11-27-2018, 05:36 PM
Undeath, epixoip, and Mem5 are absolutely correct about your chances to brute force bcrypt from nothing, assuming a password of normal or greater length and complexity. Listen to them.
If you absolutely have to get the password and know nothing about it to make a more educated mask, you may want to generate a wordlist from other files on the drive using strings or something similar, then try the bcrypt again with that wordlist and maybe some rules (attack mode 0, instead of mask do /path/to/wordlistr and -r /path/to/rule). Depending on the OS and version the bcrypt is from, you may also have better luck cracking the user/root passwords from the shadow/master.passwd file, and using those as intel for the bcrypt password depending on what else you may know. Usually, the hashing methods used for the shadow/passwd files are faster than bcrypt.
For the sake of knowledge and learning, you don't need to use a custom character set 1 to specify ?a and then use the mask ?1. You can directly call/reference ?a as your password candidate mask - ie, in your example, you can do
Another tip is that with a specific mask of length 10, as you use, hashcat will not automatically try passwords of length 1 through 9. You can solve this with the "-i" option, for increment, in concert with "--increment-min=x" and --increment-max=y", as needed. For example, This will try all passwords of lengths 1 through 10. (Note that you don't actually have to specify the increment min and max in certain conditions.)
Back to my hole.
If you absolutely have to get the password and know nothing about it to make a more educated mask, you may want to generate a wordlist from other files on the drive using strings or something similar, then try the bcrypt again with that wordlist and maybe some rules (attack mode 0, instead of mask do /path/to/wordlistr and -r /path/to/rule). Depending on the OS and version the bcrypt is from, you may also have better luck cracking the user/root passwords from the shadow/master.passwd file, and using those as intel for the bcrypt password depending on what else you may know. Usually, the hashing methods used for the shadow/passwd files are faster than bcrypt.
For the sake of knowledge and learning, you don't need to use a custom character set 1 to specify ?a and then use the mask ?1. You can directly call/reference ?a as your password candidate mask - ie, in your example, you can do
Code:
hashcat -m 3200 -a 3 hashes.txt ?a?a?a?a?a?a?a?a?a?a
Another tip is that with a specific mask of length 10, as you use, hashcat will not automatically try passwords of length 1 through 9. You can solve this with the "-i" option, for increment, in concert with "--increment-min=x" and --increment-max=y", as needed. For example,
Code:
hashcat -m 3200 -a 3 -i --increment-min=1 --increment-max=10 hashes.txt ?a?a?a?a?a?a?a?a?a?a
Back to my hole.
(11-22-2018, 04:38 PM)sleclerc Wrote: [ -> ]if I use the following command hashcat -m 3200 -a 3 -1 ?a hashes.txt ?1?1?1?1?1?1?1?1?1?1
-m 3200 bcrypt encryption
-a 3 brute force
-1 pattern ?a = upper/lower, special characters and numbers
hashes.txt is my file with the hashes