Please note, this is a STATIC archive of website hashcat.net from 08 Oct 2020, cach3.com does not collect or store any user information, there is no "phishing" involved.

hashcat Forum

Full Version: Where to go from here? | 88.97% completion
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
You guys have been so helpful in the past. I am just looking for a little insight into my current list.

I am at 88.97% cracked and would like to see some more progress on this list. It is NTLM and am not sure where to go from here.

AD requires a minimum 6 letter/symbol/number/upper combo, below are my febel attempts crack whats left.

-I have brute forced key space 6 to 8. (took 10 days on my home rig)
-Ran all the rules that came with oclHC against a wordlist I have and known human passwords list
-Ran some rules from KoreLogic

Thoughts on the next steps? I have never gotten such high completion with such a list and this is killing me. I know one of my options is to generate a custom mask based off organization name but I have more reading to do on that. I am just wondering if there is something I should do first. Thanks.
I'd try combinator based attacks -a 1 or hybrid ones
Fingerprint attack
(06-23-2015, 09:51 PM)atom Wrote: [ -> ]I'd try combinator based attacks -a 1 or hybrid ones
Thanks I managed to get a number of hits off this!

(06-23-2015, 10:56 PM)mastercracker Wrote: [ -> ]Fingerprint attack
I will try this next.

When you guys hit a dead end for those 1 or 2 hashes you need what is your next course of action? I have been wondering if my password list (993MB) or word list (5.2GB) is not up to spec. But I dont want to end up throwing massive word lists at it due to efficiency issues I have been reading about. Im not sure what a normal password list / word list size is thats not too small or too big.

After I refine the technique of the hybrid attacks and figure out how to make the fingerprint lists for attacks I assume its a brute force set it and forget it? I dont want to rely on the 7$ cracking sites (CloudCracker) that do the work for you, it takes the fun and learning out of it.
When you reach 90% cracked hashes from a list, it means that you have done an excellent job already. Whatever you do, there can always be uncrackable hashes (like 15 char random password that is remembered by programs like Lastpass, etc.). I would say that my efficient lists are less or close to 100 Mb.
I was in a similar position and used the PACK software to generate new rules. This helped me squeak out several passwords I don't feel like I would have gotten by any other means

https://thesprawl.org/projects/pack/