Please note, this is a STATIC archive of website hashcat.net from October 2020, cach3.com does not collect or store any user information, there is no "phishing" involved.

hashcat Forum

Full Version: HashCat and german (or other exotic) passwords? Help please.
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
I have an understanding problem. I use Hashcat 3.10 to crack completely unknown passwords. I use most a brute force attack with ?a?a?axxxxx-mask. So far so good. With standard ASCII characters this works well.

But what if someone will add a German umlaut? For example, I have a German password from 4 characters. I start brute-force attack ONLY with standard symbols and ?a?a?a?a-mask:

hashcat64.exe -a 3 -m 2811 --session=1,2 -p : -o "C:\Users\Passwort\Desktop\test.txt" --outfile-format=3 --potfile-disable -w 2 --gpu-temp-abort=90 --gpu-temp-retain=70 -d 1,2 -i --increment-min=4 --increment-max=4 "C:\Users\Passwort\Desktop\hash.txt" ?a?a?a?a

Quote:Session.Name...: 1,2
Status.........: Exhausted
Input.Mode.....: Mask (?a?a?a?a) [4]
Hash.Target....: xxxxxxx
Hash.Type......: IPB2+, MyBB1.2+
Time.Started...: 0 secs
Speed.Dev.#1...:  4694.3 MH/s (7.78ms)
Speed.Dev.#2...:  4647.3 MH/s (7.79ms)
Speed.Dev.#*...:  9341.6 MH/s
Recovered......: 0/1 (0.00%) Digests, 0/1 (0.00%) Salts
Progress.......: 81450625/81450625 (100.00%)
Rejected.......: 0/81450625 (0.00%)

Note the number of combinations: 81450625 

This is all right and understandable. Now I want to add the standard character set German umlauts.


I go to the directory "Charsets" and select "standard->German->de_cp1252.hcchr".

Now I have the command:

hashcat64.exe -a 3 -m 2811 --session=1,2 -p : -o "C:\Users\Passwort\Desktop\test.txt" --outfile-format=3 --potfile-disable -w 2 --gpu-temp-abort=90 --gpu-temp-retain=70 -d 1,2 -i --increment-min=4 --increment-max=4 -1 C:\Users\Passwort\Desktop\hashcat-3.10\hashcat-3.10\charsets\standard\German\de_cp1252.hcchr "C:\Users\Passwort\Desktop\hash.txt" ?a?a?a?a

But ... Hashcat shows me the same number of searched combinations: 81450625.

But that can not be. It still 7 Adicional signs come but said: üöäÜÖÄß. 

Quote:Session.Name...: 1,2

Status.........: Exhausted
Input.Mode.....: Mask (?a?a?a?a) [4]
Custom.Chars...: -1 C:\Users\Passwort\Desktop\hashcat-3.10\hashcat-3.10\charsets\standard\German\de_cp1252.hcchr, -2 Undefined, -3 U
ndefined, -4 Undefined
Hash.Target....: xxxxx
Hash.Type......: IPB2+, MyBB1.2+
Time.Started...: 0 secs
Speed.Dev.#1...:  3084.7 MH/s (8.27ms)
Speed.Dev.#2...:  3077.7 MH/s (7.79ms)
Speed.Dev.#*...:  6162.4 MH/s
Recovered......: 0/1 (0.00%) Digests, 0/1 (0.00%) Salts
Progress.......: 81450625/81450625 (100.00%)
Rejected.......: 0/81450625 (0.00%)


What am I doing wrong? How can I make Hashcat take into account umlauts?

I have already read this  thread, but nothing understood. Sorry, my English is very bad (but German und Russian are good). 
Basically I have the same problem. I assume that my users use a win-1252 encoding (german Windows) with umlauts for their passwords.
Here's a nice blog post about your problem: https://blog.bitcrack.net/2013/09/crackin...guage.html

Of course, this is only a problem when it comes to masks. If you use wordlists (with or without rules) you don't need to care, you just need to convert your wordlist to the correct encoding.
Yes! I have. Thank you!
I do not quite understand it.
OK. For German umlauts:

-1 c3
-2 84969c9fa4b6bc.

But. How can I include standard ASCII characters? These have no base HEX code, only actual character HEX code:

For example:

U+0061 a - 61 LATIN SMALL LETTER A
U+0062 b - 62 LATIN SMALL LETTER B
U+0063 c - 63 LATIN SMALL LETTER C
U+0064 d - 64 LATIN SMALL LETTER D
U+0065 e - 65 LATIN SMALL LETTER E
U+0066 f - 66 LATIN SMALL LETTER F
U+0067 g - 67 LATIN SMALL LETTER G

As:
-3 61626364656667 ????

And the the mask: ?1?2?3 He??? I do not understand!
Thanks for many replies... :-(
Can someone explain to me how to crack a password 

Ülig12!yß (as example)

or

ятебяL@ve!

with brute force attack in hex mode? I think I am not the only one who has such a problem.

PS: I know these passwords are too big for a brute-force attack. But I want to understand the principle. And please, don't talk me about mask- or other attacks. I want to explicitly only understand brute force via HEX mode for passwords with mixed non-latin and latin characters. ;-)
If the hash was created using iso, use the charset files provided with hashcat. If the hash was created using utf8 you need to do it as described in the link I gave you. If you want to additionally mix in non-utf8 characters you need multiple masks and place them in a maskfile.