Quantcast
Channel: hashcat Forum - All Forums
Viewing all 7674 articles
Browse latest View live

How to crack numbers?

October 31, 2015, 1:03 pm
$
0
0
I know how to crack passwords, so i thought it would be as simple as putting numbers inplace of words.

Basically i need a number from the hash.

Specifically a number between 0 - 100 (into like the 12th decimal place [0.000000000001,2,3, ect ect.]) 

I can get the list of numbers, but i actually tried it with a number and hash  that have been confirmed.

Number was 6.5544075363103, hash was d205cc27d86901085c508318e46021b9.

I added the number into the list, and tried to crack that hash, but it couldnt find the number.

Im certain there is some information that im missing, anything that would help would be appreciated.
Search

hash format for 1password 3.7.2

November 1, 2015, 1:29 pm
$
0
0
1password version 3.7.2 is using the sqlite database to store all the information (the backup file with extension 1ptbackup is the same 1password.sqlite file).
Looking in the DB structure I found the table “securityLevels2” where items “iterations”, ”keyEncrypted” and “keyValidation” are present. 
This version of 1password is using the PBKDF2-HMAC-SHA1 to store the master password:
https://help.agilebits.com/1Password3/ag...esign.html

Based on the example found “hashcat.agilekeychain” I prepared a file which starts with “sha1”, iterations (10000), “keyEncrypted” without first 8 bytes (Salted__) and “keyValidation”.

Based on the recommendation from other post of hashcat forum (to use base64 for oclHashcat v1.37) I converted the Salt to base64 by “echo "bae3d9555f89caeecd3c1026ac92bd116d9442736f3b1a41c94a609f99e2ee104a1655a90a0db23e" | xxd -r -p | base64”.

the final file looks like this:
sha1:10000:uuPVVV+Jyu7NPBAmrJK94W2UonNvOxpByUpgn5Di7hBKFlCCCg2yPg==:ad250322577f05adaacf4eb54884e222412f3cd852c98b5ea3f7759cfc0ddc70

Would you please check if my hash file is prepared correctly and if my approach is correct using option PBKDF2-HMAC-SHA1 (12000)?

What are your strategies for cracking longer passwords?

November 1, 2015, 6:34 pm
$
0
0
15+ character passwords.  Dictionaries and rule mangling have worked better than I expected, specifically the human0id lists.  Sports teams and book titles were the low hanging fruit.  Combining firstname/firstname and firstname/lastname dictionaries also provided a number of hits.  Combining generic dictionaries wasn’t too successful by itself, but using morph to create insert rules against the combined lists was productive.  I had some success with phrases but for some reason they all used l33t speak.  I’m assuming user training used something similar as an example.  

I used cewl to create some lists and mangle them.  This found a few.  Keyboard combinations was a bust.  I was sure I would hit on one or two.

Brute-force and mask are not really an option at this length.  Hybrid won’t work because of how the passwords are allowed to be crafted.  I haven’t tried permutation yet and I don’t think I have cracked enough to use fingerprint attack.  

I used prince to feed a rule based attack but didn’t get any hits.  This surprised me a little.  It could be I need a better prince dictionary strategy for long passwords.  I personally think finding a way to craft phrases and sentences quickly will be the death knell to passwords.  I might try aprizm's idea and combinator (noun, verb, adjective, noun) for giggles.  

So far I’ve cracked about 15% of the total.  My gut tells me dictionary attacks with rules are the way to go but mostly I’m fishing for ideas.  I haven't found a lot of discussions in open forums on the specifics of 15+ cracking.

r

AMD to Retire Catalyst

November 2, 2015, 10:25 am

I am looking for a $1000-2000 build to crack hashes please help me hash crackers

October 20, 2015, 3:04 pm
$
0
0
hello hash crackers, i was wondering, i am looking to build a hash cracking pc for hash cracking.

I am looking to spend $1000-2000 to buy this pc for hash cracking

could you hash crackers pick out these parts i need to build this pc please.


dank u

Using Prince Attack with pdf hashes

November 3, 2015, 1:45 pm
$
0
0
This is my first post but have been following along and trying to learn from others' posts before posting my question.
 I have not seen anything in any of the other posts with reference to this.

I'm new to hashcat and oclhashcat and password hash cracking but have been learning slowly.  I have several .pdf files I've extracted the hashes and have tried brute force, dictionary, combinator, numerous dictionaries  etc against them.  I have no idea what the password length is.  I've had success with some files, however not all.  I've been reading in various places about the prince attack.  Can this be used in conjuction with oclhashcat and with a pdf hash?  If so, how would I go about setting it up?    It appears no one cracks pdf passwords out there on a routine basis. . . . .  I have a 3.5gb processor with and 6 cores and an nvidia geforce GTX 960 with 16gb ram in an asrock 970 extreme4 mb.  Oh, I am using oclhashcat 1.37 and also have and use the hashcatgui v0.45b1 by BlandyUK.  I know this is probably a modest and probably inadequate setup, but it is what I am currently using.

Any help would be appreciated.

SHA256 base64 - please help

November 3, 2015, 2:20 pm
$
0
0
Hi i'm a noob and hoping for some help with a sha256 base64.

I've searched and read another topic but i'm still unsure about something.

So i've got a list that looks like this; (i've replaced some characters with X's, hope i'm right in doing so)

5X7hLXH8MBXRPLc/km/FN/YXmEXR8576ZoXqXqmTXfM=
K4Xoy1Z/nxcbIA7iGX8UdA+rnvtXPIuyI5/NesqX6/A=
JnXnSp/c0Xnf+WxqrVR28KxOcaeXptBhaXN9TgZ8U1k=

then i've used a Base64 -> hexadecimal string decoder i found from google which converts it to:

e4dee12f81fx301e913cb73f926fx537f617984291f39efa6680xa0ea99365f3
2b83e8xb567f9e171b200ex2191f14740fab9efb543c8bb2239fxd7aca96xbf0
2675274A9FDxD169DFF969EAAD5476x0AC4E71A783A6x06169637x4E067C5359 (didn't lowercase this one)

then i've run that through hashcat on sha256 but i've not found any hits with 20GB wordlist. Is there anything i'm missing.

If i'm not pushing my luck how to you arrange your results so they aren't all in one solid text.

Any help would be greatly appreciated

Can any forensic tool discern the password length?

November 3, 2015, 5:36 pm
$
0
0
Hi all,

I have been using hashcat a little while, and I am familiar with similar tools,  jtr and pyrit.
I've also started using Kali's crunch, wifite, fern, etc.

This is perhaps not so much a question about hashcat per se, but a general question about the collective tattack ools (kali, hashcat, etc.)

I am testing cracking on  a wpa2 wireless network hash, and one thing that would be extremely useful in a brute-force attack is if any of these tools could discern the actual, specific length of the target password- i.e, "10 characters",  "25 characters", etc., so one could know and plan the attack accordingly.
Is that possible with any of the tools?
It's one thing to have to make 95^10 or 95^25 guesses, but another to have to add them all up in between- 95^10 +95^11+....95^25 is loads more work/time and processing.

Thanks ahead!
Search

expiring Jan 1 2016?

November 4, 2015, 11:29 am
$
0
0
I use oclHashcat to do the work, but the cpu version to test rules out.
But I just started getting a expiry warning.  I'm on v.50

input file format

November 4, 2015, 5:43 pm
$
0
0
Hello I've been wanting to test out a few hashes but am having a hard time with the input file format. 

Use case is:

Base 64 encoded hash (sha1)
email address is salt
pwd is 8 chars, charset is a-zA-z0-9!@#$%^&*()-=_+[]{}
what i've tried thus far:
(hashcat bin is linked)
./hc -m 120 hash.txt -a 3 ?a?a?a?a?a?a?a?a

//in compliance with the rules the following is  a totally random base64 encoded string
echo 'me@you.com:aGVsbG93b3JsZA==' > hash.txt

this rx'd unmatched sep.

echo 'aGVsbG93b3JsZA==:me@you.com' > hash.txt

also unmatched

I'm guessing that hashcat doesnt like the b64 encoded hash?

Do I need to pass in the hex representation of the byte[] instead? Also, if I know the salt ahead of time, can I pass it in plaintext or do I need to convert it to hex as well?

Thanks for your time.


EDIT - I'm generating the hash like so: 

Code:
HashAlgorithm managedHash = new SHA1Managed();
var byteValue = Encoding.UTF8.GetBytes(string.Format("{0}{1}", salt, password));
var byteHash = managedHash.ComputeHash(byteValue);
managedHash.Clear();
return Convert.ToBase64String(byteHash);

How would I parse through this to get the correct info?

November 4, 2015, 6:02 pm
$
0
0
Hey all,

Sorry for the super noob question.  I am in a university Info Security class, and the professor asked me to see if I could crack all these generated passwords (~400) using my 970GTX.  No one in the class has had a card powerful enough yet.

So with that said, I am very new to using anything.  In our in-class lab, we used John the Ripper to go through about 30 of them brute-force.  He asked me to try and use hascat and see if I could pull all of them out.

Here is how the hash is given to us:

user0:e0XXjUXXr6XFU:0:0:user #0:/var/home/user0:/bin/eggshell

How would I tell my cudaHashcat 1.37 to parse through this with user0 being username and then obviously try and crack the hash?  I've tried looking up guides and video's, but most of them are outdated and are not using a version near this one, or do not go into enough detail to explain what is actually happening.

Any guidance or references would be greatly appreciated!  Thanks!

Using Wordlist question

November 4, 2015, 8:09 pm
$
0
0
When I am using a worlist, if I tell it to check through a folder called 'wordlist', will it run through each file within the folder?  Or is there something that it needs to do in order to iterate through each file?

Stuck for days, probably a simple fix, please help!

November 4, 2015, 10:51 pm
$
0
0
So I was testing my network which is ATT. Most ATT routers use a 10 digit numerical code for WPA2. So I generated a dictionary file of every possible 10 digit number, captured the packet, converted it, etc.

Put the code into hashcat, and it took like 4 days but it says that it solved it and was successful.

The problem is that I didn't specify an output file when I was using the cmd line. So I know that it was probably solved because the password was in the dictionary file. However, how do I verify what the password is? Whenever I rerun the command, it finishes immediately, which I read is because something is saved in a pot file when you solve a hash.

Basically, my question is, I have the pot file, how do I verify what the wpa password is? I'm using the Cuda version of hashcat. Seems simple but I"ve been searching for days and everything I tried doesn't work.

GTX 950 bench?

November 5, 2015, 2:37 pm
$
0
0
I'm seeking results of a GTX 950 bench.

build from old parts

November 5, 2015, 5:07 pm
$
0
0
I am thinking about running this build.  It will be for 7zip hashes only(for now) running dictionary attacks.  Everything except the graphics cards I have already, so I'm really looking to see if there are any problems with running it that I am not aware of.

Core i7 920
16 GB Dominator ram(max)

EVGA 3 way SLI Motherboard
Samsung 840 500 GB SSD
Corsair 750W HX PSU

I plan on running two of the reference gtx 970s.  If I get a third, I either have a 1000W HX I would like to use, or if need be, I will spend the $300 and get the Corsair AX1200i.

Does this sound ok?  Am I missing something?  I am trying to save money by using what I have.
Search

BF fails

November 6, 2015, 9:07 am
$
0
0
Having a possible strange issue with BF'ing a WPA.  (v1.36)
Dictionary attack and rules based got it.  Password is 9 characters all lowercase
But not BF.
What am I doing wrong?


Code:
./oclHashcat64.bin -m 2500  -a 3  -t 10 --outfile=./x.txt  ./mywifi.hccap ?a?a?a?a?a?a?a?a?a

This had a runtime of about 1 hour 15 minutes.

Quote:./oclHashcat64.bin -m 2500  -a 3  -t 10 --outfile=./x.txt  ./mywifi.hccap ?l?l?l?l?l?l?l?l?l

This had a run time of 1 hour 7 minutes.


Isn't the '?a'  all characters, numbers and symbols, and '?l'  just lowercase?  Why does a vastly larger keyspace have essentially the same run time?

Segfault on --show

November 7, 2015, 2:05 pm
$
0
0
oclHashcat64 version 1.36 just started segfaulting on me when trying to do a --show.

Is there a limit on the potfile size? I ask because the potfile that is causing the crash is 1364774 lines and 58080707 bytes.  I then made a backup and removed any entries in the potfile after a known point where oclHashcat wasn't segfaulting. This edited potfile is only 1364164 lines and 58043751 bytes but it does not cause a segfault.

Looking at those last 610 lines I don't see anything different about them but when they are there oclHashcat borks.

Ideas?

running two different cards in same machine

November 7, 2015, 7:57 pm
$
0
0
Can you run two different cards, say a gtx 970 and a gtx 760, with the same instance of hashcat?  Or would you have to run two instances with two different workloads?

Also, how about two cards with the same chip, but different clocks? Is it similar to SLI?

Thank you.

Which setup would be a better choice?

November 8, 2015, 7:30 am
$
0
0
Choosing between the following, which would be the better choice:

2 nVidia reference design GTX 970s from Best Buy, bought on sale(when it happens again), $700 shipped
link to cards

or

1 EVGA GeForce GTX 980 Ti 06G-P4-4992-KR 6GB SC GAMING from Newegg, $659.99 shipped(it appears to be a reference design, though I don't know if the quality is as good as the ones from best buy)
link to card

This will be for brute force, large dictionary single 7zip hash attack, maybe some mask attacks as well.  It will take years to crack this, I expect, so I'm in it for the long haul.  The cards will be migrated to my main desktop when I go to next gen cards in a year or so.

With my current setup, I could add at most 1 more GTX 970 down the line as prices drop, however I could add two more TIs if I wanted to, though I doubt I would ever have that kind of money.  This would be my setup for quite a while.

Getting the TI would be a big investment up front for me, while I could get just one GTX 970 now and get the second down the line.  From the benchmarks I looked at, the TI looks to be faster for MD5, but I couldn't find anything for 7zip.

Thank you for any help.

SHA512 Linux

November 8, 2015, 9:03 am
$
0
0
I'm trying to run a dictionary attack on Linux password hashes with my AMD 7850, I only get about 5500 H/s, is this a realisitic figure or am I doing something wrong here? I'm using the following command

Code:
oclhashcat64 -m 1800 -a 0 --remove hashes.txt -o cracked.txt mydictionary.txt
Viewing all 7674 articles
Browse latest View live
Search