Quantcast
Channel: hashcat Forum - All Forums
Viewing all 8214 articles
Browse latest View live

LUKS Support

January 21, 2017, 6:39 am
$
0
0
After multiple weeks of coding and preparations I've completed the support for hashcat to crack LUKS protected partitions and volumes.

LUKS offers a set of "crypto items" (hashes, ciphers, blockmodes and keysizes) which can be used to configure an encrypted block device. The user can freely select them which then creates a large number of possible crypto relevant combinations. This made it a very work intensive implementation especially without a crypto library and on GPU.

The following crypto items are supported for LUKS:

Hashes:
  • PBKDF2-HMAC-SHA1
  • PBKDF2-HMAC-SHA256
  • PBKDF2-HMAC-SHA512
  • PBKDF2-HMAC-RipeMD160
Ciphers:
  • AES
  • Serpent
  • Twofish
Modes:
  • CBC-Plain
  • CBC-Plain64
  • CBC-ESSIV
  • XTS-Plain
  • XTS-Plain64
Keysizes:
  • 128
  • 256
  • 512
Hashcat computes all of the crypto items and their combinations 100% on GPU. On top of that, hashcat also computes the anti-forensic merger code and the shannon entropy check 100% on GPU.

To find out which crypto items are configured in your LUKS volume you can use the command:

Quote:$ cryptsetup luksDump /dev/XXXX

Unless you're using some very uncommon setup, I'm certain that hashcat will support all of the crypto items in your LUKS volume. Hashcat will automatically detect them and automatically select the correct kernel for you.

Short story on LUKS is:
  1. Do a PBKDF2 on the password with a very high iteration count
  2. Use the derived key to decrypt a large set of anti-forensic data
  3. Merge the decrypted AF data to form the masterkey
  4. Do a PBKDF2 on the masterkey again with a high iteration count
  5. Compare the derived data with the data stored in the LUKS header to verify if the password was correct
This is how LUKS does it.

The first PBKDF2 iteration count is automatically selected from cryptsetup by measuring how many iterations can be done in 1000ms on the host CPU (unless the user override the time using -i). However, the second PBKDF2 is not needed actually. While it provides a bullet-proof way to check if the password is correct, it also adds a very expensive PBKDF2 with usually more than 100000 iterations (on a modern system). It is preferable to avoid it, and that's why hashcat does the following instead:
  • Since we have the masterkey after the first PBKDF2 we can start decrypting the payload data
  • If we can predict the data after decrypt we can do a known-plaintext attack
  • Unfortunately the data isn't 100% known, but from my tests it shows it's different to random data (see below)
  • Decrypted data with an invalid key looks like random data, therefore hashcat can do an entropy check on it
  • If the entropy is below some threshold we can assume the password was correct
So how can hashcat know anything about the content. Well, it can't and this isn't bullet-proof. But from my tests it turns out that the most common used filesystems on linux zero the first sector or write some sort of header to it. I've tested the following filesystems:
  • EXT2
  • EXT3
  • EXT4
  • XFS
  • Reiser4
  • Btrfs
I've also successfully checked some more rare filesystems like vfat, but I don't think anyone uses this on a linux box.

This is how I tested how the first sector changes after a format:

Quote:$ dd if=/dev/urandom of=test bs=1M count=100
$ cryptsetup luksFormat test
$ cryptsetup luksOpen test tmp
$ xxd -l 512 /dev/mapper/tmp ## is random data at this point
$ mkfs.XXX /dev/mapper/tmp
$ xxd -l 512 /dev/mapper/tmp ## should no longer be random data
$ cryptsetup luksClose tmp
$ rm test

The idea is simply to find out if the mkfs.XXX is doing "something" to the first sector at initialization (formating). And they do, all of them! They either set zero bytes or some kind of header. That's what we're hoping for, because that enables us to do an entropy check on it with the goal to workaround the expensive 2nd PBKDF2 computation.

Hashcat also supports the cracking of the multiple keyslots that can be used in LUKS. For those who are not familiar with this concept: LUKS allows the use of multiple passwords ("keyslots", up to 8) for the same volume. We can not know which one contains the easiest password, but each of them have its own iteration count. In theory it makes sense to attack the one with the lowest iteration count, but after some thought I decided against it. We need to test all of them, regardless of the iteration count because it's easier to crack a simple passwords with 1000000 iterations than a hard one with just 100 iterations. Therefore it doesn't make any sense to give the user control on which keyslot to test, but if anyone has a good idea why it would make sense letting the user choose, please let me know and I'll add a parameter for it.

There's two things missing (at the moment) in order to make hashcats LUKS support "full featured":
  1. Support for Keyfiles
  2. Support for Whirlpool
In LUKS there's actually two (or more) different Keyfiles that can be used. There's one for each of the keyslots and one for the masterkey. However, I'm unsure if we really need them. If I'm getting enough feedback from people who actually need keyfile support (or whirlpool) I'll rethink about adding them.

To crack LUKS with hashcat, simply use hash mode 14600 and specify the path to the partition "file". For instance that is /dev/sda1 on where you normally specify the hash file. There's no luks2hashcat or so required. To make the LUKS image more "portable" you can also use this command:

Quote:$ dd if=/dev/XXXX of=header.luks bs=512 count=4097

This creates a 2mb file which includes all the data hashcat needs to start cracking.

Being able to crack LUKS using hashcat doesn't mean that LUKS is broken. There's also no reason to criticize the KDF of LUKS because of the possible shortcut. The high iteration count and the large AF dataset makes this algorithms one of the slowest you can think of. At least I was able to make it 15 to 25 times faster (yes, times, not percent!) than any other password cracker (both commercial and non-commercial) on the same system/hardware. I'm very proud on this work.

- atom
Search

6-8gpu rig need advice?

January 21, 2017, 11:45 pm
$
0
0
Hi everyone
i'm getting ready to build a rig and need some help over here.
it's going to be a 6-8gpu rig with 2 psus and proper cooling.

so what i don't worry about is its cooling, power supplying and the graphic cards as they are already bought and i'm just gonna use them so please no comment on this semi-setup which i'm stuck with.

i also have:
1 powered usb3 x1-x16 riser (CAN'T afford any soon enough)
2 x1-x16 non-powered risers (can afford more)
6 x16-x16 ribbon risers (can afford more)

I need your help to figure out what is the proper motherboard and processor to take at least 6 graphic cards?
considering it would be better using the most from 16 links on each PCI-E (for dictionary).

mobo models which i think might be good:

Gigabyte GA-990FXA-UD7 (not availible aroud here)
MSI 990FXA-GD80 (not availible aroud here)
ASRockH81 Pro BTC (not availible aroud here)
ASUS ROG STRIX Z270F GAMING
*ASUS X99-E WS/USB 3.1

The last one is the one i can find/buy easily although it's a little expensive(especially with a 2011 core i7 cpu which would be useless for me as it's the gpus doing all the process - still not sure about this)

So i'm going to ask for a MOBO and suitable CPU and RAM of course.
i have no idea on the amount of RAM either.
could anyone advise me on these please?

on Aruba GPU (AMD APU)

January 22, 2017, 3:53 pm
$
0
0
Hi!

I'm getting this error:

Code:
./hashcat64.bin -b
hashcat (v3.30-20-gf88644f) starting in benchmark mode...

OpenCL Platform #1: Mesa
========================
* Device #1: AMD ARUBA (DRM 2.43.0, LLVM 3.8.0), 256/1024 MB allocatable, 3MCU

Hashtype: MD4

clBuildProgram(): CL_BUILD_PROGRAM_FAILURE

input.cl:32:1: error: OpenCL does not support the 'static' storage class specifier
input.cl:168:1: error: OpenCL does not support the 'static' storage class specifier

* Device #1: Kernel /home/san/Aircrack/hashcat-3.30-20/OpenCL/m00900_a3.cl build failure. Proceeding without this device.

Started: Sun Jan 22 23:35:38 2017
Stopped: Sun Jan 22 23:35:41 2017


Is this hashcat problem or OpenCL something?

If this helps:

Code:
clinfo
Number of platforms                               1
  Platform Name                                   Clover
  Platform Vendor                                 Mesa
  Platform Version                                OpenCL 1.1 MESA 11.2.0
  Platform Profile                                FULL_PROFILE
  Platform Extensions                             cl_khr_icd
  Platform Extensions function suffix             MESA

  Platform Name                                   Clover
Number of devices                                 1
  Device Name                                     AMD ARUBA (DRM 2.43.0, LLVM 3.8.0)
  Device Vendor                                   AMD
  Device Vendor ID                                0x1002
  Device Version                                  OpenCL 1.1 MESA 11.2.0
  Driver Version                                  11.2.0
  Device OpenCL C Version                         OpenCL C 1.1 
  Device Type                                     GPU
  Device Profile                                  FULL_PROFILE
  Max compute units                               3
  Max clock frequency                             0MHz
  Max work item dimensions                        3
  Max work item sizes                             256x256x256
  Max work group size                             256
  Preferred work group size multiple              64
  Preferred / native vector sizes                 
    char                                                16 / 16      
    short                                                8 / 8       
    int                                                  4 / 4       
    long                                                 2 / 2       
    half                                                 0 / 0        (n/a)
    float                                                4 / 4       
    double                                               2 / 2        (cl_khr_fp64)
  Half-precision Floating-point support           (n/a)
  Single-precision Floating-point support         (core)
    Denormals                                     No
    Infinity and NANs                             Yes
    Round to nearest                              Yes
    Round to zero                                 No
    Round to infinity                             No
    IEEE754-2008 fused multiply-add               No
    Support is emulated in software               No
    Correctly-rounded divide and sqrt operations  No
  Double-precision Floating-point support         (cl_khr_fp64)
    Denormals                                     Yes
    Infinity and NANs                             Yes
    Round to nearest                              Yes
    Round to zero                                 Yes
    Round to infinity                             Yes
    IEEE754-2008 fused multiply-add               Yes
    Support is emulated in software               No
    Correctly-rounded divide and sqrt operations  No
  Address bits                                    32, Little-Endian
  Global memory size                              1073741824 (1024MiB)
  Error Correction support                        No
  Max memory allocation                           268435456 (256MiB)
  Unified memory for Host and Device              Yes
  Minimum alignment for any data type             128 bytes
  Alignment of base address                       1024 bits (128 bytes)
  Global Memory cache type                        None
  Image support                                   No
  Local memory type                               Local
  Local memory size                               32768 (32KiB)
  Max constant buffer size                        268435456 (256MiB)
  Max number of constant args                     13
  Max size of kernel argument                     1024
  Queue properties                                
    Out-of-order execution                        No
    Profiling                                     Yes
  Profiling timer resolution                      0ns
  Execution capabilities                          
    Run OpenCL kernels                            Yes
    Run native kernels                            No
  Device Available                                Yes
  Compiler Available                              Yes
  Device Extensions                               cl_khr_global_int32_base_atomics cl_khr_global_int32_extended_atomics cl_khr_local_int32_base_atomics cl_khr_local_int32_extended_atomics cl_khr_byte_addressable_store cl_khr_fp64

NULL platform behavior
  clGetPlatformInfo(NULL, CL_PLATFORM_NAME, ...)  Clover
  clGetDeviceIDs(NULL, CL_DEVICE_TYPE_ALL, ...)   Success [MESA]
  clCreateContext(NULL, ...) [default]            Success [MESA]
  clCreateContextFromType(NULL, CL_DEVICE_TYPE_CPU)  No devices found in platform
  clCreateContextFromType(NULL, CL_DEVICE_TYPE_GPU)  Success (1)
    Platform Name                                 Clover
    Device Name                                   AMD ARUBA (DRM 2.43.0, LLVM 3.8.0)
  clCreateContextFromType(NULL, CL_DEVICE_TYPE_ACCELERATOR)  No devices found in platform
  clCreateContextFromType(NULL, CL_DEVICE_TYPE_CUSTOM)  No devices found in platform
  clCreateContextFromType(NULL, CL_DEVICE_TYPE_ALL)  Success (1)
    Platform Name                                 Clover
    Device Name                                   AMD ARUBA (DRM 2.43.0, LLVM 3.8.0)

ICD loader properties
  ICD loader Name                                 OpenCL ICD Loader
  ICD loader Vendor                               OCL Icd free software
  ICD loader Version                              2.2.8
  ICD loader Profile                              OpenCL 1.2
NOTE: your OpenCL library declares to support OpenCL 1.2,
but it seems to support up to OpenCL 2.1 too.

Someone will propably say: it's ancient GPU!
Yeah, i know, but i have no better.

Same on 3.00 and GIT version.

Best Regards!

MotherBoard advice

January 23, 2017, 10:53 pm

where did hashcat get the hashtype?

January 24, 2017, 8:00 am
$
0
0
Just a simple question: Where did hashcat get the hashtype?
So, i have a simple command. Something like

Code:
hashcat example.hash example.dict

And in my example.hash are md5 hashes - does hashcat know the hashtype because of the specific pattern of md5? What if my example.hash only holds sha256 hashes - here the same? Does this mean, i don't need to give hashcat a parameter for the hashtype?
Sorry for the weird question.

Formatting a salted SHA 512 hash

January 24, 2017, 11:24 am
$
0
0
Hey all. I have a salted SHA512 hash which I have extracted from OSX with davegrohl. The password is "0pen2014".

Can anyone point me in the direction or help me understand how to format this hash for hashcat? I cant seem to get the SHA-512($pass.$salt) format to work. I've dumped the full output data below.

Thanks for any help...

p.p1 {margin: 0.0px 0.0px 0.0px 0.0px; font: 11.0px Menlo; color: #000000; background-color: #ffffff} span.s1 {font-variant-ligatures: no-common-ligatures}
  appleLabel = SRP-RFC5054-4096-SHA512-PBKDF2
    Hash = 512 <09e480773bc84732e53712a106edb45aac718e166d8a7662d07ac766be00ebfd91e01ed958bba9c34e6edbf81275b6a4c5b5296f0a9b2ad7ae07534717bfe3050a013830305d6f63fd6499d2e5993d7e0ed28fd1529fdea003824221be9c8e56a0588ddfaec8ef4a5c0451420d70bc6a42c7a744a18e8f64c495aaa1284849cfc2b5cde95415d4b8f53df2161dcf900e0eb134335b92657aa2eea6e7b4058fa5cc14978a4e31ed91a54ece9154991a91967960cc9ae207f7658181f9b0a1100c7048ffc0fb67e5ab04f5fec0852b1ea21f130d31d6c897f23f16ea1daa345fa440b3909821cd0f3a52b814606935269ad6e77863744a1439fea986a229d6b9a3d3c6f91d219087c4254029a2d84b5cb891cb44045b0670393aebaf4af32f614f4384863f8426a6b82070d1491a24218dcdaf36d7cd9d1cbe3673119f0b8ac6ac63be13c5a05a87e23313763259cea6c4afc370c0ef687d1027281de65e3351ba6396259575ea9090824b860a8590d2bd5f463b61d4350e8cdeeffbf9753585f80733b29d46a90dbe0c496bd2db27a7d40933662f9fd09609e7cf0f83fa2887d31a6f936508665aaa3d1c0c6a342a2e3558bfcc19f558bcd1882bf7600f1a7828044d0313b664788981c215488353f3fcb2c13794368b4343834bb9d1901673f61edf0092ba3b31c69307a4b0961d8c9f51f73c71100dbf6fe8a45501bd30428f>
    Salt = 32 <4bf2fa78ef1eacbd66b2e11430d44998b6697fd1f4555e21b67757f31c0093ab>
    Rounds = 52356
    Type = 7
  cryptHash = <>
  cryptSalt = <>
  appleLabel = SALTED-SHA512-PBKDF2
    Hash = 128 <d124478807d58a79a3f52e66fd0f1e260ce8d5c56c6e1f13e858c1316901211611a483b8f2742a0988e86b5a1b30cd2a689d0fe5fe30a4a1d8cb4ddfc4755df2c13fc495955582640c57c4df133dc3164f6b305facf782870ebdc249267d908e4e92ca6f8ff09f3b7653fe1fbd8f76037c1023ff0e33f462bdbcc12dd3ab1f83>
    Salt = 32 <47f4604fcd8bff140bb02aa1d7824e5a392c667e0e796bfaeaf3558ca9111ce3>
    Rounds = 51813
    Type = 0
  cryptHash = <>
  cryptSalt = <>

TrueCrypt Help

January 24, 2017, 12:25 pm
$
0
0
Hey Everyone,

I am in a really huge bind.

Unfortunately one of my Co-Workers (head developer) passed away over the weekend. It has come to light that he had TrueCrypt on his PC, which has many programs and projects on it, that were not available anywhere else.

Another co-worker tried to log into his PC as our Domain Administrator account (developers PC was at the lock screen). 

It appears he had a login script that basically shut the PC down due to an account other than his logging in. 

Needless to say the PC is now at the Bootloader screen asking for his TC password (which we do not have).

Is there any way to get his password out of his drive? This is I am assuming a full drive encryption.

I have tried using the DD for Windows thing to get a .bin file, but I do not know what to do with it beyond that point.

Skype hash from Android

January 24, 2017, 2:47 pm
$
0
0
Hi,

Has anyone looked into extracting the Skype hash from an Android device?



// BBN
Search

Extract PDF hash (edit passwd)

January 25, 2017, 7:28 am
$
0
0
Hello guys, I need to recover "edit password" from a PDF file. How can I extract "edit password" hash? Thank you!

get hashcat-type/version over command

January 25, 2017, 11:47 am
$
0
0
Is it possible to get the hashcat version from hashcat itself? I don't mean the --version parameter which gives me the actual version. I mean an output, that tells me if i use 'hashcat' or 'hashcatLite' or 'oclHashcat' and so. I know, that we only have one hashcat version now - but a lot of user also use i.e. oclHashcat nowadays. I need this output for a bash script. When i call hashcat over my script and someone use oclHashcat, then he will get an error and i want to avoid this problem.

When this works: Do oclHashcat, HashcatLite and alle the other versions use the same syntax like hashcat? In other words: Does the command
Code:
hashcat-type -m 1400 hashlist.hash dicitonary.dict
works in all 'types/versions'?

Hash-encoding exception ?

January 25, 2017, 12:48 pm
$
0
0
Hi,

I've tried to make an MD5 hash with a salt in different ways from the Ubuntu command line for testing purposes. I keep getting this error message:

Hash-encoding exception

For instance when running 

Code:
./hashcat64.bin -m 20 -a 3 '$1$S3wPcrz5$Sz0L2IOO6wZjpy5QCoY7W/'

also 

Code:
./hashcat64.bin -m 10 -a 3 '$1$S3wPcrz5$Sz0L2IOO6wZjpy5QCoY7W/'

gives me the same error. 

When using -m 0 I get 'Line-length exception' which seem more common. I cannot find any references to 'Hash '$1$S3wPcrz5$Sz0L2IOO6wZjpy5QCoY7W/': Hash-encoding exception' except in the hashcat source-files. 

I hope you can help me.

Best regards.

Ps.

I genarated the hash-value by using

Code:
python3 -c 'import crypt; print(crypt.crypt("password", crypt.mksalt(crypt.METHOD_MD5)))'

in the command line.

Noob: Efficient way to "combine" masks and rules

January 25, 2017, 1:23 pm
$
0
0
Looking for an *efficient* way to arrive at a combination of masks and rules.
For example, by using only the dictionary word "please", I want to arrive at both "Please0000" and "plea$e9999".

The mask ?d?d?d?d would produce "please1234", but can't capitalize the first letter or change the "S" to "$".  The rule "sS$" would replace "S" with "$", but wouldn't append the four digits combination (0000..9999) at the end of the word.

Does this mean that I need to first produce a dictionary file with please00..please99 (using maskprocessor?) and then apply a set of rules to it?

thanks in advance.

Noob Extracting VeraCrypt MBR

January 25, 2017, 2:20 pm
$
0
0
I'm a total noob when it comes to hashcat.
I have a Veracrypt HDD I fully encrypted with default settings.
Being and idiot I forgot the password. I'm pretty sure I remember the letters and numbers and characters used in the password.

My current problem is I am trying to figure out how to copy the boot loader to get the hash to try cracking it.

I used

dd if=/dev/sdc1 of=/home/tj/Documents/dump bs=1 skip=31744 count=512

Which created the dump file.

I then opened it using vi.

vi /home/tj/Documents/dump

Then opened hex editor.

:%!xxd

Which converted it to hex but instead of staying Veracrypt at the top its just a bunch of random letters and .

Anyone help?

Thanks.

Hashcat v3.30 and resume

January 26, 2017, 5:22 am
$
0
0
Hi guys, I'm having problems with the resume function, specifically with the current working directory saved in the resume file.

I'm running this command:

Code:
hashcat-3.30/hashcat64.bin -m 0 -a 3 md5.txt ?l?l?l?l

My current working directory is
Code:
/root

Hashcat folder is located in
Code:
/root/hashcat-3.30/

The expected behaviour is that the .resume file, the .log file, and the .pot file will be saved in /root/ (because is the cwd)
Instead they are saved in /root/hashcat-3.30

On cudaHashcat the behaviour was:
“cwd” is the current working directory. oclHashcat will cd to that directory on startup if it is in --restore mode.

Then I found out about the new option in hashcat 3.30 --restore-file-path

Code:
hashcat-3.30/hashcat64.bin -m 0 -a 3 md5.txt ?l?l?l?l --restore-file-path /root/testsession

Which works, but when I try to restore the session, hashcat still tries to look in its directory...which negates the use of --restore-file-path because I have to move it back to hashcat directory to stop it from complaining!

Code:
root@ubuntu:~# hashcat-3.30/hashcat64.bin --restore --session testsession
hashcat (v3.30) starting in restore mode...

Restore file '/root/hashcat-3.30/testsession.restore': No such file or directory

Is it a bug, or a feature?Big Grin

How to Create the Rules for This Password Structure

January 26, 2017, 10:17 am
$
0
0
I am trying to carry out a dictionary attack for a password that is of this structure:

  • 15 characters

  • Lowercase letters and 0-9

  • First a five letter word then 4 numbers, then 6 letter word
Examples of possible passwords:
creek8937basket
arrow3156hardly
eager4109eleven

How would I create the rules for this. I have a dictionary of the ~6000 english 5 letter words and top 10000 english 6 letter words. I could put those together into one dictionary but I am not sure how to make the rules for the above. Could someone help me?

 Thank you in advance!
Search

Parse Database

January 26, 2017, 2:28 pm
$
0
0
Hello!

I need someone who can help me with Database. In one database i got user:hash, in other i have email:user... How i can compare those to get email:hash, because it's not in same order, and one part is diffrent then other, little bit bigger. Thanks

PeopleSoft Salted Hash Support

January 27, 2017, 7:55 am
$
0
0
AFAIK, hashcat currently only supports regular PeopleSoft hashes (-m 133), which are 28-character long Base64 strings, which I believe are generated using the PeopleCode Hash() function.

PeopleCode also has a salted hash function, called HashWithSalt(), which neither Hashcat nor JTR seem to support. I do not know the specifics of the algorithm which is used for this hash, but it has the same format as Hash(), except it begins with {1}.

{1}f+B0qgfNYGoedmHr2doZ+rN2Kso= (this is not a real hash, but shares the same format as HashWithSalt)

If anyone knows a way to use hashcat for this hash type in it's current implementation, please let me know. Otherwise, it would be great if this could be added to HC.

Linux: Amdgpupro 16.60

January 27, 2017, 9:59 am
$
0
0
Hi guys,

Amdgpupro 16.60 has just been released. Have you tried it out yet? Does it fix the slow performance in rule-based attack that we encountered with 16.50?

Iterate numbers 0000 to 9999 in Combo Attack

January 27, 2017, 10:51 am
$
0
0
I need to create passwords of the structure for a Cisco DPC3941B Xfinity router:

apple0000basket

Where apple and basket are 5 and 6 letter words respectively and the numbers in between could be any combination. I have a dictionary of 5 letter words and a dictionary of 6 letter words. What I need is to be able to create all combinations of the dictionaries and numbers so e.g:

apple0000basket
apple0000rapper
etc. to the last word in 6 letter dict then:
apple0001basket
apple0001rapper
apple0001whatev


Basically it cycles through every word in the 6 letter dictionary before incrementing the number. The numbers are incremented from 0000 to 9999. Then apple is finally changed to the next word after all that.

So far I have:

./hashcat64.bin -m 2500 -a 1 ~/Desktop/WPAcapture.hccap ~/Desktop/5letterwords.txt ~/Desktop/6letterwords.txt

How would I insert numbers to the right of the first dictionary word that increment so that I try all possible combos? Thank you for your time!

Multiple hccap hashes?

January 28, 2017, 3:32 am
$
0
0
Is there a way to crack multiple hccap hashes at a time?
Viewing all 8214 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>