still is way too large and it is impossible to complete the attack. |
|
« Next Oldest | Next Newest »
|
