Summary In this post I will talk about how to make password cracking accessible to people who don't want to make the investment in video cards and GPU hardware resources. This post will mostly be a tutorial, geared toward people who are in a pinch and need to quickly standup a powerful hashcat environment. The problem that led me down this path I was recently working on an issue that required me to recover the password of a zip file. The zip file was created programmatically by a utility; which I had to the source code for. This meant I had the character set used and a fixed password length. I decided to fire up hashcat on my Mac Book Pro with my AMD Radeon Pro 560X. To my surprise, I was greeted with the error below; Against the advice of the error message, I used the --force syntax to override the error. This yielded no usable results, it ended up making hashcat unstable and produced some false positives (I thought I had cracked the hash quickly). After trying the t...
application security, bug bounties, security research