Search Results
|
Post |
Author |
Forum |
Replies
[asc]
|
Views |
Posted |
|
|
Thread: What GPU and CPU is ideal for Penetration testing role job?
Post: RE: What GPU and CPU is ideal for Penetration test...
It is definitely supported by hashcat. Some benchmarks from @epixoip are here:
https://gist.github.com/epixoip/973da7352f4cc005746c627527e4d073 |
|
royce |
Hardware
|
11 |
13,250 |
04-01-2017, 12:01 AM |
|
|
Thread: What GPU and CPU is ideal for Penetration testing role job?
Post: RE: What GPU and CPU is ideal for Penetration test...
PCI-E lanes are good for gaming, but hashcat does not care. x1 would even be sufficient for hashcat.
If you intend to use the system for multiple password-auditing purposes, a minimum of x4 might ... |
|
royce |
Hardware
|
11 |
13,250 |
04-03-2017, 07:24 PM |
|
|
Thread: hashcat v4.0.0
Post: RE: hashcat v4.0.0
A *lot* of work behind the scenes to make longer passwords possible. Thank you, atom!
(And don't forget: if you don't need longer passwords, always remember to add -O now!)
Selected benchmarks (... |
|
royce |
hashcat
|
11 |
86,633 |
10-27-2017, 05:43 PM |
|
|
Thread: hashcat v4.0.0
Post: RE: hashcat v4.0.0
Fair question - though it's also the case that existing rules will now produce results that wouldn't have worked before.
In other words, if you run your existing rules and lists against your unfoun... |
|
royce |
hashcat
|
11 |
86,633 |
11-20-2017, 06:28 PM |
|
|
Thread: 3DES Is there a problem? where did I go wrong ?
Post: RE: 3DES Is there a problem? where did I go wrong ...
No. Do the math (seriously, as in do the actual calculation of multiplying hashes per second by the number of hashes, using something like Wolfram Alpha) so that you understand why it's literally impo... |
|
royce |
hashcat
|
11 |
6,630 |
11-11-2018, 03:32 PM |
|
|
Thread: Exploiting the human factor
Post: RE: Exploiting the human factor
That's exactly what hashcat does when using attack mode 3 (brute force, -a 3), and a mask is not specified.
It defaults to this mask:
-1 ?l?d?u -2 ?l?d -3 ?l?d*!$@_ ?1?2?2?2?2?2?2?3?3?3?3?d?d?d?d |
|
royce |
hashcat
|
11 |
2,908 |
09-21-2019, 06:42 PM |
|
|
Thread: Exploiting the human factor
Post: RE: Exploiting the human factor
Yes, by default if you specify no other parameters other than -a 3, it will automatically increment until exhaustion. IF you want it to terminate earlier, you'd have to specify an --increment-max. |
|
royce |
hashcat
|
11 |
2,908 |
09-21-2019, 06:50 PM |
|
|
Thread: Exploiting the human factor
Post: RE: Exploiting the human factor
No utility necessary - honest. :D Study the default, understand how it works, and then adapt it to your needs. :D |
|
royce |
hashcat
|
11 |
2,908 |
09-21-2019, 07:15 PM |
|
|
Thread: Exploiting the human factor
Post: RE: Exploiting the human factor
Yes - the one I first posted. ;)
Study how custom character set works, and replace sequences like this:
?l?l?l?l?l?l?l?l
?u?l?l?l?l?l?l?l
?d?l?l?l?l?l?l?l
... with:
-1 ?l?u?d ?1?l?l?l?l?... |
|
royce |
hashcat
|
11 |
2,908 |
09-22-2019, 06:40 PM |
|
|
Thread: Custom mask generator
Post: RE: Custom mask generator
Most of what you're looking to do can be accomplished with the PACK toolkit:
https://github.com/iphelix/pack
The 'policygen' tool can help generate masks with arbitrary policies (and they won't ... |
|
royce |
hashcat
|
11 |
5,302 |
12-26-2019, 03:45 AM |
|
|
Thread: DES with partial plain text
Post: RE: DES with partial plain text
Could you elaborate with a hypothetical/contrived example?
It sounds like you *might* be looking for masks. For example, if you know that a password is 10 characters and the first four characters a... |
|
royce |
hashcat
|
11 |
1,633 |
06-14-2020, 10:36 PM |
|
|
Thread: Crack a long list efficiently
Post: RE: Crack a long list efficiently
Of course hashcat does this - even if there are different salts. Anything else would be bizarre. |
|
royce |
hashcat
|
10 |
11,854 |
08-13-2016, 04:29 PM |
|
|
Thread: Initializing device kernels and memory
Post: RE: Initializing device kernels and memory
Could you post your full command line (with any hashes redacted)? One possibility is that one of your command line options isn't in the proper order, such that hashcat is trying to load one of your l... |
|
royce |
hashcat
|
10 |
14,879 |
08-21-2016, 09:12 PM |
|
|
Thread: Initializing device kernels and memory
Post: RE: Initializing device kernels and memory
I'm not an expert in all of the options you're using, but it looks sane overall to me. Is there any CPU or GPU load during that period? And can you confirm that running this commandline directly, rath... |
|
royce |
hashcat
|
10 |
14,879 |
08-22-2016, 12:20 AM |
|
|
Thread: AWS EC2 p2 x16 instance (full benchmark)
Post: RE: AWS EC2 p2 x16 instance (full benchmark)
|
royce |
Hardware
|
10 |
19,506 |
10-05-2016, 05:36 PM |
|
|
Thread: Show which dictionary cracked the hash.
Post: RE: Show which dictionary cracked the hash.
Looking through the dictionaries won't tell you which rule was used.
For future work, or if you want to run your job again, check out --debug-mode. Mode 4 may be what you're looking for. This won't... |
|
royce |
hashcat
|
10 |
11,484 |
10-17-2016, 03:37 PM |
|
|
Thread: Potfile format - to hex or not to hex
Post: RE: Potfile format - to hex or not to hex
FWIW, I've been using that same Perl one-liner from undeath, expanded for readability and converted to a standalone script:
Code:
--
#!/usr/bin/env perl
# Credit: undeath, https://hashcat.net... |
|
royce |
hashcat
|
10 |
9,893 |
03-15-2017, 03:02 PM |
|
|
Thread: Potfile format - to hex or not to hex
Post: RE: Potfile format - to hex or not to hex
Interesting use cases, thanks.
Two things, though:
1. Since the subject of this post starts with "Potfile format", I assumed that the end goal is to convert a potfile, but retain the potfile for... |
|
royce |
hashcat
|
10 |
9,893 |
03-16-2017, 04:14 AM |
|
|
Thread: Potfile format - to hex or not to hex
Post: RE: Potfile format - to hex or not to hex
And here's a rough pass at the reverse:
Code:
--
#!/usr/bin/env perl
# Credit: undeath, https://hashcat.net/forum/thread-3522.html
# ... and devilsadvocate ;)
use utf8;
while () {
... |
|
royce |
hashcat
|
10 |
9,893 |
03-16-2017, 04:45 AM |
|
|
Thread: Potfile format - to hex or not to hex
Post: RE: Potfile format - to hex or not to hex
I know this is going to sound silly, but just to triple-confirm ... you're saying that you convert your plaintext dictionaries to hex strings, producing output like this (from the first ten lines of r... |
|
royce |
hashcat
|
10 |
9,893 |
03-16-2017, 06:11 AM |