Quantcast
Channel: hashcat Forum - All Forums
Viewing all 7847 articles
Browse latest View live

Hashcat issue

December 12, 2019, 9:38 am
$
0
0
Hi,

I am new to using hashcat however I observed that it does not do what I ask with command. The output also mentioned that I have less hashes in the file. For example, I run a brute force attack on 50000 NTLM hashes, the output says that it recovered 7% which is about 2000 /48000digest. The file has more than 48000 and when I copy and paste the recovered hashes in a excel sheet it was more than 2000. So, my question is, why do you think that happened?


My command was for 8characters but it recovered password with more and less than 8.



So, I think it maybe a bug. Please let me know what you think.


Thank you. 
Search

panoramic router default password format

December 12, 2019, 10:20 am
$
0
0
so i have a friend who recently got internet service through cox communications they were given a panoramic router (the trashcan looking one) as i was helping them set everything up i noticed the default wifi password had the following format

adjective xxxx noun

the x is a number...this reminded me of the netgear routers with their adjective noun xxx password format.

i was wondering if there is a current mask for this format? i was thinking you maybe able to use the adj and noun list from the netgear wordlist with ?d?d?d?d in the middle 

if i have posted this in the wrong spot feel free to ridicule me mercilessly lol

really just wanting to document that panoramic is using a similar crappy psk format to netgear that can easily be cracked.

ill add the model number of the router to this thread when i can get it

Special Character for hashcat rules

December 13, 2019, 7:43 am
$
0
0
Hello,

I would like to create a hashcat rule that appends for example "_01" to the password. If I create for example a rule file and add "$_01", I receive the following error message

Code:
Skipping invalid or unsupported rule in file hashcat_

I assume that the issue is caused by the "_" because it might be interpreted as hashcat internal character. How do I escape such a character ? Unfortunately I didn't find any information to solve the question.

BR Martin

I need an explanation

December 13, 2019, 12:12 pm
$
0
0
First I'm a beginner in cracking hashes need some clarification about this type. It's ASP.NET

I have a hashed password like this
Code:
djP0iBdlxMuiHQ8DbRclDg==
and the salt is
Code:
Hftwaf6W9seKDJCYlz4+1g==
if i need to crack it what is the procedure.
do i have to convert them from base64 to hash ? Ex. "base64 --decode |xxd -ps" ? then combined them together then use hashcat ?
how to know their type?
Thank you all

Handshake timestamps do not match packets no.

December 14, 2019, 7:57 am
$
0
0
I have following M1-4 EAPOL produced by aircrack, ordered by packet number according to wireshark (first column):

105686 22:43:29,145939 Key (Message 1 of 4) AP1->STA1
105692 22:43:29,145909 Key (Message 2 of 4) STA1->AP1
105694 22:43:29,145940 Key (Message 3 of 4) AP1->STA1
105696 22:43:29,145909 Key (Message 4 of 4) STA1->AP1

Timestamp is frame arrival value. Replay counter is 1/1/2/2, ANonces 1/3 are equal, no retransmission flags, no deauth, RX level is great. 

Handshake looks legit to me and yet I feel like timestamp value is more relayable than packet number so it kinda bothers me. What am I missing? Please, advice.

The most useful attack seems missing

December 14, 2019, 3:59 pm
$
0
0
Folks
I am trying to crack an NTLM password which I have forgotten on my machine. I have the NTLM hash and I remember there were no repeated characters on it. 
I am trying to do a permutation attack with a defined custom chars set without repeated characters with no luck. Seems like the permutation attack is missing in the newer hashcat. The oclHashCat seemed to had it but that version is not available anymore.

What I managed to do is using mp and pipes

mp64.exe -i 1:12 -q 2 -r 2 -1 abceglouvzmkr1!@AB ?1?1?1?1?1?1?1?1?1?1?1?1 | hashcat64.exe --session=1-12 -m 1000 -O -w 2 -D 2 --status --status-timer=60 -o D:\output.txt --outfile-format=2 D:\input.txt

This piping is working but is very slow. On my machine its ~600 KH/s. 

The other thing I tried is split the chars space into one generated with mp and rules like so
 mp64.exe -i 1:13 -r2 -q2 -1 r1!@AB "$?1$?1$?1$?1$?1$?1" -o rules.rule

then get these rules and use the piping with part of the chars set
mp64.exe -i 1:12 -q 2 -r 2 -1 abceglouvzmk ?1?1?1?1?1?1?1?1?1?1?1?1 | hashcat64.exe --session=1-12-split-rules -r rules.rule -m 1000 -O -w 2 -D 2 --status --status-timer=60 -o D:\output.txt --outfile-format=2 D:\input.txt

This does work but the rules are appended at the end of the `abceglouvzmk`char set. The speed I got from this is around 700 MH/s on my machine. Still this does not cover the whole char space I need. 


My question is how can I do that? Is it possible to run hashcat on non repeated chars set input. To me this seems like very useful case. Given most people do not repeat characters when typing passwords. If one follows the pass phrase practice then its even less likely to repeat characters. 

cheers

I have error please help me

December 15, 2019, 12:24 pm
$
0
0
Hi guys i have error with hashcat in Ubuntu linux 16.04

Use of -r/--rules-file and -g/==rules-generate only allowed in attack mode 0.

please help me for fix this error

ATTENTION! OpenCL kernel self-test failed

December 15, 2019, 2:06 pm
$
0
0
I'm trying to run hashcat64.exe -m 2500 -a 3 psk01-01.hccapx ?d?d?d?d?d?d?d?d on v5.1.0, v5.1.0+1508  & AMD Radeon HD 8600M (Win10), but get error:

* Device #3: ATTENTION! OpenCL kernel self-test failed.

I have completely uninstalled drivers and tested x4 different versions of AMD Radeon HD 8600M drives (including the latest v19.12.2 and very old one v15.200.1045.0), deleted all OpenCL.dll, OpenCL32.dll, OpenCL64.dll files on all folders. It looks like a dead end.

Any ideas how to solve this problem? Please help! Please share hashcat-5.1.0+910 beta.

[Image: OpenCL.png]
Search

AMD R9 270x ATTENTION! OpenCL kernel self-test failed

December 15, 2019, 11:06 pm
$
0
0
Good day 4 all
I tried restore pass from shadow file on r9 270x with latest drivers, but i get "ATTENTION! OpenCL kernel self-test failed"
I run hashcat with next params:
"hashcat.exe -O --self-test-disable -m 1800 -D 2 shadow_all_to_crack.txt -a 0 password.lst.txt -o crecked.txt"

In "password.lst" have correct pass to one hash from shadow_all_to_crack.txt", but hashcat didn't find pass

when i run hashcat with next params:
hashcat.exe -O --self-test-disable -m 1800 -D 1 shadow_all_to_crack.txt -a 0 password.lst.txt -o crecked.txt

Hashcat found pass

I try beta, but i get same error as in stable versesion

AMD R9 270x (Adrenalin 19.12.2)
Hashcat: 5.1.0, hashcat-5.1.0+1496 and hashcat-5.1.0+1508 
No any OpenCl SDK!!!


What the bug and how it fix???

.txt   shadow_all_to_crack.txt (Size: 740 bytes / Downloads: 0)

.txt   password.lst.txt (Size: 143 bytes / Downloads: 0)

OSX 10.12.6 Sierra - Token length exception

December 16, 2019, 8:31 am
$
0
0
Gents.

Did my due diligence and scoured the interwebs for info in regard to OSX and the Token length exception that hashcat is throwing me - for the extracted hash's.

Running OSX v10.12.6 Sierra

1. I created a user - 'temp' with a password 'password'.
2. Created a short dictionary file with simply 'password' within it.
3. Extracted the hash using a variety of methods, all yield the same string, of the same length.
4. Compared it against the sample hash provided on the site, it's a clear 128 hex characters longer than the sample.

I've read to truncate the string - tried that - ran hashcat, no result, despite the known password matching the word in the dictionary.

Guess my question is - did something change in OSX 10.12 - making the string longer somehow. And if that's the case, is there a workaround, or will there be support for 10.12 in the future?

Thanks guys.
rp

had 3 hash's in the hash.txt file - two i extracted, and one from the sample page...

output:
rp-iMac:hashcat rp$ ./hashcat -a 0 -m 7100 hash.txt dict.simple
hashcat (v5.1.0-1511-g2a043544) starting...

OpenCL API (OpenCL 1.2 (Apr 18 2019 20:04:11)) - Platform #1 [Apple]
====================================================================
* Device #1: Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz, skipped
* Device #2: ATI Radeon HD 6970M, 960/1024 MB (256 MB allocatable), 12MCU

Minimum password length supported by kernel: 0
Maximum password length supported by kernel: 256

Hashfile 'hash.txt' on line 1 ($ml$46...xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx): Token length exception
Hashfile 'hash.txt' on line 2 ($ml$27...xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx): Token length exception
Hashes: 1 digests; 1 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates
Rules: 1

Applicable optimizers:
* Zero-Byte
* Single-Hash
* Single-Salt
* Slow-Hash-SIMD-LOOP
* Uses-64-Bit

Watchdog: Hardware monitoring interface not found on your system.
Watchdog: Temperature abort trigger disabled.

Host memory required for this attack: 204 MB

* Device #2: ATTENTION! OpenCL kernel self-test failed.

Your device driver installation is probably broken.
See also: https://hashcat.net/faq/wrongdriver

Aborting session due to kernel self-test failure.

You can use --self-test-disable to override this, but do not report related errors.

Started: Mon Dec 16 11:28:03 2019
Stopped: Mon Dec 16 11:28:04 2019
rp-iMac:hashcat rp$

change working directory

December 16, 2019, 12:30 pm
$
0
0
Hey, how can I change easy the  working directory in the restore file?

when i change it, I get 
"Unusually high number of arguments (argc) within restore file /home/****"

7z2Hashcat Output | What is this?

December 16, 2019, 10:03 pm
$
0
0
Hello,

After trying for days to get a Hash from a encrypted 7zfiles, i ran up with 7z2hashcat
(https://github.com/philsmd/7z2hashcat)

First is what trowing a memory limit, so i decided to increase this limit on the PL file (x4)

It worked, but it threw an output and i dont have any idea what to do with it.

The output when put into a TXT file is 1MB

Starts with:
94eb58af7a8d3df82f25416dbbbe767976d32b8363dc048cfbdecbf82b5f517273cc1019c42be0aa60d7b6a0b52378d70acc4a926145c0562281eb21f509296d0a2587b6d7f343deb67ec8d1710193d55b65bbd06dc85aab3eb53464d39daf8b1961995c6585057031a42275a7e2e4a76c38e9571a84b65d90f36a19d7945f6b166433796d8bab30c72f6e


And ends with:
a13e93965ae9a856a8cc2350a3bd5907006ab7ee85317a632f927ea64de6930b485f075152af3316ca1b8f2000ac5a41093586a26c0d4b3dd478cdf080f6647a9e07100e62e432d7a4ef08891d5ece45dad0922d070fb4e29f9cc7f8e86f4e$388795692$17

Did i do something wrong? I am super noob at this, just starting to learn whats going on.
Your help is highly appreciated!

Love to all, and respect to all of you who make the world a better place by breaking it Smile

PS: I can upload the file with no problem, but i dont know if that's against the rules or anything.

hashcat for NVIDIA K10 card

December 17, 2019, 5:21 pm
$
0
0
Hello,

will hashcat work on "NVIDIA Corporation GK104GL [Tesla K10] (rev a1)" cards?
(or is there a version that does?)

thanks,

Ron

8 GPU GTX1080

December 18, 2019, 2:56 am
$
0
0
Hello, friends)

Is it possible to use 4 computers with 2 GPUs in each of them. But to run cracking process on all GPUs from 1 of the computers?

Or I need to assamble 1 computer with 8 GPUs for it?

* Supports distributed cracking networks (using overlay)

Is it what i search? Please help to find information about distributed cracking networks with hashcat

VNC challenge response password crack

December 18, 2019, 5:42 am
$
0
0
Hello everyone,

We wanted to crack a VNC challenge response using hashcat but could not find a complete guide.

So we started looking into how the VNC challenge response authentication works and here is what we understood:
- The client initiates a connection with the server.
- The server sends a unique/random 16-bytes challenge to the client.
- The client uses DES to encrypt (one round) the challenge with the input password and sends the response.
- The server receives the response and does the same encryption scheme to compare the results.
- The connection is established if it matches.

For info:
It is also known that DES encryption algorithm can only accept keys of 56 bits, since ASCII uses 7 bits long characters the key can be up to 8 characters long maximum. If it is shorter, it will be padded with zeros. This is making the assumption that the traditional VNC protocol is used with DES (some new VNC client may have modified this..).


The issue is that VNC doesn't use the password given by the user as is but performs a transformation first:
- the bits of each byte of the corresponding ascii value are reversed

Code:
Password : 12345678
Ascii values (HEX) : 31 32 33 34 35 36 37 38
Binary values:      00110001 00110010 00110011 ....
Binary reversed:  10001100 01001100 11001100 ....
Reversed (HEX): 8c 4c cc 2c ac 6c ec 1c

So the actual VNC user password used for encryption is : 8c4ccc2cac6cec1c (12345678 in ASCII)


John The Ripper has implemented this in the version 1.9.0 Jumbo-1

In order to crack VNC passwords with hashcat we implemented this transformation with a small bash script to create a modified charset of the ascii characters.

Code:
toHexVNC(){
  for ((i=0;i<${#1};i++));
  do
    ascii2binrev=`echo "${1:$i:1}" | perl -lpe '$_=unpack"B*",$_' | rev`
    binrev2hex+=`printf "%02x\n" "$((2#$ascii2binrev))"`
  done
  echo $binrev2hex
}

We are aware that this code could be optimized by using other conversion method (c.f. C++, comparison table,..).


We can now crack it with hashcat using:

- attack 3 (mask attack)

- type 14000 (DES)

- hash format : <cipher>:<plaintext> (in VNC: <response>:<challenge> and NOT <challenge>:<response>)
  --> the response and challenge needs to be truncated to 8bytes length (no need to waste resources on the whole 16 bytes and in any case hashcat accepts only 8 bytes of cipher/plaintext).

- reversed charset and option --hex-charset


note : it might be more interesting to generate a custom reversed charset using the function above as the full DES charset of hashcat uses more than the 95 main ascii characters. See "VNC_allascii.charset" below.


Code:
$ ettercap -Tq -r VNC.cap

ettercap 0.7.5.4 copyright 2001-2013 Ettercap Development Team
...
192.168.11.110-5901:$vnc$*a5d62a6cd58f41abe8785a4485811aac*248d3290ce533f028613f092f25834cf
...

$ cat toCrack.txt

248d3290ce533f02:a5d62a6cd58f41ab


$ cat VNC_allascii.charset (all 95 ascii characters transfomed for VNC)
8646c626a666e6169656d636b676f60e8e4ece2eae6eee1e9e5e8242c222a262e2129252d232b272f20a8a4aca2aaa6aea1a9a5a0c8c4ccc2cac6cec1c9c840224a4547ab4d4fabc7edabadebe5cdc3c7c3474fcf43a449414e46406043e



$ hashcat -a 3 -m 14000 toCrack.txt -1 VNC_allascii.charset ?1?1?1?1?1?1?1?1 --hex-charset



#Returns: 8c4ccc2cac6cec1c



The cracked password will be an HEX value and will need to be reversed again to find the password (in ASCII) with the following function:

Code:
toAscii(){
  for ((i=0;i<${#1};i+=2));
  do
    hex2binary=`perl -e 'printf "%08b\n", 0x'"${1:$i:2}"'' | rev`
    ascii2binrev+=`echo $hex2binary | perl -lpe '$_=pack"B*",$_'`
  done
  echo $ascii2binrev
}

Which will give the reversed password: 12345678



Some benchmarks:

Using 2x NVIDIA Quadro P4000 8GB

8 characters long loweralphanumspace -> max. ~2min
8 characters long mixalphanum -> max. ~2.2hours
8 characters long mixalphanumspace -> max. ~2.5hours
8 characters long allascii -> max. ~3days



Hope you'll find this interesting and useful.
Please feel free to give us feedback, thank you.

A&J
Search

Need a new hardware to run Hashcat?

December 18, 2019, 11:21 pm
$
0
0
Good Morning,

I have tried to run hashcat in my dear (and only) SONY VGN-VGN21E on Windows 10 and I got the message in the attached image MSG ERROR.
.jpg   MSG ERROR.JPG (Size: 47.94 KB / Downloads: 2)

It seems that My hardware is so old (see Dxdiag-Display) that I should consider getting a new machine.

.txt   Dxdiag-Display.txt (Size: 4.07 KB / Downloads: 3)

Is it right or is there an alternative?

Many Thanks for your support

MS Word read-only docx hash extract

December 19, 2019, 3:03 pm
$
0
0
Hi!
I want extract hash from docx read-only file with password into format needed for hashcat.
office2hashcat not supported read-only files.
In docx settings i got this 
.png   Capture.PNG (Size: 10.7 KB / Downloads: 1)

How can i convert this information into hashcat format and recover it if it possible?

Initializing OpenCL runtime for device #1... problem

December 19, 2019, 3:07 pm
$
0
0
I'm trying to run simple Hybrid Attack https://hashcat.net/wiki/doku.php?id=hybrid_attack

hashcat.exe -m 2500 file.hccapx -a 6 first.dict ?d?d?d?d

but hashcat hangs in Initializing OpenCL runtime for device #1... phase forever.

It uses 70% CPU and loads of RAM. Dictionary contains only 2 words. Any solution?

Noob question: md5 salted unix unknown password cracking

December 20, 2019, 3:49 pm
$
0
0
Hi,

I'm trying to crack an unix password (hash is "$1$[redacted]." without the quotation). This is an md5 hash for unix password.
I'm sending it here as the idea is to crack and publish (any matching password).
My idea is to use my GPU and try to find anything matching... brute force?
How should I continue?

Background:
A manufacturer called "Ignition Design Labs" has stolen OpenWRT code - It is an GPLv2 and they released their product (wifi router "portal") without releasing the sources. There was some acquisition made by Razer.
Router itself has their own closed-source code - which is vulnerable as hell - so I can easily gain root there. And upload SSH keys for easy access. And read /etc/shadow. Router is running dropbear by default.
Now I would like to find a matching password so that the community could log in and modify the system configuration.

I have no idea what the password might be. Nor where to search for good dictionaries for combination mode. I don't need the right password - anything matching $1$[redacted]. would be OK. I don't have 4TB available for rainbow tables Sad So far I was just going to use an radeon 590 (or nvidia 970) with hashcat and hope to get lucky.

Any support would be appreciated - thanks in advance.

having trouble with hashcat working with gpu's

December 21, 2019, 6:13 pm
$
0
0
hello, Im new to hashcat.
I was hoping one of you guys could take the time to look over the my problem. it seems that my gpu's are still not nesscarly recognized by hashcat. I have updated all my drivers and installed cuda kit, or that is what I liked to believe. I was hoping to see if anyone has ever had a similar issue.nullnull

.png   Screenshot at 2019-12-21 18-04-10.png (Size: 117.32 KB / Downloads: 3)

.png   Screenshot at 2019-12-21 18-11-37.png (Size: 74.74 KB / Downloads: 3)
Viewing all 7847 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>