Once someone has gotten up to speed on the basics of hashcat, like using various rules/wordlists, playing with masks, finding that ones that seem to work best, what would you suggest that a noob learn next? PRINCE? Or is there something else in between? Trying to learn to be good and efficient at pw cracking. Looking for a suggestion from the experts.
Thanks.
One of the most educational experiences I've had with hashcat was when I did this:
* working a large general list using all of the techniques that I knew,
* running PRINCE, random rules, or junk wordlists against the remaining hashes,
* studying why I had missed the new founds,
* and adding general attacks for those new founds to my list of techniques - repeat as needed.
This is very empowering because you can dig into the emerging patterns yourself - it's self-propelled.
It also matters to put your list of techniques in order by efficiency, and to study how to scientifically measure that efficiency using --debug-mode (to see which rules are working) and --outfiles plus the 'crackpos' value (to see how many attempts it took to find your plain).
Awesome. Thank you Royce. And you're right about the emerging patterns. I'm really enjoying "discovering" which masks work best for me. As an example, I just ran a data set of 137,000 passwords I've recently cracked through a mask generator and found the top ones, then went back and used these masks against "exhausted" hash files and voila, cracking more hashes!