How to: use mask attack in hashcat

Рет қаралды 35,082

Pentests and Tech

Күн бұрын

Пікірлер: 87

@kristoffseisler2163 3 жыл бұрын

a lot better explained than what is on their website to read

@AlEbnereza 3 жыл бұрын

H/h is for Hex characters.

@TariqDaCoder 2 жыл бұрын

how can I make a use hashcat to bruteforce a password made of lowercase and numbers mixed, length of 14? there isnt a charset for lowercase a to z and numbers :(

@gouravsuram 3 жыл бұрын

THANKS bro this video really helped me !!

@MohsinRaza-tv9zk Жыл бұрын

How to to use this method for RAR3 hash, whenever i run it comes back exhaustes.

@paradisemeco7121 2 ай бұрын

Hi, I need to recover a password I used to lock some notes, and now my face id does not function to open those notes, can you help me?

@doggo7567 4 жыл бұрын

Thank you! You are awesome!

@Zeath22 3 жыл бұрын

WHAT AN AMAZING VIDEO! TYSM!

@PentestsandTech 2 жыл бұрын

Glad you liked it!!

@adalbertosanchez418 3 жыл бұрын

I have a local D: Drive that is encrypted. I don't know the recovery key, and when I use John I get, VMK encrypted with Startup Key...not supported! Any suggestions?

@PentestsandTech 3 жыл бұрын

if it says TPM, then there's no practical way to decrypt it.

@kievcalungsod9434 2 жыл бұрын

Why is that when I enter help, it doesn't give anything?

@enesenes1238 9 ай бұрын

I am using 2022 version and when i wrote beginning codes "hashcat.exe -h" it says Access denied. Could you help me

@PentestsandTech 9 ай бұрын

I believe they changed the syntax, now you just type “hashcat -h”

@Daniel-jz5yp 3 жыл бұрын

can I use this on my notes app on Mac? I’ve been locked out and there is no other way to get in.

@graiglarsen3196 4 жыл бұрын

Great lesson here. Thank you

@Stonesword_ 2 жыл бұрын

Hey, ik im really late, but how am I meant to know what characters are lowercase, which ones are uppercase, and specials? Im trying a vulnerable system I downloaded and I have the hash

@MrRaja Жыл бұрын

Hey there ik I'm also late, but the charset is something like this: ?l = abcdefghijklmnopqrstuvwxyz ?u = ABCDEFGHIJKLMNOPQRSTUVWXYZ ?d = 0123456789 ?h = 0123456789abcdef ?H = 0123456789ABCDEF ?s = «space»!"#$%&'()*+,-./:;?@[\]^_`{|}~ ?a = ?l?u?d?s ?b = 0x00 - 0xff l for lowercase alphabet u for uppercase alphabet And some others.

@Mightymiko_ 3 жыл бұрын

When I am in the CMD and running the 'Hashcat.exe -h' command it's saying permission denied. Then I tried opening the CMD as Admin, but it's saying the command wasn't recognized. Any idea on what I'm doing wrong?

@PentestsandTech 3 жыл бұрын

make sure you're in the hashcat folder, also .exe is no longer required

@traida111 3 жыл бұрын

cd c:\path\to\hashcat\

@ennateume5385 3 жыл бұрын

where can I get maskhashes.txt?

@bretzt 3 жыл бұрын

Using this for My Ether Wallet. Any recommendations regarding process?

@PentestsandTech 3 жыл бұрын

I have no experience with that sorry

@JadenWong 2 жыл бұрын

Thank you, I was able to get back my win10 local password with custom charset and increments! Hail Kali bootable USB!!

@brandonwilson4817 3 жыл бұрын

I am getting this error message even though I just installed CUDA 9.0. Can you help me fix this because I'm needing to use hash cat to recover lots of bitcoin. ATTENTION! No OpenCL-compatible or CUDA-compatible platform found. You are probably missing the OpenCL or CUDA runtime installation. * AMD GPUs on Windows require this driver: "AMD Radeon Adrenalin 2020 Edition" (20.2.2 or later) * Intel CPUs require this runtime: "OpenCL Runtime for Intel Core and Intel Xeon Processors" (16.1.1 or later) * NVIDIA GPUs require this runtime and/or driver (both): "NVIDIA Driver" (440.64 or later) "CUDA Toolkit" (9.0 or later)

@brandonwilson4817 3 жыл бұрын

actually fixed this. now I just have this error after running it: Hash 'maskhashes.txt': Token length exception No hashes loaded. I believe I need to know how you made the maskhashes file or what you did there.

@PentestsandTech 3 жыл бұрын

inside of maskhashes I have the password hashes that I want to crack, token length exception usually means you're not telling hashcat the correct hashtype. What kind of password are you trying to crack?

@brandonwilson4817 3 жыл бұрын

@@PentestsandTech @Pentests and Tech I am trying to crack my password for atomic wallet app that has lots of bitcoin in it. I'm not sure what I set the password to...the password I usually is didn't work and this seemed to happen after I updated the app. It gives a message that using the seed phrase to recover the wallet will delete the existing one but I don't have the seed phrase wrote down either. I just need to be able to crack what it is that I made the password before.

@brandonwilson4817 3 жыл бұрын

@@PentestsandTech I created the maskhashes.txt file and put it in the hashcat 6.1 folder like you did and just put in some words on different lines that would potentially be the password. I could use some help getting this cracked and if u help me i'll send you some bitcoin.

@brandonwilson4817 3 жыл бұрын

@@PentestsandTech so can you tell me what charset I should use to brute force my wallet password?. i'm not exactly sure what type of wallet type atomic wallet is to be honest....need to find out.

@jeetchheda8916 3 жыл бұрын

Please tell me there could be a way to find out the Password Length of a Wpa Password from its Captured Handshake file🥺🥺

@MrRaja Жыл бұрын

This is for future commenters and viewers and maybe you: The only way to find out the length is brute forcing from the start. That is phase one you do that from 6-8 length. All in all combinations will be tested up to 8 in like 7 minutes with a GPU. You will then be forced to use wordlist starting from 9 and up. Otherwise you'll be at it for months if not years brute forcing it.

@brandonwilson4817 3 жыл бұрын

I need to know what type of hash mode to use for an atomic wallet.

@PentestsandTech 3 жыл бұрын

I've never heard of that sorry.

@raydenburger4563 4 жыл бұрын

is there a way to try digits and lowercase at the same time in position n?

@PentestsandTech 4 жыл бұрын

yes, read this: hashcat.net/wiki/doku.php?id=mask_attack

@CrIsPyTaCo03 2 жыл бұрын

how can i mask characters at the end of the password, i dont even know how long the password is or what.

@마지막정신줄 4 жыл бұрын

Is there any way to crack 12 digits.. If i know the sequence of it? A, A+1, A+2? Each A = 3digits

@PentestsandTech 4 жыл бұрын

12 digits is going to take a very long time, I’m not sure how you would explain your formula to hashcat, you may have to make a wordlist with another tool and then use that wordlist in hashcat.

@MrRaja Жыл бұрын

So if I get this right. I know I'm late. You want to get for example 456 and then 4561 and then 4562…4563 and so on? If you know anyone the pattern of the digits especially if it is in blocks of 3 you can specify it with ?4?5?6?d I'm guess.

@bfbs34 3 жыл бұрын

can you use multiple masks at once?

@PentestsandTech 3 жыл бұрын

Explain the question a lil more

@voidisnotcold5351 2 жыл бұрын

good stuff man 👍

@komaljain699 3 жыл бұрын

How to use force command?

@PentestsandTech 3 жыл бұрын

“-force”

@nanorobledo8786 3 жыл бұрын

Could you pleaaaaaaaaaase help me with a pdf protected with password? Please im dying to get to it

@mohammadshafiqurrahman4870 4 жыл бұрын

can i make my own char set and apply that in mask?

@PentestsandTech 4 жыл бұрын

You can. Hashcat has an article on that on their website. Go check it out.

@CommanderRacoon 3 жыл бұрын

what to do when I dont know the length of the password?

@traida111 3 жыл бұрын

that means it takes long time. You could try a VPS with powerful GPU. Then split the job across multiple computers

@CosmicJxsh 4 жыл бұрын

where do you find the hashes in the first place?

@PentestsandTech 4 жыл бұрын

Depends on what you're trying to do, I do have a video that goes over this: kzbin.info/www/bejne/fqCWZnWqrdyZlZo

@samuraib0b 4 жыл бұрын

Boss man what if the password is only digits but you do not know how many digits ? Is there a way to write a mask rule to assist the brute force go through only 1 digit to let’s say 12 or 16 digits ?

@PentestsandTech 4 жыл бұрын

Twelve or sixteen digits would take a very long time depending on the hash type, but you can use -increment-min=12 and then have your mask be 16 digits.

@doggo7567 4 жыл бұрын

does it work with bitlocker recovery key?

@PentestsandTech 4 жыл бұрын

You could use it that way, putting dashes in between the number sets.

@ΧΡΗΣΤΟΣΧΡΗΣΤΟΥ-θ1κ 3 жыл бұрын

@@PentestsandTech Could you please syntax the appropriate command for bruteforcing a recovery key? I haven't found it online.

@PentestsandTech 3 жыл бұрын

It should be a pinned comment on the video now.

@PentestsandTech 3 жыл бұрын

On the bitlocker video, not this one.

@SAVAGES96 4 жыл бұрын

Token length exception

@PentestsandTech 4 жыл бұрын

Make sure you’re using the correct hash identifier “-m” and your number for what you’re working with”

@SAVAGES96 4 жыл бұрын

@@PentestsandTech I'm using for LM or MySQL its 300 and 3000

@PentestsandTech 4 жыл бұрын

Could you show me the command you are running?

@SAVAGES96 4 жыл бұрын

@@PentestsandTech hashcat -m 3000 -a 0 --username DB.txt wordlist

@blushingbutterfly7742 4 жыл бұрын

you are so brave. hacking on a windows computer...

@PentestsandTech 4 жыл бұрын

Hashcat has better driver support and runs better on windows 10 than on Linux...

@traida111 3 жыл бұрын

What do you do if you dont know the mask? like a random LuLUUluuLLu

@alicomando1195 4 жыл бұрын

hi how can i crack only first letter or number password in hashcat is it possible? I have GUI version

@PentestsandTech 4 жыл бұрын

Passwords are cracked using there hashes, there is no way to partially crack a hash.

@alicomando1195 4 жыл бұрын

it is ok if you say no.

@alicomando1195 4 жыл бұрын

it is ok if you say no.