03-31-2015, 01:36 PM
Hi
I running 4 x AMD r9 280, i7 3.7Ghz, windows 7 (couldn't get ubuntu to install with the UEFI board/bios)
I know the Passwords start with days of the week and end in numbers like years etc , so I created a dictionary to recover the easy DES hashes
Monday
Monda
Mond
Mon
Tuesday
Tuesda
.
.
.
Friday
Frida
etc etc
I also added lowercase starts for the days.
I then ran a hybrid attack -
oclhashcat64.exe -a 6 -m 1500 --remove --session=rob --gpu-temp-abort=95 --outfile-format=3 --outfile=recovered.txt e:\hashes f:\wordlist ?d
I ran the same command using ?d?d and ?d?d?d and ?d?d?d?d and finally ?d?d?d?d?d
It did recover some hashes.
Later I ran a brute force attack using the below after applying many more mask combinations and other dictionaries -
oclhashcat64.exe -a 3 -m 1500 -1 ?u?l -2 ?l?d --remove --session=rob --gpu-temp-abort=95 --outfile-format=3 --outfile=recovered.txt e:\hashes ?1?2?2?2?2?2?2
It then recovered passwords like Monday1, Fri2003 etc
I would have expected to have recovered these from the hybrid attack?
comments please
Rob
I running 4 x AMD r9 280, i7 3.7Ghz, windows 7 (couldn't get ubuntu to install with the UEFI board/bios)
I know the Passwords start with days of the week and end in numbers like years etc , so I created a dictionary to recover the easy DES hashes
Monday
Monda
Mond
Mon
Tuesday
Tuesda
.
.
.
Friday
Frida
etc etc
I also added lowercase starts for the days.
I then ran a hybrid attack -
oclhashcat64.exe -a 6 -m 1500 --remove --session=rob --gpu-temp-abort=95 --outfile-format=3 --outfile=recovered.txt e:\hashes f:\wordlist ?d
I ran the same command using ?d?d and ?d?d?d and ?d?d?d?d and finally ?d?d?d?d?d
It did recover some hashes.
Later I ran a brute force attack using the below after applying many more mask combinations and other dictionaries -
oclhashcat64.exe -a 3 -m 1500 -1 ?u?l -2 ?l?d --remove --session=rob --gpu-temp-abort=95 --outfile-format=3 --outfile=recovered.txt e:\hashes ?1?2?2?2?2?2?2
It then recovered passwords like Monday1, Fri2003 etc
I would have expected to have recovered these from the hybrid attack?
comments please
Rob