Please note, this is a STATIC archive of website hashcat.net from October 2020, cach3.com does not collect or store any user information, there is no "phishing" involved.

hashcat Forum

Full Version: custom charset reality check
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Hi All,

Just wanted to do a reality check after doing a password attack on 3 sha512crypt password hashes for a competition.

I chose to do a dictionary + mask attack because I thought I knew what the password started with (the dictionary) plus 4 numbers followed by a dash -, then 4 uppercase letters.

I set "--custom-charset1=-" the mask was then ?d?d?d?d?1?u?u?u?u

My question is, did my custom charset work? how can I confirm that the hashes that hashcat tested were in fact, what I wanted to test for? Is one character "-" in a custom charset valid?

thanks in advance
Depending on how long your dictionary words were, I would guess that most attempts were skipped. oclHashcat has a char limit and you are only leaving room for 6 letter dictionary words.
Thanks Radix, the dictionary file only had one word, a four character dictionary word. If my guess was correct then the password should be a 13 character password, format XYZ-1234-ABCD, that should be under the 15 character limit.

(11-28-2012, 12:18 AM)radix Wrote: [ -> ]Depending on how long your dictionary words were, I would guess that most attempts were skipped. oclHashcat has a char limit and you are only leaving room for 6 letter dictionary words.
if it only has one word you don't need to do a hybrid attack, you can just do a mask attack. also, while it is valid, you don't really need to use a custom charset for just one character. so, brute forcing the mask "word?d?d?d?d-?u?u?u?u" will work just fine.
Thanks epix! I will try it that way also, just to be sure.

(11-28-2012, 10:21 AM)epixoip Wrote: [ -> ]if it only has one word you don't need to do a hybrid attack, you can just do a mask attack. also, while it is valid, you don't really need to use a custom charset for just one character. so, brute forcing the mask "word?d?d?d?d-?u?u?u?u" will work just fine.