Quantcast
Channel: hashcat Forum - All Forums
Viewing all 8174 articles
Browse latest View live

Office hash trouble

July 29, 2017, 6:29 am
$
0
0
Hi all,
I'm a newbie and I'm trying to crack an Office 2013 Excel file. I used office2john.py to get the hash and I removed the filename from the hash up to the colon. I'm using version 3.6.0 on a Win 7 box. Here is the command line code: 

hashcat64 --force a 0 -m 9600 c:\hash3.txt C:\Users\rikst\Desktop\tmp\Tech\Security_plus\CrackExcel\hashcat-3.6.0\wordlists

I'm getting a line length exception. I would show the hash, but I think that's against the rules, right?

I have successfully cracked a MD5 hash so hashcat is working properly--I'm assuming.
Search

Latest Beta release 3.6.0+268 issue with PDF 1.7

July 29, 2017, 9:40 am
$
0
0
I've downloaded  hashcat-3.6.0+268 and am attempting to try to crack the PDF 1.7 hash example listed in the wiki.
My exact command line is:
HC64 -m 10700 -a 0 [copy and pasted the hash example from the wiki here without the brackets]  word.txt --status --status-timer=3
the word.txt file contains the word hashcat (5 of the 6 entries), as is supposedly the password for all the example hashes listed as per the wiki.

I'm running windows 10 x64 with two NVIDIA GTX-960's on a 6 core cpu.

I've had to apply the time-out patch in order for 3.6.0+268 to run, but I still get errors that:
1.  when running the benchmark "nvmlDeviceSetPowerManagementLimit(): Insufficient Permissions", which per ATOM, can be disregarded.
2. Device 1 and 2 open cl kernel self-test failed (see below)

I've installed the latest NVIDIA driver that supports the GTX - 960's

Here is a screen copy of the event:

c:\HC330>hc64 -m 10700 -a 0 $pdf$5*6*256*-4*1*16*381692e488413f5502fa7314a78c25db*48*e5bf81a2a23c88f3dccb44bc7da68bb5606b653b733bcf9adaa5eb2c8ccf53abba66539044eb1957eda68469b1d0b9b5*48*b222df06deb308bf919d13447e688775fdcab972faed2c866dc023a126cb4cd4bbffab3683ecde243cf8d88967184680 word.txt
hashcat (v3.6.0-268-g332396a0) starting...

OpenCL Platform #1: NVIDIA Corporation
======================================
* Device #1: GeForce GTX 960, 512/2048 MB allocatable, 8MCU
* Device #2: GeForce GTX 960, 512/2048 MB allocatable, 8MCU

Hashes: 1 digests; 1 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates
Rules: 1

Applicable optimizers:
* Zero-Byte
* Single-Hash
* Single-Salt

Watchdog: Temperature abort trigger set to 90c
Watchdog: Temperature retain trigger set to 75c

* Device #2: ATTENTION! OpenCL kernel self-test failed.

Your device driver installation is probably broken.
See also: https://hashcat.net/faq/wrongdriver

* Device #1: ATTENTION! OpenCL kernel self-test failed.

Your device driver installation is probably broken.
See also: https://hashcat.net/faq/wrongdriver

Dictionary cache hit:
* Filename..: word.txt
* Passwords.: 6
* Bytes.....: 51
* Keyspace..: 6

The wordlist or mask that you are using is too small.
This means that hashcat cannot use the full parallel power of your device(s).
Unless you supply more work, your cracking speed will drop.
For tips on supplying more work, see: https://hashcat.net/faq/morework

Approaching final keyspace - workload adjusted.

Session..........: hashcat
Status...........: Exhausted
Hash.Type........: PDF 1.7 Level 8 (Acrobat 10 - 11)
Hash.Target......: $pdf$5*6*256*-4*1*16*381692e488413f5502fa7314a78c25...184680
Time.Started.....: Sat Jul 29 12:15:16 2017 (0 secs)
Time.Estimated...: Sat Jul 29 12:15:16 2017 (0 secs)
Guess.Base.......: File (word.txt)
Guess.Queue......: 1/1 (100.00%)
Speed.Dev.#1.....:        0 H/s (5.11ms)
Speed.Dev.#2.....:        0 H/s (0.00ms)
Speed.Dev.#*.....:        0 H/s
Recovered........: 0/1 (0.00%) Digests, 0/1 (0.00%) Salts
Progress.........: 6/6 (100.00%)
Rejected.........: 0/6 (0.00%)
Restore.Point....: 0/6 (0.00%)
Candidates.#1....: WORd -> Hashcat
Candidates.#2....: [Copying]
HWMon.Dev.#1.....: Temp: 43c Fan: 33% Util: 98% Core:1379MHz Mem:3004MHz Bus:8
HWMon.Dev.#2.....: Temp: 40c Fan: 33% Util:  0% Core:1354MHz Mem:3004MHz Bus:8

Started: Sat Jul 29 12:14:49 2017
Stopped: Sat Jul 29 12:15:18 2017

I assume the PDF 1.7 hash is extremely slow from the way it acts.

The last beta version of 3.6.0 that worked was 3.6.0+200.  No version after 3.6.0+200 will find the password.
I even tried putting the hash in a text file. Still does not work.  What am I doing wrong??? or has the code changed???

Anyone have any ideas?

Best practice dealing with dic intersections

July 29, 2017, 4:30 pm
$
0
0
Hi!

My friend tends to run many small, tightly targeted dictionaries based on hash original location (geo), hash author' seх, hardware (if any) and so on. If none of those worked it's time to run common, bigger dictionaries. Obviously, small dics often overlap with big ones (e.g., local phone numbers with ?d-masks).

He failed to google/man any built-in possibility to exclude intersections using Hashcat (e.g. by means of "exclude words from said files" param). Did he miss it? What's teh best practice here? Thanks in advance!

Works great, except for ethereum

July 29, 2017, 7:55 pm
$
0
0
Couldn't get -m 15700 (ethereum scrypt) working for me.

I have a hash of "Hi"

{"address":"6fea59d03567729c41545e9d6b22e970d03e0c6a","crypto":{"cipher":"aes-128-ctr","ciphertext":"04a4813a25457cc354d29a669c8d47893b642d3b999f2c89876d3756c23b0f6e","cipherparams":{"iv":"42781602a9a10147f572e935f8cecefc"},"kdf":"scrypt","kdfparams":{"dklen":32,"n":262144,"p":1,"r":8,"salt":"03b394784c4598d1b803661ddf6e7204cf1d85f99793cdbe8920964aaa5f3af5"},"mac":"9c1442d8f46951b6048fd3e8ca51ae82ae0b7f23d859f8a96c25e646d0ed56dd"},"id":"eb03b2a9-b5a0-4fd6-b855-e70469f2f9e4","version":3}

This is with Debian Sid's binary...
Code:
❯ hashcat --version

pull/1273/head

❯ hashcat -d 1 -m 15700 -a 3 -1 '?u?a' -i --increment-min 1 --status ~/hi.json '?1?1'
hashcat (pull/1273/head) starting...

OpenCL Platform #1: NVIDIA Corporation
======================================
* Device #1: GeForce GTX 1080 Ti, 2793/11172 MB allocatable, 28MCU
* Device #2: GeForce GTX 1080 Ti, skipped.
* Device #3: GeForce GTX 1080, skipped.

Hashes: 1 digests; 1 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates

Applicable optimizers:
* Zero-Byte
* Single-Hash
* Single-Salt
* Brute-Force

Watchdog: Temperature abort trigger set to 90c
Watchdog: Temperature retain trigger set to 75c

Increasing single-block device memory allocatable for --scrypt-tmto 0.
Increasing single-block device memory allocatable for --scrypt-tmto 1.
Increasing single-block device memory allocatable for --scrypt-tmto 2.
Increasing single-block device memory allocatable for --scrypt-tmto 3.
Increasing single-block device memory allocatable for --scrypt-tmto 4.
SCRYPT tmto optimizer value set to: 5, mem: 7516192768

* Device #1: build_opts '-I /usr/share/hashcat/OpenCL -D VENDOR_ID=32 -D CUDA_ARCH=601 -D VECT_SIZE=1 -D DEVICE_TYPE=4 -D DGST_R0=0 -D DGST_R1=1 -D DGST_R2=2 -D DGST_R3=3 -D DGST_ELEM=8 -D KERN_TYPE=15700 -D _unroll -cl-std=CL1.2'
s

[s]tatus [p]ause [r]esume [b]ypass [c]heckpoint [q]uit => The wordlist or mask that you are using is too small.
This means that hashcat cannot use the full parallel power of your device(s).
Unless you supply more work, your cracking speed will drop.
For tips on supplying more work, see: https://hashcat.net/faq/morework

Approaching final keyspace - workload adjusted.

[s]tatus [p]ause [r]esume [b]ypass [c]heckpoint [q]uit => s

Session..........: hashcat
Status...........: Running
Hash.Type........: Ethereum Wallet, SCRYPT
Hash.Target......: $ethereum$s*262144*8*1*8247c9a67ea11366a96081d040e1...eaeb8d
Time.Started.....: Sat Jul 29 22:41:44 2017 (1 sec)
Time.Estimated...: Sat Jul 29 22:41:45 2017 (0 secs)
Guess.Mask.......: ?1 [1]
Guess.Charset....: -1 ?u?a?a?a, -2 Undefined, -3 Undefined, -4 Undefined
Guess.Queue......: 1/8 (12.50%)
Speed.Dev.#1.....:        0 H/s (0.00ms)
Recovered........: 0/1 (0.00%) Digests, 0/1 (0.00%) Salts
Progress.........: 0/95 (0.00%)
Rejected.........: 0/0 (0.00%)
Restore.Point....: 0/1 (0.00%)
Candidates.#1....: s -> s
HWMon.Dev.#1.....: Temp: 48c Fan: 33% Util:100% Core:1987MHz Mem:5005MHz Bus:1

It seems like it never starts.

I also tried with latest from source.

Code:
❯ ./hashcat -d 1 -m 15700 -a 3 -1 '?u?a' -i --increment-min 1 --status ~/hi.json '?1?1'
hashcat (v3.6.0-271-g942b7068) starting...

OpenCL Platform #1: NVIDIA Corporation
======================================
* Device #1: GeForce GTX 1080 Ti, 2793/11172 MB allocatable, 28MCU
* Device #2: GeForce GTX 1080 Ti, skipped.
* Device #3: GeForce GTX 1080, skipped.

Hashes: 1 digests; 1 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates

Applicable optimizers:
* Zero-Byte
* Single-Hash
* Single-Salt
* Brute-Force

Watchdog: Temperature abort trigger set to 90c
Watchdog: Temperature retain trigger set to 75c

Increasing single-block device memory allocatable for --scrypt-tmto 0.
Increasing single-block device memory allocatable for --scrypt-tmto 1.
Increasing single-block device memory allocatable for --scrypt-tmto 2.
Increasing single-block device memory allocatable for --scrypt-tmto 3.
Increasing single-block device memory allocatable for --scrypt-tmto 4.


[s]tatus [p]ause [r]esume [b]ypass [c]heckpoint [q]uit => s


[s]tatus [p]ause [r]esume [b]ypass [c]heckpoint [q]uit => s

This time when I press s, it doesn't say anything.

md5 works perfectly
hashcat -d 1 -m 0 -a 3 -1 '?u?a' --increment --increment-min 1 ~/md5 '?1?1'

Here is my opencl-info
Code:
❯ hashcat -D 1 --opencl-info
hashcat (pull/1273/head) starting...

OpenCL Info:

Platform ID #1
  Vendor  : NVIDIA Corporation
  Name    : NVIDIA CUDA
  Version : OpenCL 1.2 CUDA 8.0.0

  Device ID #1
    Type           : GPU
    Vendor ID      : 32
    Vendor         : NVIDIA Corporation
    Name           : GeForce GTX 1080 Ti
    Version        : OpenCL 1.2 CUDA
    Processor(s)   : 28
    Clock          : 1683
    Memory         : 2793/11172 MB allocatable
    OpenCL Version : OpenCL C 1.2
    Driver Version : 375.82

Let me know if there is anything I can try to help debug this.

Thanks!

RX VEGA unboxing

July 30, 2017, 3:46 am
$
0
0
https://www.youtube.com/watch?v=twkZz5WyVJs

Can't wait to see the benchmarks on that badboy.  

From what I have gathered the price will be around 900-1600 USD depending if you want the water-cooled version.
  • 14nm process node

  • 4 shader engines

  • 4,096 stream processors

  • 12.5 TFLOPS / 25 (FP16) TFLOPS

  • 64 render output units

  • 256 texture mapping units

  • 8 hardware threads

  • 2,048-bit memory interface

  • 8GB High Bandwidth Memory 2 (HBM2)




what hash type is this?

July 30, 2017, 8:58 am
$
0
0
I'm trying to find out what hash type this is, below is an example of the hash that I know the dehashed version but I wan't to know what hash type it is and what the salt is.

The hash is:
7oh34/rvgHo61oIlg/Cv97w8Hr0=

The value of the hash is: "password", and the possible salts are either "219836469" or "testuser" or maybe even both together.


Here are some other hashes that are the same hash type but I don't know the dehashed versions of those below:

XUA1dyZEhlfF/yaefNPU2K0G10w=
7z38eFF70WMmSXHppcS0guuD8Vc=
Fh+Z/cIItsbd2Ibk51RSVd1xLQQ=
0icoFs7vEEIGaCCj7OMyNbPG5QA=
U3thICYOsZ4qqE93NCubmFg+qPE=
aUTEjlpF/1rAvChFvUomiZIBGi4=
oCtPrqZhPa0oZQSAcZ9bXD3F87Q=
0XJhqyq03kYhPahjN602kdWn8sY=
5IQ6ehOBM+uNTkPo1Jde4//keIw=
2NMhO0EpsaQav/jtWKmlW73UAKk=
iU0lEZS+ClXrBq2Krt5bhHM3ICE=
DAQjTc758xuhAB2v4YKo6Wz906Y=
ujmRuImO22yvobA2fDDSlnc+9YQ=
KFj16Z3c1HiWvV6+XhLuxpjC+Ig=
U03m1Ymgd8v40dvdVT/Vg//CIAU=
Ia8sn3fenvN8brA08HP58Xu/2Tk=

Consult on server configuration for password cracking. Thank you all!

July 19, 2017, 7:57 pm
$
0
0
I have many 2007 versions of EXCEL documents that need to be cracked, so I'm planning to configure a password cracking server. Would you like to know if the following server configuration is reasonable? Do you have any better configuration suggestions? Thank you all!
cpu:Xeon e5-2665 X 2
Memory: recc ddr3 1600 32G
Graphics:nvidia 1080TI x4
Hard disk:SSD 250G

How do I extract the hashes from RAR documents on linux?

July 30, 2017, 11:21 pm
$
0
0
How do I extract the hashes from RAR documents on linux? Is there any software to use?
Search

Web server digest authentication.

July 31, 2017, 3:51 am
$
0
0
Hello, I'm trying to find a lost password for a piece of equipment. We were able to locate a file on the file system that contains the username, realm and password hash, it is in the following format:

admin:Acme Corp monitoring server:AAAAAAAAAABBBB12345
I believe this is called Digest authentication.

I also have access to a similar device in which I know the password. The relam and username are the same, if I MD5 the three together I come out with the correct hash for that piece of equipment. 

So what I would like to do is prepend "admin:Acme Corp monitoring server:" to a wordlist and then try brute force if that doesn't work.

First I thought a custom charset would be what I needed, I created a maskfile with the following contents:

Code:
admin:Acme Corp monitoring server:?a?a?a?a?a?a?a?a

This seems to work, at first it iterates through the username and realm then starts brute forcing, which is good, but I tried to use the "-i --increment-min=8" command because I know how long my test password it but it didn't seem to work.

Another problem I ran into was getting an output I tried changing the mask file to:

Code:
admin:Acme Corp monitoring server:P@ssw0r?a

Hashcat cracks it quickly but I can't see where in the output it gives the password it found, I checked the potfile but it gives me a hex output that doesn't convert into the password.

Any suggestions on where to go next would be helpful.

Running Windows 10 x64 hashcat 3.5.0

WPA2 crackstation

July 31, 2017, 12:09 pm
$
0
0
hello, i am going to build wpa2 crackstation. my budget for graphic cards is 1500 euros. which cards do you recommend? thanks

-m 11600 7z

July 31, 2017, 12:27 pm
$
0
0
Hello all,

Today i tried hashcat, and it shredded my VC container very nicely Smile

But when trying a .7z i struck an issue, i cannot crack it even though i know the password.

tools
win x 64b
cmd|color C
7z2hashcat (7z2hashcat64-1.1.exe)
hashcat (hashcat-3.6.0+274.7z)
7z v 9.20

Extract hash with 
"7z2hashcat.exe myarch.7z >>hash"

Create dictionary with the password insde dic.k (i use letters as .revisions)

"hashcat64.exe -m 11600 hash dic.k"

Code:
Session..........: hashcat
Status...........: Exhausted
Hash.Type........: 7-Zip
Hash.Target......: $7z$0$19$0$$8...1734e0
Time.Started.....: Mon Jul 31 20:50:58 2017 (1 min, 10 secs)
Time.Estimated...: Mon Jul 31 20:52:08 2017 (0 secs)
Guess.Base.......: File (dic.k)
Guess.Queue......: 1/1 (100.00%)
Speed.Dev.#1.....:        0 H/s (1.81ms)
Recovered........: 0/1 (0.00%) Digests, 0/1 (0.00%) Salts
Progress.........: 92/92 (100.00%)
Rejected.........: 0/92 (0.00%)
Restore.Point....: 92/92 (100.00%)
Candidates.#1....: dog -> cat
HWMon.Dev.#1.....: Fan:  0% Util:  0% Core:1000MHz Mem:1250MHz Bus:16


no success.
myarch.7z is then manually extracted with the same password successfully.



sometimes i crack myself up...

WPA2 Half-Handshake

August 1, 2017, 7:54 am
$
0
0
I'm interested in cracking router passwords using only the first two parts of the WPA2 4-way handshake. Something similar to WPA2-HalfHandshake-Crack but with hashcat. Is this currently possible with the hashcat WPA/WPA2 hash mode?

Thanks!

cap2hccapx

August 2, 2017, 12:23 am
$
0
0
Hey everyone!

On the website to convert cap2hccapx there is the option to otionally enter the ESSID.
What is it good for? Does it help to improve cracking speed?

Thank you .)
Rabbitz

DES KPA

August 2, 2017, 8:10 pm
$
0
0
I was wondering if it was possible to crack DES KPA generated the following way

Code:
#echo -n "1234567" | openssl enc -e -des-ecb  -a -nosalt -k a
KQxly2BIRZo=

#echo -n "KQxly2BIRZo="  | base64 -d | xxd
00000000: 290c 65cb 6048 459a                      ).e.`HE.

I was looking also looking at crack.sh but it requires a plaintext of 8 characters. And I don't understand this further.

Code:
#echo -n "12345678" | openssl enc -e -des-ecb  -a -nosalt -k a
Fgzr30dX4WjdSY+WC4uZfg==

Can someone help me understand this.

DES-ECB Numeric Key Search

August 2, 2017, 10:25 pm
$
0
0
I was wondering if I could conduct a numeric only search when using -m 14000 instead of searching through the entire keyspace?

Test Example (DES-ECB):
Key: 6891082025701013 (randomly made up)
PT: 4B0A161F0BAB3CD4
CT: B384B7B51C1D5073

If I run -m 14000 (CTTongueT) -a 3 -1 charsets/DES_full.charset --hex-charset ?1?1?1?1?1?1?1?1 -o cracked.txt -w 3, it is telling me it would take 3 weeks for a 100% search.

If I know the test key only uses numeric values that cuts the variables to 50^8 vs 128^8, a huge difference.
Search

mask attack with a max occurrence

August 3, 2017, 7:01 am
$
0
0
I'd like to run a mask attack wherein I know the length of a given password and also that there will be no more than 2 occurrences of a specific charset (i.e. certain symbols). What util or type of attack would help me limit the occurrence symbols in a mask attack? Thanks for any tips.

small difference asus & msi 1080ti founder edition

August 3, 2017, 7:23 am
$
0
0
When looking at the specs of the "geforce 1080ti founder edition" , I noticed some slight differences between brands but, I don't know what the impact is on performance


MSI GeForce GTX 1080TI Founders Edition 11GB
- freq : 1582mhz
- clockspeed : 1582 mhz
- PCI-e : 3.0x16

Asus GeForce GTX1080TI-11G Founders Edition
- freq : 1582 mhz
- clockspeed : 1480mhz
- PCI-e : 2.0x16


If there is difference and "if yes", which one should I choose?

(can I put both brands together when these specs are different?)

Thank you for any reply

tibit

Users with the same hash not in output

August 3, 2017, 8:19 am
$
0
0
Hello,

Please help. I have a list of hashes that I have cracked, but if two users have the same hash, the output file only lists one user. Commands I'm using are below, but can I get it to output with both users instead of missing them off?


hashcat64.exe -w 2 -a 0 -m 1000 --potfile-path 1234.pot --username --session 2134 -r ..\rules\rule1.rule -r ..\rules\rule2.rule 1234.txt ..\docs\wordlist.txt

hashcat64.exe --show -m 1000 --outfile-format 2 --potfile-path 1234.pot --username 1234.txt > hashoutput1234.txt


I have looked for an answer, but maybe I'm not understanding it when I see it, so can someone spell it out for me?

Cracking MySQL/MariaDB Hashes

August 3, 2017, 6:09 pm
$
0
0
I've been trying to crack some MySQL/MariaDB hashes with no success. Is there any recommendation for having a better chance at this? 

Also, are these options --increment-min=4 --increment-max=8 not supported again because hashcat threw out an error below.

Increment-min is only supported when combined with -i/--increment

3x boost to Titan Xp and Titan X(Pascal) with 385.12 Beta driver

August 4, 2017, 6:05 pm
$
0
0
Hello everyone!

I've been following and digging around this story for the past few days: https://www.reddit.com/r/nvidia/comments..._creative/

...but I can't seem to find any concrete details about what changed, to know whether it might somehow affect only 3D Studio Max and the likes or if indeed hidden extra computing performance got unlocked.

Is there by any chance someone with a Titan Xp or Titan XP who could please benchmark with this new driver? :-)

Best regards,

K
Viewing all 8174 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>