Please note, this is a STATIC archive of website hashcat.net from October 2020, cach3.com does not collect or store any user information, there is no "phishing" involved.

hashcat Forum

Full Version: First Attempt, does this look alright?
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
-a 3 -m 1400 example0.hash -1 123456789 -2 0123456789- -3 abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789- -4 abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789 ?4?4?4?4?4?4?4?4?4?4?4?4?4?4?4?4?4?4?4?4?4?4?4

--increment --increment-min=22 --increment-max=23
I need the answers to look like this:

17-8fjOpaYiIg1594919960
4-zXjJVWdxtf1594920068
How do I add a space in case the password is a 22 character password?
you could use mask files https://hashcat.net/wiki/doku.php?id=mas...mask_files

or just set

-1 "012345 6789" for the first byte of your mask (i.e. any set of chars, charset, that has a space in it).

btw: it depends on the operating system which type of quotes (" vs ') is best for quoting a space.... therefore I would suggest to just use the .hcmask file syntax and you are always fine

Alternatively to the extra charset, you could just use 2 different masks and therefore lines in the mask file (.hcmask), one with the space and one without, an example for fixed 8-byte length password with prepending space:
Code:
?l?u,?d?d?1?1?1?1?1?1
?l?u, ?d?1?1?1?1?1?1
Yes thanks Phil, but do you see anything wrong with my command line
yeah, your command doesn't make sense to me at all.

Why would you define all those custom charsets (-1 , -2 , -3 , -4) and only use ?4 in your mask ? That seems to be a misunderstanding/problem of the syntax

if you set -1 you normally would use ?1 in your mask
if you set -2 you normally would use ?2 in your mask
if you set -3 you normally would use ?3 in your mask
if you set -4 you normally would use ?4 in your mask

your final masks only uses ?4, this kind of shows that you are not really understanding what a custom charset is and that it's not enough to only define it (with -1 , -2 , -3 , -4) but you also need to use it in the mask (or within other custom charsets)
True, then my re-edited command would be:

?1?2?3?4?4?4?4?4?4?4?4?4?4?4?4?4?4?4?4?4?4?4?4
The main problem now is that it's quite a long password.

We "normally"/generally say that a length of 8-9 is the max that can be brute-forced (but attention: this depends a lot on hash type and/or the charset final keyspace etc).

Maybe there is a different way to attack these hashes. a more clever approach, without "brute-force".

Are the passwords really random ? Sometimes it makes sense to step back a little bit and see if the attack is even feasible and how long it would take and if there are some alternatives etc.
hashcat has predefined character sets and I highly recommend them over specifying each letter by itself. Also, the command in the first post seems to have ?1=?2 and ?3=?4 that doesn't make sense. Moreover, the mask you posted "?1?2?3?4?4?4?4?4?4?4?4?4?4?4?4?4?4?4?4?4?4?4?4" doesn't accurately reflect the kind of candidates you expect.

Quote:17-8fjOpaYiIg1594919960
4-zXjJVWdxtf1594920068

-1 ?l?u?d ?d-?1?1?1?1?1?1?1?1?1?1?d?d?d?d?d?d?d?d?d?d
-1 ?l?u?d ?d?d-?1?1?1?1?1?1?1?1?1?1?d?d?d?d?d?d?d?d?d?d

those masks would fit the candidates you posted.

As philsmd has already written, your keyspace still is way too large and it is impossible to complete the attack.