Thursday, January 14, 2016

Syntax Example How to Brute Force with Hashcat without dictionary


Example: brute force all passwords length 1-8 with possible characters A-Z a-z 0-9 



 hashcat-cli32.exe -m 0 <hashes.txt> -a  3  ?1?1?1?1?1?1?1?1 --increment -1 ?l?d?u
-m 
hash-type

-a
0 = Straight
1 = Combination
3 = Brute-force
6 = Hybrid dict + mask
7 = Hybrid mask + dict

?1?1?1?1?1?1?1?1
8 times a sign definend in custom charset 1

--increment
-Enable increment mode. Otherwise only passworts with length 8 would be checked. remebmer ?1?1?1?1?1?1?1?1
     
(also available: --increment-min=NUM   --increment-max=NUM)        

-1 ?l?d?u
defined characterset #1 (used for all positions in this example)

predefined charsets
?l = abcdefghijklmnopqrstuvwxyz
?u = ABCDEFGHIJKLMNOPQRSTUVWXYZ
?d = 0123456789
?s = «space»!"#$%&'()*+,-./:;<=>?@[\]^_`{|}~
?a = ?l?u?d?s
?b = 0x00 - 0xff

?l?d?u is the same as 
?ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789

Example: brute force all passwords length 1-7(a-z and A-Z) with (0-9) at pos 8

 hashcat-cli32.exe -m 0 <hashes.txt> -a  3  ?1?1?1?1?1?1?1?2  -1 ?l?u -2?d

Documentation