Quantcast
Channel: hashcat Forum - All Forums
Viewing all 8218 articles
Browse latest View live

Issues running hashcat

January 25, 2019, 3:06 pm
$
0
0
Hi all,

When attempting to run the latest version of hashcat, I get:

* Device #1: This device's constant buffer size is too small.

* Device #1: This device's local mem size is too small.

No devices found/left.

The video card that I am using is  AMD Radeon R9 M370X 2048 MB

Any help would be greatly appreciated. Thanks!
Search

Kubuntu 18.10 Nvidia GTX 1050 OpenCL compatibility

January 25, 2019, 3:43 pm

Why doesn't the Example Hashes Match With the Hashes That I Extracted?

January 26, 2019, 2:36 am
$
0
0
Hi,

I am extracting the first 512 bytes of a VeraCrypt Volume using SHA512 + AES encryption (hash-mode=13721) locked with the password 'hashcat'; but when I compare the hash file that I extracted to the example hash-file on the Wiki page, I can see that they are different. According to the instructions, they should not be different.

The code I am executing to extract the hashes is as follows;
Code:
dd if=C:\Users\Hyper\Desktop\add of=C:\Users\Hyper\Desktop\hash.vc bs=512 count=1

I could not understand why the hashes differ.

Thank you

manipulating wordlists + incriments

January 27, 2019, 8:23 am
$
0
0
Hello! Day one hashcat human thing here!

So trying to get my head around mask and I understand now the brute force or -a 3 is actually a mask attack. Anyways I'm trying to test something. Say I know the winning password contains a keyword from lets say top gun.

How can I take a list of words lets say "Plane, Missle, Air" and automate trying "5545Plane" and then "plane1992" or "planeAir2" and then "90AirMissle" Would this be possible ?

Second question is about increments. if I just use -I and go ?d?d?d the increments will only be in numbers is there a code I can have it increment in with "a (Alpha Numeric) Instead

Thank you Smile

Cracking a Truecrypt Container

January 27, 2019, 12:04 pm
$
0
0
Is it possible to crack the Truecrypt Container password ?

The encryption method was  AES-Twofish-Serpent SHA 512
and the password length was 32 characters with words in different languages, letters, numbers and special characters.
 
Can I recover my password with  hashcat ?
If yes which options do I have to specify?

Help with cracking krb5tgs hash

January 27, 2019, 2:50 pm
$
0
0
Hi all,

When I have tried cracking the krb5tgs hash using -m 13100, I get token length exception. 

What does this exception mean? Is there a possibility that the hashes are bad?

Correct way to hash and crack PMKID and benchmark

January 28, 2019, 12:43 pm
$
0
0
Hello guys

Please tell me if this if the wrong forum -> first post.

I am writing a scientific paper for my University (TUM) about the PMKID attack [https://hashcat.net/forum/thread-7717.html]. My paper goes quite in depth about the attack and I would like some input if my thoughts are correct.

As far as I understand:
The 802.11i-2004 standard states that PMKID = HMAC-SHA1-128(PMK, "PMK Name" || MAC_AP || MAC_STA), where the PMK is the password for the WPA/WPA2 PSK network. 

And that hcxpcaptool extracts the PMKID to <PMKID>⁎<MAC_AP>⁎<MAC_Station>⁎<ESSID>, where <PMKID> is the hashed form of the password or PMK. 

hashcat then inserts the chosen PMK/password from a dictionary/password list into HMAC-SHA1-128(<1. password>, "[b]<1. password>" || MAC_AP || MAC_STA) [/b]and from there check if the calculated PMKID equals the PMKID received from the AP. If it does not match, retry with the next password. I would like your thoughts if I am on the correct track or completely off.

I further see that the PMKID is cracked with hash type WPA-PMKID-PBKDF2 which is a network protocol. Can anyone tell me if this protocol or how you can look at it uses HMAC-SHA1-128 to hash a PMKID as stated in the previous paragraph? 

As far I have seen there is no documentation on how the PMKID is actually cracked and that is why I am asking in this forum.

My last question is about the benchmark function in hashcat. The results from the benchmark show how many passwords to hash conversions are done per second (H/s). This is normal when cracking in a high-end rig, but the goal of the attack is to crack the PMKID in a laptop, which does not pack that much power. In this case, the hash mode 16801 is used which need a premade hashed password list.

My question and wondering here is if H/s is still valid because passwords are not hashed, but only checked against each other, meaning faster checking time. I would think that H/s is not valid, because there is no hashing, but only simply string checking taking place.

Cheers and thanks for replies!

Cracking foreign words/characters

January 28, 2019, 5:00 pm
$
0
0
Should be said i am new to this so maybe i have missed something obvious, anyway;

Root problem:
Need to be able to crack hashes in Swedish.

What have been done:

studies...
Hash Crack Password Cracking Manual (book)
https://hashcat.net/wiki/doku.php?id=fre...arabic_etc
https://hashcat.net/wiki/doku.php?id=mas...rset_files
https://hashcat.net/wiki/doku.php?id=mas...m_charsets
https://blog.bitcrack.net/2013/09/cracki...guage.html
https://www.netmux.com/blog/ultimate-gui...-using-has

What have been tested among many other things:
created hash.txt with MD5 hashes of word "test" and the Swedish chars å, ä, ö, along with few common words that makes use of these letters, like elk -> "älg", moon -> "måne" and so on.

hashcat64.exe --potfile-disable -m 0 -o ../hashes/md5test/output.txt ../hashes/md5test/hash.txt -a 3 -1 ?l?uåäöÅÄÖéÉ ?1?1?1?1 --increment -O (didn't solve anything at all, 0 cracked hashes)

hashcat64 --potfile-disable -m 0 -a 3 ../hashes/md5test/hash.txt --hex-charset -1 c3 -2 a0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebf -i ?1?2?1?2?1?2?1?2 --outfile-autohex-disable --outfile ../hashes/md5test/output.txt (did only solve the single letters of å,ä,ö as expected)

hashcat64.exe --potfile-disable -m 0 -o ../hashes/md5test/output.txt ../hashes/md5test/hash.txt -a 3 -1 charsets/standard/Swedish/se-SE_cp1252.hcchr ?1?1?1?1 --increment -O
created a cp1252.hcchr file to include €ÉéÅåÄäÖö but gave me 0 results

hashcat64.exe --potfile-disable -m 0 -o ../hashes/md5test/output.txt ../hashes/md5test/hash.txt -a 3 -1 ?l?u -2 charsets/standard/Swedish/se-SE_cp1252.hcchr -3 ?1?2 ?3?3?3?3 --increment -O
(This one only found the test password and none of my å,ä,ö)


Problem arise from here...
All guides and references use only the characters in the hex-charset but (in my current world) I cant combine the first part of the ascii tables (00 20-7e) with my c3 80-bf range to only make up one of the possible chars to try.

I have probably missed something painfully obvious here so please a few pointers would be nice...
Search

Worked once and didnt work immediately after

January 28, 2019, 6:27 pm
$
0
0
Hey everyone, im new to hashcat and am using it for a computer science project. I got it to work one time, but then immediately after it did not work. Can anyone tell me if im doing something wrong, or if its just software or hardware issues? Attatched are some screemshots of my command prompt.

.png   cracked.PNG (Size: 84.09 KB / Downloads: 2)

.png   notcracked.PNG (Size: 144.2 KB / Downloads: 1)

complex password alternation

January 29, 2019, 5:44 am
$
0
0
Hi

I am trying to recover a lost rar PW. I have never used hashcat before and I dont know if I will be able to do what I am intending to do.
- The password is quite long, about 25 characters. I do know the first part, about 20 characters
- the PW is lowercase, except a maximum of 2 characters
- a maximum of 2 characters may be l33t (only: a-@ e-3 i-1 o-0 s-5 g-6)
- the password may be followed by a max 5 digit number
- the whole thing may be followed by a special character (!$&@)

if I can get hashcat to consider these limitation and do a recovery with about 5000pw/s, it should take less than a week.
Can anyone help me with this?

OpenCl kernel self-test failed when using any version later than v4.2.1 !!

January 29, 2019, 2:20 pm
$
0
0
[Image: unknown.png?width=679&height=548]
i Get OpenCl kernel self-test failed   and when i use  --self-test-disable   it just works but  whatever the password is found or not it says Exhausted  after trying all the passwords in the queue
.................... although the intel cpu and gpu gets the correct password 
the commend i use is  ( hashcat v5.1.0 )

hashcat64.exe -a 0 --session=2019-01-29 -m 2500 -w 3 --force --status --status-timer=60 --potfile-disable -p : -d 3 --self-test-disable --hwmon-temp-abort=90 -o "C:\0.txt" --outfile-format=3 "C:\Users\123\Downloads\wifiB3381C.hccapx" "E:\ccc.txt"
https://ibb.co/19LSt8M
although it does the full wordlist it still says Exhausted ...
then i tried this commend
hashcat64.exe -a 0 --session=2019-01-29 -m 2500 -w 3 -D 1 --force --status --status-timer=60 --potfile-disable -p : --self-test-disable --hwmon-temp-abort=90 -o "C:\0.txt" --outfile-format=3 "C:\Users\123\Downloads\wifiB3381C.hccapx" "E:\ccc.txt"
https://i.ibb.co/HBVF39c/cracked.png
and it worked just fine and got the password ..... what would the problem be ?
https://i.ibb.co/Ttqb9Sn/open-CL-info.png
...........................................................................

Ryzen + RX 580 only one device working

January 30, 2019, 7:58 am
$
0
0
Hi,

I'm testing a new system with Ryzen 1700x and a RX 580 GPU on a The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali) Linux with kernel 4.18 (anyone has info on rocm realease date for compatibility with 4.19?), after installing rocm i tested hashcat. It finds two device: #1 the Ryzen and #2 the GPU, if I run hashcat with as root only #2 is used (220kh/s for -m 16800, around 10% lower than what I saw onlne) for hash cracking, if I run as user only the #1.

What's going on?

Thanks for help.

why Hybrid mask +dict is so fucking slow !!

January 30, 2019, 5:07 pm
$
0
0
i used 
hashcat -m 2500 example.hccapx -a 7 Cat goodlist.dict 

then the speed turned down from 40 Kh/s to 300 h/s 

why is that ??!! 
the -a 6 works fine but this one doesn't !!
i have added the word Cat to the start of every line at the dict and tried it with -a 0 and there is no prob wit it !!

Combining a custom hex charset with the standard charsets

January 31, 2019, 8:10 am
$
0
0
Hi,

I am trying to learn how to crack hashes of words containing the Swedish characters "åäöÅÄÖ". Using this forum I have found most pieces of the puzzle. I have successfully worked myself up from cracking a single Swedish character using a custom hex charset to cracking the word/name "Älvsjö" which contains regular letters combined with two Swedish characters in known positions. The problem is that I so far have not been able to figure out how to crack the same word/name "Älvsjö" when I pretend that the positions and numbers of the Swedish characters are unknown.

I learned how to create the custom hex charset from another post here. I started with getting the hex values using this tool. They are:

å = c3a5 
ä = c3a4 
ö = c3b6 
Å = c385 
Ä = c384 
Ö = c396

From that I conclude that the custom hex charset I need is "-1 c3 -2 a5a4b6858496".

I also hashed "Älvsjö" using the this MD5 tool and the output is "3454a37f3585a38f2816c1fd4247f2b0".

So, in the scenario where I know the positions of the two Swedish characters the Hashcat command becomes "hashcat64.exe 3454a37f3585a38f2816c1fd4247f2b0 -m 0 --hex-charset -1 c3 -2 a5a4b6858496 -a 3 ?1?2?a?a?a?a?1?2 -O". This works. 

To the problem. To crack the same MD5 hash "3454a37f3585a38f2816c1fd4247f2b0" pretending to not know how many Swedish characters and the positions of them I somehow need to test both the custom hex charset and the standard charset "?a" for every position in the assumed length of the hashed word. I need to nestle the charsets or similar...

What am I doing wrong? How would the mask look? If I need to change the custom hex charset, to what do I change it too? Is there a better approach to this? 

I am using Hashcat version 5.1.0.

Thanks for your help!

Not a native Intel OpenCL runtime

February 1, 2019, 1:15 am
$
0
0
Good morning,

I installed the necessary drivers and software explained in www.hashcat.net/faq/wrongdriver for my NVIDIA K1200 graphic card.
Everything went well. When I type the command "hashcat --benchmark" I'm shown following answer:
"* Device #1: Not a native Intel OpenCL runtime. Expect massive speed loss.
             You can use --force to override, but do not report related errors."
Is there anybody who can tell me what's wrong there?

TIA
Best regards
Miksch
Search

increase maximum password length supported by kernel

February 2, 2019, 4:39 am
$
0
0
Hi to all
i am trying to use hashcat in brute force mode to LM and nt hashes with no results
i need a maximum length of characters ->15 with all combinations letters,digits and special characters.
 
in the begining of all commands i am taking :
Minimum password length supported by kernel: 0
Maximum password length supported by kernel: 7
i tried
Code:
hashcat -m 3000 -a 3 -1 ?l?d?s?u -2 ?l?d?s?u ?1?1?1?1?1?1?1?1?1?1?1?1?1?1  hashes.txt
zsh: no matches found: ?l?d?s?u

Code:
hashcat -m 3000 -a 3 hashes.txt nsa.hcmask
and taking
Quote:Skipping mask '?l?l?l?l?l?l?l?l?l' because it is larger than the maximum password length.



i am running 64bit linux with gtx 970, fx8350 and  24gb ram

i need to make 6number dic list

February 2, 2019, 9:39 am
$
0
0
i need to make wordlist dic
from 6 digit numbers 
start from 000000 to 999999
and save it with crunch to text 
i try but give me like this 
000000000001000002000003
i need them  

000001
000002
000003


can any one give me the right methode

new user in need of help with command line

February 2, 2019, 1:56 pm
$
0
0
Hi fellow hashcat users

I've just discovered hashcat, so i come here to get a little bit of help getting this nice tool up and running.

Im trying to solve a BTC puzzle https://bitcointalk.org/index.php?topic=5096267.0 and have made a some txt files with Camel case words, 32 charaters in length, this is plain text.

The correct password, has this hex value of hash160 "0129e842a3d00363fa818d3fde2b2f0879159801"

Is there any way for hashcat to run through my txt files matching them against that hex value of the hash160 value?
I've looked through the --help parameter, but im stunned with all those options, and i really don't know if this is even possible at all...

Thanks in advance Smile

Help with pbkdf2_hmac_'sha512' hashes

February 2, 2019, 6:18 pm
$
0
0
I'm a complete newbie and I'm trying to crack hashes created with this python script:

Code:
import hashlib
import binascii

password = input('Give a password to hash: ')
salt = b"2213dcd3820c18c559cc389c8bd22e6b3b0b3f410f01ecf1aac95faf1716e169"
pwdhash = hashlib.pbkdf2_hmac('sha512', password('utf-8'),
                               salt, 100000)
pwdhash = binascii.hexlify(pwdhash)
print((salt + pwdhash).decode('ascii'))

Inputting "foobar" into this script gives this string:
2213dcd3820c18c559cc389c8bd22e6b3b0b3f410f01ecf1aac95faf1716e169efee941dfcde93b0d550998db85b9773ca0a2e7f2ef59e9a4b1f1b630e7797437bfd7846cfef6e50d440c8e1e633bd4cc8a5381292e9221a1dd40fe77cc4b04b

Trying to crack it I wrote this python script to put hashes like this into the right format for hashcat:

Code:
import base64

with open("passwords.hash") as f:
   content = f.readlines()
content = [x.strip() for x in content]

f = open("passwords2.hashes", "a")
for hashes in content:
   beginning = "sha512:100000:"
   salt = hashes[:64].decode("hex").encode("base64")+":"
   password = hashes[64:].decode("hex").encode("base64")
   hashCatFormat = (beginning+salt+password).replace("\n","")
   f.write(hashCatFormat+"\n")

which turns the hash for foobar into:
sha512:100000:IhPc04IMGMVZzDici9IuazsLP0EPAezxqslfrxcW4Wk=:7+6UHfzek7DVUJmNuFuXc8oKLn8u9Z6aSx8bYw53l0N7/XhGz+9uUNRAyOHmM71MyKU4EpLpIhod1A/nfMSwSw==


I then created a textfile foo.txt which just reads "foobar" .

Unfortunately running:
$hashcat -m 12100 -a 0 -o cracked.txt passwords2.hash foo.txt

does not recover the example hash. What am I doing wrong?

Cannot see crakced password

February 2, 2019, 10:18 pm
$
0
0
I captured a WPA2 handshake yesterday but my 20GB wordlist failed to crack it. So, I bruteforced it overnight and it showed me "cracked" in the morning. But when I checked .potfile, it was blank where the password was supposed to be.

Here it is:

Code:
7fc7dc9ead39dd6e8fd42e021855f83d:50642b652fe8:60f677926ec2:Aphrodite:reindeer33
01e8137a39fc5d000a1b4a4d9de42fad:f4f26d2be57c:103047525977:Ashraf:ashraf32
1414555ddcae115ba83708435959eb24:c025e9b4a406:48fcb6ed33ac:sabina:          

The first two lines are previous WPA2 I cracked, the third one is giving me issues. I bruteforced it again with --show attribute but the same problem occurred.
Viewing all 8218 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>