Let's say I have a couple of hashes that I need to bruteforce as dictionary attack didn't work. Is there a way I can tell hashcat to start from a specific password length so it won't waste resources on looking for results that won't work?
Asked
Active
Viewed 2.7k times
3
-
1You mean `--pw-min`? If so, you will find this option in the command line help, in the manual, and in various places online. – schroeder Jun 11 '18 at 20:37
-
1`--pw-min` and `--pw-max` were replaced some time ago with `--increment-min` and `--increment-max`. But this information is indeed readily available. – Royce Williams Jun 13 '18 at 05:05
1 Answers
9
Sounds like you're looking for --increment-min. This will start a bruteforce/mask attack at a minimum length.
For example, this will try digits-only candidates, starting with length 7:
hashcat -a 3 -m [hashtype] -i --increment-min=7 targethashes.list ?d?d?d?d?d?d?d?d?d?d
You didn't directly ask this, but the deeper intent of your question appears to be "what can I do beyond a dictionary attack?"
There are many other options to try before you go full bruteforce - combinator, hybrid, masks. See hashcat's core attack modes for some introductory materials.
Royce Williams
- 9,128
- 1
- 31
- 55
-
I know that there are more, however none of them work - apparently a random password generator has been used. – Dariusz G. Jagielski Jun 14 '18 at 10:38
-
You'd have to do a *lot* of work to rule out many other methods before you can even tentatively start to conclude that. The more methods you try, the more likely you are to be right, though. :) – Royce Williams Jun 14 '18 at 13:56