Password Cracking Help

[Help]

Hi I'm trying to figure out how I could perform an operation such as "hashed password cracking". As of now I only know that you can use wordlist, however the amount of characters and possible combinations makes the file to large to create my own wordlist with crunch. If anyone could reply how I would be able to crack a hashed password composed of these characters :
ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789
Please and thanks!

[Gumby]

You want Hashcat, or oclHashcat.

oclHashcat runs on a GPU and is MUCH faster.

Hashcat allows you to create custom character sets and define their use like ?U?l?l?l?l?d?d?d?d

Which is a five character word that starts with an upper and is followed by 4 digits.

keyspace would be 26x26x26x26x26x10x10x10x10



i.e. from their help

* Custom charsets:

-1, --custom-charset1=CS User-defined charsets
-2, --custom-charset2=CS Example:
-3, --custom-charset3=CS --custom-charset1=?dabcdef : sets charset ?1 to 0123456789abcdef
-4, --custom-charset4=CS -2 mycharset.hcchr : sets charset ?2 to chars contained in file


* Built-in charsets:

?l = abcdefghijklmnopqrstuvwxyz
?u = ABCDEFGHIJKLMNOPQRSTUVWXYZ
?d = 0123456789
?s = !"#$%&'()*+,-./:;<=>?@[\]^_`{|}~
?a = ?l?u?d?s
?b = 0x00 - 0xff

[Help]

If I were to use oclhashcat what would be the command structure to do this process with a max or min of 16 characters?

[Gumby]

The syntax is shown in the example below but I encourage you to take a moment and read some of these links otherwise your odds of success will be as good as that ginormo lottery you didn't win either.
First read up on key space. This is how you calculate the number of combinations.

Basically if you assume [A-Z], that is 26 possibilities. If you assume [A-Z][A-Z], that is 26x26 possibilities, [A-Z,a-z][0-9] = 52x10 possibilities.

The hashcat team also makes a great tool called maskprocessor. Maskprocessor will calculate key space for you and uses the same syntax as the other hashcat utilities.

Using your example of [A-Z,0-9] that is a 36 character set. Now it's just 3616.

Unfortunately this number appears to be too big for maskprocessor so I resorted to bc.
(Double check my math and apologies for any overuse of parenthesis I'm just not reading manuals this early so better safe than sorry.)
From the command line....
echo "36*36*36*36*36*36*36*36*36*36*36*36*36*36*36* 36" | bc
7958661109946400884391936 <- that's your key space.

Now here is the output of a single cheapo Radeon 6950 and I'm assuming MD5 which as a fairly "quick" hash.

Hash type: MD5
Workload: 1024 loops, 256 accel
Speed.GPU.#1.: 4759.1 MH/s

Which should correlate to 4,759,100,000 H/s

Dividing our key space by this number yields the number of seconds, there are 3600 seconds in an hour, 24 hours in a day, and 365 days in a year.

So........

echo "((((36*36*36*36*36*36*36*36*36*36*36*36*36*36*36* 36/4759100000)/3600)/24)/365)" | bc

....

wait for it.....

....literally

....

..... 53028406 years.


TL;DR

Brute force is best suited against small targets using tailored attacks with masks and detailed information, or as a fishing net against large captures for low hanging fruit.
Use tools like PACK to customize masks and cut down key space.


Links:

https://en.wikipedia.org/wiki/Key_sp...ryptography%29
https://hashcat.net/wiki/doku.php?id=maskprocessor
https://thesprawl.org/projects/pack/

[Help]

Would be useless to brute force then, so this method is basically useful for 0-10 character passwords ?