CHAP Challenge Limit

January 14, 2017, 9:30 am

≪ Previous: Try to crack pdf-hash but get error "Line-length exception" "No hashes loaded"

Hi,

I am using hashcat to brute force decrypt my CHAP sessions. (-m 4800). All works fine for Challenge Salt length of 16 bytes, but I get an error when trying to use longer Challenge Salts (My Packet Capture has Value of length 26).

Can anyone guide me to the error of my ways?

Thanks in anticipation

S2Art

↧

Parse Error

January 14, 2017, 1:06 pm

≫ Next: Radeon PRO SSG Game Changer?

≪ Previous: CHAP Challenge Limit

Trying to run hashcat: but get (Failed to parse hashes using the 'native hashcat' format) can't seem to figure out what I am doing wrong or what is causing the problem.

/hashcat64.bin -m 3000 --username -l ?u?d?s /Documents/OffSec/labHashes/1.5-ntlm ?1?1?1?1?1?1?1

hashcat (v3.30) starting...

OpenCL Platform #1: NVIDIA Corporation
======================================
* Device #1: GeForce GTX 980, 1009/4037 MB allocatable, 16MCU

Failed to parse hashes using the 'native hashcat' format
No hashes loaded

↧

Radeon PRO SSG Game Changer?

January 15, 2017, 7:59 pm

≫ Next: how to extract hash from veracrypt container

≪ Previous: Parse Error

Curious with the unveiling and demonstration of the Radeon Pro SSG and its 1TB on board flash memory and it's affect on taking an 8k raw video from 17FPS to 90+FPS, will this better improve the compute units utilized for hashcracking and is this something hashcrack devs are looking at?

Reference:
https://www.extremetech.com/extreme/2324...e-attached

↧

how to extract hash from veracrypt container

January 16, 2017, 10:31 am

≫ Next: Custom Ruleset assistance

≪ Previous: Radeon PRO SSG Game Changer?

Hello ,(i hope i'm not in violation in any rule)
i'v created a veracrypt container and stored in it some sensitive data of me . however now i can't remember the password ( i remember parts of the password) and i need to access my files ,
my plan is to use hashcat but for that i need to get the hash from the container
what i did so far :
I created a new container with the password "hashcat" and i used the same method described for truecrypt to get the hash (first 512 bytes) from the container and i compared it with the hash provided in the hash examples in link but i can't find the same hash
please someone help me ..

↧

Custom Ruleset assistance

January 16, 2017, 11:19 am

≫ Next: samdump2 NTLM hash

≪ Previous: how to extract hash from veracrypt container

I'm looking to create a custom ruleset in hashcat. I understand the combination rule, but is there a way to provide more than 2 rules/wordlists? For example, how could I crack the following with a rule set?

!pa$$w0rd#ABC&
or
#ABC&pa$$w0rd!

I know that pa$$w0rd is a well know, hash, and I know how to insert a rule for before/after words, but how can I combine the end or beginning for a 3rd rule to further expand my ruleset?

Thanks for any ideas!

↧

samdump2 NTLM hash

January 16, 2017, 2:27 pm

≫ Next: Show found passwords

≪ Previous: Custom Ruleset assistance

Hi,

I was trying to extract Windows 10 hash from SYSTEM and SAM using Samdump2 but for some reason I'm not able to recover the known password.

I didn't use Kali Live during boot, I basically ran cmd in admin mode.

Code:
reg save hklm\sam c:\ sam

Code:
reg save hklm\system c:\system

Transferred both files to shared Kali Linux folder for VM (/media/shared)

In Kali

Code:
samdump2 -o winhash /media/shared/system /media/shared/sam

Transferred winhash back to windows hashcat folder

On Hashcat

Code:
hashcat64 -m 1000 winhash -a 3 ?a?a?a?a?a?a?a?a

But no luck.
When I tried an NTLM generator online, the hash was different from winhash too...

Appreciate the help. Thanks

↧

Show found passwords

January 17, 2017, 2:38 am

≫ Next: Temperature control for multiple sessions

≪ Previous: samdump2 NTLM hash

Hi guys!

When I check some hashes I'd like to know even one is cracked.
Is here any way to see the password immediately (w/o refreshing status or check the output file)?

↧

Temperature control for multiple sessions

January 17, 2017, 8:54 pm

≫ Next: Line length exception "no hashes loaded" Bcrypt

≪ Previous: Show found passwords

I have had some scenarios with hashcat that lead to the creation of this script. It is bash for use with an Nvidia GPU in Linux. I hope you guys get some use out of it.

Enjoy.

Code:
#!/bin/bash

#This script will keep the fan running on a single gpu in the event that you have more than one hashcat process running and one hashcat process is terminated.

#This script assumes that you already have the fan speed running to your liking during an existing hashcat session.

#KEEP THIS IN MIND BEFORE YOU RUN IT.  It will not set your fan speeds prior to you running hashcat for the first time.

#In cases where the fan speed has been set manually and --gpu-temp-retain has not been used to maintain the fan speeds, this has utility.

#Some scenarios where this might be useful are:

#1. --gpu-temp-retain has not been used.

#2. There was more than one hashcat session running, but one has terminated for some reason and has taken the fan speed down with it.

#3. You have old sessions (.restore files) that were not using --gpu-temp-retain and want to run more than one of these sessions at a time.  This could be from converting from water cooling to air cooling.  Manual fan control would be necessary as a result.

#This script will keep the GPU below 61 C by resetting the fan speed to 80 percent.

#This script was designed for use with fast hashes using the GTX 1080 FE.  80 percent fan is usually enough to keep the temperature below 61 C.

#This script uses nvidia-settings to get the temperature reading on the GPU (gpu:0).

#There is a 200 Mhz overclock in the keep_fan_on function.  This was put in for the GTX 1080 FE, but can be adjusted or removed as you see fit.

#You can adjust the other values as you see fit.

#debug on

set -x

#Declare GPU temp integer

declare -i gpu0temp

#Declare functions for fan control

function keep_fan_on {

nvidia-settings -a GPUFanControlState=1 --ctrl-display=:0

nvidia-settings -a GPUTargetFanSpeed=80 --ctrl-display=:0

nvidia-settings -a GPUPowerMizerMode=1 --ctrl-display=:0

nvidia-settings -a GPUGraphicsClockOffset[3]=200 --ctrl-display=:0

}

function turn_fan_off {

#Reset fans when process ends

nvidia-settings -a GPUGraphicsClockOffset[3]=0 --ctrl-display=:0

nvidia-settings -a GPUPowerMizerMode=0 --ctrl-display=:0

nvidia-settings -a GPUFanControlState=0 --ctrl-display=:0

}

while :

do

       #Watch for running hashcat process

       pidcheck=$(ps -e | grep 'hashcat')

       #Get temp from single gpu

       gpu0temp=$(nvidia-settings -q all --ctrl-display=:0 | grep 'GPUCoreTemp' | grep 'Attribute' | grep 'gpu' | awk -F':' '{print $4}' | awk -F'.' '{print $1}' | awk -F ' ' '{print $1}')

       date

       echo "Watching hashcat process(es)..."

       #As long as one hashcat process is detected, then keep the gpu fan running to keep the temperature down

       if [[ $pidcheck != "" ]]

       then

               if (( $gpu0temp > 60 ))

               then

                       #Keep fan at 80 percent if the conditions are met

                       #This may execute more than once at an interval of 10 seconds until the temperature is below 61 C.

                       echo "Temperature has risen above 60 C"

                       echo "Restoring fan speed to 80 percent."

                       turn_fan_off

                       sleep 1

                       keep_fan_on

               fi

       else

               echo "No hashcat process(es) are detected."

               echo "Resetting fans to normal speed."

               turn_fan_off

               #All done, breaking out of while loop

               break

       fi

sleep 10

clear

done

echo "hashcat no longer has any processes/sessions running."

echo "Fan speeds are back to normal."

↧

Line length exception "no hashes loaded" Bcrypt

January 17, 2017, 10:59 pm

≫ Next: hey am i doing anything wrong?

≪ Previous: Temperature control for multiple sessions

Hey, ive looked into hashcat --help and many of the wiki documentation and other sources on the internet, but i've still haven't figured it out yet, ive done MD5 and other modes, and it cracked those types of hashes sucessfully, but never bcrypt :/

Its 60 characters and ive tried almost everything

The mode ive been using is -m 3200 and i posted a screen shot in the jpg file or in imgur

Help would be really nice!

kind regards

-Robert

↧

hey am i doing anything wrong?

January 19, 2017, 3:16 am

≫ Next: Which is Best Schedulers software for Appointment and Meetings?

≪ Previous: Line length exception "no hashes loaded" Bcrypt

Ive done this command and i really don't know what i am doing wrong

hashcat64.exe -m3200 --weak-hash-threshold=0 --potfile-disable $2y$06******************************************* rockyou.txt

but keep ending up with 0 recovered, im pretty sure the hash i am cracking isn't a bunch of mumble jumbo, but instead 2 words combined.

-kind regards

Robert

↧

Which is Best Schedulers software for Appointment and Meetings?

January 19, 2017, 4:06 am

≫ Next: Amd GPU with Ubuntu

≪ Previous: hey am i doing anything wrong?

I am owner of my company and I am so busy in my daily routine. That's the reason i am searching best and easy Appointment & Meeting scheduler software.

↧

Amd GPU with Ubuntu

January 10, 2017, 2:10 am

≫ Next: Removing 1080 backplates

≪ Previous: Which is Best Schedulers software for Appointment and Meetings?

Hello guys!

I have a PC with two AMD Radeon r9 290x GPUs.
I want to use Hashcat on Ubuntu.
My problem is as it follows:
"AMD users on Linux require "AMDGPU-Pro Driver" (16.40 or later)"
This is only available on Ubuntu 16.04
On the other hand Ubuntu 16.04 does not support fglrx (Catalyst) drivers.
As far as I understand, both fglrx and amdgpu-pro are required for Hashcat to work.
I installed it with both Ubuntu 14.04 and 16.04 and the result was the same:
"Outdated or broken AMD driver detected!"
At this point I'm stuck, I could really use some professional help.

↧

Removing 1080 backplates

January 19, 2017, 2:17 pm

≫ Next: NTLM Hash issues

≪ Previous: Amd GPU with Ubuntu

Hello,

I've seen a few threads that reference removing the back half of the backplate of you have multiple 1080 FEs to improve airflow, but it's not always clear to me when that makes sense to do. For instance, I believe i've seen some people recommend doing it only for a particular card, as opposed to all of them. I would like to understand the underlying concept here a bit better to understand the guidance.

Beyond the general concept, i am also trying to understand what i should do in my particular situation. I have a Tyan FT77 style system with 4 x 1080 FEs, spaced evenly so there is an empty slot between each. Is there any benefit to removing the backplate in this type of set up?

Any guidance here would be appreciated,
Thanks!

↧

NTLM Hash issues

January 19, 2017, 2:32 pm

≫ Next: NTLM: hashcat vs RainbowCrack

≪ Previous: Removing 1080 backplates

Hi Guys,

Just a quick one, I can't seem to work it out.

I capture the NTLM hash fine, but when I go to process it in Hashcat, with the known account credentials in the password file, or a weak password that I know and brute force it, I never get the calculated plaintext.

The hash is seen as correct, and viable within Hashcat, but it's not valid.

This is the example NTLMV2 from Hashcat, which works fine:

admin::N46iSNekpT:08ca45b7d7ea58ee:88dcbe4446168966a153a0064958dac6:5c7830315c7830310000000000000b45c67103d07d7b95acd12ffa11230e0000000052920b85f78d013c31cdb3b92f5d765c783030 (Processes to "hashcat")

This is my capture with some details adjusted so that it remains private:

REDACTED$::REDACTED:1122334455667788:REDACTEDFB7CBC971F7DEE1FREDACTED:0101000$

So why is this happening? The only thing I could think is that it's on a domain, it's a lot shorter, and the server challenge is spoofed, but Hashcat starts calculating it. (I've been given permission to do this, so don't worry)

Thanks in advance.

↧

NTLM: hashcat vs RainbowCrack

January 19, 2017, 5:06 pm

≫ Next: NTLM Benchmark vs Mask Attack

≪ Previous: NTLM Hash issues

Is hashcat faster than RainbowCrack when it comes to cracking NTLM hashes? Just curious.

Thanks

↧

NTLM Benchmark vs Mask Attack

January 19, 2017, 10:58 pm

≫ Next: "Hashcat quit unexpectedly"...

≪ Previous: NTLM: hashcat vs RainbowCrack

I have 2 GTX 1080 cards, and I have run a benchmark for NTLM listed below:

Hashtype: NTLM
Speed.Dev.#1.....: 44431.8 MH/s (60.25ms)
Speed.Dev.#2.....: 44439.7 MH/s (60.07ms)
Speed.Dev.#*.....: 88871.5 MH/s

Now when I run a Mask attack my results aren't even close:

Speed.Dev.#1.....: 18905.6 MH/s (7.72ms)
Speed.Dev.#2.....: 18906.8 MH/s (7.75ms)
Speed.Dev.#*.....: 37812.4 MH/s

Command Used:
hashcat64.exe -a 3 -m 1000 hashes.txt ?a?a?a?a?a?a?a?a?a -o cracked.txt

Am i missing something to optimize my GPUs or is this expected? I am running 3.30 on Windows if it makes any difference.

↧

"Hashcat quit unexpectedly"...

January 20, 2017, 12:28 am

≫ Next: hashcat exhausted status

≪ Previous: NTLM Benchmark vs Mask Attack

G00gle isn't helping me at all, so I hope some kind soul can get me pointed in the right direction.
I'm using 32 bit Windows 7 with a 980 gpu and this Nvidia driver: 372.54-desktop-win8-win7-32bit-international-whql.exe
I'm fine using cudahashcat32 versions 1.37 or 2.01 (by resetting system clock) but I haven't been able to use the new hashcat, not 3.1 or 3.2 or 3.3. When I start a task it seems to be about to start but then the cmd window reports "Hashcat quit unexpectedly".
Are there any special dependencies under Windows 7 that I need to know about? And/or, what do I check next? as in: what info should I provide to give you clues? THANKS!

↧

hashcat exhausted status

January 20, 2017, 12:23 pm

≫ Next: Speed impact of larger hash lists

≪ Previous: "Hashcat quit unexpectedly"...

I want to crack 12 character but 9 and more I get exhausted % 100 on hashcat 3.30

hashcat64 -m 2500 -w 3 -a 3 C:\Users\djfir\Desktop\hashcat-3.30\TTNET_HUAWEI_4732.hccap C:\Users\djfir\Desktop\hashcat-3.30\masks\12character.hcmask

.png

WHy.png (Size: 92.54 KB / Downloads: 9)

↧

Speed impact of larger hash lists

January 20, 2017, 1:42 pm

≫ Next: generating a dictionary

≪ Previous: hashcat exhausted status

I'm trying to understand why I see a significant increase in time to complete as the list of hashes gets larger, and hopefully get some guidance on how to improve performance. Since I've seen posts referencing very large lists of hashes (up to 'in the millions'), I've been surprised to see performance impacts as I increase the list of hashes into the thousands. The noob in me thinks that comparing each generated hash to the list of candidates should not be this big of a bottleneck. I get that comparing the hash to one hash vs 2000 requires more compute time - just looking for a head check if I'm missing anything here - or if there are performance tweaks (or maybe other approaches like splitting the file up) I should look for.
My gear:
1U Supermicro box
64GB RAM
4x Tesla P100-PCIE-16GB
2x Xeon CPU E5-2640 v4 @ 2.40GHz

Sample speeds:
using basic wordlist attack - rockyou with best64 rule
50 md5crypt hashes - estimated time to complete = 27 mins
2063 md5crypt hashes - estimated time to complete = 18 hours 37 mins

Thanks

↧

generating a dictionary

January 21, 2017, 6:36 am

≫ Next: LUKS Support

≪ Previous: Speed impact of larger hash lists

hello ,
i'm trying to crack i password that forgot, i remember all the words that i used to generate this longe password, let's say i used the words
A
B
C
D
E
F
i also certain that i have a prefix added to that password
i'm trying to create a dictionary that contain all the possible combination of these words
i used crunch to generate all to possible combinations ,
crunch 1 2 -p A B C D E R > dict.dict
and the result was
AAAAA
AAAAB
.........
FFFFFF
but i also want
A
and AA ....
can any one please help
thank you

↧