Quantcast
Channel: hashcat Forum - All Forums
Viewing all 8174 articles
Browse latest View live

Hashcat and itunes backup 10+ (-m 14800) vs itunes backup recover tools

October 24, 2017, 6:13 am
$
0
0
I want to ask you guys something,

why some tools, like iphone backup unlockers, can try something like 4k pw's/second  and with hashcat only 0 or 1 H/second? 

Thank you!
Search

KFA2 1080 ti low utilization

October 24, 2017, 9:45 am
$
0
0
Hello. I have KFA2 1080 ti HoF video card.

That the problem: when I run hashcat, utilization ~ 30%. If in that time I run any 3D game - hashcat utilization ~90%. When game is closed - utils 30%.

If I start any online video, hashcat utilization ~90%. If I pause video, utilization drops till 30% again.

If I start offline video player, like Media Player Classic(even if paused video) - hashcat utilization ~ 90%.

What does it means? How to solve problem?

Sorry, if the same question was before.

kwprocessor on Windows - Unexpected results

October 24, 2017, 1:52 pm
$
0
0
This is the first time I've attempted to use kwprocessor on Windows, and it's not something I heavily use anyway, so I might be doing something wrong. However, it seems like the results are either truncated or missing completely (truncated to 0). 

The following screenshot might give a better idea. Exactly the same commands, but the one on top is using Bash on Windows to run kwp, the bottom is using kwp64.exe (same results encountered with kwp32.exe). The first command (2-to-10-max-3) returned ~40,000 rows when running under "linux", but only 511 rows on Windows. The second command (4-to-4-exhaustive) returns 1,780 rows on linux, 0 on Windows.

https://i.imgur.com/emzaexD.png

It seems like there's a problem here. Does anyone see something I'm doing wrong? Does anyone else have the same issues? All binaries were downloaded as of today (24 Oct, kwprocessor v1.0 - https://github.com/hashcat/kwprocessor/releases)

rar hash code

October 24, 2017, 6:33 pm
$
0
0
100 RAR hash code, 8-bit full character is a comparison? Or is there a 100 comparison  and MD5 is the same as the password mode?

hash code GUI ???

October 24, 2017, 8:16 pm
$
0
0
Document, compressed file type convert hash code code, whether there is a GUI

Sanity check: "Must include chars" ruleset

October 25, 2017, 6:52 pm
$
0
0
I lost a blockchain wallet password. I know the beginning (abc) and I am quite sure that it includes certain characters (123), I'm just not sure where those certain characters are located...at all.

I have the known abc + 7 unknown and within that 7 unknown  the chars 1,2,3 must be included.
Is the following the best way to attack this, or is there a better way?

Code:
mp64.bin -1 123 abc?1?1?1?a?a?a?a | hashcat -m 12700 -w3 blockchain.hash swap.rule

swap.rule:
*76
*75
*74
...
*76*65
*76*64
...
*73*56*13*32*41*17*37
...and so on.


I'm thinking if I can find a pattern with rules that will create duplicate outcomes, then I can write a script to remove those entries, but I am also unsure if that's really going to speed things up at all.

Basically, what I need is something similar to the reject rules, but I need it to work without wordlists.

New Cracking Build Feedback

October 25, 2017, 8:12 pm
$
0
0
Hello all, 
I was wondering if I might get some feedback on what you guys think about this build. The purpose of this build will be for hashes , wpa cracking, and maybe used down the road for pentesting plus some lab stuff for certs. I plan on loading kal!-linux on it and running some vmware stuff . The main purpose is for hashes , and wpa cracking. 

Would this be some good hardware to use or is there a cheaper way to go? 

1. MSI Enthuastic Gaming Intel Z170A LGA 1151 DDR4 USB 3.1 ATX Motherboard (Z170A Gaming M3)

2. Intel Core i5 6600K 3.50 GHz Quad Core Skylake Desktop Processor, Socket LGA 1151, 6MB Cache (BX80662I56600K)

3. Corsair Vengeance LPX 16GB (2x8GB) DDR4 DRAM 2400MHz C16 Desktop Memory Kit - Black (CMK16GX4M2A2400C16)

4. Gigabyte GTX 1050 Ti Windforce OC 4GB GDDR5 128-bit PCI-E Graphic Card (GV-N105TWF2OC-4GD) 

5. Cooler Master Hyper 212 EVO RR-212E-20PK-R2 CPU Cooler with 120mm PWM Fan

6.EVGA 1000 GQ, 80+ GOLD 1000W, Semi Modular, EVGA ECO Mode, 5 Year Warranty, Power Supply 210-GQ-1000-V1

7. WD Blue 1TB SATA 6 Gb/s 7200 RPM 64MB Cache 3.5 Inch Desktop Hard Drive (WD10EZEX)

8. Corsair Carbide Series 100R Mid Tower Case


Now for the Gigabyte GTX 1050 Ti would that be a good starting choose or is there other type of card i should look into? I'm trying to keep this build cheap since I just had a baby couple months back. Down the road if this card is good I might buy other one since they are less then $200 


Let me know what you think I'm trying to buy these parts this weekend. If you guys think there's a better deal let me know.

Thanks, 

Efficient way to crack 8 chars passwords

October 26, 2017, 6:59 am
$
0
0
Hello folks,

I'm looking for an efficient way to crack ~700 hashs of DES crypt (hash-mode = 1500).
(cracking power for this task: hashcat runs on 3 old GPUs. In wordlist+rules mode, it gets ~400MH/s.)

Knowledge
All passwords are 8 characters long.
In addition, they use at least 3 types from the following:
- lowers
- uppers
- digits
- specials

Issue
I tried using my favourite wordlist+rules but the workload will contain a lot of candidates which are not valid (because not exactly 8 characters long).
A pure bruteforce seems not effective since they use a wide range of characters.

Experiments
In order to reduce the workload to 8 chars long candidates, I tried something like:

Code:
mkfifo grepHashcat
./hashcat64.bin -r all.rules--stdout wordlist.txt | grep '^.\{8\}$' > grepHashcat &
./hashcat64.bin --username -m 1500 hashlist.txt < grepHashcat

Using this solution, it is not possible to see the estimated time so it is not possible to adjust rules and wordlist.

I also tried to create a rule file containing "_8" to reject all candidates not equal to 8 characters.
But it seems not possible to apply this rule after applying all.rules in order to reject candidate and not plain.

Question
Do you know any solution in order to efficiently reduce the workload based on what we know from the plain text passwords?

Many thanks,

id417
Search

Plz help for MD5(sal1.PASSWORD.salt2)

October 26, 2017, 9:26 am
$
0
0
Hello
i have a password crypted by this fonction

Code:
MD5(sal1.PASSWORD.salt2)

There any way to crack it?
Thx in advance.

Nvidia GT1030 Benchmark Results ???

October 26, 2017, 12:51 pm
$
0
0
Hello Friends. Maybe someone have this video card. Can you test it, and write the result here. I think many people would be interested . Sorry for my English ))

Help with -m7100 (OS X) cracking?

October 26, 2017, 3:21 pm
$
0
0
I am a newbie to hashcat, so I apologize in advance. 

I am currently trying to crack a password hash in the OSX v10.8+ (PBKDF2-SHA512) format.

I am using the command (I am on Apple/Mac) 
Code:
./hashcat -m 7100 hash.txt rockyou.txt


This returns:
 Signature unmatched
Parsing Hashes: 0/11 (0.00%)...No hashes loaded.

I have tried the code:
Code:
./hashcat -m 7100 -a 0  hash.txt rockyou.txt


As well as many others. Please help! I'm stuck.

do hashcat-utils use the gpu's?

October 19, 2017, 12:36 pm
$
0
0
Hi there - I've been tinkering with hashcat for a few weeks now.  I'm interested in using the combinator3 function within the hashcat-utils package.  I was able to get it to work, but it is incredibly slow.  Something tells me it is not using the GPUs.

I decided to pivot back to the normal hashcat tool and performed the combinator attack using just 2 out of the 3 files.  This works, but I would also like to receive an output of the password candidates and that isn't going very well.

so, 2 questions:
1. Is there a way to ensure the combinator3 is using the gpus i have on-board...?

2. how do i get hashcat to output the pw candidates to a text file?  

Thanks!

hashcat v4.0.0

October 27, 2017, 8:17 am
$
0
0

Welcome to hashcat 4.0.0 release!


This release deserved the 4.x.x major version increase because of a new major feature:

Added support to crack passwords and salts up to length 256

Internally, this change took a lot of effort - many months of work. The first step was to add an OpenSSL-style low-level hash interface with the typical HashInit(), HashUpdate() and HashFinal() functions. After that, every OpenCL kernel had to be rewritten from scratch using those functions. Adding the OpenSSL-style low-level hash functions also had the advantage that you can now add new kernels more easily to hashcat - but the disadvantage is that such kernels are slower than hand-optimized kernels.

The OpenCL kernels from 3.6.0 were all hand-optimized for performance. No worries - these kernels still exist, and can be explicitly requested with the new -O (optimized kernel) option. This configures hashcat to use the optimized OpenCL kernels, but at the cost of limited password length support (typically 32).

Added self-test functionality to detect broken OpenCL runtimes on startup

Another important missing feature in the previous hashcat version was the self-test on startup. Some (mostly older) OpenCL runtimes were somewhat buggy (thanks to NV and AMD) in ways that created non-working kernels. The problem was that the user didn't get any error message that clarified the reason for the problems. With this version, hashcat tries to crack a known hash on startup with a known password. Failing to crack a simple known hash is a bulletproof way to test whether your system is set up correctly.

Added hash-mode 2501 = WPA/WPA2 PMK

This mode was added to run precomputed PMK lists against a hccapx, like cowpatty did (genpmk). You still have to precompute the PMK. Please use wlanhcx2psk from hcxtools to do so.

Improved macOS support

The evil "abort trap 6" error is now handled in a different way. There is no more need to maintain many different OpenCL devices in the hashcat.hctune database.


Download here: https://hashcat.net/hashcat/


Features:
  • Added support to crack passwords and salts up to length 256
  • Added option --optimized-kernel-enable to use faster kernels but limit the maximum supported password- and salt-length
  • Added self-test functionality to detect broken OpenCL runtimes on startup
  • Added option --self-test-disable to disable self-test functionality on startup
  • Added option --wordlist-autohex-disable to disable the automatical conversion of $HEX[] words from the word list
  • Added option --example-hashes to show an example hash for each hash-mode
  • Removed option --weak-hash-check (zero-length password check) to increase startup time, it also causes many Trap 6 error on macOS

Algorithms:
  • Added hash-mode 2500 = WPA/WPA2 (SHA256-AES-CMAC)
  • Added hash-mode 2501 = WPA/WPA2 PMK

Bugs:
  • Fixed a buffer overflow in mangle_dupechar_last function
  • Fixed a calculation error in get_power() leading to errors of type "BUG pw_add()!!"
  • Fixed a memory problem that occured when the OpenCL folder was not found and e.g. the shared and session folder were the same
  • Fixed a missing barrier() call in the RACF OpenCL kernel
  • Fixed a missing salt length value in benchmark mode for SIP
  • Fixed an integer overflow in hash buffer size calculation
  • Fixed an integer overflow in innerloop_step and innerloop_cnt variables
  • Fixed an integer overflow in masks not skipped when loaded from file
  • Fixed an invalid optimization code in kernel 7700 depending on the input hash, causing the kernel to loop forever
  • Fixed an invalid progress value in status view if words from the base wordlist get rejected because of length
  • Fixed a parser error for mode -m 9820 = MS Office <= 2003 $3, SHA1 + RC4, collider #2
  • Fixed a parser error in multiple modes not checking for return code, resulting in negative memory index writes
  • Fixed a problem with changed current working directory, for instance by using --restore together with --remove
  • Fixed a problem with the conversion to the $HEX[] format: convert/hexify also all passwords of the format $HEX[]
  • Fixed the calculation of device_name_chksum; should be done for each iteration
  • Fixed the dictstat lookup if nanoseconds are used in timestamps for the cached files
  • Fixed the estimated time value whenever the value is very large and overflows
  • Fixed the output of --show when used together with the collider modes -m 9710, 9810 or 10410
  • Fixed the parsing of command line options. It doesn't show two times the same error about an invalid option anymore
  • Fixed the parsing of DCC2 hashes by allowing the "#" character within the user name
  • Fixed the parsing of descrypt hashes if the hashes do have non-standard characters within the salt
  • Fixed the use of --veracrypt-pim option. It was completely ignored without showing an error
  • Fixed the version number used in the restore file header

Improvements:
  • Autotune: Do a pre-autotune test run to find out if kernel runtime is above some TDR limit
  • Charset: Add additional DES charsets with corrected parity
  • OpenCL Buffers: Do not allocate memory for amplifiers for fast hashes, it's simply not needed
  • OpenCL Kernels: Improved performance of SHA-3 Kernel (keccak) by hardcoding the 0x80 stopbit
  • OpenCL Kernels: Improved rule engine performance by 6% on for NVidia
  • OpenCL Kernels: Move from ld.global.v4.u32 to ld.const.v4.u32 in _a3 kernels
  • OpenCL Kernels: Replace bitwise swaps with rotate() versions for AMD
  • OpenCL Kernels: Rewritten Keccak kernel to run fully on registers and partially reversed last round
  • OpenCL Kernels: Rewritten SIP kernel from scratch
  • OpenCL Kernels: Thread-count is set to hardware native count except if -w 4 is used then OpenCL maximum is used
  • OpenCL Kernels: Updated default scrypt TMTO to be ideal for latest NVidia and AMD top models
  • OpenCL Kernels: Vectorized tons of slow kernels to improve CPU cracking speed
  • OpenCL Runtime: Improved detection for AMD and NV devices on macOS
  • OpenCL Runtime: Improved performance on Intel MIC devices (Xeon PHI) on runtime level (300MH/s to 2000MH/s)
  • OpenCL Runtime: Updated AMD ROCm driver version check, warn if version < 1.1
  • Show cracks: Improved the performance of --show/--left if used together with --username
  • Startup: Add visual indicator of active options when benchmarking
  • Startup: Check and abort session if outfile and wordlist point to the same file
  • Startup: Show some attack-specific optimizer constraints on start, eg: minimum and maximum support password- and salt-length
  • WPA cracking: Improved nonce-error-corrections mode to use a both positive and negative corrections

Technical:
  • General: Update C standard from c99 to gnu99
  • Hash Parser: Improved salt-length checks for generic hash modes
  • HCdict File: Renamed file from hashcat.hcdict to hashcat.hcdict2 and add header because versions are incompatible
  • HCstat File: Add code to read LZMA compressed hashcat.hcstat2
  • HCstat File: Add hcstat2 support to enable masks of length up to 256, also adds a filetype header
  • HCstat File: Renamed file from hashcat.hcstat to hashcat.hcstat2 and add header because versions are incompatible
  • HCtune File: Remove apple related GPU entries to workaround Trap 6 error
  • OpenCL Kernels: Added code generator for most of the switch_* functions and replaced existing code
  • OpenCL Kernels: Declared all include functions as static to reduce binary kernel cache size
  • OpenCL Kernels: On AMD GPU, optimized kernels for use with AMD ROCm driver
  • OpenCL Kernels: Removed some include functions that are no longer needed to reduce compile time
  • OpenCL Runtime: Fall back to 64 threads default (from 256) on AMD GPU to prevent creating too many workitems
  • OpenCL Runtime: Forcing OpenCL 1.2 no longer needed. Option removed from build options
  • OpenCL Runtime: On AMD GPU, recommend AMD ROCm driver for Linux
  • Restore: Fixed the version number used in the restore file header
  • Time: added new type for time measurements hc_time_t and related functions to force the use of 64 bit times

- atom

Empty PDF password

October 27, 2017, 9:26 am
$
0
0
Hi there,

I use hashcat for a long time, but today I was taken by surprise. There is a PDF hash found by pdf2john:
$pdf$2*3*128*-1340*1*16*c9fc2…

The document is free to open, but password protected to make changes in it. Ok, I started hashcat with -m 10500 hashtype. The following message appeared:

INFO: All hashes found during weak hashes check! Use --show to display them.

That’s good. But there is no password in the results file: just a new line character at the end. Looks like the password is empty (could it be really?). I have tried to change document’s security settings in Acrobat Pro, but unsuccessfully. It refuses to accept empty password for the document.
Also I’ve tried to start john with this hash, and got the same output – empty password. Looks like the password is really empty, but I can’t use it in Acrobat for some reason.


There is a linux tool qpdf to remove passwords from PDF files. I’ve run it with the command:

qpdf in.pdf out.pdf --decrypt --password=’’

, and got a decrypted file!
Have you ever seen the empty PDF passwords? Is there any way to force Acrobat to accept it?
 
I didn’t tell the full PDF hash according to the forum rules. If anybody wants to check it, please tell me there.
Thanks!

A custom php algorithm in hashcat?

October 27, 2017, 9:28 am
$
0
0
I'm trying to crack passwords on hashcat but this is the algorithm in php and I'm not sure how I can use this in hashcat:

function pass2($password, $id) {
    $key = "r2chYO214w>1a32";
    $hash1 = sha1($password, true);
    $hash2 = $hash1 ^ sha1($id . $key . sha1($hash1, true), true);
    return base64_encode($hash2);
}

So my question is how exactly do I get to crack passwords on hashcat using this algorithm, please help.
Search

Help with KeePass and Hashcat

October 27, 2017, 9:29 pm
$
0
0
Hello,

TLDR; Non tech guy can't login to his keepass database and trying to crack the password.

Just few days ago I started using password manager which is Keepass and I created new database and changed all my password to Keepass hashed passwords. After the day Keepass database just won't open. Keep saying "The composite key is invalid". I know my password is correct. I've checked my password double, triple times. I don't want to lose my 100++ accounts. Which is most of them unable recover. So that brings me here to crack the password. No key or backup created. Any help with how to use the this program and can provide would be greatly deeply appreciated.

Plz help with iTunes encryption

October 28, 2017, 1:20 am
$
0
0
I need a lot of help with iTunes password recovery.  I have the manifest pst but cant do anything more.  My vindictive ex-wife changed my password, and now encrypted, so i cant back up any of my devices.
i have tried to install Hashcat, but errors come up.  I have managed to postpone court documentation until after Xmas, so i do have a little extra time now to gain access.
Currently trying Brute-force, but 16Billion passwords later, still going on 6 characters.
If someone can PM me for further details.
I really really need this help.

Benchmark selection

October 28, 2017, 4:03 am
$
0
0
According to this github issue: https://github.com/hashcat/hashcat/issues/1411

The plan is to split the benchmark into a shorter one, with selected modes and a complete one. 

The question is, which mode is worth to be added to the selected one?

Let me do a start what I think people use most often:
  • MD5 (a nice way to show hashcats optimized kernels on a algorithm level due to partial reversal)
  • SHA1 (the home of many famous leaks: linkedin etc)
  • NTLM (what pentesters live on)
  • WPA2 (good for comparison with aircrack-ng, pyrit, ... users)
  • phpass (GPU friendly KDF used by largest web software like wordpress, joomla, phpbb)
  • NetNTLM (good for comparison with cain users)
  • vBulletin (good for comparison with hash manager users)
  • Kerberos (becomes a more important role in modern pentest scene)
  • DPAPI (becomes a more important role in forensics scene)
  • DEScrypt (still imporant in .htaccess)
  • md5crypt (still used in many embedded devices)
  • bcrypt (most used kdf using blowfish)
  • sha512crypt (today standart for linux auth)
  • OSX v10.8+ (today standart for OSX auth)
  • 7-Zip (important for forensics)
  • RAR3 (good for comparison with crark)
  • RAR5 (important for forensics)
  • TrueCrypt (good for comparison with truecrack)
  • KeePass (most requested free and open-source password manager)
  • LastPass (most requested proprietary password manager)
  • Bitcoin/Litecoin wallet.dat (most used wallet)

Please add the modes you think should be added, but more important, add a reason as I did so we can discuss it.

Dictionary character limit?

October 28, 2017, 4:22 pm
$
0
0
Hey all,
Was just wondering if hashcat has an input/dictionary character limit?  

My dictionary only contains one line - a string that is 536 chars long, and I am trying to run the hybrid+mask attack (a6).  I've tried everything I can think of, but when I run it I get this result:

> hashcat64 -m 100 -a 6 hashtarget string ?a?a?a?a

results in:

Dictionary cache built:
* Filename..: string
* Passwords.: 1
* Bytes.....: 537
* Keyspace..: 0
* Runtime...: 0 secs

The wordlist or mask that you are using is too small.
This means that hashcat cannot use the full parallel power of your device(s).
Unless you supply more work, your cracking speed will drop.
For tips on supplying more work, see: https://hashcat.net/faq/morework

Approaching final keyspace - workload adjusted.

Session..........: hashcat
Status...........: Exhausted
Hash.Type........: SHA1
Hash.Target......: d490335ecf40a4d2602d0910f40371f5d56e472b
Time.Started.....: Sat Oct 28 17:19:16 2017 (0 secs)
Time.Estimated...: Sat Oct 28 17:19:16 2017 (0 secs)
Guess.Base.......: File (string), Left Side
Guess.Mod........: Mask (?a?a?a?a) [4], Right Side
Guess.Queue.Base.: 1/1 (100.00%)
Guess.Queue.Mod..: 1/1 (100.00%)
Speed.Dev.#2.....:        0 H/s (0.00ms)
Recovered........: 0/1 (0.00%) Digests, 0/1 (0.00%) Salts
Progress.........: 0
Rejected.........: 0
Restore.Point....: 0
Candidates.#2....: [Copying]
HWMon.Dev.#2.....: Temp: 62c Fan: 24% Util: 54% Core:1265MHz Mem:3505MHz Bus:16

--- So it says it's loading (string) on the left side, and doing a mask on the right side, but nothing happens...

Appreciate any help or guidance you can give! Big Grin
-Cheers.

p3.16xlarge (8xV100) benchmarks (clickbait)

October 29, 2017, 4:01 am
Viewing all 8174 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>