Quantcast
Channel: hashcat Forum - All Forums
Viewing all 7686 articles
Browse latest View live

Thoughts on Pascal?

February 14, 2016, 4:53 pm
$
0
0
Another question from a newbie here.  Please go easy on me.

Despite just building a rig, I'm already saving for new cards.  I've been looking at the literature for the soon to be released Nvidia "Pascal" and realize how much I still have to learn.  The GP100 is touted as being the successor to the GM200 (TitanX), but the technical spec doesn't look to my uneducated eyes like we'll see a massive increase in performance for cracking work.  Yes, there are more transistors and more memory, but a lot of the talk is around the improvement for mixed precision (FP16 support) (cracking is more integer work, no?) and better performance per watt.  If Pascal looks to completely displace Maxwell, I'll go without new toys for  a bit longer and buy Titans once prices drop.  If not, I'm waiting for nothing and will just build another system with cards in the price/performance sweet spot.
(Yes, I know... The obvious answer is to just wait and see rather than bet on theoreticals.  However, I'll be kicking myself if I hold off for months waiting on Pascal and then Titan doesn't drop in price.  I'll also be kicking myself if I let myself get impatient, spend my money on a second GTX970 based system for immediate gratification and then see Titan drop by 50%.  First world problems....)

For the experts in the audience:  Please educate me.  What am I missing, if anything?  What is your take?

tl;dr - I'm saving for new cards.  Wait for Pascal?
Search

how do I crack truecrypt containers that were made using Whirlpool?

February 14, 2016, 6:57 pm
$
0
0
twofish/serpent encoded. Does anyone know a program that can help me? I know most of the words that make up the password but do not know them all.
I have looked everywhere it seems and the closest was Truecrack but it only does AES. Does anyone know of a program that can help me out?
Thankyou

identify hash type-unknown

February 15, 2016, 1:24 am
$
0
0
Can any one help me to identify this hash..

<redacted>

masking

February 15, 2016, 1:35 am
$
0
0
hello there, i like to try all the possible combinations of
  • uppercase letters
  • numbers
  • in a 10 digit code (preset WPA)
  • so instead of making a huge password list i thought i should use hashcat
  • lets say the first 6 chars are known 6ABE43
  • my problem is with masking, can i combine ?d and ?u for the 7th,8th,9th and 10th position?

  • I tried ?ud and it accepts it but i think it accepts ?u and counts "d" as a character and not a  numeric charset

  • hashcat -m 2500 test1.hccap -a 3 6ABE43?ud?ud?ud?ud?ud?ud -session=test1

  • i want to try upper case charset AND numbers for each of the last 4 positions (7,8,9,10)...how can i do it?

  • thanks

The Autotune Engine

February 15, 2016, 2:14 am
$
0
0
The Autotune Engine

If you're using the latest beta version/GitHub you get the following new notification on program start:

Quote:Device #1: autotuned kernel-accel to 1024
Device #1: autotuned kernel-loops to 200

This is a new system which tries to automatically find out the best workload tuning for your attack.

TL;DR

If you're not interessted in all the details, all you need to know is that:
  • The way how to tune oclHashcat changed
  • The autotune engine is always active, but you can override it
  • The definition of the -w (workload-profile) parameter changed. Now -w is your friend
  • If you're not a developer, forget the parameter -u and -n 
The goal was that the user can use this single parameter to easily set how he want the autotune engine to make use of the available resources. The profiles are defined as following:
  • -w 1: Watch movies or play games (even such that require high FPS count), lowest performance
  • -w 2: Normal desktop operations or "economic" mode (like internet browsing, texteditor, etc), default setting
  • -w 3: Headless systems or dedicated cracking systems, highest performance
Don't forget, don't use -n or -u anymore!

If you don't care about desktop lags, simply add -w 3 to your commandline

Why the change?

In the past I've hardcoded some preconfigured values for kernel-accel (-n) and kernel-loops (-u), depending on hash-type and GPU vendor. They were set to a value which is optimized to run best on the current high-end GPU in Brute-Force attack-mode. This was an suboptimal solution, because these values need to be changed in case you use a different attack-mode or a low-end GPU. 

Therefore I've made the parameters -n and -u available to the commandline so you can adjust them for your specific case. Later I found out that there's a fixed relation between the optimal values for the different attack-modes, but not depending on the hash-types. Now it was possible to make this process more easy for the user, so I've added the --workload-profile (or -w) parameter. This parameters definition has changes with the new version, that's why I don't want to go to much into the details of how it was used before, that would just confuse you.

Now, with latest oclHashcat version which supports all OpenCL compatible device types like CPU or other accelerators, such a fixed value doesn't fit any longer. They are so different in how they are designed, they require their own strategy to find the best values for them. 

I was forced to rethink about how to find the optimal settings. The first change was to fully get rid of the hardcoded values in oclHashcat and move them into a user-configurable text database. In that database you can set these ideal tuning values for each device, attack-mode and hash-type. But it quickly turned out that this database becomes huge and such databases are typically too hard to control and end up as a still birth. There was simply no way around an automatic solution and that's how the idea of an autotuning engine turned up.

How to use it?

You don't need to active it or do anything in general to make use of it. The autotune engine is always active, whenever you start oclHashcat. Since every automatism can create errors, because of some unknown variable or it lacks of informations, it's required to have a mechanism that can override whatever it calculates. There's two ways to override the autotune engine:
  • Set --opencl-vector-width, -n and -u by hand
  • The combination of device-name, attack-mode and hash-type match an entry in the tuning database
Tuning database?

The tuning database is a simple textfile, of which all entries in a line are separate with tabs or spaces, a CSV. Here's some rules:
  • This file is used to override autotune settings
  • This file is used to preset the Vector-Width, the Kernel-Accel and the Kernel-Loops Value per Device, Attack-Mode and Hash-Type
  • A valid line consists of the following fields (in that order):
    • Device-Name
    • Attack-Mode
    • Hash-Type
    • Vector-Width
    • Kernel-Accel
    • Kernel-Loops
  • The first three columns define the filter, the other three is what is assigned when that filter matches
  • If no filter matches, autotune is used
  • Columns are separated with one or many spaces or tabs
  • A line can not start with a space or a tab
  • Comment lines are allowed, use a # as first character
  • Invalid lines are ignored
  • The Device-Name is the OpenCL Device-Name. It's shown on oclHashcat startup.
  • If the device contains spaces, replace all spaces with _ character.
  • The Device-Name can be assigned an alias. This is useful if many devices share the same chip
  • The use of wildcards is allowed, some rules:
    • Wildcards can only replace an entire Device-Name, not parts just of it. eg: not Geforce_*
    • The policy is local > global, means the closer you configure something, the more likely it is selected
    • The policy testing order is from left to right
  • Attack modes can be:
    • 0: Dictionary-Attack
    • 1: Combinator-Attack, will also be used for attack-mode 6 and 7 since they share the same kernel
    • 3: Mask-Attack
  • The Kernel-Accel is a multiplier to OpenCL's concept of a workitem, not the workitem count
  • The Kernel-Loops has a functionality depending on the hash-type:
    • Slow Hash: Number of iterations calculated per workitem
    • Fast Hash: Number of mutations calculated per workitem
  • None of both should be confused with the OpenCL concept of a "thread", this one is maintained automatically
  • The Vector-Width can have only the values 1, 2, 4, 8 or 'N', where 'N' stands for native, which is an OpenCl-queried data value
  • The Kernel-Accel is limited to 1024
  • The Kernel-Loops is limited to 1024
  • The Kernel-Accel can have 'A', where 'A' stands for autotune
  • The Kernel-Loops can have 'A', where 'A' stands for autotune
Personal tuning settings

The tuning database can also be used to store your personal tuning settings you like. For example if you want to go full power you can simply add an entry like this:

* * * N 1024 1024

But you have to live with all the implications this generates. High power consumption, extreme heat development, far distant restore checkpoints, slow speed updates, laggy desktop etc. Generally this is not what you want.

It makes much more sense to fine-tune the settings. To give you an idea of how to do it, here's how I do it:

Preparation
  • set your fanspeed to 100% (if applicable)
  • set your power limit to 100% (if applicable)
  • set your core clock to stock settings
  • set your memory clock to stock settings
  • for every run, give it time to settle down, that is when it seems to have reached a speed that doesn't increase anymore
  • use a single hash for testing, if you need an example hash for the different algorithms, see the wiki pages example hashes
  • Attack-Mode 0:
    • Choose your favourite wordlist (should have > 10m words)
    • Choose your favourite ruleset (should have > 2000 rules)
    • Example: oclHashcat64.exe -a 0 hash.txt wordlist.txt -r rules\rockyou-30000.rule -m xxx -u xxx -n xxx --opencl-vector-width xxx
  • Attack-Mode 1:
    • Choose your favourite wordlist (should have > 10m words)
    • Choose ?a?a?a as mask
    • Example: oclHashcat64.exe -a 6 hash.txt wordlist.txt ?a?a?a -m xxx -u xxx -n xxx --opencl-vector-width xxx
  • Attack-Mode 3:
    • Choose ?b?b?b?b?b?b?b as mask
    • Example: oclHashcat64.exe -a 3 hash.txt ?b?b?b?b?b?b?b -m xxx -u xxx -n xxx --opencl-vector-width xxx
Measurement

  1. Find kernel accel
    • Set vector width to 1
    • Set kernel accel to 1024
    • Set kernel loops to 1
    • Decrease kernel accel by dividing by two until gpu utilization settles down below 95%
  2. Find vector width
    • Set vector width to 1
    • Set kernel accel to the previous value
    • Set kernel loops to 1
    • Try the 4 different vector width 1, 2, 4 and 8 and use the one with the lowest exec runtime
  3. Find kernel loops:
    • Set vector width to the previous value
    • Set kernel accel to the previous value
    • Set kernel loops to 1
    • Increase kernel loops in steps of 8 until execution time is closest to 64ms (in status screen)

HELP HASH

February 15, 2016, 8:45 am

R9 270x compare to R9 280X

February 15, 2016, 8:52 am
$
0
0
Well i thought that if i buy a 280X i would double h/s in oclhashcat

the R9 280X  (2048 Stream Processors Tahition wpa2 @ 1050 Mhz clock= 147.4 kH/s 

vs

the R9 270X  (1024 Stream Processors Pitcairnon wpa2 @ 1050 Mhz clock= 92,000 h/s

i'll get better performance with 2 
R9 270X  (1024 Stream Processors Pitcairnon wpa2 @ 1050 Mhz clock= 2 X 92,000 h/s= 184,000 h/s

anybody else experience that?

is it  because of the processor is different Tahiti vs Pitcairn?


Tia

idea of generalizing mask and hybrid attack

February 15, 2016, 1:12 pm
$
0
0
Hi,

I'd like to ask if the following idea for a new attack mode would be worth posting on github as a new feature request.

I would find quite useful if the elements of a mask could correspond to all words from given dictionaries, not just single bytes. This way one could perform the following types of attacks:
?<dict1>?s?<dict2>?d?d

Furthermore, (language specific) utf-8 brute force would be supported out-of-the-box without workarounds:
?<utf8dict>?<utf8dict>?<utf8dict> ...
where <utf8dict> would contain the relevant utf8-chars as words.

I am aware that the proposed functionality can already be achieved by using various workarounds (hybrid emulation rules, programatically generated mask files, pre-applying rules to a dictionary then combinator, reading from stdin, etc), but these all have drawbacks (amplification done on cpu, huge disk space and/or memory requirement, lot of manual preparing, etc).

My guess is that implementing this attack mode would require a considerable amount of programming, and it wouldn't be trivial to implement it efficiently, so I'm not sure if it's worth the effort, and if it is aligned with the current development goals/directions. Furthermore it would require a completely new attack mode. (I've read some oclhashcat code for fun, but I have absolutely no experience in GPU programming.)

Any opinions?
Search

Error cuModuleLoad() 301

February 15, 2016, 5:12 pm
$
0
0
Hello, I am trying to run oclHashcat on my Windows 10 PC. I have two Nvidia 770s that I would like to run some hashes through quickly but I keep getting cuModuleLoad() 301 whenever I try to run cudaHashcat64 -b. I have the latest Nvidia driver (361.91). I installed it by downloading the latest file off of the website and extracted it to a directory on my spare drive. I then updated my system PATH for the directory. How can I get this working?

PDF cracking only in oclhashcat?

February 16, 2016, 4:15 pm
$
0
0
Hello,

New to the forums, but I did a basic search and couldn't find anything. is Cracking pdf hashes only available in oclhashcat (and therefore not something that can be done on the mac)?

Thanks!

ERROR: cuMemcpyDtoH() 999

February 17, 2016, 3:12 am
$
0
0
Hi there,

Running cudaHashcat on my rig:

Windows 10 Pro 64-Bit
16GB 3000MHz RAM
6700K @ 4.6
GTX 980 Ti
Driver:  GeForce 361.91

I'm getting this output when I run a benchmark:

Code:
C:\Users\User\Desktop\Apps\cudaHashcat-2.01>cudaHashcat64.exe -b
cudaHashcat v2.01 starting in benchmark-mode...

Device #1: GeForce GTX 980 Ti, 6144MB, 1190Mhz, 22MCU

Hashtype: MD4
Workload: 1024 loops, 256 accel

Speed.GPU.#1.: 31802.3 MH/s

Hashtype: MD5
Workload: 1024 loops, 256 accel

Speed.GPU.#1.: 15175.3 MH/s

Hashtype: Half MD5
Workload: 1024 loops, 256 accel



ERROR: cuMemcpyDtoH() 999

Is this just a driver issue?

Gpu advice

February 17, 2016, 10:37 am
$
0
0
Hi, I am looking for a performance upgrade,but I am not sure which way to go. At the moment I am using oclHashcat with a wordlist and a rule file to attack various encrypted containers with the following hashtypes:
PBKDF2-HMAC-RipeMD160,PBKDF2HMACSHA512,PBKDF2-HMAC-Whirlpool.

I currently have a z77-d3h mobo,i5, overclocked 7950 and have a spare second pcie x16 slot which runs at x4. What is the best bang for the buck upgrade ? Install a second card and if so what do you recommend (ideally something not used and newer than the 7950) ? or forget the multi gpu setup and sell the 7950 and get something like a 970 or r9 390 single card upgrade ?

Thanks

Low fan speed and overheating with HD7850

February 18, 2016, 10:29 am
$
0
0
Hi,
I encountered a fan control issue with oclhashcat 2.01. The fan speed remains at 15% or 20% however hot the gpu runs. It goes up to 80 to 90°C and when it hits 90°C abort is triggered.
I can still  manually adjust the fan with speed fan, but only if oclhashcat is not running. So I can pause and adjust the speed and as soon as oclhashcat resumes it goes back to 15 or 20%.
Setup: Win 7 64bit, HD7850
AMD Radeon Software Crimson Edition Display Driver version 15.30.1025.1001

It seems like someone had encountered this problem before:
https://hashcat.net/forum/thread-3865.html

Is there a way to manually adjust fan speed in oclhashcat?

ERROR: restore greater than keyspace

February 21, 2016, 3:46 am
$
0
0
Hi. I am trying to skip some words but seems like either somethings i am doing is wrong or a bug... xD Why is it calculating the keyspace wrong??

It says 8031810176 (this would be right for 7x?u but not 8x?u) and then if I start it without skipping, in Progress it says 208827064576 ??

Thanks.

Code:
PS C:\Users\marsa\Downloads\cudaHashcat-2.01> .\hack.exe -m 2500 -w 3 -a 3 -o pass.txt --skip 67502731720 --status .\upc.hccap ?u?u?u?u?u?u?u?u
cudaHashcat v2.01 starting...

Device #1: GeForce GTX 660, 2048MB, 1137Mhz, 5MCU
Device #1: WARNING! Kernel exec timeout is not disabled, it might cause you errors of code 702
          You can disable it with a regpatch, see here: http://hashcat.net/wiki/doku.php?id=timeout_patch

Hashes: 1 hashes; 1 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates
Applicable Optimizers:
* Zero-Byte
* Single-Hash
* Single-Salt
* Brute-Force
Watchdog: Temperature abort trigger set to 90c
Watchdog: Temperature retain trigger set to 80c
Device #1: Kernel C:\Users\marsa\Downloads\cudaHashcat-2.01/kernels/4318/m02500.sm_30.64.cubin
Device #1: Kernel C:\Users\marsa\Downloads\cudaHashcat-2.01/kernels/4318/markov_le_v1.sm_30.64.cubin
Device #1: Kernel C:\Users\marsa\Downloads\cudaHashcat-2.01/kernels/4318/amp_a3_v1.sm_30.64.cubin



ERROR: restore value greater keyspace

PS C:\Users\marsa\Downloads\cudaHashcat-2.01> .\cudaHashcat64.exe -a 3 --keyspace ?u?u?u?u?u?u?u?u
cudaHashcat v2.01 starting...

11881376
PS C:\Users\marsa\Downloads\cudaHashcat-2.01> .\cudaHashcat64.exe -a 3 --keyspace ?u?u?u?u?u?u?u?u?u
cudaHashcat v2.01 starting...

308915776
PS C:\Users\marsa\Downloads\cudaHashcat-2.01> .\cudaHashcat64.exe -a 3 --keyspace ?u?u?u?u?u?u?u?u?u?u
cudaHashcat v2.01 starting...

8031810176
PS C:\Users\marsa\Downloads\cudaHashcat-2.01> .\cudaHashcat64.exe -m 2500 -w 3 -a 3 -o pass.txt --skip 67502731720 --status --keyspace .\upc.hccap ?u?u?u?u?u?u?u?u
cudaHashcat v2.01 starting...

8031810176
PS C:\Users\marsa\Downloads\cudaHashcat-2.01> .\cudaHashcat64.exe -m 2500 -w 3 -a 3 -o pass.txt --status .\upc.hccap ?u?u?u?u?u?u?u?u
cudaHashcat v2.01 starting...

Device #1: GeForce GTX 660, 2048MB, 1137Mhz, 5MCU
Device #1: WARNING! Kernel exec timeout is not disabled, it might cause you errors of code 702
          You can disable it with a regpatch, see here: http://hashcat.net/wiki/doku.php?id=timeout_patch

Hashes: 1 hashes; 1 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates
Applicable Optimizers:
* Zero-Byte
* Single-Hash
* Single-Salt
* Brute-Force
Watchdog: Temperature abort trigger set to 90c
Watchdog: Temperature retain trigger set to 80c
Device #1: Kernel C:\Users\marsa\Downloads\cudaHashcat-2.01/kernels/4318/m02500.sm_30.64.cubin
Device #1: Kernel C:\Users\marsa\Downloads\cudaHashcat-2.01/kernels/4318/markov_le_v1.sm_30.64.cubin
Device #1: Kernel C:\Users\marsa\Downloads\cudaHashcat-2.01/kernels/4318/amp_a3_v1.sm_30.64.cubin


Session.Name...: cudaHashcat
Status.........: Running
Input.Mode.....: Mask (?u?u?u?u?u?u?u?u) [8]
Hash.Target....: UPC0750311 (64:7c:34:91:5a:ea <-> 7c:01:91:5b:9a:79)
Hash.Type......: WPA/WPA2
Time.Started...: Sun Feb 21 12:37:26 2016 (10 secs)
Time.Estimated.: Thu Apr 28 16:56:38 2016 (67 days, 3 hours)
Speed.GPU.#1...:    38294 H/s
Recovered......: 0/1 (0.00%) Digests, 0/1 (0.00%) Salts
Progress.......: 368640/208827064576 (0.00%)
Rejected.......: 0/368640 (0.00%)
Restore.Point..: 0/8031810176 (0.00%)
HWMon.GPU.#1...: 99% Util, 44c Temp, 1020rpm Fan

File name in MD5

February 22, 2016, 3:51 am
$
0
0
Hello,
Thank you hashcat team and everyone in these forums for ease the way to cracking knowledge  Smile

I'm newbie to this kind of computer geekness. I have a filename that I'm assuming is encrypted by MD5 and possibly contains the time-stamp of the creating. If so, I would think it contains day, date and time. I tried to crack that hash but no wordlist or table have been successfully achieve what I'm looking for. I tried hashcat-cli64 with the following command:


hashcat-cli64 --hash-type=0 --attack-mode=0 outfile=c.txt --outfile-format=2 md5.txt worldlist.txt


I tried to use different wordlists and tables, different attack modes, hash types, added rules but nothing seem to work. Some attack modes would take two days and nothing I get in the end. Can you please help me in that situation?

Thank you all,
Search

Do different types of hashes take varying amounts of time to crack?

February 22, 2016, 11:12 am
$
0
0
Hi All,

I recently used ocl hashcat to crack an ecryptfs hash, the password was relativly simple a word and a numeric value and using a dictionary roughly 4GB in size it took approximately 5 days to crack. I'm currently trying to crack an NT hash and have built a 60GB dictionary to handle the potential complexity of the password. Yet ocl hashcat takes about 11 minutes to exhaust the list. I don't understand why it's taking less time to process more data, does the type of hash have something to do with this?

Dictionary Attack Question

February 23, 2016, 10:24 am
$
0
0
I've just upgraded my rig from a single nvidia gtx 660 to twin sapphire R9 290 vapor...  I had cracked a set of three unix SHA512 hashes with the nvidia card and managed to get all three accomplished in approximately 4 hrs with oclhashcat setup to use the nivida gpu.  I've since rerun the process with the R9s (linked)  and I can only get two of the three.  I've got it using a wordlist attack with the same wordlist used with the nvidia card.  I know the password is in there.  If i reduce the wordlist used to the three known passwords it ignores one of the passwords.  Is it possible to get a false solution?  and if not why would it miss the known password?

possible to decrypt dahua hash?

February 23, 2016, 3:58 pm

7zip Advice

February 23, 2016, 8:51 pm
$
0
0
Dear Forum,

I have a 7zip file which I know contains an 8 alphanumeric character password. I tried using a Mask attack on an extracted 7zip hash but it is telling me I have 10 years before bruteforce cracks it. Below is the line of code I used, any advice for me?

cudahashcat64.exe -m 11600 -a 3 -o cracked.txt --outfile-format=2 --remove hash.txt -1 ?l?u?d ?1?1?1?1?1?1?1?1

With two 980 TIs, it is estimating 10 years. I really thought it would be much faster but I am only getting 13,261 hashes per second (which I assume is the number of guesses per second). Shouldn't this guess number be in the millions with modern computing?

Point me in the right direction guys, how would you do this?

Amanwithplan

ASUS GTX970 VS PNY GTX970

February 23, 2016, 11:25 pm
Viewing all 7686 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>