Quantcast
Channel: hashcat Forum - All Forums
Viewing all 8238 articles
Browse latest View live

Solution to use very large wordlist

May 12, 2018, 6:03 am
$
0
0
I have a wordlist that is 31 GB.  I understand this is a very large wordlist and when I have used big wordlists in the past hashcat was very slow, but when I try to use this wordlist it give me this 


0 H/s

0/17557289470 (0.00%)

Candidates.#1....: [Copying]

Candidates.#2....: [Copying]

for around a minute until just giving up and giving me this.

Progress.........: 17557289470/17557289470 (100.00%)

Rejected.........: 17557289470/17557289470 (100.00%)

My goal is to use this wordlist with rules, combinator attacks, hybrids, and permutation attacks.

I was unable to figure out how I can properly do a combinator attack if i split up this wordlist in to 10 seperate wordlists as it would only do combinator with the words in the seperate lists.



Any help would be greatly appreciated.  Thanks Smile








For more information here is the output of hashcat64.exe -I



Platform ID #1
Vendor : NVIDIA Corporation
Name : NVIDIA CUDA
Version : OpenCL 1.2 CUDA 9.1.84

Device ID #1
Type : GPU
Vendor ID : 32
Vendor : NVIDIA Corporation
Name : GeForce GTX 1070 Ti
Version : OpenCL 1.2 CUDA
Processor(s) : 19
Clock : 1683
Memory : 2048/8192 MB allocatable
OpenCL Version : OpenCL C 1.2
Driver Version : 391.01

Device ID #2
Type : GPU
Vendor ID : 32
Vendor : NVIDIA Corporation
Name : GeForce GTX 1070 Ti
Version : OpenCL 1.2 CUDA
Processor(s) : 19
Clock : 1683
Memory : 2048/8192 MB allocatable
OpenCL Version : OpenCL C 1.2
Driver Version : 391.01
Search

downside os speeding up hashcat with VirtualBox

May 13, 2018, 9:09 am
$
0
0
Some months ago I realized that hashcat runs faster if an VirtualBox machine is running at the same time on the host. I do not mean running hashcat in a VM. The VM runs on the same host as hashcat itself. So different tests were done with different hashes/containers and it was true all the time, with hashcat 3.6.0 and 4.1.0 and different version of VirtualBox. It is not necessary that there is a real guest in the VM, an empty VM will do the trick either. Of cause I asked other people to verify it, too. Just be realistic, increasing the number of tasks for the same resources should speed things up? That sounds crazy. Thus I thought I did something wrong. Other people, different hardware, Windows 7 and Windows 10, it worked everywhere. No tests were done for linux or another VM software.

To make it more clear I did some tests to post them here. Because of the rules there will be no hash, although they where created in bash with:
Code:
echo -n "..." | [md5|sha256|sha512]sum

As you can see the tests where done for md5, sha256 and sha512. The mask for the search were chosen in a way that hashcat runs minutes before finding the right word. hashcat 4.1.0 was used and it was tested without any additional option -- represented as "()" -- and with "-O -w 4".
Here are the results:
Code:
time      | ()             | () with VM     | -O -w4         | -O -w4 with VM
----------|----------------|----------------|----------------|----------------
md4       | 3:55 (235 s)   | 2:32 (152 s)   | 1:02 ( 62 s)   | 0:59 ( 59 s)   
sha256    | 4:56 (296 s)   | 4:33 (273 s)   | 4:23 (263 s)   | 4:06 (246 s)   
sha512    | 8:16 (496 s)   | 8:16 (496 s)   | 4:55 (295 s)   | 4:33 (273 s)   

speed     | ()             | () with VM     | -O -w4         | -O -w4 with VM
----------|----------------|----------------|----------------|----------------
md4       |  2679.7 MH/s   |  4158.9 MH/s   | 10627.0 MH/s   | 11369.7 MH/s   
sha256    | 54614.4 kH/s   | 60334.3 kH/s   | 65521.1 kH/s   | 67639.4 kH/s   
sha512    | 32861.6 kH/s   | 32919.5 kH/s   | 54614.5 kH/s   | 60846.9 kH/s   

As you can see the speed up is nothing constant, it depends on the used algorithm and configuration (e.g. number of iterations). In most cases (I seen) the difference between "-O -w 4" with and without VM is about 0-10%, mostly around 3-5%. Up to now I never saw a real slowdown higher than normal fluctuation. Without the optimization the difference between with and without VM is about 0-100%.
Maybe it is worth to mention that I also saw one example with higher values -- the "Util" value of hashcat was around 13%/49% without and 93%/97% with VM and if I remember correctly "() with VM" was faster than "-O -w4". But this was a spike I only see in one test.


Now to my question.
What are the downsides of speeding up hashcat with an (empty) VirtualBox machine?

In most cases with a running VM, hashcat seems to use the gpu more efficient and the the average "Util" value is higher. Of course the higher usage consumes more energy and the gpus getting hotter. Thus you can may run into thermal problems, especially if you use more than one gpu. Additionally you need a better power supply and running it for an hour costs more money.
This is all clear. But you don't get anything for nothing. I cannot belief that there aren't more disadvantages. In every test hashcat found the password with VM, but only faster. But maybe I never run a test where hashcat would not find the password as a result of calculation errors. I do not know. Thus I ask here.

I searched on the internet an on this forum but I found nothing about this phenomenon, mostly was about running hashcat in VirtualBox.

Thank you for your replays in advanced.

Mode 7 (Hybrid Mask + Wordlist) only using 1 GPU?

May 14, 2018, 4:51 am
$
0
0
Hey guys.
odd thing here, for some reason with using -a 7, only one GPU is active:

Code:
Session..........: hashcat
Status...........: Running
Hash.Type........: NTLM
Hash.Target......: Crack Hashes\client\corp.client.com_NTDS\NT.txt
Time.Started.....: Mon May 14 14:46:31 2018 (7 secs)
Time.Estimated...: Tue May 15 00:01:12 2018 (9 hours, 14 mins)
Guess.Base.......: File (Dictionaries\All\1-6_Qayinz.txt), Right Side
Guess.Mod........: Mask (?a) [1], Left Side
Guess.Queue.Base.: 1/5 (20.00%)
Guess.Queue.Mod..: 1/1 (100.00%)
Speed.Dev.#1.....: 12143.8 kH/s (0.04ms) @ Accel:128 Loops:32 Thr:640 Vec:1
Speed.Dev.#2.....:        0 H/s (0.00ms) @ Accel:128 Loops:32 Thr:640 Vec:1
Speed.Dev.#3.....:        0 H/s (0.00ms) @ Accel:128 Loops:32 Thr:640 Vec:1
Speed.Dev.#4.....:        0 H/s (0.00ms) @ Accel:128 Loops:32 Thr:640 Vec:1
Speed.Dev.#*.....: 12136.5 kH/s
Recovered........: 11584/18330 (63.20%) Digests, 0/1 (0.00%) Salts
Recovered/Time...: CUR:N/A,N/A,N/A AVG:0,0,0 (Min,Hour,Day)
Progress.........: 94279520/404293994605 (0.02%)
Rejected.........: 0/94279520 (0.00%)
Restore.Point....: 0/95 (0.00%)
Candidates.#1....: s*_<| ->  *_==
Candidates.#2....: [Copying]
Candidates.#3....: [Copying]
Candidates.#4....: [Copying]
HWMon.Dev.#1.....: Temp: 33c Fan: 90% Util: 24% Core:1771MHz Mem:4513MHz Bus:16
HWMon.Dev.#2.....: Temp: 32c Fan: 90% Util:  0% Core:1607MHz Mem:4513MHz Bus:16
HWMon.Dev.#3.....: Temp: 34c Fan: 90% Util:  0% Core:1607MHz Mem:4513MHz Bus:16
HWMon.Dev.#4.....: Temp: 33c Fan: 90% Util:  0% Core:1607MHz Mem:4513MHz Bus:16

not sure why this is - everything else works perfectly, even if i simply switch to -a 6 and move the ?a to the other side of the dictionary path, all 4 GPU's work.

any idea what is the cause here?
thank you!

Hybrid dict + mask

May 14, 2018, 8:54 pm
$
0
0
Hai my dear friends

i need to know about ( Hybrid dict + mask )  WPA2  command line 
it is possible fast????  be-course my knowledge very pour
  

Hashcat froze desktop (PC)

May 15, 2018, 2:31 am
$
0
0
I'm cracking wpa/wpa2 with hashcat 4.1.0. Workload profile -w 4 was included. Always hashcat froze desktop after 10-15 hours of cracking. Hashcat freeze PC at "mjklpr42"password. Does exist any way to continue cracking from that password to "zzzzzz99" without wordlist?

hashcat unresponsive over SSH

May 15, 2018, 4:18 am
$
0
0
I have a VM instance running on Google Compute Engine. When I SSH into it and then run hashcat, although it seems to be working (it successfully cracks known hashes) it is unresponsive throughout the operation, so I cannot type any of the "[s]tatus [p]ause [b]ypass [c]heckpoint [q]uit" options. I have tried reducing the workload profile to 1, but the problem remains. 

I am not sure if this is actually an SSH related problem, so my apologies in forward if it is.

Here is the CPU I am using for this:

OpenCL Platform #1: Intel(R) Corporation
========================================
* Device #1: Intel(R) Xeon(R) CPU @ 2.30GHz, 1870/7483 MB allocatable, 2MCU

Introduction

May 15, 2018, 5:16 am
$
0
0
Hi, everyone! Not sure if anyone had done this already, so I just made this thread for new guys like me to create an intro. Anyway, newbie here. I'm glad to have found this great online hashcat community. I'm hoping to learn more from the other members here. Cheers!

hashcat development stalled?

May 16, 2018, 4:14 am
$
0
0
Hi Guys,

I have been following the project on Github and I have noticed that the last commit was 2.5 months ago. I am not complaining or anything but just curious if Hashcat development has been put on hold for the time being?

Cheer,s
Matt
Search

Mining Rig for hashcat

May 17, 2018, 2:48 am
$
0
0
Hello lads, I have some problem with my RIG, launching the hashcat64,exe 

I got x6 RX 570 4gb nitro+. Using Blockchain Driver.. Have been mining for months, when I try to use hashcat now it seems only one GPU is hashing, in the beginning when I launch attack it appears that .exe can read all 6 GPUs but only GPU1 is used 100% the rest are showing 0%.. what might be causing the problem ?

All recommendations will be kindly appreciated.

Thank you in advance.

P.S. 
- Does it need OpenCL 2.0 Driver ?

GPU H/s to router Mbps

May 17, 2018, 12:31 pm
$
0
0
I'm wishing new graphic card, maybe GTX 1080, (wpa/wpa2 400 kH/s) and doubting for all these. There are often 3 types of router's bandwidth 54Mbps, 150Mbps and 300 Mbps at 2.4 GHz. How many Hashes per secon can handel each bandwidth for ideal environment? Maybe 400 kH/s can't work with 54Mbps router. Then it's waste of money for new graphic card. Does exist any compare between  H/s and Mbps?

R9 270x/GTX960

May 17, 2018, 6:05 pm
$
0
0
Hey all, 
Would like to get a rig better suited than my laptop for password cracking, this is mostly a hobby for me, so I'm mostly trying to look at cheaper/good value cards. Any thoughts on cards like the R9 270x and GTX 960? I mention those specific ones because I've seen used ones for pretty cheap on ebay, and price/performance wise they seem quite good. I found some 270x's for around $80-90 which seems to put them at about 1000 WPA2 hashes per second per dollar. 960's seem to be a bit higher performance at a bit higher price, but a similar value. I recall hearing about some issues with those AMD cards on Linux so the 960 might be a better choice overall. 

I can't find any cheap reference cards at this price so that's a downside, but I most likely wouldn't be running this a lot of the time, and even if a card fails it wouldn't be the end of the world since they're cheap. 

Thanks for any advice! Still new to this so if I made any silly assumptions I imagine that would be par for the course.

Ryzen 2400G APU benchmark

May 17, 2018, 10:40 pm
$
0
0
my old dual 280X rig went dead few months back (lightning strike) and got a ryzen 2400g as graphics card prices were crazy where i am. setup is Ryzen 2400G/16G 3466Mhz DDR4 4/M.2 Sata.

Benchmark always hangs at Hashmode: 15900 - DPAPI masterkey file v2 (Iterations: 7999),
no idea if due to hashcat 4.1.0 not fully support 2400G APU yet, or due to iGPU frame buffer size or shared memory size. Anyway info and partial benchmark below......as no one has uploaded it before !

(gfx902 is the integrated graphics of Ryzen 2400G)


Hashcat - i info
=====================================

C:\Delete\hashcat>hashcat64.exe -I
hashcat (v4.1.0) starting...

OpenCL Info:

Platform ID #1
  Vendor  : Advanced Micro Devices, Inc.
  Name    : AMD Accelerated Parallel Processing
  Version : OpenCL 2.0 AMD-APP (2482.6)

  Device ID #1
    Type           : GPU
    Vendor ID      : 1
    Vendor         : Advanced Micro Devices, Inc.
    Name           : gfx902
    Version        : OpenCL 2.0 AMD-APP (2482.6)
    Processor(s)   : 11
    Clock          : 1251
    Memory         : 4048/6251 MB allocatable
    OpenCL Version : OpenCL C 2.0
    Driver Version : 2482.6 (PAL,HSAIL)

  Device ID #2
    Type           : CPU
    Vendor ID      : 1
    Vendor         : AuthenticAMD
    Name           : AMD Ryzen 5 2400G with Radeon Vega Graphics
    Version        : OpenCL 1.2 AMD-APP (2482.6)
    Processor(s)   : 8
    Clock          : 3900
    Memory         : 3954/15818 MB allocatable
    OpenCL Version : OpenCL C 1.2
    Driver Version : 2482.6 (sse2,avx)
================================================

Hashcat -b benchmark
================================================
C:\Delete\hashcat>hashcat64.exe -b
hashcat (v4.1.0) starting in benchmark mode...

Benchmarking uses hand-optimized kernel code by default.
You can use it in your cracking session by setting the -O option.
Note: Using optimized kernel code limits the maximum supported password length.
To disable the optimized kernel code in benchmark mode, use the -w option.

ADL_Overdrive_Caps(): -8

ADL_Overdrive_Caps(): -8

ADL_Overdrive_Caps(): -8

ADL_Overdrive_Caps(): -8

OpenCL Platform #1: Advanced Micro Devices, Inc.
================================================
* Device #1: gfx902, 4048/6251 MB allocatable, 11MCU
* Device #2: AMD Ryzen 5 2400G with Radeon Vega Graphics, skipped.

Benchmark relevant options:
===========================
* --optimized-kernel-enable

Hashmode: 0 - MD5

Speed.Dev.#1.....:  3819.7 MH/s (95.87ms) @ Accel:512 Loops:256 Thr:256 Vec:1

Hashmode: 100 - SHA1

Speed.Dev.#1.....:  1553.3 MH/s (58.60ms) @ Accel:256 Loops:128 Thr:256 Vec:1

Hashmode: 1400 - SHA-256

Speed.Dev.#1.....:   646.9 MH/s (70.50ms) @ Accel:256 Loops:64 Thr:256 Vec:1

Hashmode: 1700 - SHA-512

Speed.Dev.#1.....:   134.0 MH/s (85.22ms) @ Accel:128 Loops:32 Thr:256 Vec:1

Hashmode: 2500 - WPA/WPA2 (Iterations: 4096)

Speed.Dev.#1.....:    69206 H/s (80.38ms) @ Accel:128 Loops:64 Thr:256 Vec:1

Hashmode: 1000 - NTLM

Speed.Dev.#1.....:  7002.0 MH/s (51.83ms) @ Accel:512 Loops:256 Thr:256 Vec:1

Hashmode: 3000 - LM

Speed.Dev.#1.....:  3579.2 MH/s (50.51ms) @ Accel:64 Loops:1024 Thr:256 Vec:1

Hashmode: 5500 - NetNTLMv1 / NetNTLMv1+ESS

Speed.Dev.#1.....:  4290.5 MH/s (85.31ms) @ Accel:512 Loops:256 Thr:256 Vec:1

Hashmode: 5600 - NetNTLMv2

Speed.Dev.#1.....:   288.9 MH/s (79.02ms) @ Accel:128 Loops:64 Thr:256 Vec:1

Hashmode: 1500 - descrypt, DES (Unix), Traditional DES

Speed.Dev.#1.....:   139.7 MH/s (81.57ms) @ Accel:4 Loops:1024 Thr:256 Vec:1

Hashmode: 500 - md5crypt, MD5 (Unix), Cisco-IOS $1$ (MD5) (Iterations: 1000)

Speed.Dev.#1.....:  1723.9 kH/s (49.07ms) @ Accel:512 Loops:250 Thr:64 Vec:1

Hashmode: 3200 - bcrypt $2*$, Blowfish (Unix) (Iterations: 32)

Speed.Dev.#1.....:     3119 H/s (54.56ms) @ Accel:16 Loops:4 Thr:8 Vec:1

Hashmode: 1800 - sha512crypt $6$, SHA512 (Unix) (Iterations: 5000)

Speed.Dev.#1.....:    21851 H/s (101.84ms) @ Accel:256 Loops:64 Thr:64 Vec:1

Hashmode: 7500 - Kerberos 5 AS-REQ Pre-Auth etype 23

Speed.Dev.#1.....: 41479.4 kH/s (68.83ms) @ Accel:128 Loops:32 Thr:64 Vec:1

Hashmode: 13100 - Kerberos 5 TGS-REP etype 23

Speed.Dev.#1.....: 41060.5 kH/s (69.37ms) @ Accel:128 Loops:32 Thr:64 Vec:1

Hashmode: 15300 - DPAPI masterkey file v1 (Iterations: 23999)

Speed.Dev.#1.....:    11742 H/s (80.33ms) @ Accel:128 Loops:64 Thr:256 Vec:1

Hashmode: 15900 - DPAPI masterkey file v2 (Iterations: 7999)

=================================================================

No handshakes when trying to convert to hccapx

May 18, 2018, 8:53 am
$
0
0
Hello. I have a *.cap file from aircrack-ng, with caputured handshake. However, when trying to convert it to hccapx using cap2hccapx, I get the following output:
Code:
Networks detected: 1

BSSID=xx:xx:xx:xx:xx:xx ESSID=xxxxxxxxxx (Length: 10)

Written 0 WPA Handshakes to: out.hccapx

Maybe the problem is that the *.cap file contains only "Message 1 of 4" and "Message 2 of 4" (thats what I see in Wireshark after applying filter "eapol").

However, i tried uploading it on website gpuhash.me and they claim to have cracked it successfully. Please what can I do in order to crack it by myself using hashcat?

Thanks a lot.

Hash types with multiple iterations/rounds

May 20, 2018, 8:43 am
$
0
0
Are there any plans to implement an option for recursively iterating any of the hash types (kernels)?

For example, if I want to test hashes that may have been encrypted with sha1 more than once, will there ever be a command line switch for testing such a thing?

Example:

For hash type 100, instead of trying "-m 100" for "sha1($password)", will something like "-m 100 2" for "sha1(sha1($password))" be a possibility?

The above might be a bad example.  Here's another one.

For hash type 110, the default is "sha1($pass.$salt)".  If I want to apply sha1 5 times like this, "sha1(sha1(sha1(sha1(sha1($pass.$salt)))))", then could syntax like "-m 110 5" be an option?

Related to this, does anyone know of any custom tool that can do this?  Perhaps a script?

Hashcat router admin

May 20, 2018, 2:51 pm
$
0
0
How to apply hashcat for admin password on router settings at 192.168.0.1? What type of hash mode will I use? Does exist any solution? I know some routers have blank or admin password for administrator but exist routers with serial number password for admin.
Search

Cracking Turkish/Foreign Hashes

May 20, 2018, 3:16 pm
$
0
0
Howdo!

So i'm having a go at trying to crack some hashes created with the turkish characters: https://en.wikipedia.org/wiki/Wikipedia:...characters

Cracking a two character MD5 hash generated by the following python.

Code:
m = hashlib.md5()
m.update("ĞĞ")
print m.hexdigest()

I've taken the liberty of looking up the UTF8 unicode double byte values of the characters in question which in this case are:

Code:
Ğ - C4 9E
İ - C4 B0
Ş - C5 9E
ğ - C4 9F
ı - C4 B1
ş - C5 9F

resulting in a -1 and a -2 of:

Code:
-1 c4c5
-2 9e9fb0b1


So the command I'm now running is

/opt/hashcat-4.1.0/hashcat64 -O -m 0 -a 3 -1c4c5 -29e9fb0b1 --hex-charset hash ?1?2?1?2

According to all info i've read its been a case of find the UTF-8 value of the characters you want to crack, paste them into charsets 1 and 2 and go go magic hashcat it cracks. this obviously is not the case here as nothing drops out. If I only crack a single character MD5 (reducing the mask to ?1?2) it will crack however, but anything more than 1 it just fails.

NTLM hashes, don't crack even at 1 character length and while im experimenting with md5 and ntlm the actual target hash I need to crack are mode 13100 hashes (KRB-TGS) so I'm wondering the following:

1. what on earth is the proper way of approaching foreign characters in a password?
2. Does the technique vary based upon hashing algorithm, for example a single char md5 will crack successfully, but any more than a single char fails. A single char NTLM hash however does not crack successfully.
3. When using wordlists and dictionaries, is taking say a turkish wordlist sufficient for hashcat to crack passwords or do I have to be concerned with character encoding?

3a. Character Encoding - I can get the system default encoding from the target host, and I can determine the encoding of the input dictionary, do I specify both? one? or other? if it is required.

Thanks for any help folk can spare! Smile

error

May 21, 2018, 2:13 am

Prepend phrase + bruteforce

May 22, 2018, 7:00 am
$
0
0
Hi everyone!

I'm trying to brute force a longer password of an unknown length. I probably know how the password starts, but then I need to brute force an additional 7-10 more charcters.

Is there a mode or way to prepend my guess / what I have in front of the brute forcing?

I didn't seem to find what I was looking for after reading through attack modes and the docs. I probably missed it or didn't understand.

Thanks for your help and patience!

When the 2003 version of Excel is cracked, the hash value is not extracted?

May 23, 2018, 2:55 am
$
0
0
When the 2003 version of Excel is cracked, the hash value is not extracted?

PrinceProcessor

May 23, 2018, 7:07 am
$
0
0
I have an older WPA2 hccap file with a known xkcd-style password. For sake of discussion, let's say password is barnrabbitstampfork. If I manually create .txt file with said password and run -a 0, cudaHashcat64.bin finds it fine.  

If I create a dictionary file with only:

barn
rabbit
stamp
fork

#./pp64.bin < dictionary.txt | grep ^barnrabbit
barnrabbit
barnrabbitbarn
barnrabbitfork
barnrabbitstamp
barnrabbitrabbit

It doesn't generate the barnrabbitstampfork combination.  I'm missing something, but don't know what.  Is there a length limitation?
Viewing all 8238 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>