Quantcast
Channel: hashcat Forum - All Forums
Viewing all 8217 articles
Browse latest View live

Impossible to fix :(

$
0
0
I have a list of emails:hash [md5], and I need to do the brute but that the result of the password is placed ahead of the email, for example, email:pass decrypted, how can I do that?

I already did the brute and I have the hash decrypted but do not put them in front of email:XXXXXX
 
i check with
 
hashcat-cli64.exe -m 0 --username --outfile-format=2 "C:\Users\*****\*****'\*******\2.txt" "C:\Users\*****\*****'\*******\pepito.txt"
 
 
error receive 

WARNING: Hashfile '2.txt' on line 479 (): Line-length exception

PKCS5S2 hash supported

$
0
0
{PKCS5S2}yCH+Ilrfxxxxxxxxxxxxxxxx


supported hash type hashcat ?

(11-19-2016, 10:09 PM)lotos Wrote: PBKDF2-HMAC-SHA1

(11-19-2016, 10:35 PM)lotos Wrote: 12000

ERROR: No hashes loaded

his Brutus?

M and Q rules in hashcat v3.10?

$
0
0
Since the last groups of rules in best64.rule might not change the input work, I wrapped them in the "M" and "Q" memorize and reject commands, but they wouldn't work on my Device #1: GeForce GTX 970, 1024/4096 MB allocatable, 13MCU:

hashcat64.exe
--attack-mode=0
--hash-type=2100
--rules-file=best64-MQ.rule

hashcat (v3.10-628-gf3626fa) starting...

Cannot convert rule for use on OpenCL device in file best64-MQ.rule on line 57: M o0d Q
.....

Is there an obvious reason why this doesn't work?

hashcracking a WPA2 8 char caps [need support]

$
0
0
hi everyone,

This is probally the most noobquestion ever but i couldnt get a right instruction video on how to do this.
so i finally managed to build  a hccp from a .cap file using aircrack-ng -J

now i want to go try randomizing chars in caps on my hccp file but im kinda stuck in the menu
i think im close but i dont know so i hope someone can help me out.

i want to randomize 8 characters all captions for instance HGYUIOPN
so my command line is as follows.
 # | Device Type
 ===+=============
  1 | CPU
  2 | GPU
  3 | FPGA, DSP, Co-Processor



hashcat -m 2500 3 /root/Desktop/8.hccap ?u?u?u?u?u?u?u?u
hashcat (v3.10) starting...



ERROR: 3: No such file or directory

file exist tho


so im stuck now.

Crash when starting md5 hash

$
0
0
Hey guys, hope all is well.

I'm extremely new to this whole hashing thing, but I find it extremely intriguing nonetheless. I'm assuming this will be an easy fix... hopefully.

I've just gotten everything configured (wordlists, test hash code, file placement, etc.) and when I go to enter "hashcat64 -m 0 -a 0" into command prompt, it will say something along the lines of "creating 16 bit bitmap" or whatnot then it my screen will flash a few times before going completely black. I have to hard restart my laptop to get it to work again....

Any suggestions would be helpful. I figured it had something to do with my graphics drivers so I updated them but to no avail. 

Thanks

Installing an old hashcat version.

$
0
0
Hello guys:
I hope you are having a wonderful morning.

           Could someone please be nice enough to tell me how to install an older version of hashcat on kali linux?
The current one (3.1) does not work on my laptop because the OpenCL for atom CPU is not supported by Intel.

           I would greatly appreciate any hint or clue.


Best regards.

Ubuntu 16.04 LTS NVIDIA Setup Guide

$
0
0
Ok here is my setup guide, I could be completely wrong on a few things so please update me, this will get turned into a wiki but I want discussion first:

1) Install Ubuntu 16.04 LTS
2) dpkg --remove-architecture i386
3) ldconfig && sync && reboot
4) apt-get install build-essential xserver-xorg p7zip xorg-dev libgtk-3-dev
5) download latest nvidia drivers
7) [blacklist nouveau]

as root

echo 'blacklist nouveau' > /etc/modprobe.d/blacklist-nouveau.conf
echo 'blacklist lbm-nouveau' >> /etc/modprobe.d/blacklist-nouveau.conf
echo 'options nouveau modeset=0' >> /etc/modprobe.d/blacklist-nouveau.conf
echo 'alias nouveau off' >> /etc/modprobe.d/blacklist-nouveau.conf
echo 'alias lbm-nouveau off' >> /etc/modprobe.d/blacklist-nouveau.conf
echo options nouveau modeset=0 | sudo tee -a /etc/modprobe.d/nouveau-kms.conf
update-initramfs -u
reboot

8) [stop x as root] /etc/init.d/xdm stop
9) install nvidia drivers
10) sudo nvidia-xconfig -s -a --force-generate --allow-empty-initial-configuration --cool-bits=12 --registry-dwords="PerfLevelSrc=0x2222" --no-sli --connected-monitor="DFP-0"

11) ldconfig && sync && reboot
12) as root make a fan.sh script, edit to taste and make executable

#!/bin/bash
export DISPLAY=:0
xhost +
nvidia-settings -a [gpu:0]/GPUFanControlState=1 -a [fan-0]/GPUTargetFanSpeed=100
nvidia-settings -a [gpu:1]/GPUFanControlState=1 -a [fan-1]/GPUTargetFanSpeed=100
nvidia-settings -a [gpu:2]/GPUFanControlState=1 -a [fan-2]/GPUTargetFanSpeed=100
nvidia-settings -a [gpu:3]/GPUFanControlState=1 -a [fan-3]/GPUTargetFanSpeed=100
#nvidia-settings -a [gpu:4]/GPUFanControlState=1 -a [fan-4]/GPUTargetFanSpeed=100
#nvidia-settings -a [gpu:5]/GPUFanControlState=1 -a [fan-5]/GPUTargetFanSpeed=100
#nvidia-settings -a [gpu:6]/GPUFanControlState=1 -a [fan-6]/GPUTargetFanSpeed=100
#nvidia-settings -a [gpu:7]/GPUFanControlState=1 -a [fan-7]/GPUTargetFanSpeed=100

13) run fan.sh  and tweak system until it runs clean, may need to reexecute the nvidia setup

14) setup ufw to firewall allow only to trusted systems as x is a security hole

15) download hashcat or build

16) install systems management software, puppet etc

Tait SFE

$
0
0
I am looking for ideas on whether this idea will work. With Tait radio's every radio comes with the same special features. The startup routine will then go through and check the installed SFE keys and disable features as required. to enable the features you need the active SFE key which can be purchased from Tait at varying prices depending on the feature.

You can attempt to brute force and try find the active SFE key in the radio but this is ineffective as the radio only allows one try per 5 seconds. What I am wanting to know is there any possible way to figure out how the ESN is encode to the SFE and perform an offline attack using hashcat to speed up the process ? There has been bit of research into this topic already and I'll post the links below.

https://communications.support/threads/3...100-series
https://communications.support/threads/4...-of-radios
https://www.crc.id.au/apco25/

I will also post couple examples from my own radios that show the inactive and active SFE to help with any reverse engineering.


ESN_SFE Number_Status: 0 for deactivated, 1 for active

19927965_27_0

LFQS.H8QL.93G5.DW9N.8ZQH.TT

Feature Key: LFQSH8QL93G5DW9N8ZQHTT
          Key Type: TxAS057 - SFE - P25 Base Encryption (DES) & Key Loading
               Seq: 0 (00000000)

        Hex Output: 00C8BF259FF9C05D421B0C3CFEB000
     Binary String: 000000001100100010111111001001011001111111111001110000000101
1101010000100001101100001100001111001111111010110000000000
          Checksum: 4C
   Complete String: 00C8BF259FF9C05D421B0C3CFEB0004C

    Checksum: Valid
        Hex String: 00C8BF259FF9C05D421B0C3CFEB0004C
     Binary String: 000000001100100010111111001001011001111111111001110000000101
110101000010000110110000110000111100111111101011000000000000

       Feature Key: LFQS.H8QL.93G5.DW9N.8ZQH.TT
          Key Type: TxAS057 - SFE - P25 Base Encryption (DES) & Key Loading
               Seq: 0 (00000000)


19927965_27_1

UYXL.33DE.JNB4.TW9N.8ZQH.TD

Feature Key: UYXL33DEJNB4TW9N8ZQHTD
          Key Type: TxAS057 - SFE - P25 Base Encryption (DES) & Key Loading
               Seq: 1 (00000001)

        Hex Output: 00BDBD90848D1B36F01B0C3CFEB010
     Binary String: 000000001011110110111101100100001000010010001101000110110011
0110111100000001101100001100001111001111111010110000000100
          Checksum: 83
   Complete String: 00BDBD90848D1B36F01B0C3CFEB01083


          Checksum: Valid
        Hex String: 00BDBD90848D1B36F01B0C3CFEB01083
     Binary String: 000000001011110110111101100100001000010010001101000110110011
011011110000000110110000110000111100111111101011000000010000

       Feature Key: UYXL.33DE.JNB4.TW9N.8ZQH.TD
          Key Type: TxAS057 - SFE - P25 Base Encryption (DES) & Key Loading
               Seq: 1 (00000001)


19927965_28_0

RMLR.86MD.RRS8.N8TN.8ZQH.TT

Feature Key: RMLR86MDRRS8N8TN8ZQHTT
          Key Type: TxAS058 - SFE - P25 Encryption (AES)
               Seq: 0 (00000000)

        Hex Output: 00D773A397A4D6A4761C0C3CFEB000
     Binary String: 000000001101011101110011101000111001011110100100110101101010
0100011101100001110000001100001111001111111010110000000000
          Checksum: D6
   Complete String: 00D773A397A4D6A4761C0C3CFEB000D6

          Checksum: Valid
        Hex String: 00D773A397A4D6A4761C0C3CFEB000D6
     Binary String: 000000001101011101110011101000111001011110100100110101101010
010001110110000111000000110000111100111111101011000000000000

       Feature Key: RMLR.86MD.RRS8.N8TN.8ZQH.TT
          Key Type: TxAS058 - SFE - P25 Encryption (AES)
               Seq: 0 (00000000)


19927965_28_1

DF84.YLTN.MBXC.58TN.8ZQH.TD

Feature Key: DF84YLTNMBXC58TN8ZQHTD
          Key Type: TxAS058 - SFE - P25 Encryption (AES)
               Seq: 1 (00000001)

        Hex Output: 00208EFB640CEEFC9A1C0C3CFEB010
     Binary String: 000000000010000010001110111110110110010000001100111011101111
1100100110100001110000001100001111001111111010110000000100
          Checksum: 41
   Complete String: 00208EFB640CEEFC9A1C0C3CFEB01041


          Checksum: Valid
        Hex String: 00208EFB640CEEFC9A1C0C3CFEB01041
     Binary String: 000000000010000010001110111110110110010000001100111011101111
110010011010000111000000110000111100111111101011000000010000

       Feature Key: DF84.YLTN.MBXC.58TN.8ZQH.TD
          Key Type: TxAS058 - SFE - P25 Encryption (AES)
               Seq: 1 (00000001)

help| Windows 7 cant recognize 8 gpu

$
0
0
so i receive my own rig after many weeks of waiting , yeaye

so heres my problem,
i am running win 7 pro, with 128gb of ram , 2 xeons and 8 1080 of PNY cards
the rack/mobo is FT77CB7079
windows 7 does recognize the 8 gpu BUT only 6 are actualy working, when opening device manager it shows that 2 of the gpus are having some problems, "Cannot Find Enough Resources" error 12.

what i did:
i tested each pci separate , works fine
i tested each card separate , works fine
update the bios to latest version

help will be appreciated

(UPDATE)

i forgot to say that i've tried on linux (centOS) and the cards works fine.

md5(md5($salt).md5($pass))

$
0
0
Is it possible to use md5(md5($salt).md5($pass)) hash algorithm with hashcat? I didn't find this mode.

problem with user:hash

$
0
0
hey, when I have just hashes in hash.txt file I do sth like that :


-m 0 -a 0 -o C:/cracked.txt C:hash.txt C/wordlist

but when I want to put format email:hash and I want to add --username, where should I put this "--username" ? (where exactly in " -m 0 -a 0 -o C:/cracked.txt C:hash.txt C/wordlist ") ?

NetNTLMv1 Help!

$
0
0
Ok, I've been bouncing my head off my desk for several days now on this.  First, an assumption I am working off of is that netntlmv1 and MSCHAPv2 are same/same?

What I've tried.

EBE2F20936540E6500000000000000000000000000000000:FBF97203E1B703515A1BF44FF5EA5C621623DAC7065DA58F:1122334455667788

Code:
***@*** ~/D/h/src> chapcrack radius -C 1122334455667788 -R FBF97203E1B703515A1BF44FF5EA5C621623DAC7065DA58F
Cracking K3................
                     C1 = fbf97203e1b70351
                     C2 = 5a1bf44ff5ea5c62
                     C3 = 1623dac7065da58f
                      P = 1122334455667788

Oh, so I assume it must be ESS.  Sooo

Code:
***@*** ~/D/h/src> ./ct3_to_ntlm.bin fd5717880e4b5e13 7ab2b26a22061831 e81d062fe3f8fb9f00000000000000000000000000000000
08a8

Ok, great, but I want to double check this, so...

Code:
***@*** ~/D/h/src> perl -e 'print pack ("H*", "112233445566778803FE97E316101F32")' | md5sum

b66a63d54cfe005c88b054d53f5e3dc0  -

and then 

Code:
***@*** ~/D/h/src> hashcat64.bin -m14000 --potfile-disable --quiet -a 3 -1 charsets/DES_full.charset --hex-charset 99223BFDCF216B9B:b66a63d54cfe005c ?1?1000000000000

And... Nothing.

So, I guess I have 3 questions,

1. Am I right in my assumptions that the process for MSCHAPv2 should work for NETNTLMv1?

2. If so, what am I doing wrong in my manual check of the ESS?

3. Once I have the C1,C2, and K3, where do I go from there to get the ntlm?

Thanks!

I've been using the following threads as guidelines.
https://hashcat.net/forum/thread-5948.html
https://hashcat.net/forum/thread-5912.html

hash160(x) a.k.a. ripemd160(sha256(x))

$
0
0
HowTo?

I'm new to hashcat, so forgive my ignorance as I have not yet been able to find out if/how you could combine the raw hashes offered.

Hash Misch

OpenCL ICD loader library

$
0
0
I seen the other threads on this issue but will start one of mine own.

hashcat (v3.10) starting...


ATTENTION! Can't find OpenCL ICD loader library

You're probably missing the OpenCL runtime installation
  AMD users require AMD drivers 14.9 or later (recommended 15.12 or later)
  Intel users require Intel OpenCL Runtime 14.2 or later (recommended 15.1 or later)
  NVidia users require NVidia drivers 346.59 or later (recommended 361.x or later)


I'm using hashcat on Windows 10. I have a GTX 970 - Driver Version 375.95 which was installed(updated from previous version) on the 18th. I haven't used hashcat in a couple weeks(maybe around the 15th or so) but the last time I did I had no issues. Only thing I installed lately was planet coaster. Any suggestions on how to fix this issue? I this some kind of NV driver issue?

About --keep-guessing

$
0
0
Quote:New option --keep-guessing: Continue cracking hashes even after they have been cracked (to find collisions)

Would it be possible to have the exact opposite ? To stop hashcat after one found collision  ?
-
Quote:"--no-keep-guessing"

Thanks!

Prince attack mode unsupported

$
0
0
I tried hashcat mode 8 (it was prince attack at the version 2.), but said unsupported mode.
Is this mode deleted forever or maybe in the next version prince mode will be enabled?

Thanks in advance.

Failed to use the --username switch in Hashcat 3.20 on OS X

$
0
0
Hello,

First of all, I would like to say thanks to atom and to all those who contributed to coding such a great program. 
I started to use it a few days ago with pretty good success, but of course I am still a newbie.

Back to topic, I managed to install Hashcat 3.20 on OS X 10.10.5 by the following the guidelines in BUILD.md file.

Everything works fine cracking normal hashes with no usernames. But whenever I try to load a hash file with usernames in it and use the --username switch, hashcat always throws an error like this (no matter the username length or the separator):

Code:
./hashcat -a 0 -m 3200 --session=all --username -p : potfile-disable -o xxx/xxx_plains.txt --outfile-format=2 -w 2 xxx/xxx_pfile.txt dictionaries/big001.txt
hashcat (v3.10-814-g9402610) starting...

OpenCL Platform #1: Apple
=========================
* Device #1: Intel(R) Core(TM) i5-4278U CPU @ 2.60GHz, skipped
* Device #2: Iris, 384/1536 MB allocatable, 40MCU

Hash '—-username': Line-length exception
No hashes loaded

At the opposite, the same command gives no problem in Hashcat 3.10 installed on my VM with Windows 7.

So I tried to revert back to version 3.10 on OS X also: I downloaded the source code from main hashcat page and tried to compile it the same way I did for ver. 3.20 (i.e. downloading latest Open-CL from GitHub Repository, then 'make' command etc.). Here is the output after make command on Hashcat 3.10:

Code:
/bin/sh: gsed: command not found
gcc -D_POSIX -pipe -W -Wall -std=c99 -Iinclude/ -IOpenCL/ -Ideps/OpenCL-Headers/ -O2 -c -o obj/ext_OpenCL.NATIVE.o src/ext_OpenCL.c
gcc -D_POSIX -pipe -W -Wall -std=c99 -Iinclude/ -IOpenCL/ -Ideps/OpenCL-Headers/ -O2 -c -o obj/shared.NATIVE.o src/shared.c
gcc -D_POSIX -pipe -W -Wall -std=c99 -Iinclude/ -IOpenCL/ -Ideps/OpenCL-Headers/ -O2 -c -o obj/rp_kernel_on_cpu.NATIVE.o src/rp_kernel_on_cpu.c
gcc -D_POSIX -pipe -W -Wall -std=c99 -Iinclude/ -IOpenCL/ -Ideps/OpenCL-Headers/ -O2    -o hashcat src/hashcat.c obj/ext_OpenCL.NATIVE.o obj/shared.NATIVE.o obj/rp_kernel_on_cpu.NATIVE.o -lpthread  -DCOMPTIME=1480244563 -DVERSION_TAG=\"\" -DINSTALL_FOLDER=\"/usr/local/bin\" -DSHARED_FOLDER=\"/usr/local/share/hashcat\" -DDOCUMENT_FOLDER=\"/usr/local/share/doc/hashcat\"
src/hashcat.c:14371:9: warning: unused variable 'need_xnvctrl'
     [-Wunused-variable]
   int need_xnvctrl = 0;
       ^
src/hashcat.c:14369:9: warning: unused variable 'need_nvapi' [-Wunused-variable]
   int need_nvapi   = 0;
       ^
2 warnings generated.

After this, however, no hashcat command except for --help is recognized and I always see this error on any command:
Code:
ERROR: (null): No such file or directory

So in conclusions, my questions are:
  1. Does the 'username switch' error arise in ver. 3.20 (on OS X), because this version is still beta? Hashcat 3.10 gives no such error on Win 7.
  2. If yes, then how can I correctly compile Hashcat 3.10 on OS X? I followed the procedure in BUILD.md file but no success.
Thanks to everybody in advance!
P.S.: I see you're all high-technicality people here, please use simple words with me. Smile

Fail to compile kernel, may need to increase reserved registers for spilling.

$
0
0
Running Hashcat on Ubuntu 16.04, using the nvidia-367 and Intel i95 drivers.  It works fine when cracking MD5.  It works fine when cracking NTLMv2 so long as I'm not using rules.  As soon as I try something like:

Code:
# ./hashcat -m 5600 -a 0 /path/to/responder_hashes.txt ../WordLists/rockyou.txt  -r rules/best64.rule

I get the following:

Code:
hashcat (v3.10-829-g646a472) starting...

OpenCL Platform #1: Intel
=========================
* Device #1: Intel(R) HD Graphics Haswell GT2 Mobile, 1024/2048 MB allocatable, 20MCU

Hashes: 58 digests; 58 unique digests, 58 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates
Rules: 77

Applicable Optimizers:
* Zero-Byte
* Not-Iterated

Watchdog: Hardware Monitoring Interface not found on your system
Watchdog: Temperature abort trigger disabled
Watchdog: Temperature retain trigger disabled

Initializing device kernels and memory...ASSERTION FAILED: Fail to compile kernel, may need to increase reserved registers for spilling.
  at file /build/beignet-5qGeBM/beignet-1.1.1/backend/src/backend/gen_program.cpp, function virtual gbe::Kernel* gbe::GenProgram::compileKernel(const gbe::ir::Unit&, const string&, bool), line 200
Trace/breakpoint trap (core dumped)

I get the same behavior whether the NVidia drivers are enabled or not (using prime-select or directly through nvidia-settings).  It works fine in the other attack modes ... just not the one I need.

I tried both the latest release and version from git.

I have no idea what to try next.  Advice?

How to choose the most effective command

$
0
0
I know a password is a 5-character password from the set A-Z,a-z,0-9, uses MD5, uses the same salt for all entries h(0,pwd). Another password has the same situation with the first one but uses a 8-bit salt h(s,pwd).

What command can I choose to make the brute force effective?
I choose 'hashcat64.exe --hash-type 10 --attack-mode 3 file1.txt', is there any command that can make it faster?

Thanks.

NVida Grid K2 in ESX host OpenCL error

$
0
0
Hey everyone.  I have a HP DL380 G9 running ESX 6.0.

The server has a Nvidia K2 gpu installed and it is being allocated to my Win7x64 VM as a K260q card.

I have the latest driver installed from Nvidia but hashcat keeps throwing the attached OpenCL error.

ERROR: clGetPlatformIDs(): CL_UNKNOWN_ERROR

Is this setup and hardware even supported or am I going down a path that will not work??

The other thing I was thinking is that maybe because I have multiple cards I have not configured the software to use the correct card?

I have blacked out some of the data in the screen shot to sensor some information.

Let me know if I am going in the wrong direction and I can change the commands.

Thanks,

.png   cards.PNG (Size: 7.14 KB / Downloads: 3)

.png   opencl error.PNG (Size: 46.87 KB / Downloads: 3)
Viewing all 8217 articles
Browse latest View live


<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>