Quantcast
Channel: hashcat Forum - All Forums
Viewing all 8224 articles
Browse latest View live

[HELP] Hashcat Mask

February 12, 2018, 11:24 pm
$
0
0
Hello,

So i need some help for create a mask.
Here is what i know about the password:

1: It's a 8 chars uppercase password
2: the password never have two same caractere next to the other like AABCDEFG
3: The password don't have more than two time the same letter in the whole password ABCABCA can not work because there are 3 time the A letter in the whole password but ABCABCD work.

4: the same sequence is never repeted in the password: ABHGJAB is not possible AB is repeted.

I don't know if the mask will really decrease the cracking time but i have 50.000 H/s cracking speed so if you can calculate it too it would be very nice.

Thank you very much !
Search

Encfs support

February 13, 2018, 12:11 am
$
0
0
Hi
Are there plans to add support for EncFS (encfs-opencl) ?

Like John the Ripper has ?

Code:
$ johnl --list=formats | tr -s '[:space:]' '\n' | egrep -i encf
EncFS,
encfs-opencl,

new hcstat files

February 13, 2018, 11:51 am

Hashcat slows down after staring attack.

February 13, 2018, 9:07 pm
$
0
0
Hi everyone.    

I have a Titan xp getting awesome bench marks.  But When it comes down to using hashcat it slows down drastically.

I am testing it on hash mode 2500 wpa,  benchmarked hash mode 2500.  655.8 kH's 

When I go to use hashcat it slows down to 8000-9000 H's.

Test file password is 1234567890

And when I use hashcat with -w 3 or 4. It just hangs at 0% progress.    But gpu is utilized almost 100%

What do I have to fix to make it work properly ?

Gpu drivers 390.25
Cuda Toolkit 9.1

Integer overflow error

February 13, 2018, 10:15 pm
$
0
0
Hi, everyone

I found some error in hashcat 4.0.1
I'm sure it is bug on 4.0.1 version , is't it?

[hashcat-3.30] ./hashcat64.bin -a 3  ?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a --keyspace
13647689206181

[hashcat-4.0.1] ./hashcat64.bin -a 3  ?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a --keyspace
Integer overflow detected on keyspace of mask:   ?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a

0

Generating wordlist using specific charlist with exclusions

February 14, 2018, 6:35 am
$
0
0
Not pretending to be unique in my inquiry, but I have specific task to do. How can I generate word list using specific char list and applying multiple rules or exclusions?

For example:

Charlist = ?l?l?l?l?l?l?l?l
Rules/Exclusions:

• each character cannot appear more than 3 times
• no 3 characters in a row can be identical
• no 3 characters in a row can be sequential (abc)
• no 3 characters in a row can be reverse sequential (cba)
• character 2 is not equal to character 1
• character 2 is not +1 to character 1
• character 2 is not +2 to character 1

Please advise!

Output text doubt

February 14, 2018, 12:37 pm
$
0
0
Guys and Gals, I'm trying to crack a wpa password using an dictionary and some rules, but in the candidates field of the status, instead of getting the words of the dictionary combined with my rules Im having an hex output. Is it normal? Or does it mean that something is wrong with my dictionary? Thanks

Newbie question on using hashcat64

February 14, 2018, 6:20 pm
$
0
0
Hi!

I'm sorry if this is covered somewhere, I've been searching the forum here and using google but couldn't find the answer.

I have a Windows 7 (or maybe it was 10) NTLMv2 hash that I'm having trouble cracking.   I've reset the password for the user, but was interested in figuring out what the old password was.   The password hint was my cheating ex-whore.   The user name was Taylor, and we might know what the password could be.

I've tried multiple wordlists and am running hashcat on those lists, which is going to take another 162 days or so on this laptop.    I temporarily paused hashcat and created a new wordlist that has 10 words.

The shortest is 5 characters in length.   The longest is 22.

I know this is a very simple question, but I can't really find the answer.   I want to try using hashcat64 with that wordlist, but perform a full toggle-case attack on it and I'm not sure how to do that.

I do not want to use a rule that assumes the person did not use all capital letters with a long password.   They could have.    So I'd like to just have it try every word in the dictionary, and then change the cases, one by one.

What would be a good command line to accomplish this?   So far, I have:

Code:
hashcat64 -D 1,2,3 -w 4 -O --status --session="Cheyanne Attack" --restore-file-path=c:\temp\cheyanne.restore -a 3 -m 1000 c:\temp\hash.txt wordlists\cheyanne.txt -o c:\temp\cheyanne_results.txt

I don't think this is right though.   I think this will just use the words in the list.   I see references to --stdout when I search for how to do this, but hashcat64 --help shows:
Code:
--stdout      Do not crack a hash, instead print candidates only

This doesn't seem to imply that it'd in fact change the case of every word in the list.   Could someone please point me in the right direction?   Thank you.
Search

DES ECB error

February 15, 2018, 2:49 am
$
0
0
It looks like hashcat 4.0.1 is slightly off when printing the output for the DES ECB password. Attempting to crack  DES ECB I get the following output:

root@ht:~/hashcat# echo hashcat1 | tools/test.pl passthrough 14000
24ac458a29cc3241:5337554801018442

./hashcat64.bin -m 14000 test2.des -a 3 ?a?a?a?a?a?a?a?a  --keep-guessing 

24ac458a29cc3241:5337554801018442:haricat1

On:



# ./hashcat64.bin -V
v4.0.1

can a WPA hash be cracked with other than "2500" hash mode?

February 15, 2018, 6:01 am
$
0
0
Hi,

Did some thread-reading, found some leads, but not quite there yet.
 
I am testing cracking of WPA/WPA2 access point passwords.
My question is if one of the other hashcat md5 or sha1 hashing modes ( e.g. "-m 10 : md5($pass.$salt)" ; "-m 110 : sha1($pass.$salt)") can emulate and be used in lieu of the straight WPA (-m 2500) hash mode method, if one is able to extract the md5/sha1 hash and the access point salt (essid) from the hccpa or hccpax capture file?  And if so, how does one compose the right argument?

The reason behind the question is speed of recovery.
I had researched the format of the hccpa/hccpax hashcat file, and I found that I could identify within there, the 32bit (16 hex pairs) md5 hash of the password/passphrase using the unix xxd hex editor.  
Well, I thought, great! Just attack the raw md5, and you'll get the right password, because of md5 speeds like:

OpenCL Platform #1: NVIDIA Corporation
======================================
* Device #1: GeForce GTX 980 Ti, 1536/6144 MB allocatable, 22MCU
* Device #2: GeForce GTX 980 Ti, 1536/6144 MB allocatable, 22MCU
Benchmark relevant options:
===========================
* --optimized-kernel-enable
Hashmode: 0 - MD5
Speed.Dev.#1.....: 18560.3 MH/s (39.66ms)
Speed.Dev.#2.....: 17836.5 MH/s (41.41ms)
Speed.Dev.#*.....: 36396.8 MH/s

versus wpa mode:

OpenCL Platform #1: NVIDIA Corporation
======================================
* Device #1: GeForce GTX 980 Ti, 1536/6144 MB allocatable, 22MCU
* Device #2: GeForce GTX 980 Ti, 1536/6144 MB allocatable, 22MCU
Benchmark relevant options:
===========================
* --optimized-kernel-enable
Hashmode: 2500 - WPA/WPA2
Speed.Dev.#1.....:   316.8 kH/s (70.56ms)
Speed.Dev.#2.....:   305.2 kH/s (73.41ms)
Speed.Dev.#*.....:   622.0 kH/s

But, alas, I'm still learning, and it was invalid.  Only the wpa hash mode was able to recover my test acces point password from a test dictionary.  I used jtr to generate an 18MB dictionary, and then I vi edited and buried my actual a.p. password in there.
So, in the following, "junk" is my dictionary with actual password spliced in.
"myap-hex-hash" is a 1 line 32-character,hex md5 hash file. The rest should make sense.

hashcat64  -m 0 myap-hex-hash -D 2 junk  <- Did not work
hashcat64  -m 2500  myap.hccapx -D 2 junk  <-WORKED and FOUND

What would be the right command to do this with 1 of the other faster MD5/SHA1 hash modes?  Is it possible?

Thanks,

BK

What does the values in Speed Dev indicate

February 17, 2018, 5:53 am
$
0
0
I have tried searching for the answer to this, I found a post by 'atom' saying he explained it in the release notes, but after reading the release notes I still could not find it.

I want to know what exactly does the values in Speed.Dev.#1 indicate?


For example I notice that for this value: Speed.Dev.#1.....:  9452.7 kH/s (6.63ms) d It shows that it would take around 6 days 9 hours to crack an MD5 Chap password of 8 characters. 

Please link me to the relevant guides and information.

Bruteforce + Custom characters

February 17, 2018, 6:00 am
$
0
0
How could I set hashcat to bruteforce the following:

My password:

83rG&j@3Alis-ZA

I wish to set  hashcat to bruteforce the first 8 characters and supply the last  7 characters, ie; Alis-ZA

wireshark cap clean up does not make sense

February 20, 2018, 3:24 am
$
0
0
Hi,

I have a router that has been decommissioned from a local company. The SSID is SMC-1 and the WPA password is motorhomes. I used hashcat and rockyou.txt to crack and all is good.

I then wanted to breakdown the cap file using wireshark to get the 5 packets (1 + 4 messages) but something I find odd and not what is documented anywhere else.

Attached is a zip file with 3 files in.

The first is the original cap file. (smc1-07.cap)
The Second is the 5 packets I thought I needed for hashcat to crack, it does not! (smc1-07-5packets.cap)
The Third is a cap file with message 1,1 and 4 which hashcat will crack - makes no sense (smc1-07-4packets.cap)

I have included a wordlist and the hccapx files for completeness.


To find my packets I used the wireshark filter of:
eapol or wlan.fc.type_subtype==0x08

Each file has been put through the converter on the hashcat.net site before submitting to hashcat (running on Windows 7).

Please can someone explain why the 3rd cap file works but the 2nd does not.

Thank you
BusiFix

WPA and first hash

February 20, 2018, 7:56 am
$
0
0
Hi,
Cracking a WPA hanshakes gives:
Code:
7895f1b96f8d927f11c5b7e998740207:bssid:stamac:essid:password

Is it possible - and if yes how - to calculate the first hash "78.." from the hccapx file ?
Thank you.

Can't find OclHashCat Download Link ?

February 20, 2018, 2:42 pm
$
0
0
Hello,

Please i need a direct link to download OclHashcat for windows !

Thanks.
Search

Help with a mask

February 20, 2018, 5:32 pm
$
0
0
I'm trying to crack a long password created a while back.  I know for sure some of it and know the possible words for the parts I'm not sure of.  How can I create a mask (or rules) that pull the words from a file? Example:

passwordlist.txt file contains:
blue
red
purple

The password attempts need to be like:

?sky?twelve?

the attempts would be like:
blueskypurpletwelvered
redskybluetwelvepurple

Any help would be much appreciated.

need help with building a rig

February 20, 2018, 9:07 pm
$
0
0
Hey team, so my main goal is to have hashcat and john crack passwords as fast as possible, but i'm not brute forcing. most the passwords i will attempt are 16 characters, but doubled. so i need to run a stdout of 8 characters, or so, and insert rules to those. I can't seem to get massive increases with a GPU over cpu on this method. 
Does anyone know the best rig for rules mixed with combinator etc... would a 32 core cpu setup outperform a gpu on this? Most the rules i use will require john to perform the final hashing, and i know this ISN'T john's forums, but i know you guys are experts.

Rules help with inserting multiple characters

February 20, 2018, 9:10 pm
$
0
0
Is there a rule to insert more than one character? rather a range of characters?
like can i do IZ[0-9] on a -j to have it insert all numbers 0-9 in order?

hashcat v4.1.0

February 21, 2018, 4:28 am
$
0
0

Welcome to hashcat v4.1.0! 

Download binaries or sources: https://hashcat.net/hashcat/ 


This release is mostly about expanding support for new algorithms:
  • Added hash-mode 16000 = Tripcode
  • Added hash-mode 16100 = TACACS+
  • Added hash-mode 16200 = Apple Secure Notes
  • Added hash-mode 16300 = Ethereum Pre-Sale Wallet, PBKDF2-SHA256
  • Added hash-mode 16400 = CRAM-MD5 Dovecot
  • Added hash-mode 16500 = JWT (JSON Web Token)
  • Added hash-mode 16600 = Electrum Wallet (Salt-Type 1-3)
Some special note on cracking TACACS+: https://hashcat.net/forum/thread-7062.html


But there are also some deep changes related to performance:
  • A new technique to reduce PCIe transfer time by using so-called "compression" kernels
  • The OpenCL kernel thread management was refactored, giving a strong boost on PBKDF2 based kernels (WPA, etc)
  • Improved autotune support
  • Improved OpenCL JiT compiler settings
  • Workaround for some bad OpenCL runtime settings on macOS
Technical details on the new compression kernels: https://hashcat.net/forum/thread-7267.html


Full benchmark comparison from v4.0.1 to v4.1.0 for selected (most common) algorithms: 

https://docs.google.com/spreadsheets/d/1...sp=sharing

Both NVIDIA and AMD users will see performance improvements in almost all hash modes and in all attack modes.

We've also spend some time into CPU performance improvements. See the tabs for Intel I7 and AMD Ryzen for details.


New Features:
  • Added option --benchmark-all to benchmark all hash-modes (not just the default selection)
  • Removed option --gpu-temp-retain that tried to retain GPU temperature at X degrees celsius - please use driver-specific tools
  • Removed option --powertune-enable to enable power tuning - please use driver specific tools

Improvements:
  • OpenCL Kernels: Add a decompressing kernel and a compressing host code in order to reduce PCIe transfer time
  • OpenCL Kernels: Improve performance preview accuracy in --benchmark, --speed-only and --progress-only mode
  • OpenCL Kernels: Remove password length restriction of 16 for Cisco-PIX and Cisco-ASA hashes
  • Terminal: Display set cost/rounds during benchmarking
  • Terminal: Show [r]esume in prompt only in pause mode, and show [p]ause in prompt only in resume mode

Fixed Bugs:
  • Fixed a configuration setting for -m 400 in pure kernel mode which said it was capable of doing SIMD when it is not
  • Fixed a hash parsing problem for 7-Zip hashes: allow a longer CRC32 data length field within the hash format
  • Fixed a hash parsing problem when using --show/--left with hashes with long salts that required pure kernels
  • Fixed a logic error in storing temporary progress for slow hashes, leading to invalid speeds in status view
  • Fixed a mask-length check issue: return -1 in case the mask length is not within the password-length range
  • Fixed a missing check for return code in case hashcat.hcstat2 was not found
  • Fixed a race condition in combinator- and hybrid-mode where the same scratch buffer was used by multiple threads
  • Fixed a restore issue leading to "Restore value is greater than keyspace" when mask files or wordlist folders were used
  • Fixed a uninitialized value in OpenCL kernels 9720, 9820 and 10420 leading to absurd benchmark performance
  • Fixed the maximum password length check in password-reassembling function
  • Fixed the output of --show when $HEX[] passwords were present within the potfile

Technical:
  • Autotune: Improve autotune engine logic and synchronize results on same OpenCL devices
  • Documents: Added docs/limits.txt
  • Files: Copy include/ folder and its content when SHARED is set to 1 in Makefile
  • Files: Switched back to relative current working directory on windows to work around problems with Unicode characters
  • Hashcat Context: Fixed a memory leak in shutdown phase
  • Hash Parser: Changed the way large strings are handled/truncated within the event buffer if they are too large to fit
  • Hash Parser: Fixed a memory leak in shutdown phase
  • Hash Parser: Fixed the use of strtok_r () calls
  • OpenCL Devices: Fixed several memory leaks in shutdown phase
  • OpenCL Kernels: Add general function declaration keyword (inline) and some OpenCL runtime specific exceptions for NV and CPU devices
  • OpenCL Kernels: Replace variables from uXX to uXXa if used in __constant space
  • OpenCL Kernels: Use a special kernel to initialize the password buffer used during autotune measurements, to reduce startup time
  • OpenCL Kernels: Refactored kernel thread management from native to maximum per kernel
  • OpenCL Kernels: Use three separate comparison kernels (depending on keyver) for WPA instead of one
  • OpenCL Runtime: Add current timestamp to OpenCL kernel source in order to force OpenCL JiT compiler to not use the cache
  • OpenCL Runtime: Enforce use of OpenCL version 1.2 to restrain OpenCL runtimes to make use of the __generic address space qualifier
  • OpenCL Runtime: Updated rocm detection
  • Returncode: Enforce return code 0 when the user selects --speed-only or --progress-only and no other error occurs
  • Rules: Fixed some default rule-files after changing rule meaning of 'x' to 'O'
  • Self Test: Skip self-test for mode 8900 - user-configurable scrypt settings are incompatible with fixed settings in the self-test hash
  • Self Test: Skip self-test for mode 15700 because the settings are too high and cause startup times that are too long
  • Terminal: Add workitem settings to status display (can be handy for debugging)
  • Terminal: Send clear-line code to the same output stream as the message immediately following
  • Timer: Switch from gettimeofday() to clock_gettime() to work around problems on cygwin
  • User Options: According to getopts manpage, the last element of the option array has to be filled with zeros

- atom

[HOW TO] Install Hashcat on a VPS

February 21, 2018, 8:09 am
$
0
0
Here are the steps I used to successfully install and run Hashcat on my VPS, running Ubuntu 17

Code:
wget http://registrationcenter-download.intel.com/akdlm/irc_nas/12556/opencl_runtime_16.1.2_x64_rh_6.4.0.37.tgz
tar xf opencl_runtime_16.1.2_x64_rh_6.4.0.37.tgz
cd opencl_runtime_16.1.2_x64_rh_6.4.0.37
./install.sh

sudo apt install ocl-icd-opencl-dev


cd -
wget https://hashcat.net/files/hashcat-4.1.0.7z
apt-get install  p7zip-full

7z x hashcat-4.1.0.7z

cd hashcat-4.1.0/

./hashcat64.bin -I
Viewing all 8224 articles
Browse latest View live
Search