Quantcast
Channel: hashcat Forum - All Forums
Viewing all 8224 articles
Browse latest View live

Kernel 3.11 Radeon Mesa drivers

August 29, 2013, 12:52 pm
$
0
0
I know you need the Catalyst but any plans to integrate the new mesa drivers to work with hashcat-oclplus later versions? The new 3.11 kernel offers great support for Radeon Drivers and GPU.
thanks
Search

best gpu

August 29, 2013, 7:10 pm

RACF passwords

August 30, 2013, 1:39 am
$
0
0
I've raised an enhancement request for including RACF password hashes within the scope of hashcat but I'm unsure if this is the most suitable version? TRAC #192

I'm wondering if this should be reassigned to oclHashcat-plus stream?

-t option statsprocessor

September 1, 2013, 3:08 am
$
0
0
first of all wow atom your amazing making all this possible thanks !! M@LIK iv read many of your posts you are the sed script god Smile

so my question is what does the -t option do brute force wise ? i thought it cancelled letters out eg -t25 would use 25 letters instead of 26 ? iv searched through the forum but cannot find.

Apostrophe char gives rejected rate

September 1, 2013, 3:50 am
$
0
0
Hello everyone,

I've create copy one of charset file and add at the end new chars: 1234567890!@#$%^&*()-_=+;:|\~`"'{}[]?<>,.

It should be like "all" but for needed charset.

Runs as:
oclHashcat-plus64.exe ... -a 3 -2 charsets\standard\<name>\<file name>.hcchr ?2?2?2?2?2?2

as you can see here only 6-digit mask. And this mask actually works.
But I get ~8% of "rejected" passwords because of Apostrophe char.

Could some explain why apostrophe is a "bad" char?

hashcat stopped working fresh install win 8 an cat 13.4

September 1, 2013, 12:08 pm
$
0
0
hi i was on cat 13.1 hcatplus64 0.14 yesterday an hashcat ran fine on hd radeon 7870 but today i noticed the hash cat page had updated to hascatplus 0.15 and requires 13.4 or later so i updated to 0.15 and to 13.8 beta2 by accident after following atoms info on another post remove cat/reboot/remove with driver fusion/reboot/ delete opencl.dll`s. installed 13.4 an got hashcat stopped working error. so i gave up an did a fresh install of windows an installed 13.4 first thing after install and im still getting the error. any ideas please its driving me nuts

SHA1 has decryption help

September 1, 2013, 3:38 pm
$
0
0
I wonder what are my options to crack this single sha1. Cross the wordlist option!

I couldn't find non outdated manual to understand the commands, they're really confusing me so I hope I came to the right to get help Smile So what do you say?

@Btw last time I was involved into hash cracking the gui version was easy to use, I see now it's outdated and I see a mess there in downloads section Tongue

custom rules for hybrid-like attack

September 1, 2013, 11:17 pm
$
0
0
hi,

my case here was cracking my client hashdump and after using jtr+ocl concurrently (straight wordlist with some mangling rules in both) and cracked some of the hashes, it turns out they tend to use password like 'companyname$s$d$d' ($s=symbol,$d=numeric).

almost like korelogic rules (appendSymbolNumNum), in jtr i can customize the rules to fit my needs but in hashcat, i haven't tried before.

so here my maskprocessor that i want to make it generate the custom rules.

Code:
append 1 symbol then Nth lowercase alpha
mp64.exe -o bfappend1sym2alpha.rule '$?s $?l $?l'
mp64.exe -o bfappend1sym3alpha.rule '$?s $?l $?l $?l'
mp64.exe -o bfappend1sym4alpha.rule '$?s $?l $?l $?l $?l'
mp64.exe -o bfappend1sym5alpha.rule '$?s $?l $?l $?l $?l $?l'

append 2 symbol then Nth lowercase alpha
mp64.exe -o bfappend2sym1alpha.rule '$?s $?s $?l'
mp64.exe -o bfappend2sym2alpha.rule '$?s $?s $?l $?l'
mp64.exe -o bfappend2sym3alpha.rule '$?s $?s $?l $?l $?l'
mp64.exe -o bfappend2sym4alpha.rule '$?s $?s $?l $?l $?l $?l'

prepend 1 symbol then Nth lowercase alpha
mp64.exe -o bfprepend1sym2alpha.rule '^?s ^?l ^?l'
mp64.exe -o bfprepend1sym3alpha.rule '^?s ^?l ^?l ^?l'
mp64.exe -o bfprepend1sym4alpha.rule '^?s ^?l ^?l ^?l ^?l'
mp64.exe -o bfprepend1sym5alpha.rule '^?s ^?l ^?l ^?l ^?l ^?l'

prepend 2 symbol then Nth lowercase alpha
mp64.exe -o bfprepend2sym1alpha.rule '^?s ^?s ^?l'
mp64.exe -o bfprepend2sym2alpha.rule '^?s ^?s ^?l ^?l'
mp64.exe -o bfprepend2sym3alpha.rule '^?s ^?s ^?l ^?l ^?l'
mp64.exe -o bfprepend2sym4alpha.rule '^?s ^?s ^?l ^?l ^?l ^?l'

prepend Nth lowercase alpha then 1 symbol
mp64.exe -o bfprepend2alpha1sym.rule '^?s ^?s ^?l'
mp64.exe -o bfprepend3alpha1sym.rule '^?l ^?l ^?l ^?s'
mp64.exe -o bfprepend4alpha1sym.rule '^?l ^?l ^?l ^?l ^?s'
mp64.exe -o bfprepend5alpha1sym.rule '^?l ^?l ^?l ^?l ^?l ^?s'

append 1 symbol then Nth numeric  
mp64.exe -o bfappend1sym2digi.rule '$?s $?d $?d'
mp64.exe -o bfappend1sym3digi.rule '$?s $?d $?d $?d'
mp64.exe -o bfappend1sym4digi.rule '$?s $?d $?d $?d $?d'
mp64.exe -o bfappend1sym5digi.rule '$?s $?d $?d $?d $?d $?d'

append 2 symbol then Nth numeric
mp64.exe -o bfappend2sym1digi.rule '$?s $?s $?d'
mp64.exe -o bfappend2sym2digi.rule '$?s $?s $?d $?d'
mp64.exe -o bfappend2sym3digi.rule '$?s $?s $?d $?d $?d'
mp64.exe -o bfappend2sym4digi.rule '$?s $?s $?d $?d $?d $?d'

append 1 numeric then Nth symbol
mp64.exe -o bfappend1digi2sym.rule '$?d $?s $?s'
mp64.exe -o bfappend1digi3sym.rule '$?d $?s $?s $?s'
mp64.exe -o bfappend1digi4sym.rule '$?d $?s $?s $?s $?s'
mp64.exe -o bfappend1digi5sym.rule '$?d $?s $?s $?s $?s $?s'

append 2 numeric then Nth numeric
mp64.exe -o bfappend2digi1sym.rule '$?d $?d $?s'
mp64.exe -o bfappend2digi2sym.rule '$?d $?d $?s $?s'
mp64.exe -o bfappend2digi3sym.rule '$?d $?d $?s $?s $?s'
mp64.exe -o bfappend2digi4sym.rule '$?d $?d $?s $?s $?s $?s'

prepend 1 symbol then Nth numeric
mp64.exe -o bfprepend1sym2digi.rule '^?s ^?d ^?d'
mp64.exe -o bfprepend1sym3digi.rule '^?s ^?d ^?d ^?d'
mp64.exe -o bfprepend1sym4digi.rule '^?s ^?d ^?d ^?d ^?d'
mp64.exe -o bfprepend1sym5digi.rule '^?s ^?d ^?d ^?d ^?d ^?d'

prepend 2 symbol then 1 numeric
mp64.exe -o bfprepend2sym1digi.rule '^?s ^?s ^?d'
mp64.exe -o bfprepend2sym2digi.rule '^?s ^?s ^?d ^?d'
mp64.exe -o bfprepend2sym3digi.rule '^?s ^?s ^?d ^?d ^?d'
mp64.exe -o bfprepend2sym4digi.rule '^?s ^?s ^?d ^?d ^?d ^?d'

prepend Nth numeric then 1 symbol
mp64.exe -o bfprepend2digi1sym.rule '^?d ^?d ^?s'
mp64.exe -o bfprepend3digi1sym.rule '^?d ^?d ^?d ^?s'
mp64.exe -o bfprepend4digi1sym.rule '^?d ^?d ^?d ^?d ^?s'
mp64.exe -o bfprepend5digi1sym.rule '^?d ^?d ^?d ^?d ^?d ^?s'

is that correct?


thank you and please don't bash me. Big Grin
Search

Diceware cracking math for @thorsheim

September 2, 2013, 5:56 am
$
0
0
Basis dictionary from diceware is 7776 words and there are 5 words takes from it.

Makes a total combination keyspace of 7776^5 = 28430288029929701376

Since the diceware RNG is hopefully a perfect one we can assume to crack a passphrase on an average at 50% of the keyspace.

So we do 28430288029929701376/2 = 14215144014964850688.

A single (3 year old) hd6990 card runs with 10935 MH/s against a single NTLM hash.

So for a single card, we do 14215144014964850688/10935000000 = 1299967445 seconds.

Then, 1299967445 / 60 = 21666124 minutes.

Then, 21666124 / 60 = 361102 hours.

Then, 361102 / 24 = 15045 days.

Now, if we have 150 GPU's:

15045 / 150 = 100 days

Some funny theory to continue:

If we'd sacrifice some speed, let's say from 10935 MH/s down to 5042 MH/s per card, we'd able to crack 500,000 of those hashes at once!

But in this case we have to scan the entire keyspace, which is 28430288029929701376.

Makes a runtime of 200 days in total.

But, since we're cracking 500,000 in parallel, we can do:

500,000 / 200 = 2,500 cracked passphrases per day

bash script for email rules

September 2, 2013, 9:46 am
$
0
0
Hello Everyone,

I have been slogging through the southwest md5 hash set that they released a few years ago. It's really my first try at this and for those of you have never seen the southwest hash set its over 110 million. Suffice to say in a file that size there are some odd things you stumble across. Email addresses may not be the oddest thing but some of the domains are which has got to generate hashes that your are likely to never figure out.

The bash script itself is probably nothing special but it will save someone some time so you don't have to do it yourself.

All you need is a input file, you can modify the script if you like to change names or add/remove some some of the rules being applied, named domainlist-master.input. The script will generate 4 files, 2 rules and 2 dictionary.

master-lemail.dict - lower case email dictionary
master-uemail.dict - upper case email dictionary
master-lemail.rule - lower case email rule
master-uemail.rule - upper case email rule

CAVEAT EMPTOR - I cobble together code all the time, it doesnt always end up being pretty nor do I guarantee it will work for you Smile

bash script that is normally run on Ubuntu and Scientific Linux
Code:
# log/dictionary for things in lower case
lrulefile="master-lemail.rule"
ldictfile="master-lemail.dict"
# log/dictionary for things in upper case
urulefile="master-uemail.rule"
udictfile="master-uemail.dict"

function printdict () {
  mystring=$1
  for pr in "@" "#" "~"
  do
    echo "\$${pr}${mystring}"  | tee -a $udictfile
    echo "\$${pr}${mystring}"  | tee -a $ldictfile
  done
}

function printrule () {
  mystring=$1
  myustring=$(echo "${mystring}" | tr '[a-z]' '[A-Z]')
  for pr in "@" "#" "~"
  do
    for x in ":" "d" "l" "u" "c" "d" "f"
    do
      echo "${x}\$${pr}${mystring}" | tee -a $lrulefile
      echo "${x}\$${pr}${myustring}" | tee -a $urulefile
    done

  done
}

for foo in $(cat domainlist-master.input)
do
  mystring2="${foo}"
  mystring=""

  for (( i=0; i<${#foo}; i++ )); do
    myc=$(echo ${foo:$i:1})
    mystring="${mystring}\$${myc}"
  done
  printdict $mystring
  printrule $mystring
done

A brief overview of what I have observed, a majority of what you find will be the username@domain.com followed by username#domain.com then username~domain.com and so on. If you follow standard analysis you will find that lower case will get a higher percentage # of hits than uppercase.

The real secret sauce in this will be your input file, some of whats in mine come from Hashit/T0XIC/Blandy UK but by far and away most of my work was in .edu and rr.com. I also spent some time scraping leaks in pastebin for various domains. The scraping of pastebin type sites has probably led to more of the unusual entries which turned up as hits in the southwest md5 set.

Based on the response I will see about posting either the rule files themselves or the input file or even both.

Snapshot of compressed information since Im not sure what the limit will end up being for attaching a files.
-rw-r--r--. 1 root root 24K Sep 2 12:34 domainlist-master.7z
-rw-r--r--. 1 root root 308K Sep 2 12:35 emailrules-dictionary.7z

Peace

performance of VLC/IB cluster vs multiple GPUs in one machine

September 2, 2013, 9:56 am
$
0
0
Hello

Is the performance of a VLC/IB cluster similar compared against a one machine konfiguration (with the same number of GPU's )


Thank's a lot or any feedback!

John

oclhashcat+ gives error of wrong device

September 3, 2013, 4:43 am
$
0
0
hi everyone
i have asus laptop with ati graphics card radeon 5870. it seems to accept the driver and work on graphics with no problems, yet when using oclhashcat+ it gives error:
Code:
ERROR:  clGetDeviceIDs() -1
i have ssearch the error and found that it means that drivers do not support the card, yet at the same time the amd web site fowards me to catalyst 13.8 beta driver for this hardware.
anyone has any suggestion ?
thanks in advance
tux

Syntax for Truecrypt-Boot-Mode

September 3, 2013, 5:29 am
$
0
0
What is the default file for the tc-boot mode?
Harddiskimage?Format?
Hash?Tool for generation?

Thanks!

New oclhashcat-plus and speed poblems...

September 3, 2013, 8:31 am
$
0
0
I'm testing new oclhashcat-plus version and I found a speed problem: on AMD HD7950 GPU (13.4 driver) and dictionary+rules setting, attack speed is ~2 GH/s! On same hardware (same driver) and settings, but previous version of oclhashcat, attack speed is ~4 GH/s!! Why?!

100 BHash/s NTLM mark broken on single system

September 3, 2013, 8:42 am
$
0
0
Code:
[s]tatus [p]ause [r]esume [b]ypass [q]uit => s
Session.Name...: oclHashcat
Status.........: Running
Input.Mode.....: Mask (?a?a?a?a?a?a?a?a?a) [9]
Hash.Target....: *** removed ***
Hash.Type......: NTLM
Time.Started...: Tue Sep  3 17:35:11 2013 (21 secs)
Time.Estimated.: Sun Nov  3 01:03:06 2013 (60 days, 8 hours)
Speed.GPU.#1...: 15390.1 MH/s
Speed.GPU.#2...: 15428.7 MH/s
Speed.GPU.#3...: 15389.1 MH/s
Speed.GPU.#4...: 15393.5 MH/s
Speed.GPU.#5...: 15387.0 MH/s
Speed.GPU.#6...: 15389.5 MH/s
Speed.GPU.#7...: 15384.4 MH/s
Speed.GPU.#8...: 15391.2 MH/s
Speed.GPU.#*...:   123.2 GH/s
Recovered......: 0/1 (0.00%) Digests, 0/1 (0.00%) Salts
Progress.......: 2630279495680/630249409724609375 (0.00%)
Rejected.......: 0/2630279495680 (0.00%)
HWMon.GPU.#1...: 99% Util, 29c Temp, 20% Fan
HWMon.GPU.#2...: 99% Util, 29c Temp, 20% Fan
HWMon.GPU.#3...: 99% Util, 30c Temp, 20% Fan
HWMon.GPU.#4...: 99% Util, 31c Temp, 20% Fan
HWMon.GPU.#5...: 99% Util, 31c Temp, 20% Fan
HWMon.GPU.#6...: 99% Util, 32c Temp, 20% Fan
HWMon.GPU.#7...: 99% Util, 32c Temp, 20% Fan
HWMon.GPU.#8...: 99% Util, 32c Temp, 20% Fan

Cooling:
- http://www.youtube.com/watch?v=HiWRt2aL9tg

System Specs:
- Case : Lian Li PC-D8000
- Power : 2x LEPA G1600-MA-EU
- GPUS : 4x XFX HD 7990 ( FX-799A-XNF9 )
- MOBO : ASRock X79 Extreme11
- CPU : i7-3930K
- RAM : Corsair 16 GB DDR3-1600

Note: GPU/CPU are all stock clocks!
Search

Best options for my system and true syntx

September 3, 2013, 1:19 pm
$
0
0
Hello everybody,
I would kindly want to ask best options for my hardware listed below for a single hash (password should be 6-15 numerics(digits) ONLY) and what is the complete command i should use for brute force attack with resume option enabled only.
Thank you very much.
Specs:
SiSoftware Sandra

Total Memory : 2.64GB DDR3 SO-DIMM

Processors
Processor : Intel® Core™ i7-3632QM CPU @ 2.20GHz (4C 8T 3.09GHz, 3.1GHz IMC, 4x 256kB L2, 6MB L3)
Socket/Slot : FC PGA988

Chipset
Memory Controller : HP ProBook 4540s 100MHz, 2x 3GB DDR3 SO-DIMM 1.6GHz 128-bit, Integrated Graphics

Memory Module(s)
Memory Module : Samsung M471B5773DH0-CK0 2GB DDR3 SO-DIMM PC3-12800S DDR3-1600 (11-11-11-29 5-40-13-6)
Memory Module : Hynix (Hyundai) HMT351S6CFR8C-PB 4GB DDR3 SO-DIMM PC3-12800S DDR3-1600 (11-11-11-29 5-40-13-6)

Video System
Monitor/Panel : LGD Generic PnP Monitor (1600x1200, 15.3")
Video Adapter : Intel® HD Graphics 4000 (16CU 128SP SM5.0 350MHz/1.15GHz, 2GB DDR3 1.6GHz 128-bit, Integrated Graphics)

Graphics Processor
OpenCL GP Processor : AMD Radeon HD 7650M (480SP 6C 500MHz, 2GB)
Compute Shader Processor : Intel® HD Graphics 4000 (128SP 16C 350MHz/1.15GHz, 2GB DDR3 1.6GHz/1.8GHz 128-bit, Integrated Graphics)



Operating System
Windows System : Microsoft Windows 7 Ultimate 6.01.7601 (Service Pack 1)
Platform Compliance : x86

Can I use v0.14 for DES's key?

September 3, 2013, 6:17 pm
$
0
0
We know P+K=C,
if we know the P and C, the hash type is DES,how can I get the K with the V0.14?

trying to crack my onw WPA

September 3, 2013, 10:21 pm
$
0
0
I captured the handshake using commview with this rule:

(hex(00888E) and (FTYPE=2 and Fsubtype=8))


I provided a dictionary with the real password at the last position.

using aircrack I found to crack it... that means the handshake is right...

but when i try to upload the same HandShake to "https://hashcat.net/cap2hccap/"

it gives me this error

"[error ] unable to find valid handshakes."

how comes that aircrack sees the handshake and successfuly cracks it but when i try to convert to hccap doesnt find valid handshake?

tried to convert manually with the guide shown in this site but doesnt work.

ESSID:dlink_B
BSSID:F8:1A:67:88:B7:FC

.png  Crackeando AES Prueba.png (Size: 280.04 KB / Downloads: 5)

oclHashcat-plus with truecrypt

September 3, 2013, 11:17 pm
$
0
0
I used oclHashcat-plus to crack truecrypt 7.x

cudaHashcat-plus64.exe 7char.tc -m 6241
cudaHashcat-plus v0.15 by atom starting...

Hashes: 1 total, 1 unique salts, 1 unique digests
Bitmaps: 8 bit, 256 entries, 0x000000ff mask, 1024 bytes
Rules: 1
Workload: 8 loops, 8 accel
Watchdog: Temperature abort trigger set to 90c
Watchdog: Temperature retain trigger set to 80c
Device #1: GeForce GT 630, 2048MB, 1620MHz, 2MCU
Device #1: Kernel ./kernel/4318/m6211.sm_21.64.ptx
Device #1: Kernel ./kernel/4318/bzero.64.ptx

Starting attack in stdin mode...

Does it still running? I've ran it about 4 hour ago, the password of truecrypt file was set to 7 characters

OpenSuSE 12.3x64 and nVidia Quadro 2000

September 4, 2013, 5:16 am
$
0
0
Hi,

I have the following error :
Code:
# ./oclExample.sh
./oclHashcat-lite64.bin: /usr/lib64/libOpenCL.so.1: no version information available (required by ./oclHashcat-lite64.bin)
ERROR: clGetPlatformIDs() -1001

I am working on OpenSuSE 12.3 x64 and regarding my graph card :
Code:
# nvidia-settings --version
nvidia-settings:  version 319.32  (buildmeister@swio-display-x64-rhel04-14)  Wed Jun 19 15:50:23 PDT 2013

And as far as I can see, lib is available :
Code:
# ls -hl /usr/lib64/libOpenCL*
lrwxrwxrwx 1 root root  14 Aug 26 12:46 /usr/lib64/libOpenCL.so -> libOpenCL.so.1*
lrwxrwxrwx 1 root root  18 Aug 26 12:46 /usr/lib64/libOpenCL.so.1 -> libOpenCL.so.1.0.0*
-rwxr-xr-x 1 root root 21K Jun 28 13:50 /usr/lib64/libOpenCL.so.1.0.0*

Any idea ?
Thx
Viewing all 8224 articles
Browse latest View live
Search