nerdexam
GIAC

GCIH · Question #754

What is the outcome of the command below? hashcat -m 0 -a 3 ntds.dat --potfile-path ntds.potfile -1 ?d?d?d?d?d?d

The correct answer is A. Brute force an md5 hash whose input was numbers. The hashcat command performs a brute force mask attack against MD5 hashes using a six-digit numeric pattern.

Vulnerability Exploitation & Privilege Escalation

Question

What is the outcome of the command below? hashcat -m 0 -a 3 ntds.dat --potfile-path ntds.potfile -1 ?d?d?d?d?d?d

Options

  • ABrute force an md5 hash whose input was numbers
  • BCrack six digit LANMAN passwords
  • CRemove the encryption from the ntds.dat file
  • DCreate a dictionary of 3000 usernames

How the community answered

(47 responses)
  • A
    81% (38)
  • B
    6% (3)
  • C
    11% (5)
  • D
    2% (1)

Why each option

The hashcat command performs a brute force mask attack against MD5 hashes using a six-digit numeric pattern.

ABrute force an md5 hash whose input was numbersCorrect

The flag '-m 0' specifies MD5 as the hash type, and '-a 3' selects the mask/brute force attack mode. The pattern '?d?d?d?d?d?d' defines a six-position mask where each character is a digit (0-9), so hashcat systematically tries all six-digit numeric combinations as candidate MD5 inputs.

BCrack six digit LANMAN passwords

LANMAN hashes require '-m 3000' in hashcat, not '-m 0', and LANMAN operates on uppercase ASCII-split strings rather than purely numeric six-digit inputs.

CRemove the encryption from the ntds.dat file

Hashcat is a hash-cracking tool that recovers plaintext values; it does not decrypt or modify the ntds.dat Active Directory database file itself.

DCreate a dictionary of 3000 usernames

Hashcat does not generate username dictionaries; '-a 3' is a mask-based brute force attack mode, not a list generation or enumeration function.

Concept tested: Hashcat MD5 brute force mask attack parameter interpretation

Source: https://hashcat.net/wiki/doku.php?id=hashcat

Topics

#hashcat#MD5 cracking#brute force#mask attack

Community Discussion

No community discussion yet for this question.

Full GCIH Practice