hashcat mask attack

May 25, 2019, 6:45 pm

≫ Next: Hashcat Brain

≪ Previous: Atoms client-less WPA-attack if PSK not in dict

$

0

0

hi i need your help to make a mask for a 12 character password with Uppercase Hex and digits but the thing is i know there is 4 digits in that password so 8 uppercase Hex
my question is how can u make the positions randomized?

---

Hashcat Brain

May 26, 2019, 2:40 am

≫ Next: Excel 2016 Workbook Hash

≪ Previous: hashcat mask attack

$

0

0

Does brain remember everything that has been attempted?

For example if I run a dictionary attack, and then run a bruteforce attack with rules with overlapping candidates, would those candidates be skipped?

If I ran a dictionary attack, then removed 50% of the contents of the dictionary and re-ran, would 100% be rejected?

Excel 2016 Workbook Hash

May 27, 2019, 10:17 am

≫ Next: nano syntax highlighting masks

≪ Previous: Hashcat Brain

$

0

0

Hi All
I am trying to extract the hash of a Excel2016 protected workbook its just the workbook that is protected not the whole file , this is just an experiment, I am aware of the zip file xml hack to remove the password but I want to try crack it .

I can extract this out of the file password is 123 .

workbookHashValue="KcknURoaCLxQ/KluZQvA+wLN2qgMGhJNclwqIEQy/ykvbMa+1Mzg/HjizqtFd4/Sb1f4jzNN3tWa0aw/nv09Q=="
workbookSaltValue="YIx5Emn5O3+V5fXq235zZA=="
workbookSpinCount="100000"

What I can gather from the file is it is a SHA512 with Salt and 100000 rolls.
Is there a way I can convert this to a hashcat format ?
It appears as if the Hash and Salt are encoded in some way, I tried base64 decode which does not work .
Any tips , if its some obvious encoding and I am being a noob please let me know and I will go read up on it , I am trying to learn

nano syntax highlighting masks

May 28, 2019, 9:33 am

≫ Next: PDF crack hash length variations

≪ Previous: Excel 2016 Workbook Hash

$

0

0

Made a really simple nanorc file to highlight syntax in mask files if you open them in the nano text editor.
If you make a small mistake like ?? or dd it will highlight it in red.

Instructions
add your .nanorc file:
include "~/.nano/hcmask.nanorc"
command to include:

Code:

echo 'include "~/.nano/hcmask.nanorc"' >> ~/.nanorc

copy this code to ~/.nano/hcmask.nanorc

Code:

# nano syntax highlighting for hashcat hcmask files
syntax "hcmask" "\.hcmask"
# if you want to incluse *.masks add this behind the \.hcmask
# "|\.masks"

color brightblack "\?"
color brightwhite "u"
color yellow "d"
color brightcyan "a"
color brightblue "s"
color green "1"
color cyan "2"
color brightmagenta "3"
color brightyellow "4"

# gives warning
color brightred "\?\?"
color brightred "uu"
color brightred "dd"
color brightred "ss"
color brightred "ll"
color brightred "hh"
color brightred "HH"
color brightred "aa"
color brightred "bb"

If you only want the warnings use the lines below "# gives warning".

PDF crack hash length variations

May 29, 2019, 1:02 pm

≫ Next: Hashcat Segmentation Fault

≪ Previous: nano syntax highlighting masks

$

0

0

Hi Forum,

I have extracted a lot of hashes from pdf files and can crack many of the ones like this:
$pdf$4*4*128*-1028*1*16*694bd6e705313c4b89945209941ad583*32*f082209deeb39964510640cfb568d39f00000000000000000000000000000000*32*ff17371c9aaa173cfaeff1efdec384b7d1cc0bb4477414ea7e107d6153b7a858

However when the extracted hashes have other lengths i cant seem to figure out how to run these through hashcat. An example would be:
$pdf$4*4*128*-1028*1*16*0a492c5ad4214db7a17f73f903ad23d5*32*cc8b3389ffdef9041b70012f572b404600000000000000000000000000000000*31*41db63e7cc021f2628a8152a18e77fed47d7b2b5fb5c55c85fb44aff1b2e40

Notice the length changes from 32 to 31 and hashcat gives me an "Token length exception"

Any ideas?

Hashcat Segmentation Fault

May 29, 2019, 6:30 pm

≫ Next: cheap hardware for 200.0 kH/s WPA2 with single GPU

≪ Previous: PDF crack hash length variations

$

0

0

Hello, I am in need of assistance. I have a Lenovo laptop with Ubuntu installed and I need to recover a WPA/PSK password for a particular access point. I am a newbie when it comes to hashcat, so I followed one of the several guides online to use Hashcat to find a WPA passkey. As far as I know, my internet card in this laptop is enough to capture a PMKID packet, and my computer has fast enough hardware (An i7-620M CPU with Intel HD Graphics (Ironlake) and 4GB of RAM.) No matter what I do though, I can't get hashcat to work. I keep getting a Segmentation Fault error.

This is what I'm inputting into the terminal:

hashcat -m 16800 galleriaHC.16800 -a 0 --kernel-accel=1 -w 4 --force 'topwifipass.txt'

And I have already tried running it as root, no difference. I checked to ensure I have OpenCL runtime for Intel CPUs and HD Graphics, and I checked for the intel microcode for linux and I have it. What is going wrong here? Is there any easy way to debug this or see what's stopping it?

cheap hardware for 200.0 kH/s WPA2 with single GPU

May 30, 2019, 2:36 am

≫ Next: dictionary probs

≪ Previous: Hashcat Segmentation Fault

$

0

0

hashcats

we have a super low budget, like 500 eur for a complete server

we aim for a speed around ....

Hashmode: 2500 - WPA/WPA2 ----> Speed.Dev.#1.....:   200.0 kH/s
Hashmode: 1700 - SHA-512 ----> Speed.Dev.#1.....:   500.0 MH/s

we consider to use one of these GPUs ....

wpa2 eur gpu
285000 300 GeForce GTX 1070
224000 160 Radeon RX 580
205800 200 GeForce GTX 1060 6GB, 1536/6144 MB
185000 250 Radeon RX 480

here is a gaming laptop for 1000 eur
MSI GL63 8RE-811 (0016P5-811)
GPU = GeForce GTX 1060 6GB, 1536/6144 MB

can we go cheaper than that? (1000 eur)
we only need a hashcat server,
so we dont need the display, for example.


what would be a minimal hardware setup .... ?
to run one of the above GPUs
and to avoid most bottlenecks


we guess a raspberry pi 3 is too weak .... why?
what are the limiting factors here?

greetings from a poor mans cave
(yes we have electricity)

dictionary probs

May 30, 2019, 5:06 pm

≫ Next: Hashcat not getting any candidates from maskprocessor

≪ Previous: cheap hardware for 200.0 kH/s WPA2 with single GPU

$

0

0

i have been cracking my own wpa password it took a total of 9 days for ?u?u?u?u?u?u?u?u . This was pure brute force i dont have the memory to create a dictionary gunna be over 2gb just for a uppercase dictionary is there anyyway i could beat this time. yes i wil delete it from the potfile beore i start hahaha

---

Hashcat not getting any candidates from maskprocessor

May 31, 2019, 1:21 am

≫ Next: Difference between Linux and Windows wrt -m 1800

≪ Previous: dictionary probs

$

0

0

Hi hashcats.

I have a weird issue with hashcat in combination with mask processor: When piping mp's output into hashcat on my cracking station, hashcat just initializes and then immediately stops with the message "Exhausted". On my local laptop, the same command works without issues, but it's rather slow due to the mobile GPU

I need to use mp, since I want to break a rather weird SHA1 usage: The vendor truncates the entered password at 16 chars and then copies it into a char[16] that gets initialized with NULL bytes. Since this is different from a normal SHA1, I wrote a rule that mimics the behavior. And since the password is probably just some random letters and digits, and none of my (rather huge) wordlists yielded any results, I have to use a mask/bruteforce attack.
Unfortunately, hashcat doesn't allow combining mask attacks with rules files.

Anyways, here is the used command and output:

Code:

$ mp64 -i 1:8 ?a?a?a?a?a?a?a?a | hashcat -O -m 100 --status --status-timer 30 --stdin-timeout-abort 60 uart_sha1.txt -r pad_null-16.rule
hashcat (v5.1.0-1118-gede3ac9) starting...

CUDA API (CUDA 10.1)
====================
* Device #1: GeForce GTX 1080 Ti, 11178 MB, 28MCU
* Device #2: GeForce GTX 1080 Ti, 11178 MB, 28MCU
* Device #3: GeForce GTX 1070, 8119 MB, 15MCU
* Device #4: GeForce GTX 1070, 8119 MB, 15MCU

OpenCL API (OpenCL 1.2 CUDA 10.1.152) - Platform #1 [NVIDIA Corporation]
========================================================================
* Device #5: GeForce GTX 1080 Ti, skipped
* Device #6: GeForce GTX 1080 Ti, skipped
* Device #7: GeForce GTX 1070, skipped
* Device #8: GeForce GTX 1070, skipped

OpenCL API (OpenCL 2.0 ) - Platform #2 [Intel(R) Corporation]
=============================================================
* Device #9: Intel(R) Xeon(R) CPU E5-2609 v4 @ 1.70GHz, skipped

Hashes: 1 digests; 1 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates
Rules: 1

Applicable optimizers:
* Optimized-Kernel
* Zero-Byte
* Precompute-Init
* Early-Skip
* Not-Salted
* Not-Iterated
* Single-Hash
* Single-Salt
* Raw-Hash

Minimum password length supported by kernel: 0
Maximum password length supported by kernel: 31

Watchdog: Temperature abort trigger set to 90c

Host memory required for this attack: 4675 MB

Starting attack in stdin mode...

Session..........: hashcat
Status...........: Exhausted
Hash.Name........: SHA1
Hash.Target......: 554beec588aa530c6723ffedb0e34a8778b1b6dd
Time.Started.....: Fri May 31 09:57:12 2019 (1 sec)
Time.Estimated...: Fri May 31 09:57:13 2019 (0 secs)
Guess.Base.......: Pipe
Guess.Mod........: Rules (pad_null-16.rule)
Speed.#1.........:        0 H/s (0.00ms) @ Accel:128 Loops:1 Thr:1024 Vec:1
Speed.#2.........:        0 H/s (0.00ms) @ Accel:128 Loops:1 Thr:1024 Vec:1
Speed.#3.........:        0 H/s (0.00ms) @ Accel:256 Loops:1 Thr:1024 Vec:1
Speed.#4.........:        0 H/s (0.00ms) @ Accel:256 Loops:1 Thr:1024 Vec:1
Speed.#*.........:        0 H/s
Recovered........: 0/1 (0.00%) Digests, 0/1 (0.00%) Salts
Progress.........: 0
Rejected.........: 0
Restore.Point....: 0
Restore.Sub.#1...: Salt:0 Amplifier:0-0 Iteration:0-1
Restore.Sub.#2...: Salt:0 Amplifier:0-0 Iteration:0-1
Restore.Sub.#3...: Salt:0 Amplifier:0-0 Iteration:0-1
Restore.Sub.#4...: Salt:0 Amplifier:0-0 Iteration:0-1
Candidates.#1....: [Copying]
Candidates.#2....: [Copying]
Candidates.#3....: [Copying]
Candidates.#4....: [Copying]
Hardware.Mon.#1..: Temp: 48c Fan: 29% Util: 41% Core:1518MHz Mem:5005MHz Bus:16
Hardware.Mon.#2..: Temp: 57c Fan: 20% Util:  0% Core:1632MHz Mem:5005MHz Bus:16
Hardware.Mon.#3..: Temp: 40c Fan: 32% Util:  0% Core:1582MHz Mem:3802MHz Bus:16
Hardware.Mon.#4..: Temp: 36c Fan: 33% Util:  0% Core:1582MHz Mem:3802MHz Bus:16
Started: Fri May 31 09:56:59 2019
Stopped: Fri May 31 09:57:14 2019

The cracking station is running Ubuntu 16.04.6 LTS with latest updates applied and uses the NVIDIA driver 418.67 with Cuda 10.1.
As mentioned before: On a Windows 10 laptop with GeForce MX150 the same command works without issues

Difference between Linux and Windows wrt -m 1800

May 31, 2019, 4:40 am

≫ Next: need help setting up pattern/mask

≪ Previous: Hashcat not getting any candidates from maskprocessor

$

0

0

Hi,

I am scratching my head why the performance of a specific hashmode (sha512crypt) is delivering a poor performance:

prompt> ~/hashcat-5.1.0/hashcat -D1,2 -b -m1800           
hashcat (v5.1.0) starting in benchmark mode...

[..]
OpenCL Platform #1: Advanced Micro Devices, Inc.
================================================
* Device #1: gfx902-xnack, 12817/15079 MB allocatable, 11MCU

OpenCL Platform #2: Intel(R) Corporation
========================================
* Device #2: AMD Ryzen 5 2400G with Radeon Vega Graphics, 7539/30159 MB allocatable, 8MCU

Benchmark relevant options:
===========================
* --opencl-device-types=1,2
* --optimized-kernel-enable

Hashmode: 1800 - sha512crypt $6$, SHA512 (Unix) (Iterations: 5000)

Speed.#1.........:     5947 H/s (47.22ms) @ Accel:64 Loops:32 Thr:64 Vec:1
Speed.#2.........:     2530 H/s (80.15ms) @ Accel:512 Loops:256 Thr:1 Vec:4
Speed.#*.........:     8478 H/s

Started: Fri May 31 13:06:58 2019
Stopped: Fri May 31 13:07:07 2019

prompt> 

As this was something beyond what I expected a googled a bit and stumbled over this: https://hashcat.net/forum/thread-7513.html .

I seems @wakawaka had for a way better performance for this hash [ Speed.Dev.#1.....:    21851 H/s (101.84ms) @ Accel:256 Loops:64 Thr:64 Vec:1] while the other results are more in line with what I have. Comparing to what else I have here and what google returned my I am wondering why this specific performance is so poor and a not even a third from Windows.

Drivers: ROCm for GPU, OpenCL for CPU. Using Kernel 5.0.8 with the builtin kfd driver.

Hint would be much appreciated.


Cheers, Dirk

need help setting up pattern/mask

May 31, 2019, 6:22 am

≫ Next: Hash speed

≪ Previous: Difference between Linux and Windows wrt -m 1800

$

0

0

I am trying to recover a password of an iTunes 10 backup via the manifest.plist, and I need to set the password's min and max character length and some special characters, but the wiki confuses me and I need help.
Here's what I need for the mask:
- the password should be from 6 to 10 characters
- contains Uppercase and lowercase letters, numbers, and only certain special characters ( ! , . ? $)
- the above could be in any combinations, I don't know if the special characters are in the beginning, in the end, or if the uppercase letters are in beginning or end

Hash speed

May 31, 2019, 10:05 am

≫ Next: How does one crack Pbkdf2 w/hashcat?

≪ Previous: need help setting up pattern/mask

$

0

0

Hello, 

Is there's a way to speedup Bitcoin/Litecoin hash processing? 

I'm running dict attack and getting ~3000 H/s on GTX 1060.. soooo slow.. 

Any way to improve speeds ? 

hashcat64.exe --session=crackstation -m 11300 -a 0 my.hash wordlists\realuniq.lst -o cracked.txt

OpenCL Platform #1: NVIDIA Corporation
======================================
* Device #1: GeForce GTX 1060 6GB, 1536/6144 MB allocatable, 10MCU

Session..........: crackstation
Status...........: Running
Hash.Type........: Bitcoin/Litecoin wallet.dat
Hash.Target......: my.hash
Time.Started.....: Wed May 29 18:54:26 2019 (1 day, 16 hours)
Time.Estimated...: Mon Aug 12 08:56:28 2019 (72 days, 21 hours)
Guess.Base.......: File (wordlists\realuniq.lst)
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........:     3198 H/s (6.12ms) @ Accel:128 Loops:32 Thr:64 Vec:1
Recovered........: 0/18 (0.00%) Digests, 0/17 (0.00%) Salts
Progress.........: 465797120/20609679020 (2.26%)
Rejected.........: 0/465797120 (0.00%)
Restore.Point....: 27361280/1212334060 (2.26%)
Restore.Sub.#1...: Salt:8 Amplifier:0-1 Iteration:49728-49760
Candidates.#1....: 14apr1701 -> ##14krdd
Hardware.Mon.#1..: Temp: 80c Fan: 60% Util: 98% Core:1936MHz Mem:3802MHz Bus:16OpenCL Platform #1: NVIDIA Corporation
======================================
* Device #1: GeForce GTX 1060 6GB, 1536/6144 MB allocatable, 10MCU

How does one crack Pbkdf2 w/hashcat?

June 1, 2019, 5:43 am

≫ Next: Restore value is greater than keyspace

≪ Previous: Hash speed

$

0

0

Hello cats,

I have to recover hashes, hashed with this algorithm:
https://searchcode.com/codesearch/view/15603014/

Hond, 14d08c704f0903, $p5v2$AcnbOh0MY$qREO3rpnuBqmN.qPL6RAzN4Mg1T4cAvP

PHP Code:

  protected $_algo = 'sha256';
        // PKCS #5, version 2
        // Python implementation uses $p5k2$, but we're not using a compatible
       // string. https://www.dlitz.net/software/python-pbkdf2/
       $output = '$p5v2$'; 


How would I crack $p5v2$AcnbOh0MY$qREO3rpnuBqmN.qPL6RAzN4Mg1T4cAvP alike hashes with the stable hashcat version?

Thanks,
Hond

Restore value is greater than keyspace

June 1, 2019, 6:06 am

≫ Next: How does hashcat control the fan?

≪ Previous: How does one crack Pbkdf2 w/hashcat?

$

0

0

Code:

hashcat64.exe -a 3 -m 0 [xx.hash.xx] masks\my_mask.hcmask -w 4 --status

Quote:Session..........: hashcat
Status...........: Exhausted
Hash.Type........: MD5
Hash.Target......: [xx.hash.xx]
Time.Started.....: Sat Jun 01 13:45:10 2019 (1 sec)
Time.Estimated...: Sat Jun 01 13:45:11 2019 (0 secs)
Guess.Mask.......: ?l?l?l?l?s?l?l [7]
Guess.Queue......: 1592/91133 (1.75%)
Speed.#3.........: 10657.3 MH/s (49.76ms) @ Accel:64 Loops:1024 Thr:1024 Vec:1
Recovered........: 0/1 (0.00%) Digests, 0/1 (0.00%) Salts
Progress.........: 10194220608/10194220608 (100.00%)
Rejected.........: 0/10194220608 (0.00%)
Restore.Point....: 580008/580008 (100.00%)
Restore.Sub.#3...: Salt:0 Amplifier:17408-17576 Iteration:0-1024
Candidates.#3....: fkxe_ma -> xqxq~xq
Hardware.Mon.#3..: Temp: 81c Fan: 78% Util: 95% Core:1847MHz Mem:4513MHz Bus:16
Restore value is greater than keyspace.

Started: Sat Jun 01 13:26:50 2019
Stopped: Sat Jun 01 13:45:13 2019

Can anyone advise on this issue? I didn't pause or attempt to resume anything, it just happened. However I get the same error when trying to restore.

How does hashcat control the fan?

June 1, 2019, 9:06 pm

≫ Next: Mac OSX Mojave .plist format conversion

≪ Previous: Restore value is greater than keyspace

$

0

0

How does hashcat control the fan, my gpu temperature will exceed 80 degrees, causing the speed to drop, and occasionally the cpu will not work.

---

Mac OSX Mojave .plist format conversion

June 2, 2019, 12:20 pm

≫ Next: hashcat inquiry.

≪ Previous: How does hashcat control the fan?

$

0

0

Hi

I am trying to convert a AdminUserRecoveryInfo.plist file into a hash, its taken from a Mojave OSX folder from an encrypted disk. but it seems previous tools like ml2hashcat and plist2hashcat does not work.

the file looks like this (I have masked user info and hashes with random XXXX

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>XXXX</key>
    <dict>
        <key>AuthenticationAuthority</key>
        <array>
            <string>;ShadowHash;HASHLIST:&lt;SALTED-SHA512-PBKDF2,SRP-RFC5054-4096-SHA512-PBKDF2&gt;</string>
            <string>;Kerberosv5;;XXXXXX@LKDC:SHA1.XXXX82E9D842B7B9A20D15C5F19A3E7B22351192;LKDC:SHA1.XXXX82E9D842B7B9A20D15C5F19A3E7B22351192;</string>
            <string>;SecureToken;</string>
        </array>
        <key>GeneratedUID</key>
        <string>A3B3D4F5-XXXX-4F23-8425-187C8BD2579F</string>
        <key>RealName</key>
        <string>XXXX</string>
    </dict>
</dict>
</plist>

Is it possible to convert it to a hashcat format?

thanks for help

hashcat inquiry.

June 2, 2019, 10:17 pm

≫ Next: 3DES - Known-Plaintext-Attack

≪ Previous: Mac OSX Mojave .plist format conversion

$

0

0

I am a month into trying to crack my iTunes backup password.... Yes I am not giving up and will have more time since my semester is over. 

I have a question...... 

Is there a command that would let me know all of the incorrect passwords attempts?   This would help me create a new list of possible passwords....


As always thank you for your time....

3DES - Known-Plaintext-Attack

June 3, 2019, 9:27 am

≫ Next: Combinator + mask?

≪ Previous: hashcat inquiry.

$

0

0

Hello together ! 


I am trying to find the key for a 3DES paintext/ciphertext pair but i really cant build the rigtht command 
for the shell ...  I am new in the world of hashCat and have some problems to come in. 

In the moment i know:  ">>> hashcat64 -m 14100 -a ...."

can anybody help me to find the full command? 


best Greets,
adbSpecMan

Combinator + mask?

June 3, 2019, 4:52 pm

≫ Next: Restore point stays at 0

≪ Previous: 3DES - Known-Plaintext-Attack

$

0

0

Hello, 

How would I accomplish generating the following: 

lets say I have dict with colors - red, white (lowercase)
dict with animals - lion, panda (lowercase) 

I want to try following password - RedPanda67!  - i.e. dict1dict2\d\d\s

Combinator can combine two wordlists, but it doesn't work togeather with masks.. Do I need to generate huge wordlist of combined list1 & list2 and then run -a 7 on it or there's smarter way of doing this ? 

Thanks

Restore point stays at 0

June 3, 2019, 7:10 pm

≫ Next: Help with Hashcat

≪ Previous: Combinator + mask?

$

0

0

Hello,

I am using the following command on windows hashcat64

hashcat64 -m 16800 C:\Users\user\Documents\password-cracking\Handshakes\pmkid_test_**-**-**-**-**-**.16800 C:\Users\User\Documents\password-cracking\rockyou.txt -r C:\Users\User\Documents\password-cracking\hashcat-5.1.0\rules\dive.rule -w 4 --session=test

However my restore point is

Restore.Point....: 0/14344385 (0.00%)

When using only wordlists with no rules I have a restore point like usual. Any idea why this is happening? Does a restore point not get generated when using the -r and not having a pre-generated rule list?

I apologize if I am being unknowledgeable or if this is not the correct place to place this question.

Thank you.