Quantcast
Channel: hashcat Forum - All Forums
Viewing all 8219 articles
Browse latest View live

Brain socket error

November 10, 2018, 2:21 pm
$
0
0
Hello all,

Can anyone help with this please . In windows 10 running this  hashcat64.exe --brain-server --brain-port=1374 --brain-password=password
 I get this error  1541888465.923765 |   0.00s |   0 | socket: No error


Any idea's please thanks

Kev
Search

backslash(\) slow down md5 speed

November 10, 2018, 4:17 pm
$
0
0
hello again Smile

firstly salt info:

salt1:\337
salt2:\245\144\076\274\375\145\313\316\251\071\157\227\307\323\251\005

im trying recover salt md5 hash but there is no option in hashcat for that salt, md5(salt1.pass.salt2) and I did just little changes and its working right now BUT that speed its really slow..

and I realized what is the problem.

once I'm using hashtype:10 for md5 salt well this is like md5(pass.salt) and then I created text file for hash its like that

pass: (salt2)

and using attack with that mask  (salt1)?d?d?d?d?d?d

BUT its very slow because when I add salt1 I think problem is backslash(\) speed decreased very much


outputs:

without backslash(\):
Session..........: hashcat
Status...........: Running
Hash.Type........: md5($pass.$salt)
Hash.Target......: 2db692e0fd73a4f0e59dadb5c6ed5f62:\245\144\076\274\3...51\005
Time.Started.....: Sun Nov 11 00:02:59 2018 (3 secs)
Time.Estimated...: Sun Nov 11 00:05:17 2018 (2 mins, 15 secs)
Guess.Mask.......: 337?u?u?u?u?u?u?u [10]
Guess.Queue......: 1/1 (100.00%)
Speed.Dev.#1.....: 34700.1 kH/s (57.10ms) @ Accel:128 Loops:26 Thr:576 Vec:1
Speed.Dev.#2.....: 24261.2 kH/s (79.15ms) @ Accel:16 Loops:13 Thr:512 Vec:1
Speed.Dev.#*.....: 58961.3 kH/s
Recovered........: 0/1 (0.00%) Digests, 0/1 (0.00%) Salts
Progress.........: 71991296/8031810176 (0.90%)
Rejected.........: 0/71991296 (0.00%)
Restore.Point....: 2621440/308915776 (0.85%)
Candidates.#1....: 337MERMEYA -> 337QTEUPST
Candidates.#2....: 337HMOZLDA -> 337QVHJVRE
HWMon.Dev.#1.....: Temp: 59c
HWMon.Dev.#2.....: N/A

with backslash(\)

Session..........: hashcat
Status...........: Running
Hash.Type........: md5($pass.$salt)
Hash.Target......: ky.txt
Time.Started.....: Sun Nov 11 00:16:24 2018 (5 secs)
Time.Estimated...: Sun Nov 11 00:16:37 2018 (8 secs)
Guess.Mask.......: \262?d?d?d?d?a?a [10]
Guess.Queue......: 1/1 (100.00%)
Speed.Dev.#1.....:  3950.1 kH/s (88.53ms) @ Accel:1024 Loops:1 Thr:512 Vec:1
Speed.Dev.#2.....:  9621.9 kH/s (70.38ms) @ Accel:128 Loops:1 Thr:512 Vec:1
Speed.Dev.#*.....: 13572.0 kH/s
Recovered........: 0/2 (0.00%) Digests, 0/2 (0.00%) Salts
Progress.........: 66060288/180500000 (36.60%)
Rejected.........: 0/66060288 (0.00%)
Restore.Point....: 30408704/90250000 (33.69%)
Candidates.#1....: \2629899\" -> \2626659~P
Candidates.#2....: \2621159~P -> \2626509lj
HWMon.Dev.#1.....: Temp: 60c
HWMon.Dev.#2.....: N/A



any suggestion thanks Sad

Dedicated hashcat brain server

November 10, 2018, 9:28 pm
$
0
0
If I wanted to deploy a dedicated hashcat brain server, are there any recommended system specifications?

Assuming that I don't want to deploy a virtual machine, could an Intel N3450 Mini PC (usually under $200 on Amazon) be enough to do the job or would that not have enough RAM for large workloads?

BRAIINNN show password? :)

November 10, 2018, 10:41 pm
$
0
0
Hello me again :Big Grin

i want to ask something i'm working with 3 computers i want to see cracked password at my server computer when client server cracked password but i didnt find it  can u help me

server computer response that:

1541914759.682225 |   0.00s |  -1 | CryptAcquireContext: -2146893802
1541914760.121025 |   0.43s |   0 | Session: 0x608c8b69, Attack: 0xf8476ad2, Kernel-power: 196608
1541914760.464225 |   0.34s |   0 | R |     0.06 ms | Offset: 0, Length: 1, Overlap: 0
1541914760.479825 |   0.02s |   0 | C |     0.02 ms | Attacks: 1
1541914762.476625 |   2.01s |   0 | Disconnected


and the 3. computer keep going try cracking

Wordlist + rules length filter

November 13, 2018, 3:57 am
$
0
0
Hello,

If I use brute force (1-8 ?a) and in second step use wordlist + rules, second step calculate hash <9 char length and waste time.
Please implement command in ex. --wordlist-min for filter words after rules, befor calculate hash.
Preproces is not good idea for very big real password wordlists and different rules files.

Thank you

word combinations with masks between

November 14, 2018, 4:56 am
$
0
0
I'm trying to crack an old truecrypt file.
I remember I used two of my "usual" passwords with maybe a character or two between them..
I experimented with a known truecrypt file putting 17 passwords into a dictionary x.txt but splitting one of them in half
I extracted the first block of the truecrypt file to a file called x.
Then I found I could crack it with the command
Code:
.\hashcat64.exe -m 6223 -a 1  x  x.txt x.txt
which combined the two halves of the correct password.
Next I removed the last character of the first half of the correct password from the dictionary and tried this
Code:
.\hashcat64.exe -m 6223 -a 7 x ?a x.txt x.txt
But it didn't work
I'm guessing the ?a mask is only tried to the left and right of the dictionary combinations?

Is there any way to try it between them?

Also is there any way to iterate through the 12 truecrypt modes?

MS Office 2019 hashes

November 14, 2018, 7:37 am
$
0
0
Anyone tested MS Office 2019 encrypted file hashes ?
Are they the same encryption algo as Office 2016 ?
Thanks.

wallet.dat mode 11300: can make a hash from pywallet.py dump?

November 14, 2018, 7:30 pm
$
0
0
Hello,

The example hash for -m 11300 Bitcoin/Litecoin wallet.dat is:

$bitcoin$96$d011a1b6a8d675b7a36d0cd2efaca32a9f8dc1d57d6d01a58399ea04e703e8bbb44899039326f7a00f171a7bbc854a54$16$1563277210780230$158555$96$628835426818227243334570448571536352510740823233055715845322741625407685873076027233865346542174$66$625882875480513751851333441623702852811440775888122046360561760525

Can anyone help with the format of this hash, and how I could construct one with output from pywallet.py?

As far as I know, $bitcoin$96$ I can just ignore for now.  (But what is the 96?)  Then:
d011a1b6a8d675b7a36d0cd2efaca32a9f8dc1d57d6d01a58399ea04e703e8bbb44899039326f7a00f171a7bbc854a54

is the encrypted master key.  Not sure what the $16$ part is.

Then 1563277210780230 is the salt, then 158555 is the iter count.  Is that correct so far? 

Note sure what $96$ after that is again.

Then there's:

628835426818227243334570448571536352510740823233055715845322741625407685873076027233865346542174
$66$
625882875480513751851333441623702852811440775888122046360561760525

What are these parts?  Can I get them from the json output of a tool like pywallet.py that dumps encrypted wallet information?  Do these extra parts have something to do with the mkey or other parts of the wallet.dat, like an addr, compressed true/false, another encrypted private key, pubkey, and if so, what parts?

Thank you for any help, I'm trying to manually construct a hashcat compatible wallet.dat hash from information dumped from pywallet.py, which looks like this:

"mkey": {
        "encrypted_key": "encrypted key bytes", 
        "nDerivationIterations": 47923, # contrived example
        "nDerivationMethod": 0, 
        "nID": 1, 
        "otherParams": "", 
        "salt": "salt bytes"
    }, 


Would the other information be another somehow encrypted private key associated with an address in the wallet.dat, and maybe a pubkey?

Or can I just have a go at a hash that has an encrypted private key as above, iterations, salt?  What would I be missing out on if I didn't have any further information about the entire hash?  How would hashcat deal with the last parts

628835426818227243334570448571536352510740823233055715845322741625407685873076027233865346542174
$66$
625882875480513751851333441623702852811440775888122046360561760525


... as the example hash from the wiki?

Thank you for any help!
Search

hashcat-4.1.0 can't run

November 14, 2018, 9:45 pm
$
0
0
Hi
When I can't run hashcat-4.1.0, there is a warning "./hashcat.hctune : No such file or directory". Anyone know how to fix it? Thanks

word list and masks

November 15, 2018, 3:05 pm
$
0
0
I'm downloading the weakpass_2a list as it seems fairly big, what is the accepted best list for a fairly unknown password? also do i need to apply rules to a list like that?

Thanks,

Combinator help

November 15, 2018, 4:01 pm
$
0
0
My problem: I want Hashcat to use combinations of all words in a dictionary file.

The Hashcat combinator page: https://hashcat.net/wiki/doku.php?id=combinator_attack mentions that the *-a 1* configuration only combines 2 words together. 

For example a dictionary like:

    pass
    12345
    omg
    Test

in Combinator mode results in tries like:

    passpass
    pass12345
    passomg
    passTest
    12345pass
    1234512345
    12345omg
    12345Test
    omgpass
    omg12345
    omgomg
    omgTest
    Testpass
    Test12345
    Testomg
    TestTest
    

Whereas I want Hashcat to try every combine instead like this:

    pass12345omgTest
    12345passomgTest
    ...

Is there a way for Hashcat to try every combination of every word in a dictionary instead? Thanks in advance! Smile

How to GPU Accelerate Cracking Passwords with Hashcat?

November 15, 2018, 7:08 pm
$
0
0
How to GPU Accelerate Cracking Passwords with Hashcat?

How to use hashcat to crack a PPT file password?

November 16, 2018, 11:30 pm
$
0
0
How to use hashcat to crack a PPT file password?

Little sugdestion

November 17, 2018, 9:40 pm
$
0
0
I know that password dontains between 2 and 5 digits, rest are letters. 
Password length is 16 caracters,
Is there any rule which i can use that leinght of password is known and i can set number of large caracters and number of digits. 

Or at least give me a hint, how to solve this little problem.

Help with hash

November 18, 2018, 1:55 am
$
0
0
Does hashcat crack CRC-96(ZIP)  ? or are there some other tools that support crc-96 ?
Search

Hashcat 5 Different Behaviour on AMD(Exhaust) and NVIDEA(cracked) cards

November 18, 2018, 11:25 am
$
0
0
Hi together,
I observed a weird behaviour of hashcat 5.


When I start a hybrid attack (-a 6) with piping on NETLMv1(- m 5500) hashcat says Exhausted but the correct combination is created i have checked this because i wrote all combinations to a file.
But when I load the file to hashcat in a dictionary attack its exhausted too while the correct password is in the file..

At first I thought it could be the OS cause I used Windows but I observed this behaviour on a native linux machine too.

My next thought was that maybe something is wrong with my card. I checked this behaviour on a different card of a friend with same behaviour. But both cards are AMD cards.

Today I tried a NVIDEA card of another friend and the problems dont exist there. Its cracked immediately

The command:
hashcat64.exe -a 6 adminposs.txt ?d?d?d?s --stdout | hashcat64.exe -m 5500 admin.lc

If someone wants to investigate this I can send him adminposs.txt and admin.lc of course 
adminposs.txt includes all upper- and lovercase possibilities of SICHER1 admin.lc includes the NetLMV1 hash.

Greetings 
Marsupilami

hashcat 5.0.0 with Token length exception with sha1

November 19, 2018, 5:15 am
$
0
0
Hello

I was attempting (first time with hashcat) this:

Code:
$ echo "foo:$(echo bar | sha1sum | cut -d ' ' -f 1)" > test.txt
$ hashcat -m 100 -a 0 test.txt             
hashcat (v5.0.0) starting...

* Device #1: WARNING! Kernel exec timeout is not disabled.
             This may cause "CL_OUT_OF_RESOURCES" or related errors.
             To disable the timeout, see: https://hashcat.net/q/timeoutpatch
OpenCL Platform #1: NVIDIA Corporation
======================================
* Device #1: GeForce GTX 950, 492/1968 MB allocatable, 6MCU

Hashfile 'test.txt' on line 1 (foo:e2...ffccdf271b7fbaf34ed72d089537b42f): Token length exception
No hashes loaded.

Started: Mon Nov 19 14:14:05 2018
Stopped: Mon Nov 19 14:14:05 2018

No idea why my hash wouldn't be a valid hash. Looks valid:

Code:
$ cat test.txt
foo:e242ed3bffccdf271b7fbaf34ed72d089537b42f

What's hashcat really complaining about here?

IIS http digest

November 19, 2018, 8:31 am
$
0
0
Hello,
i am trying to crack a HTTP DIGEST capture i have done on my lan, between a client and a IIS webserver. 
this post specifically has helped to construct a well formed hash file
https://hashcat.net/forum/archive/index....-7054.html
so everything looks good, hashcat processes it, but i cannot crack the hash even when i specify the correct password explicitely.

can i post the hash here so someone can help me understand what i am doing wrong?
thxs

Unified list manager

November 19, 2018, 11:54 am
$
0
0
Hello there,

Can anyone tell me how to use Unified list manager to remove the saved hashes before : password . I have a few practice crack hashes list and I would like to save the found passwords. I did not realise at the time that I could have save the cracked hashes as plain.
Any info would be much appreciated thanks.

Kev

Retrieve SALT from VALUE and SHA256(value.salt)

November 19, 2018, 2:53 pm
$
0
0
Hi everyone, 

I am running out of idea, so I wanted to ask the community (having more experience, already face similar question and/or got some other approach to propose).

I am currently evaluating risk on an open source software 
* on which some token are encrypted with sha256($pass.$salt) store into database
* The salt have a 32 bytes length and stored on filesystem (out of database)
* The salt is uniq and used on all sha256($pass.$salt) (not a random salt per encryption stored with value in database)

The risk I am evaluating is the following
* a user have the ability to forge 1-N Token
* The user know the token (real) value (abcdefg12345) as example
* The user not known the salt (store on filesystem/secure) of application
* But if the user get the ability to make some SQL injection (to read the database), this user will get the ability to get 1-N tokenhashsalt value he generated store into database

Question
* Starting that point, there is certainly some facilities to recompute/brute force the SALT
sha256("abcdefg12345".$salt??????) => RESULTHASHSALT
* the ability to forge 1-N Token (ie. 1000 or more) could be also a facilities to end user/attacker to retreive the salt
is there a way to find/deducate the SALT ?

My Objective(s)
* check if I am right (implementation is weak, but fortunately the salt is quite long 32 byte for a sha256 that could make it more harder to find, but not impossible)
* demonstrate to developpers, they are wrong or could do it better
* evaluate how long it will take (ie. hour, day, week before the SALT be deducted); Starting that point (SALT) was deducated + DB of all HASHSALT value (we are going back to hashcat are regular mode)
* make them (dev) to make thing differently (ie. not a uniq salt, but some secure random salt per token encrypted)

All ideas, advice or suggestions are welcomed :Smile => retrieve SALT from VALUE and SHA256 (VALUE.SALT) with hashcat or other tool ?
Viewing all 8219 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>