@user-dm6qx6ds3y you can probably find it as a package provided by your operating system. In this video I'm on Debian and I installed it from the package manager
7:14 It's because all of those passwords are found in the word list. It doesn't have to be a massive compilation of commonly used passwords you find online. Let's not give people ideas. 😉 "Researchers" have published these lists so that each of us can check if our passwords are secure or not... yes, of course they have our best interests in mind. 😇
For the purpose of education it would make more sense to create your own list with just a few words in it, so it doesn't appear as pure magic to the unknowing observer. It's basically just doing a text search for those hash values based on the words in the list. It's hashing the words (and permutations thereof) and then matching their hash values against the hash values in the list of hashes, i.e. it's doing a "straight" comparison.
10:02 What's most interesting here is that the hash rate increases dramatically from 8800 kH/s for a word list to 2200 MH/s (2200000 kH/s) for a brute force operation. That's a 250 fold increase! I wish it was just that simple to jump from 2200 MH/s to 550 GH/s without upgrading the GPU. That would be so sweet. I try to choose my words carefully, like "brute force operation" so I don't give away the real purpose of hashcat. Every hash cat (user of hashcat) needs to learn to insist that it's a "password recovery" tool and that they are doing "research". 😸
@@TheBuilder In a way, at a grand scheme of things, technology is magic. Magic is what people call things they do not understand. There are increasingly many things people do not understand, for it's difficult to catch up on all things in Tech. Thankfully we have many good resources for learning, one of them being TH-cam. So thank you for being part of that and helping debunk the myths about technology! I enjoyed watching your video.
I'm currently using a VM with 2 cores and all I get is 2400 kH/s for a word list operation and 9200 kH/s for a brute force operation. If you find yourself doing the same, just remember to use the --force. 😉 Otherwise, depending on configuration, it may fail to find a GPU and abort the operation. I'll be back (in a few hours) to tell you if it worked. It's 28% in, started 4 hours ago, remains 12 hours. Speaking of which, ability to pause and create a checkpoint are two very useful features of Hashcat.
quick question, I was testing the brute force with a hash from a .rar files with a 2 character password containing special characters and it seems to have moved on to 3 character guesses without trying any special character combinations, is there a setting to enable special characters or is there something else I need to do?
@@TheBuilder i use the command of you to find this pass it running but it can't find and i don't know the formula of this app can you show me the formula of hashcat ?
@@TheBuilder Agreed with Drago! I wanted to lead a group discussion at my company today around password cracking and security, along with a demo showing how easy it is to crack simple passwords with poor hashing and found this video. It gave me a good outline for a demo as well as a video to share with the group if anyone to try it themselves or wanted more info. Thanks!
Hi, a couple of months back, I forgot my password for one of my encrypted drives, encrypted via VeraCrypt with PIM. Luckily, I do have a vague memory of what could be the combination, so I created my own worldlist which adds up to thousands of worlds. Additionally, I am certain of PIM. Now, after a month I only tried couple of hundreds, and still a lot more to go, not to mention it may have missed one or two. Is it possible to use Hashcat to try these passwords including the PIM. If yes, may you kindly make a tutorial about it? I am using windows as the OS (specifically windows 11)
Great video, I have a password I want to Hashcat, I know the password has only uppercase alpha, but i also know that the password only uses some of the alpha (G thru O and Z are not used) however I don't know how to apply this as a mask to save gpu time. Thx from a total noob.
there could be options to fine tune your mask but i wouldn't be so picky with it. if you are trying to recover your password the biggest problem will be the length
How do I make every first word in the dic. upper case? Is there any way to do that in attack mode 6.Im not sure if I can add it to the mask or not. Thanks I sub and liked.
Is there a way for hashcat to determine if it has got certain characters correct in a attack and then able to extract that data? For example if the password was Bingbong123, if hashcat figures out the first letter being B and the last being number 3?
Hey I’m having a huge problem with my attempts at running hashcat for some reason it either says separator unmatched or token length exception no hashes loaded. I’ve tried many different things to fix it like using different wordlists, Trying different text editors to build my hash files such as nano, echo. I even tried using different string structures of the same hash. If anyone has any idea of how to fix it your input would be greatly appreciated. Thank you
I was able to crack your demo hash....so nice to see things work. Can you do a demo on using hashcat with the increment switch? I have a NTLM hash value that I know is 13 characters so I want to create an attack that doesn't waste any time banging away are possible passwords shorting that the 13 characters. I have tried hashcat.exe -a 3 -m1000 -i --increment-min13 hash.txt but the command is not correct.
@@TheBuilder I did try using a Mask but I am getting an error message "Integer overflow detected in keyspace of mask". My command was "hashcat.exe -a 3 -m 1000 -i --increment-min=13 hash.txt ?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a" and as an alternative "hashcat.exe -a 3 -m 1000 -i --increment-min=13 hash.txt mask.txt" where the mask.txt contained the ?a?a etc
@@TheBuilder I did. I was using the wrong charset anyway. I was able to crack the 3 letter/number word. Now it's on to the 8 chars. The tutorial in their help manual is so poor. This whole thing is just a big headache.
Subscribe for more
what do you mean?
@user-dm6qx6ds3y download what???
@user-dm6qx6ds3y you can probably find it as a package provided by your operating system. In this video I'm on Debian and I installed it from the package manager
4:33 boblog :D Bob Log III one of the best artist in the "nasty-bluegrass-performed-in-a-jumpsuit-sung-through-a-telephone" artists. Great video.
One of the very few hashcat videos that are helpful thank you
Thanks for the intro. Currently learning how to test the security of password protected .zip files.
Happy to help
7:14 It's because all of those passwords are found in the word list. It doesn't have to be a massive compilation of commonly used passwords you find online. Let's not give people ideas. 😉 "Researchers" have published these lists so that each of us can check if our passwords are secure or not... yes, of course they have our best interests in mind. 😇
For the purpose of education it would make more sense to create your own list with just a few words in it, so it doesn't appear as pure magic to the unknowing observer. It's basically just doing a text search for those hash values based on the words in the list. It's hashing the words (and permutations thereof) and then matching their hash values against the hash values in the list of hashes, i.e. it's doing a "straight" comparison.
I agree there is no magic when you understand the technology
10:02 What's most interesting here is that the hash rate increases dramatically from 8800 kH/s for a word list to 2200 MH/s (2200000 kH/s) for a brute force operation. That's a 250 fold increase! I wish it was just that simple to jump from 2200 MH/s to 550 GH/s without upgrading the GPU. That would be so sweet. I try to choose my words carefully, like "brute force operation" so I don't give away the real purpose of hashcat. Every hash cat (user of hashcat) needs to learn to insist that it's a "password recovery" tool and that they are doing "research". 😸
@@TheBuilder In a way, at a grand scheme of things, technology is magic. Magic is what people call things they do not understand. There are increasingly many things people do not understand, for it's difficult to catch up on all things in Tech. Thankfully we have many good resources for learning, one of them being TH-cam. So thank you for being part of that and helping debunk the myths about technology! I enjoyed watching your video.
I'm currently using a VM with 2 cores and all I get is 2400 kH/s for a word list operation and 9200 kH/s for a brute force operation. If you find yourself doing the same, just remember to use the --force. 😉 Otherwise, depending on configuration, it may fail to find a GPU and abort the operation. I'll be back (in a few hours) to tell you if it worked. It's 28% in, started 4 hours ago, remains 12 hours. Speaking of which, ability to pause and create a checkpoint are two very useful features of Hashcat.
quick question, I was testing the brute force with a hash from a .rar files with a 2 character password containing special characters and it seems to have moved on to 3 character guesses without trying any special character combinations, is there a setting to enable special characters or is there something else I need to do?
my question is how to identify which hash i do have ?
you can try guessing which function created it by looking at their size
Thanks man
can you please explain how to determine the hash function, by looking at the password dump file?
what type of hash are you trying to recover? it should be obvious if you look it up in the docs
@@TheBuilder i got it, thank you so much for responding
For goodness' sake, embrace dark mode, man. How on earth do you manage to use light mode?
I read a lot, so my eyes are used to light mode
hello sir i create file winrar with pass abcdef_123@ and i use your method but it can't find this password after scanning what i should do ?
Hello, before I try to answer your question, what is the command you're running to find your word?
@@TheBuilder i use the command of you to find this pass it running but it can't find and i don't know the formula of this app can you show me the formula of hashcat ?
Thanks for the video. I've been looking around everywhere for an explanation on the attack types and this was perfect.
you are welcome. I recommend reading the official documentation its where I go first to learn stuff
@@TheBuilder Agreed with Drago! I wanted to lead a group discussion at my company today around password cracking and security, along with a demo showing how easy it is to crack simple passwords with poor hashing and found this video. It gave me a good outline for a demo as well as a video to share with the group if anyone to try it themselves or wanted more info. Thanks!
Hi, a couple of months back, I forgot my password for one of my encrypted drives, encrypted via VeraCrypt with PIM. Luckily, I do have a vague memory of what could be the combination, so I created my own worldlist which adds up to thousands of worlds. Additionally, I am certain of PIM. Now, after a month I only tried couple of hundreds, and still a lot more to go, not to mention it may have missed one or two. Is it possible to use Hashcat to try these passwords including the PIM. If yes, may you kindly make a tutorial about it? I am using windows as the OS (specifically windows 11)
This is the best Hashcat tutorial I've seen today.You explained all the aspects I wanted to know to start cracking hashes. Thanks for sharing!
could you tell me that in which file he codes
this barely helps
what was unclear?
what if i wat try every combination with my dictionary and a mask, but the mask could be 2 or 3 or x digits? what i supposed to write?
-bash: hashcat: command not found.
command : sudo apt-get install hashcat
Great video man, it helped a lot,
thank you so much!
happy to help with these topics, if you want me to cover anything else feel free to ask
Great video, I have a password I want to Hashcat, I know the password has only uppercase alpha, but i also know that the password only uses some of the alpha (G thru O and Z are not used) however I don't know how to apply this as a mask to save gpu time. Thx from a total noob.
there could be options to fine tune your mask but i wouldn't be so picky with it. if you are trying to recover your password the biggest problem will be the length
at 5:55 this didn't work. what are the configurations settings for the vm?
it's just regular bash
How do I make every first word in the dic. upper case? Is there any way to do that in attack mode 6.Im not sure if I can add it to the mask or not. Thanks I sub and liked.
use the ?u charset, if you don't know how, look up how charsets work
9:14
Il lnow this is pretty old but like how do you get in the zone where you write????
what zone?
whats the font you used in this video
the font of the terminal
most likely the default font gnome terminal comes with
when it finds a password, is it possible that it can be wrong?
it doesn't find passwords, it reverses hashes, and yes, it's possible a hash can have multiple collisions for various data
Why are you using light mode jesus daam christ.
Othervise good video. Liking when you use darkmode
I fall asleep otherwise
@@TheBuilder thats fair. Imma drop a like on that
!!
Is there a way for hashcat to determine if it has got certain characters correct in a attack and then able to extract that data? For example if the password was Bingbong123, if hashcat figures out the first letter being B and the last being number 3?
no that's Hollywood nonsense
@@TheBuilder hahahaha bloody Holywood!!! Thanks for confirming 🙌🏽
Saved my Life!!!
no prob
how do you open the hashcat terminal
in the video i use the gnome terminal to run hashcat
go to its directory and in the upper part is the search bar, type cmd into it
Hey I’m having a huge problem with my attempts at running hashcat for some reason it either says separator unmatched or token length exception no hashes loaded. I’ve tried many different things to fix it like using different wordlists, Trying different text editors to build my hash files such as nano, echo. I even tried using different string structures of the same hash. If anyone has any idea of how to fix it your input would be greatly appreciated. Thank you
Try again, it's most likely something not being set right. make sure your hash type matches the one you're trying to dehash
Hey you were right I was hashing 1800 unix instead of 0 md5 it was such a basic mistake and took me hours to figure it out thanks a lot.
@@jaydenkeene2417 happy that helped
@@TheBuilder ur a legend for replying after 2 years
@@Kirya_xd my last video was only 3 days ago, this channel hasn't kicked the bucket...yet
Sir i am trying to crack ntlm hash with rockyou wordlist, almost 25%of wordlist had completed then it is showing exhausted..
is it not using the whole word list? is that the problem?
nice gave this video a thumbs up
thanks kat bro
How to put ?d?d?d in front of word list
use mode 7
I was able to crack your demo hash....so nice to see things work. Can you do a demo on using hashcat with the increment switch? I have a NTLM hash value that I know is 13 characters so I want to create an attack that doesn't waste any time banging away are possible passwords shorting that the 13 characters. I have tried hashcat.exe -a 3 -m1000 -i --increment-min13 hash.txt but the command is not correct.
have you tried using a mask ?a?a?a?a?a?a?a?a?a?a?a?a?a will limit your guesses to 13 characters
@@TheBuilder I did try using a Mask but I am getting an error message "Integer overflow detected in keyspace of mask". My command was "hashcat.exe -a 3 -m 1000 -i --increment-min=13 hash.txt ?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a" and as an alternative "hashcat.exe -a 3 -m 1000 -i --increment-min=13 hash.txt mask.txt" where the mask.txt contained the ?a?a etc
I get "exhausted" with hashcat attempts. It's just a 3 letter password with Ripemd-160(6000) hash.
then try without a word list
@@TheBuilder I did. I was using the wrong charset anyway. I was able to crack the 3 letter/number word. Now it's on to the 8 chars. The tutorial in their help manual is so poor. This whole thing is just a big headache.