A couple of Qs

April 3, 2019, 1:55 am

≫ Next: Vega64 clCreateCommandQueue(): CL_OUT_OF_HOST_MEMORY

≪ Previous: Mask Attacks with Mask File and Custom Charset

$

0

0

1. Windows or Ubuntu - Which platform suits Hashcat best?

2. Does Hashcat utilize the GPU on the newest Radeon Adrenalin version of the Win drivers?

3. Is there any guide for which order the setup and libs for Linux should be installed?

---

Vega64 clCreateCommandQueue(): CL_OUT_OF_HOST_MEMORY

April 4, 2019, 12:25 am

≫ Next: What am I doing wrong here?

≪ Previous: A couple of Qs

$

0

0

Have a Vega64, im sure it has worked in the past, but now presents the following error - 



c:\hashcat-5.1.0>example400.cmd

c:\hashcat-5.1.0>type example.dict   | hashcat64.exe -m 400 example400.hash
hashcat (v5.1.0) starting...

OpenCL Platform #1: Advanced Micro Devices, Inc.
================================================
* Device #1: gfx900, 4048/8176 MB allocatable, 64MCU

OpenCL Platform #2: Advanced Micro Devices, Inc.
================================================
* Device #2: gfx900, 4048/8176 MB allocatable, 64MCU

Hashes: 1 digests; 1 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates
Rules: 1

Applicable optimizers:
* Zero-Byte
* Single-Hash
* Single-Salt

Minimum password length supported by kernel: 0
Maximum password length supported by kernel: 256

ATTENTION! Pure (unoptimized) OpenCL kernels selected.
This enables cracking passwords and salts > length 32 but for the price of drastically reduced performance.
If you want to switch to optimized OpenCL kernels, append -O to your commandline.

Watchdog: Temperature abort trigger set to 90c

clCreateCommandQueue(): CL_OUT_OF_HOST_MEMORY

Started: Thu Apr 04 20:20:28 2019
Stopped: Thu Apr 04 20:20:30 2019
The process tried to write to a nonexistent pipe.

c:\hashcat-5.1.0>pause
Press any key to continue . . .

c:\hashcat-5.1.0>example500.cmd

c:\hashcat-5.1.0>hashcat64.exe -m 500 example500.hash example.dict
hashcat (v5.1.0) starting...

OpenCL Platform #1: Advanced Micro Devices, Inc.
================================================
* Device #1: gfx900, 4048/8176 MB allocatable, 64MCU

OpenCL Platform #2: Advanced Micro Devices, Inc.
================================================
* Device #2: gfx900, 4048/8176 MB allocatable, 64MCU

Hashes: 1 digests; 1 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates
Rules: 1

Applicable optimizers:
* Zero-Byte
* Single-Hash
* Single-Salt

Minimum password length supported by kernel: 0
Maximum password length supported by kernel: 256

ATTENTION! Pure (unoptimized) OpenCL kernels selected.
This enables cracking passwords and salts > length 32 but for the price of drastically reduced performance.
If you want to switch to optimized OpenCL kernels, append -O to your commandline.

Watchdog: Temperature abort trigger set to 90c

clCreateCommandQueue(): CL_OUT_OF_HOST_MEMORY

Started: Thu Apr 04 20:20:43 2019
Stopped: Thu Apr 04 20:20:53 2019

c:\hashcat-5.1.0>pause
Press any key to continue . . .

c:\hashcat-5.1.0>example0.cmd

c:\hashcat-5.1.0>hashcat64.exe -t 32 -a 7 example0.hash ?a?a?a?a example.dict
hashcat (v5.1.0) starting...

OpenCL Platform #1: Advanced Micro Devices, Inc.
================================================
* Device #1: gfx900, 4048/8176 MB allocatable, 64MCU

OpenCL Platform #2: Advanced Micro Devices, Inc.
================================================
* Device #2: gfx900, 4048/8176 MB allocatable, 64MCU

Dictionary cache hit:
* Filename..: example.dict
* Passwords.: 128416
* Bytes.....: 1069601
* Keyspace..: 128416

Hashes: 6494 digests; 6494 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates

Applicable optimizers:
* Zero-Byte
* Early-Skip
* Not-Salted
* Not-Iterated
* Single-Salt
* Raw-Hash

Minimum password length supported by kernel: 0
Maximum password length supported by kernel: 256

ATTENTION! Pure (unoptimized) OpenCL kernels selected.
This enables cracking passwords and salts > length 32 but for the price of drastically reduced performance.
If you want to switch to optimized OpenCL kernels, append -O to your commandline.

Watchdog: Temperature abort trigger set to 90c

INFO: Removed 54 hashes found in potfile.

clCreateCommandQueue(): CL_OUT_OF_HOST_MEMORY

Started: Thu Apr 04 20:21:07 2019
Stopped: Thu Apr 04 20:21:10 2019

c:\hashcat-5.1.0>pause

What am I doing wrong here?

April 4, 2019, 10:28 am

≫ Next: 4-Way Handshake vs PMKID

≪ Previous: Vega64 clCreateCommandQueue(): CL_OUT_OF_HOST_MEMORY

$

0

0

I have managed to run Hashcat with a MASKS file.
But the output shows something strange at the "Guess charset" line.
I wanted to use uppercase and digits, but there are some chars missing in what's listed.

Here's a screenshot of the output.

http://i64.tinypic.com/ip7alx.jpg

4-Way Handshake vs PMKID

April 5, 2019, 6:43 am

≫ Next: A couple of noob questions about the GUI version.

≪ Previous: What am I doing wrong here?

$

0

0

Hello community !

I am trying to compare these two attacks and I am analysing which packets are intercepted by the Wireshark tool and how these packets are created. 

For the 4-Way handshake I understand this:
First there is a value called PMK. (PMK=PBKDF2(PASSPHRASE, SSID, 4096,32)).
PTK is derived from PMK as follows: 
PTK=PRF512(PMK,"Pairwise key expansion",min(APmac,Clientmac)+max(APmac,Clientmac)+min(ANonce,SNonce)+max(ANonce,SNonce)

The PTK will generate an intercepted value by Wireshark called MIC (MIC=HMAC(PTK[0:16],data)). This packet will be used by Hashcat to crack the password.

For the PMKID I understand this: 
First there is a value called PMK (calculated the same way that in the previous attack)
This packet will generate the PMKID (PMKID=HMAC-SHA1(PMK,"PMK Name", MAC_AP,MAC_STA)).

I did both of them using Hashcat and the computation time to crack the password was the same for both. What I don't understand is how is it possible to have the same computation time, if cracking the 4-way handshake performs more hash calculations (PMK-PTK-MIC) than for the PMKID (PMK-PMKID).

A couple of noob questions about the GUI version.

April 5, 2019, 10:11 am

≫ Next: Toogle case generator problem

≪ Previous: 4-Way Handshake vs PMKID

$

0

0

I've searched the forums, and haven't come up with an exact answer to either of these:

1.) How do I add a rule to the Combinator attack in the box in GUI?  Just typing in ?a like the Wiki says to do for command line doesn't do anything.  Is there syntax beyond that?

2.) I have a pretty low-end laptop, but it does have its own dedicated GPU, a GTX 1050.  Hashcat deliberately ignores this (it tells me it's skipping Device 2) in favor of the CPU.  Is this for the best, or should I be forcing it somehow to also (or only) use the GPU?

3.) Is it possible to do a three wordlist combination?  I figure probably not, and I should just generate them with a wordlist combiner, but thought I'd ask.

Thanks for the help with these very basic questions.

Toogle case generator problem

April 5, 2019, 12:25 pm

≫ Next: Blockchain second pass decrypt error

≪ Previous: A couple of noob questions about the GUI version.

$

0

0

This generator is working for 14 characters long
https://github.com/DidierStevens/DidierS...e-rules.py
https://blog.didierstevens.com/2016/07/1...gle-rules/

But I need to generate for 20 characters.
When I run for 20 character hashcat is skipping:

"Skipping invalid or unsupported rule in file 20updown.rule on line 17: T10"
"Skipping invalid or unsupported rule in file 20updown.rule on line 1048575: T0T1T2T3T4T5T6T7T8T9TATBTCTDTETFT10T11T12T13"

Blockchain second pass decrypt error

April 5, 2019, 2:34 pm

≫ Next: Hashcat self-destructs (Windows)

≪ Previous: Toogle case generator problem

$

0

0

Hello, I try to convert my wallet.aes.json to base64 via a btcrecover script in order to pick up a second password, but I get an error that I enter the wrong password, I encounter this problem a second time, the password is specified exactly, the hashcut finds password from this wallet. What could be the problem? Why can't the script convert the wallet so that I can put it on brute -m 18800?

https://i.ibb.co/Pms7vn1/image.png

Hashcat self-destructs (Windows)

April 6, 2019, 8:00 am

≫ Next: Is this another AMD opencl issue with linux?

≪ Previous: Blockchain second pass decrypt error

$

0

0

No shit.
Now and then the hashcat.exe shows up as a file of 0 bytes, and (of course) cannot be run.
I have to extract a new file from the archive.

Any ideas?

---

Is this another AMD opencl issue with linux?

April 6, 2019, 8:29 am

≫ Next: Old (2009) Bitcoin Core wallet hash problem

≪ Previous: Hashcat self-destructs (Windows)

$

0

0

I've installed the AMD drivers for opencl as shown below by Device #1 showing my CPU.
I've also downloaded and compiled several of the lasted betas and get the same result.
I managed to get open cl running on my windows 10 box for both gpu and cpu but not here with debian 9.8 linux.
What am I missing on the linux install that is not obvious to me?
It does this for any hash type (-m xxxxxx) I try.
Any thoughts and assistance would be appreciated.

The command line I used is the following:
hashcat -m 100 -b -D1,2

OpenCL Platform #1: Advanced Micro Devices, Inc.
================================================
* Device #1: AMD FX(tm)-6300 Six-Core Processor, 4002/16008 MB allocatable, 6MCU

OpenCL Platform #2: NVIDIA Corporation
======================================
* Device #2: GeForce GTX 960, 500/2001 MB allocatable, 8MCU
* Device #3: GeForce GTX 960, 500/2002 MB allocatable, 8MCU

Benchmark relevant options:
===========================
* --opencl-device-types=1,2
* --optimized-kernel-enable

Hashmode: 100 - SHA1

clBuildProgram(): CL_BUILD_PROGRAM_FAILURE

Internal error: Compilation init failed.
* Device #1: Kernel /usr/local/share/hashcat/OpenCL/m00100_a3-optimized.cl build failed - proceeding without this device.

Speed.#2.........:  2366.4 MH/s (56.62ms) @ Accel:1024 Loops:512 Thr:32 Vec:1
Speed.#3.........:  2327.4 MH/s (57.57ms) @ Accel:1024 Loops:512 Thr:32 Vec:1
Speed.#*.........:  4693.9 MH/s

Old (2009) Bitcoin Core wallet hash problem

April 6, 2019, 12:05 pm

≫ Next: PBKDF2 and SHA-1 question

≪ Previous: Is this another AMD opencl issue with linux?

$

0

0

Got token length exception on the hash which is extracted from the wallet file with JTR. Wallet is pre 0.6

Address seems uncompressed and i tried to change the hash by ku method discussed here https://hashcat.net/forum/thread-4419-page-2.html  but still got error from hashcat, anyone have a clue how to extract a hash from a btc wallet generated first half of 2009 (the btc was mined, no outs/ins)?

Got another wallet from mid 2009 and the method above works.

PBKDF2 and SHA-1 question

April 6, 2019, 1:49 pm

≫ Next: sagitta.pw, is it legit?

≪ Previous: Old (2009) Bitcoin Core wallet hash problem

$

0

0

Hi,

Could you please help me sort out how to properly compute PMKID?

I recorded the hash with hcxdumptool and converted with hcxpcaptool. I have a code that computes SHA-1 hash as a function of key (char) and message (char). I want to calculate PMKID (the first string in the file) using the SHA-1 code.

This thread https://hashcat.net/forum/thread-7717.html says that 
1) PMKID = HMAC-SHA1-128(PMK, "PMK Name" | MAC_AP | MAC_STA)
2) PMK= PBKDF2(HMAC−SHA1, passphrase, ssid, 4096, 256)

Should I compute PMK by iterating SHA-1 calculation 4096 times? How do I choose the block size? What is ssid? Is it ESSID of the AP? Should the ssid input be converted to HEX? Also, the output of SHA-1 is 40 hex digits long. How do I make it 256 bytes long?

For the PMKID calculation, do I use PMK in hex as input? What is the second argument? 

Thanks.

sagitta.pw, is it legit?

March 30, 2019, 6:18 pm

≫ Next: Low performance

≪ Previous: PBKDF2 and SHA-1 question

$

0

0

I'm interested but I wonder why it's not available to everyone?

Low performance

April 8, 2019, 11:42 am

≫ Next: Wordlist With mask hybrid Help.

≪ Previous: sagitta.pw, is it legit?

$

0

0

I'm running a single RTX 2080 and getting ~1k MH/s on MD5 even though benchmark is at ~38k.
I'm running ubuntu 18.04, nvidia drivers were installed according to wiki, i've tried -w 3, --force, -0 without any results. The day before i was running the same cotmmand and it worked at full speed. What could cause the problem? Here's my output:

Code:

vox@ubuntu:~$ sudo hashcat -a 0 -m 0 ~/Documents/HASH1/Res_MD5_1.txt ~/MEGAsync\ Downloads/weakpass_no_dubles.txt -r ~/password_cracking_rules/OneRuleToRuleThemAll.rule
hashcat (v4.0.1) starting...

* Device #2: Not a native Intel OpenCL runtime. Expect massive speed loss.
             You can use --force to override, but do not report related errors.
OpenCL Platform #1: NVIDIA Corporation
======================================
* Device #1: GeForce RTX 2080, 1988/7952 MB allocatable, 46MCU

OpenCL Platform #2: The pocl project
====================================
* Device #2: pthread-Intel(R) Core(TM) i5-8400 CPU @ 2.80GHz, skipped.

Hashes: 208826 digests; 203474 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates
Rules: 51995

Applicable optimizers:
* Zero-Byte
* Early-Skip
* Not-Salted
* Not-Iterated
* Single-Salt
* Raw-Hash

Password length minimum: 0
Password length maximum: 256

ATTENTION! Pure (unoptimized) OpenCL kernels selected.
This enables cracking passwords and salts > length 32 but for the price of drastical reduced performance.
If you want to switch to optimized OpenCL kernels, append -O to your commandline.

Watchdog: Temperature abort trigger set to 90c
Watchdog: Temperature retain trigger disabled.

INFO: Removed 1666 hashes found in potfile.

* Device #1: build_opts '-I /usr/share/hashcat/OpenCL -D VENDOR_ID=32 -D CUDA_ARCH=705 -D AMD_ROCM=0 -D VECT_SIZE=1 -D DEVICE_TYPE=4 -D DGST_R0=0 -D DGST_R1=3 -D DGST_R2=2 -D DGST_R3=1 -D DGST_ELEM=4 -D KERN_TYPE=0 -D _unroll'
Dictionary cache hit:
* Filename..: /home/vox/MEGAsync Downloads/weakpass_no_dubles.txt
* Passwords.: 8653507966
* Bytes.....: 105044799160
* Keyspace..: 449939146692170

- Device #1: autotuned kernel-accel to 64                 
- Device #1: autotuned kernel-loops to 128
[s]tatus [p]ause [r]esume [b]ypass [c]heckpoint [q]uit => [s]tatus [p]ause [r]esCracking performance lower than expected?                 

* Append -O to the commandline.
  This lowers the maximum supported password- and salt-length (typically down to 32).

* Append -w 3 to the commandline.
  This can cause your screen to lag.

* Update your OpenCL runtime / driver the right way:
  https://hashcat.net/faq/wrongdriver

* Create more work items to make use of your parallelization power:
  https://hashcat.net/faq/morework

[s]tatus [p]ause [r]esume [b]ypass [c]heckpoint [q]uit => s

Session..........: hashcat
Status...........: Running
Hash.Type........: MD5
Hash.Target......: /home/root/Documents/HASH1/Res_MD5_1.txt
Time.Started.....: Mon Apr  8 14:18:18 2019 (1 min, 24 secs)
Time.Estimated...: Sat Apr 13 21:57:35 2019 (5 days, 7 hours)
Guess.Base.......: File (/home/root/MEGAsync Downloads/weakpass_no_dubles.txt)
Guess.Mod........: Rules (/home/root/password_cracking_rules/OneRuleToRuleThemAll.rule)
Guess.Queue......: 1/1 (100.00%)
Speed.Dev.#1.....:   979.1 MH/s (12.14ms)
Recovered........: 1666/203474 (0.82%) Digests, 0/1 (0.00%) Salts
Recovered/Time...: CUR:0,N/A,N/A AVG:0,0,0 (Min,Hour,Day)
Progress.........: 81544937472/449939146692170 (0.02%)
Rejected.........: 0/81544937472 (0.00%)
Restore.Point....: 1507328/8653507966 (0.02%)
Candidates.#1....: clydegwendoly0215 -> peacekamilisidoretapi
HWMon.Dev.#1.....: Temp: 56c Fan: 41% Util: 98% Core:1905MHz Mem:6800MHz Bus:16

Wordlist With mask hybrid Help.

April 10, 2019, 3:33 am

≫ Next: Where's potfile?

≪ Previous: Low performance

$

0

0

Not sure if im in the right forum, But all the others seem to be closed.

I have burned out all my wordlists on a .hccapx file and i now wish to go the HYBRID MASK + WORDLIST route

Could someebody tell me how i can use hashcat to do the follwing to my wordlist when i run them.

1. Change the 1st letter to a CAPITAL letter 
2. add a run of 0-1000 on the end of the wordlist..

how would i code hashcat to do this.

thanks for any help.

Where's potfile?

April 10, 2019, 7:47 am

≫ Next: Is this a known and implemented algo?

≪ Previous: Wordlist With mask hybrid Help.

$

0

0

Where's can i find pot file on ubuntu?

---

Is this a known and implemented algo?

April 10, 2019, 4:59 pm

≫ Next: No hashes found when cracking hccapx file

≪ Previous: Where's potfile?

$

0

0

I found such algo that cracks ESET client passwords
https://github.com/LFriede/eset-password...r/algo.pas


I was wondering if that's a known algorithm and perhaps already implemented in hashcat? If not, where do we submit requests?

No hashes found when cracking hccapx file

April 11, 2019, 8:30 pm

≫ Next: Double Sha256 Algorithm

≪ Previous: Is this a known and implemented algo?

$

0

0

I'm receiving this error of no hashes loaded when trying to crack a hccapx file. I've looked around but haven't found much to resolve this issue. 


~$ hashcat -m 2500 capture.hccapx rockyou.txt
hashcat (v4.2.1) starting...

OpenCL Platform #1: Apple
=========================
* Device #1: Intel(R) Core(TM) i5-6360U CPU @ 2.00GHz, skipped.
* Device #2: Intel(R) Iris(TM) Graphics 540, 384/1536 MB allocatable, 48MCU

No hashes loaded.

Started: Thu Apr 11 22:27:39 2019
Stopped: Thu Apr 11 22:27:39 2019

Double Sha256 Algorithm

April 12, 2019, 12:14 am

≫ Next: dictionary cache slow at building hashcat

≪ Previous: No hashes found when cracking hccapx file

$

0

0

Hi there, 

my hash function is sha256(sha256($content)), is there any way to support this method? 
My dict size is quite small (52^(4 ~ 6) * 10000), is it possible to crack in less than 10 secs?

dictionary cache slow at building hashcat

April 12, 2019, 5:40 am

≫ Next: A couple of Qs about PMK

≪ Previous: Double Sha256 Algorithm

$

0

0

Hello there,
Can someone please explain why it take a long time to build dictionary cache. Weakpasses takes about 10mins or just stops?  Pc is I7 8th gen 16gig memory Nvidia 1080 strix card and ssd. Cheers Kev

A couple of Qs about PMK

April 12, 2019, 1:46 pm

≫ Next: Asus ROG Strix GTX 1070 does not work

≪ Previous: dictionary cache slow at building hashcat

$

0

0

I have been reading about PMKs, and how to capture, extract...etc....
That part is no problem.

But then the guide listed this:
We can now proceed cracking the bettercap-wifi.handshake.pmkid  file so generated by using algorithm number 16800:
/path/to/hashcat -m16800 -a3 -w3 bettercap-wifi-handshakes.pmkid '?d?d?d?d?d?d?d?d'

Now I started to wonder:
1. How do we know (in this example) that the passkey consists of 8 digits?
2. Is there any way to obtain (from the PMKID) any clue about what mask to set?