0 keyspace

March 25, 2016, 1:42 pm

≫ Next: TC password found, wrong?

≪ Previous: Nvidia on ocl haschat OR ATI on cudahashcat

$

0

0

Hello everyone,

I have a very strange issue: when I use a specific wordlist, I get a keyspace of 0.
For your information, the wordlist is made of hashes (I have some broken hashes that I'm trying to filter out).
I tried with the 2.01 release and the 2.10 available beta.

I know this is just an edge case, I'm just reporting this to you.

---

TC password found, wrong?

March 27, 2016, 2:53 am

≫ Next: unable to crack scrypt digest

≪ Previous: 0 keyspace

$

0

0

Hi,

This is the situation:


I was attacking a TC system disk (boot mode) with hashcat.
After som days hashcat actually found a password that made sense to previous passwords that I had seen.

To confirm (and a simple way to decrypt from E01) I launched Passware against the same TC disk.
No success. Passware didn't find the same password (didn't find any password).

I mounted and booted the TC disk in VMware but unfortunate I can't unlock the disk with the password that hashcat found. I'm aware the TC/boot defaults to US Ascii keyboard layout and if there are special characters (which is the case) in the password, but I have tried this in a lot of various way and still it is not possible to unlock the disk.

I also have tried mounting the disk in *nix in different ways, but no success.


What is happening here? Do you have any thoughts? Passware says that the password that hashcat has found is wrong. I repeated the process of extracting the TC hash and tried different of hashcat installations (also the beta), and every time hashcat is able to find the same password.

Thanks for your thoughts. I'll be happy to share further information with someone involved in development.



/ bigblacknose

unable to crack scrypt digest

March 27, 2016, 4:23 am

≫ Next: hash-identifier md5crypt?

≪ Previous: TC password found, wrong?

$

0

0

Hi,

I am trying to crack scrypt digests. I am creating my own digests using the python library pyscrypt for that.

the python script:
b64encode(pyscrypt.hash(password="hashcat", salt="salt", N=1024,r=1,p=1,dkLen=32))

which gives:
'oDLxfd3z2gOBjdQMAy9M+uSzGiLwOlNwmSgLSihkgm8='

my cudaHashcat command on my windows machine is:

cudaHashcat64.exe -m8900 SCRYPT:1024:1:1alt:oDLxfd3z2gOBjdQMAy9M+uSzGiLwOlNwmSgLSihkgm8= rockyou.t
xt

result:
the crack is exhausted even though I have added 'hashcat' to the rockyou.txt dictionary

P.S. I was able to successfully crack the SCRYPT example shown on the hashcat hash examples page

Could some one please tell me why my digest don't crack

hash-identifier md5crypt?

March 27, 2016, 7:08 am

≫ Next: Passwords

≪ Previous: unable to crack scrypt digest

$

0

0

hey every1,

i am trying to crack an encryption,i am trying to understand what encryption is that, i know its an md5crypt but i want to know which one,  when using jtr its telling me its md5crypt 256 AVX2, when using hash id unknow , hash-identifier its telling me only md5 (UNIX) and when using online hash id or hashcat its telling me its md5crypt only the encryption is 

<REDACTED>

i want to know what command do i need to use to crack this

what i am using right now is

Code:

-m 500 pass.txt --increment --increment-min=1 --increment-max=10 --custom-charset1=?d?l -a 3 ?1?1?1?1?1?1?1?1?1?1

i tried other combination (like ?1?1?d?d?d?d?d?d?d?d and so on) with no luck, i am not sure this is the right atack that i need to use on this.
my feeling is i am doing somth wrong

thanks ! and have a wonderfull day

edit:
(i am using cuda btw)

Passwords

March 27, 2016, 8:47 am

≫ Next: Penetration test of MS VPN

≪ Previous: hash-identifier md5crypt?

$

0

0

Hi
Im so new to this my head is spinning???
My first Question  1. is there a way I can train myself to do this???
2. Does anyone know of a reputable password hacker?? it seems from other forums there are a lot of scams!

Penetration test of MS VPN

March 28, 2016, 4:17 am

≫ Next: Build Review Request

≪ Previous: Passwords

$

0

0

Hello.
I used this very good tool for testing security threads on solutions for our customer. About week later i try do penetration test for MS VPN (NetNTLMv2).
I setup scenario with "MIDM" and catch challenge and response for autentification with Wireshark. Now, real challenge start with right assemble this information to format acceptable by Hashcat .
I not realize this before, it seems, that i am do something wrong, but i am not able find this mistake.
So. situation is below:

I run script "crack_vpn.sh" (for easy edit and place comments for my colleagues)

Code:

./hashcat-cli64.bin -a 3 -m 5600 /home/shared/hashcat/INPUT/test_enc.txt ?d?d?d?d?d?d -o /home/shared/hashcat/OUTPUT/test_dec.txt

test_enc.txt (maybe in this format i do mistake, for security reason i not place some information)

Code:

<user_name>:<domain>:<name_of_user's_pc>:1122334455667788:2ad388f256aae4a7fa63132247f3c111:cc1d54076bd8346bb46fc7bbf546902700000000000000004647457df074a6c266586afac7eeba645ffe4037ce38205a00

I am not sure with 1122334455667788. How can i check it from Wireshark?

Hashcat result:

Code:

XXX@LinuxUbuntu hashcat$ ./crack_vpn.sh
Initializing hashcat v2.00 with 4 threads and 32mb segment-size...

Added hashes from file /home/shared/hashcat/INPUT/test_enc.txt: 1 (1 salts)
Activating quick-digest mode for single-hash with salt

[s]tatus [p]ause [r]esume [b]ypass [q]uit =>

Input.Mode: Mask (?d?d?d?d?d?d) [6]
Index.....: 0/1 (segment), 1000000 (words), 0 (bytes)
Recovered.: 0/1 hashes, 0/1 salts
Speed/sec.: 3.40M plains, 3.40M words
Progress..: 1000000/1000000 (100.00%)
Running...: --:--:--:--
Estimated.: --:--:--:--


Started: Mon Mar 28 12:54:48 2016            
Stopped: Mon Mar 28 12:54:49 2016

My colleague do connect and i am sure, that he set his password for only 6 digit (1 milion possibilities). Hashcat accept format of this input file, but not calculate password .

Hash should be OK, i try do this capture in our customer and hashes looks similar.

Many thanks for any effort.

Build Review Request

March 29, 2016, 2:34 pm

≫ Next: ATI Mobility Radeon HD 5450

≪ Previous: Penetration test of MS VPN

$

0

0

I'm building my first dedicated password cracking box.  Can you please review the following and let me know what you think?  I'd like to be able to add two more 980 Ti cards at a later date:

Asus Z170 WS
Intel Core I7-6700K Skylake
G.SKILL F4-3000C15D-32GTZ TridentZ Series 32GB (2 x 16GB)
PNY GeForce GTX 980 Ti 6GB CG EDITION (Qty 2)
Samsung 950 PRO -Series 256GB PCIe NVMe - M.2
Samsung 850 EVO 500GB 2.5-Inch SSD
Cooler Master Hyper 212 EVO
EVGA SuperNOVA 1300 G2 80+ GOLD, 1300W
NZXT PHANTOM 630 Full Tower Case

Thanks!

ATI Mobility Radeon HD 5450

March 30, 2016, 1:41 am

≫ Next: sequential hash? reallly weird!

≪ Previous: Build Review Request

$

0

0

Can oclHashcat work with ATI Mobility Radeon HD 5450? 

According to http://support.amd.com/en-us/kb-articles...Notes.aspx catalyst 15.7 supports ATI Mobility Radeon™ HD 5000 Series, but I haven't found a way to make it work with propietary drivers under latest kali linux.

Is there any linux distro prepared with drivers supported this card? It is being a pain to make it work and any help is appreciated. Thank you.

---

sequential hash? reallly weird!

March 30, 2016, 7:07 am

≫ Next: cudahashcat error

≪ Previous: ATI Mobility Radeon HD 5450

$

0

0

For the sake of the argument, I suggest these hashes:

S*************F****************
S*************F****************
S*************F****************
S*************F****************
S*************F****************
S*************F****************
S*************F****************
S*************F****************
S*************F****************
S*************F****************

From S to F, it's the same hash that repeats itself 10 times.

From F to the end of the hash, it's a 16 character hash... I don't know what this is.

Really weird.

Some sort of sequential sql increment?

So every 10 increments from S-F it's the same. The other half changes only.

cudahashcat error

March 30, 2016, 2:01 pm

≫ Next: Sybase hash type

≪ Previous: sequential hash? reallly weird!

$

0

0

Im getting an error with cudahashcat2.01: ERROR: Invalid gpu-loops specified
I have used hashcat before several times and not seen the error although this is the first time I have used this version. 

The command I am running is 
cudahashcat64.exe -a 3 -m 9500 -username <excelhash> -1 ?l?u ?1?1?1?1?1?1?1?1?1?1?1?1 -i --increment-min=4

I have tried adding the --gpu-loops command with various values including those specified in the benchmark mode for excel hashes but still get the same error. Having searched the forums, I cant find anything to indicate why the error is happening. 

I am using a NVIDIA GTX 980Ti on a gaming rig for the cracking. 

Does anyone have any ideas? 

Thanks

Sybase hash type

March 30, 2016, 2:40 pm

≫ Next: Bruteforce Keyspace Mythology

≪ Previous: cudahashcat error

$

0

0

Hi,

I get "unknown hash_mode: 8000"

is hashcat support it? or just in oclHashcat?

Bruteforce Keyspace Mythology

March 31, 2016, 9:18 am

≫ Next: Cli + Rule odd behave

≪ Previous: Sybase hash type

$

0

0

Hi!

In order to make some sense of the magic keyspace number, used in oclHashcat, i would like to ask you guys something.

Knowing the difference between "real keyspace" and "GPU hashcat keyspace", and scanning this forum for some time, gives me the idea that this is somewhat vague still. Using some practical examples, i would like to ask the working method of this procedure, since I can't make this up from the source code.

I ran a few different bruteforce length, using all ?a characters, like:
oclHashcat64.exe -a 3 -m 0 example0.hash ?a?a?a --keyspace

The following keyspaces are returned when using the lengths, named first in the list:

Code:

3:  9025
4:  857375
5:  81450625
6:  81450625
7:  81450625
8:  7737809375
9:  735091890625
10: 5287606593041

As can be seen in this example, the 5,6,7 lengthed ?a masks have the same base loop keyspace-length/max-restore-point. When running these commands on a system, the actual keyspace will be significantly larger, which will increase the work load from seconds/minutes to hours/days/weeks (depending on hardware of course).

Looking in the wiki, I can see some preference for processing these masks (https://hashcat.net/wiki/doku.php?id=mask_attack#output) 

Dictionaries are a whole other deal in this, like explained in https://hashcat.net/forum/thread-3877-po...l#pid22009 . I am aware of this, and is not really related to my question at this moment.

The goal is to use chunking, to spend small amounts of time, spread over the whole day on idle machines, where we can limit the search time for example for 1 hour, but finish the provisioned keyspace-baseloop knowing the system speed. (so this is not using the max run time feature).

Finally the question (sorry for the long introduction):
When using the brute force method, what can be a good way to do some job chunking on a system, so I can run this on my two test machines at school, in parallel of each other?

If this use case is not clear enough, I can give some more explanation 0:-)

Thanks in advance!

Cli + Rule odd behave

April 1, 2016, 12:27 am

≫ Next: New Motherboard for 6-8 GPU

≪ Previous: Bruteforce Keyspace Mythology

$

0

0

Hi guys,

I'm trying to crack a md5 hash, but for some reason the CLI is causing me some issues, the problem is this when a rule a -r for a rule the rule is taking the hash as part of the wordlist

I'm going to past a picture to explain it better and the files involved



hashcat-cli64.exe -m 0 -r E:\BruteForce\hashcat\hashcat-2.00\rules\best64.rule E:\BruteForce\hashcat\hashcat-2.00\crack.txt E:\BruteForce\hashcat\hashcat-2.00\password.txt --stdout

Result for command



This is my first post and I'm trying to upload some files but the forum throws:

• The file upload failed. Please choose a valid file and try again. Error details: There was a problem moving the uploaded file to its destination.
  
  

Thanks for your comments.

New Motherboard for 6-8 GPU

April 3, 2016, 12:52 pm

≫ Next: hexchar des?

≪ Previous: Cli + Rule odd behave

$

0

0

Hi All,

I'm looking to purchase a motherboard for 6 GPUs (980 TI's) and possibly grow to 8 later. It will be in an open air case with 1-2 1500W PSU's. I will be using PCIe riser cards to connect them of course. Any recommendations for an Intel i-series (or xeon) motherboard?

Thanks!

hexchar des?

April 3, 2016, 2:52 pm

≫ Next: cudaHashcat 0 H/s bcrypt

≪ Previous: New Motherboard for 6-8 GPU

$

0

0

hello
im a new here, i read wiki pages. some topics here on board but im still little confused

okey,lets start with questions

i make an example, des encryption
key
0123456789ABCDEF

data to encrypt(decrypted data)
00000000FFFFFFFF

encrypted data
7A3DD240054567CB

i have 2-3 question about it
lets say that i know from encrypted data 2,3,4 byte, i create cmd but im not sure thats corect

Code:

cudaHashcat64.exe -a 3 -m 1500 --session=all --hex-charset -o "C:\Users\...\...\...\found1.txt" --outfile-format=4 -w 2 --gpu-temp-abort=80 -1 ?dABCDEF "C:\Users\...\...\...\hashdesexample.txt" ?dABCDEF?dABCDEF000000?dABCDEF?dABCDEF?dABCDEF?dABCDEF?dABCDEF?dABCDEF?dABCDEF?dABCDEF

and after that cmd i get error like "line-lenght exception"
is that cmd okey ?
maybe txt file with encrypted data is wrong format? (i just put clear encrypted data)

and another question, there is a way to see also the "key" ?

many thanks guys for help's

---

cudaHashcat 0 H/s bcrypt

April 4, 2016, 1:11 am

≫ Next: cuModuleLoad() 301 cudaHashcat scrypt

≪ Previous: hexchar des?

$

0

0

I am trying to crack bcrypt passwords using the rockyou dictionary but the "status" shows 0% progress and a GPU speed of 0 H/s. 

command and status:

>cudaHashcat64.exe -m
 3200 --weak-hash-threshold=0 --potfile-disable --outfile=bcrypt_cracked.txt brc
rypt_digests.txt rockyou.txt
cudaHashcat v2.01 starting...

Device #1: GeForce GT 630M, 2048MB, 1600Mhz, 2MCU

Hashes: 37145 hashes; 37145 unique digests, 37145 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates
Rules: 1
Applicable Optimizers:
* Zero-Byte
Watchdog: Temperature abort trigger set to 90c
Watchdog: Temperature retain trigger set to 80c
Device #1: Kernel ./kernels/4318/m03200.sm_21.64.cubin
Device #1: Kernel ./kernels/4318/amp_a0_v1.sm_21.64.cubin

Cache-hit dictionary stats rockyou.txt: 1008205 bytes, 110038 words, 110038 keys
pace

[s]tatus [p]ause [r]esume [b]ypass [q]uit =>

Session.Name...: cudaHashcat
Status.........: Running
Input.Mode.....: File (rockyou.txt)
Hash.Target....: File (brcrypt_digests.txt)
Hash.Type......: bcrypt, Blowfish(OpenBSD)
Time.Started...: Mon Apr 04 13:29:09 2016 (6 mins, 49 secs)
Time.Estimated.: 0 secs
Speed.GPU.#1...:        0 H/s
Recovered......: 0/37145 (0.00%) Digests, 0/37145 (0.00%) Salts
Recovered/Time.: CUR:0,N/A,N/A AVG:0.00,0.00,0.00 (Min,Hour,Day)
Progress.......: 544/4087361510 (0.00%)
Rejected.......: 0/544 (0.00%)
Restore.Point..: 0/110038 (0.00%)
HWMon.GPU.#1...: 99% Util, 73c Temp, N/A Fan

cuModuleLoad() 301 cudaHashcat scrypt

April 4, 2016, 4:35 am

≫ Next: Why this command line does not work at all?

≪ Previous: cudaHashcat 0 H/s bcrypt

$

0

0

Hi, I have been using cudaHashcat to crack some PBKDF2 and bcrypt passwords but when I tried to crack scrypt password though I was able to crack the example scrypt hash on http://hashcat.net/wiki/doku.php?id=example_hashes, I get the cuModuleLoad() 301 error when I try to crack the hashes I generated

command and result:

>cudaHashcat64.exe -m 8900 --weak-hash-threshold=0 --potfile-disable --outfile=scrypt_cracked.txt SCR
YPT:4096:1:1:oDMC11FUmW9UImKd:ODSw76mWDBap8oXZtkRQp5aYrwJ0XrofvNHZBKFXuYM= rocky
ou.txt
cudaHashcat v2.01 starting...

Device #1: GeForce GT 630M, 2048MB, 1600Mhz, 2MCU

Hashes: 1 hashes; 1 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates
Rules: 1
Applicable Optimizers:
* Zero-Byte
* Single-Hash
* Single-Salt
Watchdog: Temperature abort trigger set to 90c
Watchdog: Temperature retain trigger set to 80c

SCRYPT tmto optimizer value set to: 2



ERROR: cuModuleLoad() 301

Why this command line does not work at all?

April 5, 2016, 6:18 am

≫ Next: It is possible to use a apu and a discrete nvidia together

≪ Previous: cuModuleLoad() 301 cudaHashcat scrypt

$

0

0

Code:

mp -i 8:13 -q 3 -r 5 -1 ?l?u?d ?1?1?1?1?1?1?1?1 | hc -m 1800 Administrator.hash Usage: hashcat [options] hashfile [mask|wordfiles|directories]

Try --help for more help.
mp -V
v0.73
hc -V
2.00
lscpu
Architecture:          i686
CPU op-mode(s):        32-bit
Byte Order:            Little Endian
CPU(s):                2
On-line CPU(s) list:   0,1
Thread(s) per core:    2
Core(s) per socket:    1
Socket(s):             1
Vendor ID:             GenuineIntel
CPU family:            6
Model:                 28
Model name:            Intel(R) Atom(TM) CPU N270   @ 1.60GHz
Stepping:              2
CPU MHz:               1600.000
CPU max MHz:           1600.0000
CPU min MHz:           800.0000
BogoMIPS:              3192.02
L1d cache:             24K
L1i cache:             32K
L2 cache:              512K

It is possible to use a apu and a discrete nvidia together

April 5, 2016, 6:50 am

≫ Next: NVidia Pascal P100 announced

≪ Previous: Why this command line does not work at all?

$

0

0

It is possible to use a apu open cl 1.2 and a discrete nvidia compute cap 3.5 together? how? I don't thinks to because bios switch between but if it possible would be very userful for me.

NVidia Pascal P100 announced

April 5, 2016, 12:58 pm

≫ Next: Debugging multi-rules

≪ Previous: It is possible to use a apu and a discrete nvidia together

$

0

0

Sounds incredible:
http://www.tomshardware.com/news/nvidia-...31557.html
Fifteen billion transistors, fab'd in 16 nanometers FinFET tech, new unified memory, etc. etc.

My big question is: What would this kind of power look like harnessed by oclHashCat? What would some of the hashing numbers jump to?

Wow, big day for NVidia...