|
Search Results
|
| Post
[desc]
|
Author |
Forum |
Replies |
Views |
Posted |
| |
|
Thread: Exfiltration of target material
Post: RE: Exfiltration of target material
| wherever possible it makes sense to not invent a new hash format. so it makes sense to use the same signature and data parts/salts etc in the hashcat format like in the jtr format. it doesn't make sen... |
|
philsmd |
hashcat
|
3 |
1,375 |
10-17-2019, 10:12 PM |
| |
|
Thread: Exfiltration of target material
Post: RE: Exfiltration of target material
| office2john.py
7z2hashcat.py
blockchain2john.py
bitcoin2john.py
1password2john.py
itunes_backup2hashcat.pl
etc
it depends on your hash type
they can be found on the internet very easily (jus... |
|
philsmd |
hashcat
|
3 |
1,375 |
10-17-2019, 08:49 PM |
| |
|
Thread: Exit status code
Post: RE: Exit status code
| here we just need to distinguish between the process exit code ($? variable) and the status that hashcat internally uses:
1. if you check the process exit code, you need to follow this list: https://... |
|
philsmd |
hashcat
|
3 |
651 |
07-16-2020, 11:27 AM |
| |
|
Thread: Exit status code
Post: RE: Exit status code
| no, this code is returned directly from the process, your shell is able to give you the results:
linux
Code:
--
hashcat example0.hash example.dict
echo $?
--
on windows it seems to be ... |
|
philsmd |
hashcat
|
3 |
651 |
07-16-2020, 01:57 PM |
| |
|
Thread: Exploiting the human factor
Post: RE: Exploiting the human factor
| just create the hashcat mask file (a.hcmask) manually:
Code:
--
?l?u,?l?d,?1?a?a?a?a?2?2?2
?l?u,?l?d,?1?a?a?a?a?a?2?2?2
?l?u,?l?d,?1?a?a?a?a?a?a?2?2?2
--
Code:
--
hashcat -m 2500 -a 3 -w ... |
|
philsmd |
hashcat
|
11 |
2,910 |
09-21-2019, 07:50 PM |
| |
|
Thread: Exploiting the human factor
Post: RE: Exploiting the human factor
| lol, it will take 11 days just for the first one
that's also why brute-force is not usually the best strategy, but it of course depends a lot on the info you have and especially how confident you a... |
|
philsmd |
hashcat
|
11 |
2,910 |
09-21-2019, 09:04 PM |
| |
|
Thread: Extract all passwords from potfile
Post: RE: Extract all passwords from potfile
| that's incorrect.
--show only considers the hashes matching the current hash type and hash list (hash.txt):
Code:
--
hashcat -m 0 --show --outfile-format 2 hash.txt
--
|
|
philsmd |
hashcat
|
4 |
3,187 |
02-16-2019, 03:34 PM |
| |
|
Thread: Extract PDF hash (edit passwd)
Post: RE: Extract PDF hash (edit passwd)
| It seems that the differences between the algorithms used for checking the owner password (- editing - permissions) compared to the user password (password to open the file aka encrypted PDFs) at leas... |
|
philsmd |
hashcat
|
13 |
59,850 |
01-26-2017, 06:03 PM |
| |
|
Thread: fastest way to crack bcrypt
Post: RE: fastest way to crack bcrypt
| it's very difficult / dangerous to make comparison like this. What are you comparing to? dozens of hashes against 1 hash, cost factor 5 (2^5 = 32) against cost factor 19 (2^19 = 524288 "iterations").... |
|
philsmd |
hashcat
|
3 |
952 |
06-29-2020, 09:35 AM |
| |
|
Thread: fastest way to crack bcrypt
Post: RE: fastest way to crack bcrypt
| yeah, very very good explanation @Mem5. your post is perfect because it explains what I forgot to mention above...
From my experience from the last couple of months/years, is that some people confu... |
|
philsmd |
hashcat
|
3 |
952 |
06-29-2020, 10:50 AM |
| |
|
Thread: Feasible method of cracking long, randomised passwords?
Post: RE: Feasible method of cracking long, randomised p...
| mask attack: the candidates are directly generated/used on GPU, within the GPU kernel code
attack involving dictionaries (-a 0, -a 1, -a 6, -a 7): disk I/O bottleneck AND passwords need to be "send"/... |
|
philsmd |
General Talk
|
10 |
2,064 |
07-06-2020, 12:41 PM |
| |
|
Thread: Feasible method of cracking long, randomised passwords?
Post: RE: Feasible method of cracking long, randomised p...
| if you have some specific idea, you could also develop/program your own password generator (for instance a python script or whatever) and pass the candidates to hashcat like this:
Code:
--
pytho... |
|
philsmd |
General Talk
|
10 |
2,064 |
07-07-2020, 08:33 AM |
| |
|
Thread: Feasible method of cracking long, randomised passwords?
Post: RE: Feasible method of cracking long, randomised p...
| no, mask attack would be MUCH, MUCH faster if you just try "random passwords". every operation involving the disk would slow it down tremendously as already explained above when we compared -a 3 with ... |
|
philsmd |
General Talk
|
10 |
2,064 |
07-07-2020, 08:28 PM |
| |
|
Thread: feature request: new hashtype support SSHA512 (LDAP)
Post: RE: feature request: new hashtype support SSHA512 ...
| I made some test w/ this format... it seems very similar to the supported -m 1710 format (except the output format, but this is just a matter of fast conversion - base64 -d).
See example here:
https:... |
|
philsmd |
General Help
|
5 |
11,493 |
08-09-2013, 01:50 PM |
| |
|
Thread: FIFO help
Post: RE: FIFO help
| If you are using just a few rules (or possibly even just 1), you can use -j/-k together with -a1 for each and every rule:
Code:
--
hashcat -m 1000 -a 1 -w 4 -j "$1 $2 $3" hash.txt dict1.txt dict2.tx... |
|
philsmd |
hashcat
|
3 |
4,472 |
05-25-2017, 11:01 AM |
| |
|
Thread: FIFO help
Post: RE: FIFO help
| As said, the first approach (with -j/-k) should be used if you plan to use only very few rules: i.e. you can start hashcat a couple of times (one after the other in a sequence, or loop if you prefer) ... |
|
philsmd |
hashcat
|
3 |
4,472 |
05-26-2017, 07:44 AM |
| |
|
Thread: First Attempt, does this look alright?
Post: RE: First Attempt, does this look alright?
| you could use mask files https://hashcat.net/wiki/doku.php?id=mask_attack#hashcat_mask_files
or just set
-1 "012345 6789" for the first byte of your mask (i.e. any set of chars, charset, that ha... |
|
philsmd |
hashcat
|
8 |
1,060 |
07-16-2020, 08:03 PM |
| |
|
Thread: First Attempt, does this look alright?
Post: RE: First Attempt, does this look alright?
| yeah, your command doesn't make sense to me at all.
Why would you define all those custom charsets (-1 , -2 , -3 , -4) and only use ?4 in your mask ? That seems to be a misunderstanding/problem of ... |
|
philsmd |
hashcat
|
8 |
1,060 |
07-16-2020, 08:29 PM |
| |
|
Thread: First Attempt, does this look alright?
Post: RE: First Attempt, does this look alright?
| The main problem now is that it's quite a long password.
We "normally"/generally say that a length of 8-9 is the max that can be brute-forced (but attention: this depends a lot on hash type and/or ... |
|
philsmd |
hashcat
|
8 |
1,060 |
07-16-2020, 11:19 PM |
| |
|
Thread: Floating Mask. How to?
Post: RE: Floating Mask. How to?
| What you (@agenta) should consider is that this "floating technique" in theory is efficient/meaningful/clever only if the (different) charsets you are using (in your specific case there are 2, ?a and ... |
|
philsmd |
General Talk
|
8 |
11,643 |
03-01-2016, 12:43 PM |
