Quantcast
Channel: hashcat Forum - All Forums
Viewing all 7847 articles
Browse latest View live

Hashcat duplicates

May 12, 2016, 10:00 am
$
0
0
How can I force oclhashcat to stop removing duplicates from hash file?
Lets say I have 3 identical hashes in hash list, in output file i'll find only 1 once it's cracked.
I don't want that, I want the same number of hashes in output file as in hash list.
Search

gpu intel

May 12, 2016, 10:37 am
$
0
0
hi
Intel graphics card should be used for which hashcat version?plz link download

Behind the WinZip KDF optimization

May 13, 2016, 4:32 am
$
0
0
With the latest beta-version of hashcat I've added support to crack WinZip encrypted (password protected) archives. 

While I was implementing the kernel it turned out that their use of PBKDF2 (aka PKCS #5 v2.0) is suboptimal in some way and that an attacker can exploiting this to optimize the KDF generation, which basically means higher crack performance. 

I'm not aware of any other cracker making use of this optimization, but I might be wrong. 

It's not really rocket sciene. All you need to understand how PBKDF2 works internally and how it's used within the WinZip KDF. Therefore I don't think it's a problem to expain it. Funny side fact is that 1Password made the same mistake a few years ago, too. 

So here it is:

Depending on the encryption mode the user selects, WinZip uses PBKDF2-HMAC-SHA1 to derive a 256, 384 or 512 bit key. That alone should ring a bell, because what you're selecting is AES cipher with 128, 192 or 256 bits. The extra bits could be explained with an optional feature of the algorithm, that is when it adds 16 "checksum" bits additionally, but we don't make use of it here (even if we could). You'll see later what's behind this oversized key selection.

Back to PBKDF2. One of PBKDF2 features is that you can select a specific key output length, for whatever you need it for, regardless of the real output size of the selected hash. For example, even if SHA1 creates 160 bit only, PBKDF2 can create 512, or more. So the question is how it does that. The answer is very simple. It mixes in a fixed but increasing counter value for each chunk. For example for the first 160 bits, it adds a 0x01 to the data part used in HMAC, and adds a 0x02 for bits 160-320, 0x03 for bits 320-480, and so forth. Resulting in completely different chunks of size 160 bits. Finally it appends all the chunks together and truncates to the selected user output length. Now that's a cool thing, it could be called a feature of PBKDF2 (and actually I think it does so), because it enables the parallel computation of a PBKDF2 key, even for the defender.

Now let's take a look at the WinZip use of PBKDF2 output key:

Quote:key = substr (key, key_len, key_len)

Now we can see why they let us calculate the key length with the double of the size of the cipher. Because what they wanted to achieve here is that the key changes with the selected encryption mode, even with the same user defined password, simply by choose a different key offset. And that's the problem. 

In numbers:

AES256:
  • total keylength: 528
  • total chunks: 4
  • key offset: 256
  • key chunk: 2
AES192:
  • total keylength: 400
  • total chunks: 3
  • key offset: 192
  • key chunk: 2
AES128:
  • total keylength: 272
  • total chunks: 2
  • key offset: 128
  • key chunk: 1
We have all the information to individually calculate those chunks from each other. In other words, there's no need to start the KDF computation from 0. We can start the KDF computation from the selected key chunk, not from 1. That means we can improve the calculation of an AES256 key by 25%, AES192 by 33% and suprisingly AES128 0%.

Have fun!

cracking a pdf

May 13, 2016, 1:56 pm
$
0
0
Hello,
Total noob Smile
So I have a pdf - unable to open without a password. I have zero idea of the length , characters or anything about the password. I know the pdf has 128 bit RCA4 encryption. I only have a intel core i3, and no gfx cards.

1) Is it possible to crack the password in reasonable time < 1 month? A brute force program is telling me 1 year+.

2) How do I go about this ? I have generated the hash using pdf2john.py and tried using hashcat but it just keeps telling me hash was not read.

Thanks

about using old version

May 13, 2016, 9:30 pm
$
0
0
I want to ask a question about using old version, which version of
ForceWare should I use if I want to use cudaHashcat 1.37

when I start cudaHashcat 1.37,

there is an error like this:

ERROR: This copy of cudaHashcat is outdated.Get a more recent version

I must use1.37 or before because 2.00 and 2.01

do not support truecrypt with only RIPEMD-160 + AES

it takes more time and that is useless if I know the truecrypt is RIPEMD-160 + AES

please help!!

Special Characters - ščž

May 14, 2016, 5:10 am
$
0
0
Hello.
i wanna brute-force MD5 hashes which contains special characters like "ščž" with all other words from a-z. So i wanna add "ščž" to english alphabet.

My hashcat string looks like:
Code:
Hashcat -m 0 -a 3 hash_brute.txt -1 ščž ?l ?1?1?1?1?1?1?1?1 --increment -o cracked_brute.txt --potfile-disable

But it's not working. What am I doing wrong? Does Hashcat even support special characters like "ščž"

Thanks for help.

WPA/WPA2 dictionary attack doesn't work!

May 15, 2016, 4:06 am
$
0
0
Sorry for the poor english;
I approached this program recently. I was trying to use it with a hccap files of my own wifi, but it doesn't work.
I'll leave a screenshot here:
[Image: vghufa.png]

Well, i used a small wordlist to be sure that the right password was in there, but if i try whit aircrack-ng the password is found, whit hashcat, you can see the result in the png.

Why?

Need Help to find out hash type

May 16, 2016, 1:16 am
$
0
0
Hi!

I captured HTTP POST data. The posted data is verified with a X-Signature-Header.

If i resend the same data, i got a success message.
If i change the data i got a message from Server {"status":"INVALID_AUTH_SIGNATURE"}

Here is an example Signature Header:
"X-Signature: 6b3d91b6118ebbd6ba6e1360f782c5c6"

I want to find out which hash-type is used to change the content of data, calculate the signature and create my own posts.

I have the posted data in a file and know the signature - Can you help me a hint how can i realize my plan?


Thank you and so long,
josen
Search

ASP.NET Membership Password Hash

May 16, 2016, 2:10 am
$
0
0
I am trying to use hashcat with an .NET Membership password hash. 
I have a 40 bytes long hashvalue which is sha1 and encoded in base64. Second I have a 128 bytes long salt which seem to be hex values in upper-case.

So first I convert the base64 pw hash:

echo -n "XGO********************B1nA=" | base64 --decode | xxd -ps

which gives me the 40 bytes sha1 hash:
5c******************************1b01d670

The salt is 

FC7040D218A2FDEADF7BC1C341CD61D1D246BE570BD2E7D312F4C42BDE7DBEA6B34013D1B7700FAAFEAFEED96CAEF52ACAA6D38FF9FB9E392AD62C0048DC08A0

I then prepare a file with the following format:

FC7040D218A2FDEADF7BC1C341CD61D1D246BE570BD2E7D312F4C42BDE7DBEA6B34013D1B7700FAAFEAFEED96CAEF52ACAA6D38FF9FB9E392AD62C0048DC08A0:5c******************************1b01d670


When I run hashcat with the following command

hashcat -m 140 --hex-salt ./sha1 ../wordlists/rockyou.txt

I get an line length exception 

If I pass shorter salts, hashcat excepts the input, so I guess the problem is with the 128byte salt. Maybe the salt is in the wrong format ?

Thanks in advance for any help

Help with MSKerb5 Hash

May 16, 2016, 12:56 pm
$
0
0
Hi
I am struggling to get oclHashcat to crack the Kerberos 5 AS-REQ Pre-Auth hashes , I get a line length exception , I have attempted to use oclHashcats example hash

Code:
4e751db65422b2117f7eac7b721932dc8aa0d9966785ecd958f971f622bf5c42dc0c70b532363138363631363132333238383835
I get the same error when using my hashes (obtained via Cain ) , sorry I am still a bit of a noob  am I missing something obvious?
Thanks for any help.

gpu intel

May 16, 2016, 11:54 pm
$
0
0
What is the difference version of hashcat-3.00-beta-6 with other versions?
This edition combines graphics power and is cpu?
Like you do not use the full power of cpu?
Is there a way to make full use of cpu?
Details Photos:
https://www.sendspace.com/file/6i7now

Times of cracking single hashes

May 17, 2016, 6:39 am
$
0
0
Hello again,
it is possible that oclhashcat displays time duration of cracking single hash in output file? Or is there any way to figure or calculate this out?

For example

INPUT-FILE.txt:
71660d54439ad58ada6caa35637a35ab
e6d96502596d7e7887b76646c5f615d9
b9bb7e7b00a4ba1e0d15fa8b2485d8c4

OUTPUT-FILE.txt:
71660d54439ad58ada6caa35637a35ab: window123  00:00:05
e6d96502596d7e7887b76646c5f615d9: car  00:00:02
b9bb7e7b00a4ba1e0d15fa8b2485d8c4: telephone  00:00:03

Thanks for the help!

New algorithm

May 17, 2016, 11:09 am
$
0
0
Which of the following would you most like to see in the future to be implemented into hashcat?

The list was quite long from the beginning (doing a search at GitHub/oclHashcat for is:issue is:open label:"new algorithm" etc) but after some feedback from epixoip the list is now a lot shorter.

Here is some comments from epixoip regarding the old list.

Quote:...any of the ones mentioning length limitations can gtfo, same with the lame roll-your-own functions which are pure one-offs. 

WBB 4.x is a huge heap of nope (bcrypt of bcrypt.) NetLM is already supported via -m 3000. InnoSetup is already supported via -m 20 & -m 120. The encryption algorithms... it's hashcat, not ciphercat. I'm on the fence about SJCL. substr stuff is a bit complex and I'm not sure of the value when you can easily generate a collision in seconds on CPU, even with a simple php script. I'm not sure SRP is even possible, even if it is generic support isn't really possible (would need to target some specific implementation.) Ethereum is similarly challenging because of the scrypt parameters used, if it were implemented you'd have to force it to run on CPU or something. And CMS Evolution has like 238023 different hashing schemes.

Sorry to those who already had voted. You'll have to vote again.

Noob: Cracking SHA1 with known partial

May 18, 2016, 5:35 am
$
0
0
Hi Guys, 

First time posting on this kind of forum, so go easy on me please. 

I want to see how fast I can brute force a SHA1 hash based on an input of between 53 and 55 characters. 

Essentially I want to retrieve a shared key value which is inserted into a hash function surrounded by non-secret content

e.g. PublicInfo|foo|sharedkey|bar|1234

I know the first 8 characters, and I know the final 37 of the SHA1 input. 
I also know that the missing 8-10 characters are alphanumeric only (no special characters) 

Can i get hashcat to spit out the correct 8-10 characters to produce the hash I have? 

What is involved in getting this setup to run?

Very low hashrate on two 770s

May 18, 2016, 2:24 pm
$
0
0
I am trying to crack a lost mac password hash but when I load the hash.txt file into cudahashcat I am only getting about 7000H/s, 3500H/s per card. Here is the command I am using (I open a command window in the folder directly)

cudaHashcat64 -m 7100 hash.txt -a 3 ?a?a?a?a?a

What can I do to speed this process up?
Search

hashcat-3.00 beta syntax

May 19, 2016, 8:34 am
$
0
0
I'm using the latest beta for tests with two GTX980TI's and see issues with using both cards.

Should the "--opencl-devices 1,2" flag use both cards ?

Using this command from the documentation:

./hashcat64.bin --opencl-device-type 2 --opencl-devices 1,2 -t 32 -a 7 example0.hash ?a?a?a?a example.dict

The output shows only GPU #1 with stats:

Session.Name...: hashcat
Status.........: Aborted
Input.Left.....: Mask (?a?a?a?a) [4]
Input.Right....: File (example.dict)
Hash.Target....: File (example0.hash)
Hash.Type......: MD5
Time.Started...: Thu May 19 15:24:21 2016 (21 secs)
Time.Estimated.: Thu May 19 15:24:56 2016 (11 secs)
Speed.Dev.#1...: 4204.2 MH/s (2.75ms)
Speed.Dev.#2...: 0 H/s (0.00ms)
Speed.Dev.#*...: 4204.2 MH/s
Recovered......: 2190/6494 (33.72%) Digests, 0/1 (0.00%) Salts
Recovered/Time.: CUR:N/A,N/A,N/A AVG:0.00,0.00,0.00 (Min,Hour,Day)
Progress.......: 86670408916/136302297088 (63.59%)
Rejected.......: 0/86670408916 (0.00%)
Restore.Point..: 0/129988 (0.00%)
HWMon.GPU.#1...: 0% Util, 53c Temp, 0% Fan
HWMon.GPU.#2...: 0% Util, 44c Temp, 0% Fan



When I augment the command to use individual cards (i.e. "--opencl-devices 1" and/or "--opencl-devices 2") each card works without issue by itself.

Log for card 1 only:

Device #1: GeForce GTX 980 Ti, 1533/6135 MB allocatable, 1291Mhz, 22MCU
Device #2: GeForce GTX 980 Ti, skipped

Hashes: 6494 hashes; 6494 unique digests, 1 unique salts


Log for card 2 only:

Device #1: GeForce GTX 980 Ti, skipped
Device #2: GeForce GTX 980 Ti, 1535/6143 MB allocatable, 1291Mhz, 22MCU

Hashes: 6494 hashes; 6494 unique digests, 1 unique salts


Am I missing something else? If so just point me back to the documentation and I'll re-read it again.

Your help is greatly appreciated!

Weird result

May 20, 2016, 8:44 am
$
0
0
Hey guys!

First of, kudos to the devs of this awesome tool!

I ran into a weird output today. I was cracking a WPA handshake with cudaHashcat64 (Rockyou dictionary + best64 rule) and I got a really weird...result?! This is the output:
[ESSID]:[STRING1]:[STRING2]:123456789 where STRING{1,2} is 12 char alfanumeric (lowercase only).

This is my first attempt and I confess I'm a n00b. Correct me if I'm wrong but shouldn't the result be a single string if successful instead of 3 strings?

Would love your feedback.

Cheers, mates!

5970's worth buying?

May 20, 2016, 11:57 am
$
0
0
I'm putting together a build, and I've been reading some benchmarks on different cards.
It appears that the ATI Radeon HD 5970 2GB can crack at ~160000 h/s, and the GTX 970 gets around ~150000 h/s.
it also appears that I can purchase 5970's at $120 per, where the 970 costs ~$300.

I'm wondering if it's worth it to purchase 3+ 5970's. I know the power consumption would be much higher, and heat would be difficult to dissipate, but cooling shouldn't be an issue.

Also, if anyone has suggestions on a motherboard and psu, I would be interested in advice on that as well.

EDIT: I'm also considering a 7990, but they're hard to find and not very cheap.

EDIT 2: I'm also purchasing this piece by piece, which adds some appeal to the 5970's, as they're cheap and I can buy multiple.

Generate dictionnary from known words in lost password

May 21, 2016, 10:05 am
$
0
0
Hi,

I've lost my password from an old TrueCrypt volume. It's 40 to 60 characters from words I know (all of them) and a few separators. I tried to put these words and the separators in a dictionary file like this:

Let's say my password is TrueCrypt;Lost;PWD

My dict.txt looks like:
Lost
TrueCrypt
PWD
;

But of course, doesn't work like that apparently.

Tried all variants of:
oclHashcat64.exe -m 6222 -a 0 "volume.tc" "dict.txt"

With different modes, but apparently I need to generate a dictionary with all possible passwords generated from my words list? Sounds trivial for any dev, but I'm no dev at all :/

Any help would be much appreciated

Password with known rules

May 23, 2016, 1:27 am
$
0
0
Hi,

I'm hoping someone might be able to help me. The scenario is that I am trying to crack a password of 8 characters in length. I know that the password consists of 7 lower case letters and one number, though I don't know the order.

My question is this: is there a way to run OCLHashCat in such a way that it will run with these rules in place, but try all possible positions for the number? At present the only way I can think to do it is by running the program up to 8 times with different masks, i.e:

?l?l?l?l?l?l?l?d
?l?l?l?l?l?l?d?l
?l?l?l?l?l?d?l?l
etc.

Thanks in advance!
Viewing all 7847 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>