Quantcast
Channel: hashcat Forum - All Forums
Viewing all 8095 articles
Browse latest View live

Hashtopussy and Network Switches

February 2, 2018, 11:26 am
$
0
0
Hi,

has anyone cobbled up a 20+ PC cluster before?

I assume that most routers will only have space for 5 ports, how to expand this? Is a router compatible with a network switch?

Sorry all I'm new to all this and want to get my first hashtopussy cluster correct without any hitches.
Search

Hashtopussy Installation Manual

February 2, 2018, 11:28 am

--markov-disable and HCstat file

February 3, 2018, 2:35 am
$
0
0
Hi there,

I've tried to search the forum and I've even made a quick search in the code but I couldn't find the answer to the question: "Why is HCstat file required even when using parameter --markov-disable?". 

I get the general idea of Markov chains and why I need statistics of some corpus there but I kinda don't get the need of the file when I'm disabling the feature. Is there smth like defined charsets or something like that in it?

Haschat cracked a password but how can I print out it?

February 3, 2018, 5:42 am
$
0
0
In a previous session I found a password... every time that I start hashcat on these passwords appears me that 1/39 password was previously found but I can't remember what password.... There is a way to print out that 1/39 cracked password again? Thank you

Enpass password recovery supported?

February 3, 2018, 8:33 am
$
0
0
I'm just trying to figure out if this is an issue with support for Enpass, or relates to enpass's dB schemes or my hardware. My gpu isn't supported, since it's a 660ti. (enpass mentions the old opencl version is no longer supported) I tried getting the cpu working with the intel driver for opencl, but I don't have onboard graphics on hedt.

Are there any other password recovery tools that might be faster than John the Ripper, for cpu based recovery?

Hashtopussy Mask Attack

February 3, 2018, 10:14 am
$
0
0
How to use mask attack when using hashtopussy?

hash-encoding exception

February 3, 2018, 1:45 pm
$
0
0
So I've tried quite hard different things, found out lots I was messing up and every step has gotten me closer to figuring this out. I have a salted md5 hash string looks like 12345678123456781234567812345678:123
(32 characters in first string, 3 salt)

First I realized I encoded txt files incorrectly as ANSI instead of Unicode, as I had googled and saw someone else have similar issue, however now I am trying and instead of a line-exception error I am getting this error 

Hashfile 'hash.txt' on line 1 ( ■8): Hash-encoding exception
No hashes loaded.

now if I put the txt files as UTF-8 encoding (because it was difficult for me to find google or forum result dealing with unicode/utf-8 encoding on txt file, so trial and error) it lists the whole hash correctly with strange chars at the start:

Hashfile 'hash.txt' on line 1 (12345678123456781234567812345678:123): Hash-encoding exception
No hashes loaded.

Perhaps I have not found the correct hash type I'm using, I assume it's the mode then that's the problem then?

-m 10 -a 3 -o [output] [input] [wordlist]

can anyone point me in the right direction of what I should be looking for? Also should my txt files be utf-8 or  unicode? And what kind of hash is that example string I gave above?

EDIT: So I double checked the string examples on the wiki, I realized I didnt scroll far enough downt o notice that this hash type looks like vbulletin, which would make sense. I am now using -m 2611, and receiving the same error, no difference.

USER:HASH

February 3, 2018, 3:28 pm
$
0
0
Hello this has possibly been asked but I am asking because I cannot find a straight answer.

I have a list I made

NAME:MD5HASH
NAME:MD5HASH
NAME:MD5HASH
NAME:MD5HASH

what I want to do is 

is run a wordlist.dic on the MD5HASH only. 

and when it finds the MD5HASH it will replace the MD5HASH with Word from .dic

so 

NAME:CrackedPW
NAME:CrackedPW
NAME:CrackedPW
NAME:CrackedPW


when it finds them. it will save both NAME:CrackedPW to a crackedpwl.txt I have a 260 GB PWL, so there is no question about finding or not finding the hash. 
if anyone knows the command please post it or a video or a link to this topic thanks. 

but I honestly need to save this command to a BAT file. or at least to my external. 
any information please post me some information
Search

Dash/Bitcoin-core, AWS p3.2xlarge mask attack

February 4, 2018, 7:04 am
$
0
0
Hi everyone,

First post, first crack project, although have already spent quite some time of this so should be able to skip to the chase:
  • Dash coin / bitcoin-core wallet.dat hash crack
  • Hash already extracted, so using mode 11300 with Hashcat
  • Most likely password form represented as mask 
    Code:
    ?u,?l,?d,?1?2?3?2?3?2?2?2?2
  • This is, unfortunately, 9 characters, so starts to enter the zone of unfeasibility...
  • Previous attack phase was based around typo options using btcrecover, no luck
  • Next phase is a Hashcat mask attack on AWS using p3.2xlarge (at first, at least)
  • This mask gives us a total combinations of 
    Code:
    803,181,017,600
  • p3.2xlarge gives us a hash rate of 
    Code:
    19,485 H/s
  • This works out at worst-case performance of 
    Code:
    803181017600 / 19485 / 60 / 60 = 11,450.132831 hours = 1.3 years
  • That also results in a worst-case cost of 
    Code:
    ~12,000 * $3.06 = ~$36,0000
    (on-demand instances)
  • As far as I can see with AWS, prices scales basically linearly with the P3 types, so it's only possible to buy time this way (total cost is equivalent)
  • The amount in the wallet is large, but not astronomical. It still justifies a fairly decent investment at this stage, although $36,000 is not justifiable
Reason for the post is to appeal to more experienced users who might be able to suggest something we might be missing here, or some glaring error in our calculations. 
  • Currently the only possible adjustment would be to bid for spot instances on AWS. The marketing claims we could save 90%, which would bring the brute-force down to a tolerable cost of ~$4,000
  • However, it seems like this would add a lot of complication, since we would need to script the cracking run to work on-demand (instead of running constantly). This is certainly do-able, just requires a fair bit of margin of error, unless I'm misunderstanding how spot instances work
  • We already tried to request a p3.16xlarge, but were denied it for the time being. p3.16xlarge on spot instance pricing seems like it might be worthwhile, although I haven't done the calculations
I hope that was enough detail and someone will be able to point out something obvious that we're missing. Fingers crossed and thanks in advance!

combinator + rule

February 4, 2018, 2:01 pm
$
0
0
Hello Folks,

I am trying to achive Format: catdog33 (2 words from 2 combined lists + rule modifier for the 2nd combined list)

combi.dict:
Code:
cat
dog


combi.rule:
Code:
:
$0 $0
$1 $1
$2 $2
$3 $3

combi.hash:
Code:
catdog33


I am using:
Code:
hashcat64.exe -m 99999 -a 1 combi.hash combi.dict combi.dict -k combi.rule

but it seems to ignore the combi.rule fully. For what I have read in the wiki, it says for -a1 combi attack its possible to use -k for the second dict, however like said it seems to get ignored.

Anythings wrong here ?

mask attack issue

February 4, 2018, 8:51 pm
$
0
0
So when i run a mask attack incrementivley (using -increment) it seems to only give output when it has exhausted passwords of length x. this seems to be intentional, but i wonder if there is a way to override this and give output every 10 sec? thanks!! Big Grin

quick SBC opinon

February 4, 2018, 8:56 pm
$
0
0
Whats, in your opinion, the best single board computer (raspberry pi, tinker board, etc) to use Hashcat on. Please consider price and performance.

Bitlocker

February 5, 2018, 1:50 am
$
0
0
hi,
i know that hashcat yet support bitlocker  decryption.

i have found this https://github.com/e-ago/bitcracker guy who did manage to create a tool which allow u to attack bitlocker hdd.

maybe its possible to implement this into hashcat ?

PCIe transfer compression and OpenCL kernel

February 5, 2018, 8:18 am
$
0
0
While trying to find the cause of the performance loss of WPA in version 4.x discussed in this thread https://hashcat.net/forum/thread-7251.html we found the root of the problem and were able to build a solution.

This solution base on a new technique to copy the data from the host system to the GPU memory, thus this post.

The problem was introduced while increasing the maximum password length from 64 (in theory, in reality 16-55) to 256 (always). The data type which holds a single password candidate increased from 68 byte to 260 byte. While we transfer the data it blocks the GPU from compute. In other words: The larger the buffer we want to transfer the longer it takes to copy data. The longer it takes to copy the data the less busy the GPU is. The less busy the GPU is the slower the cracking is.

The increase of 200 byte per password candidate doesn't sound very much but it actually is a lot. To give you some numbers and a feeling on how this affects the performance, here's an example: My GTX1080 (cracking WPA) did ~360kH/s with v3.40 and now does ~300kH/s. This is a 20% loss! It is imporant to note that this GTX1080 is connected via PCIe extender and therefore only gets x1 PCIe multiplier (instead of x16 multiplier if connected directly to the mainboard).

So what to do? We can't just roll back because we want to support long passwords but we also wont tolerate the drop in speed. What about a special compression function? The goal is to transfer less data via PCIe by compressing the "padded data" of each candidate. On average a password candidate only uses 8 byte of the 260 byte that are transfered, the rest is padded with zeros which in turn wastes 252 byte. It would therefor make sense to get rid of the extra zeros, like for example with some kind of "compression" algorithm.

I've designed and implemented such a compression function on both the host and the GPU. Instead of writing the candidates into a huge buffer that is pre-aligned for cracking tasks, it copies the candidates onto a stream (which is still aligned but only to 4 byte), while maintaining an index table at the same time in an extra buffer. This way we have to copy two buffers, but they are (when add together) much smaller than the single huge one (the padded one). But then, for the cracking kernel, to work optimally and as fast as possible, it still needs to access the password candidates in an aligned fashion (with the padded zeros). To achieve this I implemented a new "decompression" kernel which runs on the GPU side and is called after both buffers have been copied but before the actual cracking kernel starts. This kernel reads the index table and the password candidate stream and rebuilds that one huge padded password candidate buffer. Since this action is done completely ony the GPU (buffer reads and writes) no data is transfered via PCI-Express and achieves a very high decompression speed since it can be parallelized perfectly.

The results look as following:

MD5:
  • v4.0.1 -> v4.1.0 (750Ti @ pci x16): 5.31 MH/s -> 6.82 MH/s +  28%
  • v4.0.1 -> v4.1.0 (1080  @ pci x1):  1.47 MH/s -> 8.45 MH/s + 574%

Wordpress:
  • v4.0.1 -> v4.1.0 (750Ti @ pci x16):  805 kH/s ->  839 kH/s +   1%
  • v4.0.1 -> v4.1.0 (1080  @ pci x1):  1.21 MH/s -> 3.86 MH/s + 319%

WPA:
  • v4.0.1 -> v4.1.0 (750Ti @ pci x16):   60 kH/s ->   61 kH/s +   1%
  • v4.0.1 -> v4.1.0 (1080  @ pci x1):   298 kH/s ->  357 kH/s +  17%


As you can see, this change has a very large effect on PCIe x1, but also some gains on PCIe x16. 

Of course it works with all hash-modes in combination with dictionary based attacks, not just the three hash-modes in the example.

- atom

Help with spaces and rules

February 5, 2018, 5:02 pm
$
0
0
Guys and Gals I´m pretty new to hashcat and this community and I´m needing some help
I´m trying to make a rule to add a plain space after a wordlist in a way i can have a word and some numbers separated by a space.
So instead of having for example the word blah01 I´m looking for blah 01
The question is pretty silly but I didn´t have any success in doing a rule to append a plain space character.
How can i do that? Since I´ve tried $" " and $  with a space after and Hashcat returns a syntax error.
Anybody can help me?

Thanks in advance.
Search

TXT4List app code

February 5, 2018, 5:16 pm
$
0
0
Guys and Gals....
Since I´m from another country and have Portuguese as my first language, I was looking for Portuguese wordlists and become A little frustrated with what I´ve found. I decided that a good way to make good word lists in Portuguese is to change some .txt books (in portuguese) to a wordlist... after much time seeking an app to do that I found some python scripts that didn´t work for me. Then since I know how to program a little in Lua language I made a short code that worked well for me. Of course the final lists have a lot of garbage and the code needs a lot of improvement in a way that we can have cleaner lists, but it helped me a lot and I believe it will also help people looking for the same thing that I was needing.
Give it a try...
Feel free to improve my code and suggest positive modifications.

Code:
--This program converts any text in txt format to a wordlist

local open = io.open
local function read_file(path)
   local file = open(path, "rb") -- r read mode and b binary mode
   if not file then return nil end
   local content = file:read "*a" -- *a or *all reads the whole file
   file:close()
   return content
end

local s = read_file("MyText.txt"); --Replace the name with your .txt file
for w in s:gmatch("%S+") do print(w)
file = io.open("List.txt", "a") --This will be the final list
file:write(w, "\n")
file:close()
end
--Written by Azimuth7 in Lua language

How to change password length (min/max)

February 5, 2018, 5:25 pm
$
0
0
Hello, this is the first time I am using Hashcat so sorry if this ends up being a "noob" question. I got everything setup to try and crack an iTunes backup password and it is running, but very slowly. I used this guide to get the hash, and then followed this guide to get the command setup. Below you will see the command I used. I noticed that its set to try and crack passwords 0-256 char in length. I would like to change that to 8-14, alpha numeric without symbols. I have searched all over the web on how to change this, but can't seem to get the syntax right. I would really appreciate if someone could help me with this small part. Then I can try it again and hopefully it will reduce the amount of time (currently 7 years) down to something more reasonable like a few weeks.

[Image: 1.png?access_token=1!IZLhkUoBYUbd-NfwFWW...ion=1.28.1]

Thanks for any help the community can provide!

Already known areas of hash

February 5, 2018, 6:44 pm
$
0
0
So lets say i have a password: test##123

I KNOW that there are 2 #'s in the middle


how can i make it so that there will always be 2 #'s in the guesses. 


Yeah i could use a rule, but im using MASK ATTACK, and it wont let me use a rule 

So please, is there any way I can do this?

[Maskprocessor] Guidance for a Hopeful Newb Contributor

February 5, 2018, 8:37 pm
$
0
0
Dobray notes! (Hello!)

I modified the source of mp64.c to be able to specify how many times a certain charset will appear (max or exact) in the generated output regardless of position. Eg: EXACT: 1 symbol, 2 lowers, 0 numbers ?a?a?a?a?a?a will give outputs with exactly 1 symbol, 2 lowers, 0 numbers and 3 uppers, but the order does not matter.


The function is run at the the end and is basically an 'exclude' filter. I am positive my code could be made faster. However, when used with rules in hashcat, this is not the bottleneck (at least on my hardware).

I understand this is super-trivial to implement, yet I have not seen it implemented.

How do I go about submitting this to the devs? Do they/anyone else care about this? What work needs to be done to make this good enough to be incorporated?

Attached is my raw source. I also have a "save every N number of tries" function in there. This makes it easier to save progress when piping into hashcat. Again, trivial, but I couldn't find it anywhere else.

.txt   mp.txt (Size: 31.79 KB / Downloads: 1)

Already an instance running on pid 5

February 5, 2018, 11:13 pm
$
0
0
Dear All,

I make a mistke that ctrl + C when i doing a hashing. That is always show me the message "Already an instance running on pid 5" so i can not do another hashing.
i am new to Hashcat and linux, any one can help me on this?

thanks a lot!
Viewing all 8095 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>