Please note, this is a STATIC archive of website hashcat.net from October 2020, cach3.com does not collect or store any user information, there is no "phishing" involved.

hashcat Forum

Full Version: Noob: SHA1 problem
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Hi all,

I'm very new to Hashcat and password cracking in general, but I'm trying to solve a challenge puzzle and I'm not quite sure how to move forward. Maybe you guys can help.

It goes like this:

1. Having a password's SHA1 hash value of:

6xxe1axxx61ac8b449xxx6f58c4822408ddxxxxx

2. And the possible characters of which the password is made are: (I don't know the password length)

qwinQWIN*+~@580%(=}[


Find the password ...

Having 20 chars to permute in (for exSmile 8 chars passwords would create a very loooong list, making a dictionary attack hard.

Is there a way to hash this with hashcat that does not require a wordlist ? I'm a noob and not very familiar with how every mode and rules work.

So far I got this:

hashcat64.exe -m 100 -a 3 Hash.txt charsets/Sha1.hcchr

Hash.txt is the location of the hash value and Sha1.hcchr is the location for the string of chars.
First, welcome to the hashcracking world!

You should be able to find the answer to your question both within the --help output or the hashcat wiki (especially https://hashcat.net/mask_attack ).

Hint (assuming the file charsets/Sha1.hcchr contains "qwinQWIN*+~@580%(=}[" - without quotes - within the first line):
Code:
hashcat64.exe -m 100 -a 3 --custom-charset1 charsets/Sha1.hcchr Hash.txt ?1?1?1?1?1?1?1?1
that means with --custom-charset1 (or short -1, minus one) you define a new set of characters and with the mask ?1?1?1?1?1?1?1?1 you use your previously defined custom charset (and tell hashcat that it should use the length 8, otherwise you need to use --increment --increment-min x --increment-max y and a mask that is at least the length of y - the increment-max value )

The answer to the question about where to put the hash file should be available here (first lines of --help):
Code:
Usage: hashcat [options]... hash|hashfile|hccapfile [dictionary|mask|directory]...
(02-05-2017, 02:18 PM)philsmd Wrote: [ -> ]First, welcome to the hashcracking world!

You should be able to find the answer to your question both within the --help output or the hashcat wiki (especially https://hashcat.net/mask_attack ).

Hint (assuming the file charsets/Sha1.hcchr contains "qwinQWIN*+~@580%(=}[" - without quotes - within the first line):
Code:
hashcat64.exe -m 100 -a 3 --custom-charset1 charsets/Sha1.hcchr Hash.txt ?1?1?1?1?1?1?1?1
that means with --custom-charset1 (or short -1, minus one) you define a new set of characters and with the mask ?1?1?1?1?1?1?1?1 you use your previously defined custom charset (and tell hashcat that it should use the length 8, otherwise you need to use --increment --increment-min x --increment-max y and a mask that is at least the length of y - the increment-max value )

The answer to the question about where to put the hash file should be available here (first lines of --help):
Code:
Usage: hashcat [options]... hash|hashfile|hccapfile [dictionary|mask|directory]...


Thanks Philsmd

I found the password with ease.