Discover and read the best of Twitter Threads about #hashcat

Most recents (2)

Password Cracking with a twist and a cat. ᨐ

"Lockdown edition"

Tips, tricks & hacks thread. a.k.a. "braindump" #hashcat, #passwords, #PasswordsCon, @PasswordVillage, @CrackMeIfYouCan, @SAINTCONPCrack, @hashcat, @CynoPrime, #JohntheRipper ,#teamHashcat Image
(*) Always --debug-mode , --debug-file
--debug-mode allows you to capture all the successfully cracked hashes together with the corresponding mutation (rules). New rulesets and wordlists can be derived from the overall stats. Image
(*) Use --session=sessionName in order to --restore longer time attacks.
Read 26 tweets
How to defeat Hashcat !? 🛡️ Well, I think I found a workaround😈

Use a password with the following format :

⚔️ '$HEX[xxxx]' ⚔️ (where xxxx are only hex characters)

Unless a specific flag is added to hashcat, the attacker will never be able to crack it ! #hashcat

1/5⬇️⬇️⬇️ Image
As you can see on the screenshot, the🚩'--wordlist-autohex-disable' needs to be added to hashcat to crack this pwd👻

This issue is already known by the hashcat team as you can see on Github and called an "hexception" 😆

github.com/hashcat/hashca…

2/5⬇️⬇️⬇️ Image
But why Hashcat failed to crack the password w/s🚩?

When a pwd contains a mixture of bytes outside 0x20-0x80, HC converts it as hex using this format $HEX[xxxx].

Using this, Hashcat can makes a diff between a plaintext pwd using only hex chars and the encoded one 🦾

3/5⬇️⬇️
Read 5 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!