Some masks take longer than expected #1
Comments
|
I appreciate all of your efforts and analysis. I definitely made some assumptions that are foundational in regard to the timing benchmarks. I assumed the graphics processing power of a 1080TI and the hashing algo is NTLM (which is extremely fast to crack). If these two variables are different for you it could change the timing by multiple orders of magnitude! This means that even 7-character passwords could take a very long time to crack if a strong hashing algorithm + salting is used, so there is value in including 7 characters in the set (regarding your pull request). Also, these password masks were generated from REAL passwords, so filtering the list to conform to a policy standard should not be done (at least initially). On pen tests, I have seen domain admin accounts use 3 character passwords, so you should assume nothing! |
|
Thanks for your response. Hashrate (NTLM): 105 GH/s = 105.000.000.000 H/s
Keyspace: ?d?d?d?d?d?d?d?d?d?d?d?d?d?d?d?d = 10^16 = 10.000.000.000.000.000
Cracking Time: 10.000.000.000.000.000 / 105.000.000.000 H/s = 95.238,09 seconds = 1.587,3 minutes = 26,45 hoursSo even with my faster hardware and a fast hash like NTLM, brute-forcing the entire 16 digit space would take more than 1 day, which is a bit more than one minute :p Anyway, I would be really interested in the full statsgen file. This would allow anyone to create the masks specific to their own hardware and time requirements. You already mentioned, that Github does not allow to upload such big files, but there is Git Large File Storage (https://git-lfs.com/) for such cases. Maybe you can upload it there? 3 characters for DA password is insane, but I think this is an extremely unusual exception. By default, Windows has a password policy, meaning that it has been explicitly disabled in the case you mentioned. |
|
You are correct about the time estimates being off for the high character count masks. It is because masksgen.py will include the first mask in the set if you specify 1 minute of runtime, even if that first mask runs for longer than one minute. I actually cannot find the full statsgen file or I would post it! Check out my other repo for another really good set of masks ... and a spreadsheet tool that will allow you to fine-tune your masks... |
Oh no, that's a pity Thank you for the link. I will have a look into it. I just new about the original corporate masks repo. |
Hey, thank you for this amazing work and providing the mask files.
However, I noticed that some of the masks take way longer than what the foldername suggests.
This is especially true for the mask files with character length 11 to 16. Looking into the files you can see that the keyspace is (in most cases) just all-digits and the mask is the same in every folder (e.g.
?d?d?d?d?d?d?d?d?d?d?d?d?d?d?d?don the 16 character files).So instead of taking a minute, using the
1-minute_16.hcmaskwill actually run for about 4 days (ony my hardware).This is likely a pack issue and needs to be solved there, but since it seems that the project was abandoned, one probably has to do some kind of (manual) verification on the mask files and such "invalid" entries must be deleted from the file.
I know that this could also be achieved "on the run" with something like
timeout 1min hashcat [...]orhashcat [...] --runtime 60but this would end the whole cracking process and I think it would be better if the masks in the files actually fit the file name.The text was updated successfully, but these errors were encountered: