Please note, this is a STATIC archive of website hashcat.net from October 2020, cach3.com does not collect or store any user information, there is no "phishing" involved.

hashcat Forum

Full Version: What attack to use?
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Pages: 1 2
Lets say I have a password that's up to 24 characters, and I know the groups of characters in the password, but not the combination. So, I build an 18-line list with each line having up to 8 characters:

Code:
l1
li2
lin3
line4
...

I know that the password is a combination of at least some of these lines.

How would I go about this?
tc hidden volumes: https://hashcat.net/forum/thread-4947.ht...ypt+hidden

with only 20 lines that sounds feasible.
(01-22-2016, 02:08 AM)undeath Wrote: [ -> ]tc hidden volumes: https://hashcat.net/forum/thread-4947.ht...ypt+hidden

with only 20 lines that sounds feasible.

Thank you. I updated my post with what really prompted me to make the post in the first place. What attack do I use?
You used the word "combination" in your post twice. That's a pretty big hint for what attack you want to run Wink
(01-22-2016, 06:57 AM)epixoip Wrote: [ -> ]You used the word "combination" in your post twice. That's a pretty big hint for what attack you want to run Wink

Yeah, I looked at that first, but the wiki is a bit confusing. From the examples given, with "oclHashcat you need to specify exactly 2 files". And the output shown on the wiki only has one set of combinations. So, it shows "line1line2" and "line1line3", but not "line1line2line3".
look at combinator.bin and combinator3.bin from hashcat-utils
I'm probably missing something, but I don't see how those help. It says combinator.bin is a standalone of what's already in oclHashcat, and combinator3.bin does 3 combinations instead of 2. I'm looking for a way to combine up to all lines together. Perhaps that's too many combinations?
Your thinking is too narrow.

Let's say you wanted to do 3-way combinations of your 18-word wordlist (we'll call it 18words.txt). You have a couple different options.

Option 1:
Code:
./combinator.bin 18words.txt 18words.txt >comb2.txt

Then run oclHashcat with -a 1 comb2.txt 18words.txt. This is good for fast hashes so that you can gain GPU acceleration, and also for wordlists that are too large to store on disk if you combine more than 2x.

Option 2:
Code:
./combinator.bin 18words.txt 18words.txt >comb2.txt
./combinator.bin comb2.txt 18words.txt >comb3.txt

Then run oclHashcat with comb3.txt. This is how you'd do it before combinator3.bin existed. This is good for slow hashes since you don't need an amplifier, and also for very small wordlists that aren't too big when combined 3x.

Option3:
Code:
./combinator3.bin 18words.txt 18words.txt 18words.txt >comb3.txt

Just like above, run oclHashcat with comb3.txt.

If you wanted to do a 4-way combination instead, you would simply run oclHashcat with -a 1 comb3.txt 18words.txt

Hopefully that makes things more clear.
If I understand it right, I could potentially get to comb18.txt until it's solved?
Umm.. no? If you were to combine 18words.txt 18-fold you'd end up with a file that's like 500M petabytes in size and you'd generate passwords that were 36-144 characters in length. So not only would it be impossible, but it also wouldn't achieve the stated goal.

Maybe you're not quite understanding what the combinator attack does?
Pages: 1 2