Nexus 5X PIN question

June 5, 2018, 11:04 pm

≫ Next: OpenCL Deprecation on Mac OSX 10.14

≪ Previous: Password Manager .rpf file analysis

$

0

0

Greetings,
     I'm having trouble getting hashcat to produce a 4-digit PIN from a Nexus 5X. I know the PIN is 1234 (I set it), and am trying to get hashcat to give me that result. Here's the process I've taken. 

1. Hashed PIN: 2dda3898dfc93e5334cb1113748d41b24b5b293ce2c704ed395b06bf492d95fd4ad3a96f

Stored here: /data/system/password.key
Format: hash(PIN and salt)=<40 character SHA-1 hash> || <32 character MD5 hash>

2. Query database for salt: 0x 081cec9952979615 (converted from decimal)
Query database for password rules: /data/system/locksettings.db
Query password policies: length = 4, uppercase=0, lowercase=0, uppercase=0, symbols=0, numeric=4

3. Feed salt and MD5 hash into hashcat:
./hashcat.bin –m 10 e2c704ed395b06bf492d95fd4ad3a964:081cec9952979615 –a 3 ?d?d?d?d --force

4. Output is showing "exhausted", with no successful results. I know the PIN is just 1234 but I'm trying to get hashcat to

I'm running from my laptop and thought maybe there is an opencl issue, but I'm not sure. Any help would be appreciated- thanks!


Here's the actual output:

Session..........: hashcat
Status...........: Exhausted
Hash.Type........: md5($pass.$salt)
Hash.Target......: e2c704ed395b06bf492d95fd4ad3a964:081cec9952979615
Time.Started.....: Tue Jun 05 23:01:20 2018 (0 secs)
Time.Estimated...: Tue Jun 05 23:01:20 2018 (0 secs)
Guess.Mask.......: ?d?d?d?d [4]
Guess.Queue......: 1/1 (100.00%)
Speed.Dev.#1.....:  3575.5 kH/s (0.16ms) @ Accel:16 Loops:10 Thr:256 Vec:1
Speed.Dev.#3.....:        0 H/s (0.00ms) @ Accel:16 Loops:10 Thr:256 Vec:1
Speed.Dev.#*.....:  3575.5 kH/s
Recovered........: 0/1 (0.00%) Digests, 0/1 (0.00%) Salts
Progress.........: 10000/10000 (100.00%)
Rejected.........: 0/10000 (0.00%)
Restore.Point....: 0/1000 (0.00%)
Candidates.#1....: 1234 -> 6764
Candidates.#3....: [Generating]
HWMon.Dev.#1.....: N/A
HWMon.Dev.#3.....: N/A

Started: Tue Jun 05 23:01:17 2018
Stopped: Tue Jun 05 23:01:21 2018

---

OpenCL Deprecation on Mac OSX 10.14

June 6, 2018, 10:05 am

≫ Next: How to know the number of characters in a password ?

≪ Previous: Nexus 5X PIN question

$

0

0

How will the recently announced deprecation of OpenCL in Mac OSX 10.14 (https://developer.apple.com/macos/whats-new/) affect hashcat on Mac's when it is finally removed?

How to know the number of characters in a password ?

June 6, 2018, 1:28 pm

≫ Next: Speeding up prince

≪ Previous: OpenCL Deprecation on Mac OSX 10.14

$

0

0

Hi Everyone ,

Sometimes I want to crack a password and I don't know the exact number of characters so I always start with 8 and anytime I don't crack it I add a character but sometimes it could really take months as for brute force sometimes I have to wait 10-11 days to finish the crack and it's not sure to succes . So do you have a solution to avoid all this time wast ?


Best regards

Speeding up prince

June 6, 2018, 4:11 pm

≫ Next: Use with Xeon Phi

≪ Previous: How to know the number of characters in a password ?

$

0

0

I hope I can get some insight into whats going on in this situation.

I'm using pp64 to feed into hashcat. When compared to using just a regular dictionary, I'm seeing a huge performance decrease.

(alt use for a mining rig):
i3-7350 4.2GHZ
8G ram
6x gtx1070

I see my ntlm hash rate go from ~4000kh per card, down to around 1200kh per. (dict vs prince) I figured the speed change was because I'm piping candidates serially, so I added 2 rulesets to help create more work, but the hash rate remains the same.

Aren't the rulesets processed in the GPU? I would have expected the hashrate to increase since each password from prince would be exploded into a thousand permutations.

Any suggestions on how to speed it up and info on what going on would be appreciated.

Thanks!

Use with Xeon Phi

June 7, 2018, 6:42 am

≫ Next: Signal database password on Android

≪ Previous: Speeding up prince

$

0

0

Hi everyone, I recently picked up a Xeon Phi model 7110p with 61 cores and 8Gb on chip RAM. Has anyone tried running hashcat on a Phi, and if so was it successful or unsuccessful, and does any documentation exist on running hashcat on the Phi by chance?

Thanks for any assitsance you can provide.

Signal database password on Android

June 8, 2018, 2:30 pm

≫ Next: Trouble finding attacking hash format

≪ Previous: Use with Xeon Phi

$

0

0

I want to test recover of my old Signal Android database password with Hashcat.  The sourcecode for the app https://github.com/signalapp/Signal-Andr...ecret.java makes it look like database uses PBDKF2 with SHA1 but when I try crack known password using hashcat format 12000 sha1:iteration:hashalt I exhaust the guesses. The hash ends in = and salt in == so that looks right, but I notice Signal doing some weird PCKS 5 stuff in https://github.com/signalapp/Signal-Andr...tUtil.java

Can I use last 20 bytes of mastersecret or is there AES component prior to PBKDF2 comparison?

Trouble finding attacking hash format

June 8, 2018, 10:16 pm

≫ Next: Not working after reboot

≪ Previous: Signal database password on Android

$

0

0

Hi,
I'm analyzing the password algorithm used by an open source CMS system. I've searched the wiki and studied the help information but can't find the hash format to use.

I know the algo is SHA256 computed on plaintext+salt.

Here's the actual implementation in the source in c#:
     

Code:

        static string GeneratePasswordHash(string password, byte[] salt)
        {
            using (var algorithm = new SHA256Managed())
            {
                byte[] plainText = Encoding.UTF8.GetBytes(password);
                byte[] arr = new byte[plainText.Length + salt.Length];
                plainText.CopyTo(arr, 0);
                salt.CopyTo(arr, plainText.Length);
                return Convert.ToBase64String(algorithm.ComputeHash(arr));
            }
        }

       static byte[] GenerateHashSalt()
        {
            using (var cs = new RNGCryptoServiceProvider())
            {
                var salt = new byte[24];
                cs.GetBytes(salt);
                return salt;
            }
        }

Usage would be 
string passwordHash = GeneratePasswordHash("1234", GenerateHashSalt());

I've creatad a new user in the CMS with the password "1234" and the hash and salt is 
hash = UojnvzRwPa7I9miZM3SB5cVcd2reD1GXE4aKIoeYLCI=
salt = rapx877Zal8tJwS/xt+m5P8lsoMt2mm3

I would expect the hash mode is 1410 sha256($hash.$salt)
When I try to run hashcat using a simple wordlist it gives me a hash encoding exception

Code:

> hashcat64.exe -a 0 -m 1410 c:\Temp\myhashes.txt c:\Temp\dict.txt

...
Hashfile 'c:\Temp\myhashes.txt' on line 1 (´╗┐Uoj...rapx877Zal8tJwS/xt+m5P8lsoMt2mm3): Hash-encoding exception
No hashes loaded

I've tried these formats but I keep getting a format exception:

$UojnvzRwPa7I9miZM3SB5cVcd2reD1GXE4aKIoeYLCI=.$rapx877Zal8tJwS/xt+m5P8lsoMt2mm3
UojnvzRwPa7I9miZM3SB5cVcd2reD1GXE4aKIoeYLCI=:rapx877Zal8tJwS/xt+m5P8lsoMt2mm3

What am I doing wrong here? 

Cheers

Not working after reboot

June 10, 2018, 2:38 am

≫ Next: trying to recover a aes-256-cbc bitcoin wallet but how?

≪ Previous: Trouble finding attacking hash format

$

0

0

I was running hashcat using command
"hashcat -m 2500 /root/file.hccapx /root/rockyou.txt"

and it was running properly when suddenly there was a powercut and now after the power came back i tried running the same

but now it gives me an error "Cannot read /root/.hashcat/sessions/hashcat.pid". i tried changing the hccapx file's name but still the same error. Kindly guide me to the solution.
Thanks

---

trying to recover a aes-256-cbc bitcoin wallet but how?

June 10, 2018, 5:46 pm

≫ Next: Problem with sha-256 crack

≪ Previous: Not working after reboot

$

0

0

trying to recover a aes-256-cbc bitcoin android schildbach wallet but how with hashcat?

Meow

Problem with sha-256 crack

June 11, 2018, 9:54 am

≫ Next: Restore value is greater than keyspace

≪ Previous: trying to recover a aes-256-cbc bitcoin wallet but how?

$

0

0

Hello, I'm new with hashcat and the teacher showed it to us last week during the class. He sent us a tip to later decoding of ase-128 but the tip is coded by sha-256.

What I know about the password: length - 14, first 6 characters are numbers or big letters, another 2 are special characters and the last 6 are numbers or small or big letters. So, my command looks like: sudo ./hashcat64.bin -m1400 -a3 -1?u?d -2?s -3?l?u?d hash.txt  ?1?1?1?1?1?1?2?2?3?3?3?3?3?3 -o wynik.txt (hash.txt is a file where I have a hash and wynik.txt is a file when I want the program to write the result).

During running this command I'm getting a message: " Integer overflow detected in keyspace of mask: ?1?1?1?1?1?1?2?2?3?3?3?3?3?3. I have read a bit about this attack and couldn't find sure answer whether it's possible to crack such long password. Anyone can help?

Cheers

Restore value is greater than keyspace

June 11, 2018, 12:22 pm

≫ Next: PBKDF2-SHA512 separator unmatched

≪ Previous: Problem with sha-256 crack

$

0

0

Hello everyone, can anyone point me on how to solve this error? It just happened without any user intervention. Cannot resume either, fails with same error.

(...)

Session..........: sip1
Status...........: Exhausted
Hash.Type........: SIP digest authentication (MD5)
Hash.Target......: $sip$*(edited)
Time.Started.....: Mon Jun 11 16:03:56 2018 (2 secs)
Time.Estimated...: Mon Jun 11 16:03:58 2018 (0 secs)
Guess.Mask.......: ?d?d?d?l?s?d?d?u [8]
Guess.Queue......: 134/40824 (0.33%)
Speed.Dev.#1.....:   964.2 MH/s (7.76ms) @ Accel:32 Loops:31 Thr:256 Vec:1
Recovered........: 0/1 (0.00%) Digests, 0/1 (0.00%) Salts
Progress.........: 2230800000/2230800000 (100.00%)
Rejected.........: 0/2230800000 (0.00%)
Restore.Point....: 2230800/2230800 (100.00%)
Candidates.#1....: 293d-31Z -> 688q~49Q
HWMon.Dev.#1.....: Util:  0% Core:1258MHz Mem:2000MHz Bus:8

Approaching final keyspace - workload adjusted.

Session..........: sip1
Status...........: Exhausted
Hash.Type........: SIP digest authentication (MD5)
Hash.Target......: $sip$*(edited)
Time.Started.....: Mon Jun 11 16:03:59 2018 (6 secs)
Time.Estimated...: Mon Jun 11 16:04:05 2018 (0 secs)
Guess.Mask.......: ?d?d?d?l?s?d?l?u [8]
Guess.Queue......: 135/40824 (0.33%)
Speed.Dev.#1.....:   908.9 MH/s (8.00ms) @ Accel:32 Loops:31 Thr:256 Vec:1
Recovered........: 0/1 (0.00%) Digests, 0/1 (0.00%) Salts
Progress.........: 5800080000/5800080000 (100.00%)
Rejected.........: 0/5800080000 (0.00%)
Restore.Point....: 5800080/5800080 (100.00%)
Candidates.#1....: 293v+1mQ -> 688q~4qC
HWMon.Dev.#1.....: Util:  0% Core:1253MHz Mem:2000MHz Bus:8

Restore value is greater than keyspace.

Started: Mon Jun 11 15:45:37 2018
Stopped: Mon Jun 11 16:04:07 2018

Command Line used was:
hashcat64 -a 3 -m 11400 -D 2 --session sip1 sip.txt masks\8char-1l-1u-1d-1s-compliant.hcmask

hashcat Version: 4.1.0

Thanks!

PBKDF2-SHA512 separator unmatched

June 11, 2018, 3:13 pm

≫ Next: help identify algo from kerio connect

≪ Previous: Restore value is greater than keyspace

$

0

0

Hi everyone!

I'm new to password cracking, even though I already was interested in cryptography for quite some time.
Now I wanted to have a go at cracking a password myself.


The operating system I created a test account on is macOS 10.13.4 and the password I made is real easy.

I am quite positive that i pieced everything right together; combining the integer ,salt and entropy data to create a correct hash.

The hash type would be PBKDF2-SHA512, so that would correspond to the option -m 7100.
The password is made of 5 digits.

When I run:

./hashcat -m 7100 macospassword.txt -a 3 ?d?d?d?d?d


I get the following result:


Hashfile 'macospassword.txt" on line 1 ($ml$hash): Separator unmatched.


Now I thought I might have made a mistake in the formatting or mode.
But when I try the example as listed on https://hashcat.net/wiki/doku.php?id=example_hashes I get the same error.

I took a look at https://www.unix-ninja.com/p/Hashcat_Lin...Exceptions but that did not get me anywhere.

The same issue happens when instead of using a file that contains the hash I use the string in between "'s.


What am I doing wrong?

Thanks in advance!

help identify algo from kerio connect

June 12, 2018, 3:41 am

≫ Next: Been away for a while

≪ Previous: PBKDF2-SHA512 separator unmatched

$

0

0

trying to decrypt mail user passwords generated by kerio connect.
I'm new to this stuff and dont know how to identify which algo is used.

I've created 3 users with same password(123456) and hashed outputs I get are salted:

D3S:3795d2bfad3b1a2abb53f8d6efdafc9ef0cdb947f0ff2757
D3S:3ad3d43e853c12453c39d1f2cdfaf835f0cdb947f0ff2757
D3S:3aec30b049f5ceddc7bdbbd8895dcaecf0cdb947f0ff2757

Been away for a while

June 12, 2018, 7:47 am

≫ Next: Error ejecutando hashcat -m2500 -a 3

≪ Previous: help identify algo from kerio connect

$

0

0

Hey Guys. Sorry, I was AFK for some time. I'm back now. If there's anything important, let me know...

Error ejecutando hashcat -m2500 -a 3

June 12, 2018, 5:38 pm

≫ Next: Novice help

≪ Previous: Been away for a while

$

0

0

saludos a los integrantes del foro, no soy experto en la materia trate de usar hashcat con file.hccap y me da este error por favor si pueden ayudarme se los agradecere


hashcat -m 2500 -a 3 '/home/kharloss/Escritorio/hashcap/manu.hccap' ?d?d?d?d?d?d?d?d?d?d
hashcat (v4.0.1) starting...

* Device #1: This hardware has outdated CUDA compute capability (3.0).
            For modern OpenCL performance, upgrade to hardware that supports
            CUDA compute capability version 5.0 (Maxwell) or higher.
* Device #1: WARNING! Kernel exec timeout is not disabled.
            This may cause "CL_OUT_OF_RESOURCES" or related errors.
            To disable the timeout, see: https://hashcat.net/q/timeoutpatch
nvmlDeviceGetCurrPcieLinkWidth(): Not Supported

nvmlDeviceGetClockInfo(): Not Supported

nvmlDeviceGetClockInfo(): Not Supported

nvmlDeviceGetTemperatureThreshold(): Not Supported

nvmlDeviceGetTemperatureThreshold(): Not Supported

nvmlDeviceGetUtilizationRates(): Not Supported

OpenCL Platform #1: NVIDIA Corporation
======================================
* Device #1: GeForce GTX 650, 244/979 MB allocatable, 2MCU

/home/kharloss/Escritorio/hashcap/manu.hccap: Old hccap format detected! You need to update: https://hashcat.net/q/hccapx

---

Novice help

June 13, 2018, 5:27 pm

≫ Next: Salted Peoplesoft hash

≪ Previous: Error ejecutando hashcat -m2500 -a 3

$

0

0

我忘了设置btc密码。如何使用hashcat检索它？使用gpu方法，需要什么步骤以及需要哪些工具？谢谢。

Salted Peoplesoft hash

June 13, 2018, 5:43 pm

≫ Next: Titan Z Questions

≪ Previous: Novice help

$

0

0

Hello Community,

I have gathered some Peoplesoft hashes along with their respective salts but I am having trouble cracking them as there is no defined method for cracking these kinds of hashes. I have an account with a known password that I would like to use to test against the hash to make sure I really do have PeopleSoft hashes but I also can't seem to find a way to construct the hash to validate it against mine. Does anyone have experience with Salted PeopleSoft hashes that could shed some light on this matter? This thread https://hashcat.net/forum/thread-6639.ht...peoplesoft seems to suggest you could strip the salt out somehow if you knew the password.

Titan Z Questions

June 13, 2018, 8:50 pm

≫ Next: Paying for new support

≪ Previous: Salted Peoplesoft hash

$

0

0

Hey, I was wondering if anyone here had benchmarks or estimates of what a Titan Z would perform like in Hashcat.

Would it outperform a 1080Ti?

I currently have the option to buy one for $999 CAD ($769 USD) and 1080Ti's go for around the same price so I'm trying to decide if its worth it or not.

Paying for new support

June 5, 2018, 1:31 pm

≫ Next: Possible development to support three wordlists at once?

≪ Previous: Titan Z Questions

$

0

0

Is it possible for me to pay 0.5-1 BTC for either Hashcat official or a 3rd party developer to add support for legacy PkZip? The Github issue is here https://github.com/hashcat/hashcat/issues/69 but I'm willing to pay BTC to move it along because there is no progress since 2013.

Possible development to support three wordlists at once?

June 14, 2018, 10:22 pm

≫ Next: How to use hashcat on multiple pc network(master-slave configuration)

≪ Previous: Paying for new support

$

0

0

Hello,

I am trying to crack an hmac-sha256 hash. This hash is a three separate worded password (abc abc abc). I was wondering if this could be developed, is feasible, or if there is a way, and I just do not know it yet. I have done the combinator attack using two wordlists and the rule to remember and append over the word [Left: $  Ml4, Right: $  ], but all three words need to be different.

Thank you in advance,
vigilantbag [newbie]