Let's say I have a couple of hashes that I need to bruteforce as dictionary attack didn't work. Is there a way I can tell hashcat to start from a specific password length so it won't waste resources on looking for results that won't work?
Asked
Active
Viewed 3.5k times
3
1 Answers
9
Sounds like you're looking for --increment-min. This will start a bruteforce/mask attack at a minimum length.
For example, this will try digits-only candidates, starting with length 7:
hashcat -a 3 -m [hashtype] -i --increment-min=7 targethashes.list ?d?d?d?d?d?d?d?d?d?d
You didn't directly ask this, but the deeper intent of your question appears to be "what can I do beyond a dictionary attack?"
There are many other options to try before you go full bruteforce - combinator, hybrid, masks. See hashcat's core attack modes for some introductory materials.
Royce Williams
- 9,573
- 1
- 33
- 57
-
I know that there are more, however none of them work - apparently a random password generator has been used. – Dariusz G. Jagielski Jun 14 '18 at 10:38
-
You'd have to do a lot of work to rule out many other methods before you can even tentatively start to conclude that. The more methods you try, the more likely you are to be right, though. :) – Royce Williams Jun 14 '18 at 13:56
--pw-min? If so, you will find this option in the command line help, in the manual, and in various places online. – schroeder Jun 11 '18 at 20:37--pw-minand--pw-maxwere replaced some time ago with--increment-minand--increment-max. But this information is indeed readily available. – Royce Williams Jun 13 '18 at 05:05