Quantcast
Channel: hashcat Forum - All Forums
Viewing all 7847 articles
Browse latest View live

full parallel power of device

December 22, 2019, 9:27 pm
$
0
0
Good Morning,
hashcat has been running a script for more than 10 hours on my daughter's MacBook Air
the script is : 
./hashcat -d 2 hash.txt -m 14800 -a 3 rockyou.txt

As I am monitoring the status, I have continuously the following message:
  • The wordlist or mask that you are using is too small.This means that hashcat cannot use the full parallel power of your device(s).Unless you supply more work, your cracking speed will drop.For tips on supplying more work, see: https://hashcat.net/faq/morework
  • Approaching final keyspace - workload adjusted. 


I went to the far/morework to see if I could use the full parallel power of the device but I am not sure what to do. 

Any help, please?
Thanks in advance
Session..........: hashcat
Status...........: Running
Hash.Name........: iTunes backup >= 10.0
Hash.Target......: $itunes_backup$*10*0783521847d7acc15efeec094f40b44a...4d70b5
Time.Started.....: Mon Dec 23 06:16:04 2019 (8 mins, 47 secs)
Time.Estimated...: Mon Dec 23 06:24:51 2019 (0 secs)
Guess.Mask.......: 654321 [6]
Guess.Queue......: 17/14336792 (0.00%)
Speed.#2.........:        0 H/s (0.35ms) @ Accel:2 Loops:16 Thr:256 Vec:1
Recovered........: 0/1 (0.00%) Digests
Progress.........: 0/1 (0.00%)
Rejected.........: 0/0 (0.00%)
Restore.Point....: 0/1 (0.00%)
Restore.Sub.#2...: Salt:0 Amplifier:0-1 Iteration:2688596-2688600
Candidates.#2....: 654321 -> 654321

 
Search

HashCat's speed decreases when I disconnect from a remote computer

December 23, 2019, 1:49 am
$
0
0
HashCat works good. I used Radmin to connect to remote computer. The speed is the same as benchmark speed. BUT !
If I disconnect from remote computer speed deareases, when I connect again and speed returns to the correct range. I see on MSI Afterburner report that GPU usage deareases to 30-35% when I diconnect from remote computer. If I connect  again using RAdmin -> the GPU usage returns to 80% again. It is clear that speed drops because GPU usage decreases, but why does it decrease when I disconnect from a remote computer? And what to do to prevent this from happening?

ERROR: usually high number of arguments within restore file

December 23, 2019, 8:52 am
$
0
0
Hello.
I was cracking a 4-way WPA2 handsake
Code:
hashcat64.exe -m 2500 -a 3 C:\Users\oskar\Desktop\handshake-48_8D_36_4F_7F_7C.hccapx -1 ?l?u?d ?1?1?1?1?1?1?1?1 -D 2 -w 2 --self-test-disable
then I stopped it, saving the work in a restore file. When I reopened it I realised I was cracking it with a second level workload 
Code:
-w 2
(yes, I dind't realized that before, im retard).

Now, what should I do in order to restore the job with a different level of workload for example, (-w 4) ?

I have already tried to modify the restore file but I was getting the following error: Usually high number of arguments within restore file.

How to add my kernel to hashcat?

December 23, 2019, 12:13 pm
$
0
0
I need to add my kernel to hashcat.. Is there documentation to read how to do this?

Performance breack down 70%

December 24, 2019, 1:35 am
$
0
0
Hello,
my first post here in the forum and i start will start with a question and my bad english,....sorry for both.

I build a little Decryption Rig:

RAM: 16GB DDR
GPU 2x RTX 2080 TI
SSD: 500GB M.2 Evo 970 Plus
CPU I3 9300f

The first test work perfect with a good performance so i started a first big test which i will cancel after a few days.

my code:
Code:
hashcat64.exe -a 3 -i -m 6211 TC-Container-1-Hash -1 ?u?l -2 ?l?d@!- ?1?2?2?2?2?2?2?2?2?2
It starts with ~1.000Kh/s Smile   ...after round a bout 30min the PC shut down.
I found a thread in this forum that it could help when i enlarge the windows swap file (If done this (to 300GB) and everything works fine over hours)

But after a few hour the performance was really bad, only ~300kH/s and the card are really cold (only ~40°)
The M.2 sit on an PCIex16 apapter and brings up to 3.300GB/s in benchmarks on my PC.


Best regrads from Germany
and a merry chistmas
Sondero

Isn't there anyone who could have tested an RX 5700 XT with myROCm on linux

December 24, 2019, 4:26 am
$
0
0
Hi, everyone

This is my first post on the hashcat forum. I'm a big fan of password cracking and I'm currently considering buying a new graphics card. However, I would like to turn to AMD. Indeed, Nvidia drivers are proprietary and contain trackers, unlike AMD which has the audacity to make these drivers entirely open-source in addition to providing a specific ecosystem for parallel computing, ROCm.

I think you all know that ROCm has compatibility issues with AMD's new hardware. Not long ago I researched support for Navi GPUs... ROCm 3.0 is still under development, with no official support for the RX 5700. However, I came across an interesting github page: https://github.com/smartbitcoin/MyROCm.

He has developed a ROCm fork specifically for Navi GPUs. It's still experimental, so I would like to ask someone in the community to try to get myROCm to work with a RX 5700 XT on linux. This will help me a lot to make a choice, and I think it will encourage other people to make a decision.

Mask Attack

December 24, 2019, 5:59 am
$
0
0
Hey I am a noobie in hashcat...
I just wanted help in a mask attack. For example i knew the last 2 characters of the password to be '24' and i have created a wordlist of my own in a .txt file, and i also know that all the characters before the '24' are lower case letters, I just don't know the length of the lower case characters and i want hashcat to try my wordlist to fill in the gaps and increment only the lower case letter space cuz i know the last two is '24'. Can anyone suggest me the best way to do this or the best command please. It is very urgent for retrieving my encrypted phone backup please....

Creating sha512(sha512($pass).$salt) kernel

December 25, 2019, 6:42 am
$
0
0
Hey everyone, lately I've been trying to make sha512(sha512($pass).$salt) kernel, although I keep failing. I believe it's because I don't really understand u64 in which sha512 is stored.

I've tried doing it in few different ways but none of them seemed to work, I would very appreciate any hint of what I'm doing wrong or what I'm missing. Cheers!

Here is the code taken from the loop

Code:
/**
  * loop
  */

  for (u32 il_pos = 0; il_pos < il_cnt; il_pos++)
  {
    pw_t tmp = PASTE_PW;

    tmp.pw_len = apply_rules (rules_buf[il_pos].cmds, tmp.i, tmp.pw_len);

    sha512_ctx_t ctx0;

    sha512_init (&ctx0);

    sha512_update_swap (&ctx0, tmp.i, tmp.pw_len);

    sha512_final (&ctx0);

    //sha512($pass)

    const u32 ah = h32_from_64_S (ctx0.h[0]);
    const u32 al = l32_from_64_S (ctx0.h[0]);
    const u32 bh = h32_from_64_S (ctx0.h[1]);
    const u32 bl = l32_from_64_S (ctx0.h[1]);
    const u32 ch = h32_from_64_S (ctx0.h[2]);
    const u32 cl = l32_from_64_S (ctx0.h[2]);
    const u32 dh = h32_from_64_S (ctx0.h[3]);
    const u32 dl = l32_from_64_S (ctx0.h[3]);
    const u32 eh = h32_from_64_S (ctx0.h[4]);
    const u32 el = l32_from_64_S (ctx0.h[4]);
    const u32 fh = h32_from_64_S (ctx0.h[5]);
    const u32 fl = l32_from_64_S (ctx0.h[5]);
    const u32 gh = h32_from_64_S (ctx0.h[6]);
    const u32 gl = l32_from_64_S (ctx0.h[6]);
    const u32 hh = h32_from_64_S (ctx0.h[7]);
    const u32 hl = l32_from_64_S (ctx0.h[7]);

    //converting to u32 from u64 in order to convert bin to hex below

    sha512_ctx_t ctx;

    sha512_init (&ctx);

    ctx.w0[0] = uint_to_hex_lower8_le ((ah >> 16) & 255) <<  0 | uint_to_hex_lower8_le ((ah >> 24) & 255) << 16;
    ctx.w0[1] = uint_to_hex_lower8_le ((ah >>  0) & 255) <<  0 | uint_to_hex_lower8_le ((ah >>  8) & 255) << 16;
    ctx.w0[2] = uint_to_hex_lower8_le ((al >> 16) & 255) <<  0 | uint_to_hex_lower8_le ((al >> 24) & 255) << 16;
    ctx.w0[3] = uint_to_hex_lower8_le ((al >>  0) & 255) <<  0 | uint_to_hex_lower8_le ((al >>  8) & 255) << 16;
    ctx.w1[0] = uint_to_hex_lower8_le ((bh >> 16) & 255) <<  0 | uint_to_hex_lower8_le ((bh >> 24) & 255) << 16;
    ctx.w1[1] = uint_to_hex_lower8_le ((bh >>  0) & 255) <<  0 | uint_to_hex_lower8_le ((bh >>  8) & 255) << 16;
    ctx.w1[2] = uint_to_hex_lower8_le ((bl >> 16) & 255) <<  0 | uint_to_hex_lower8_le ((bl >> 24) & 255) << 16;
    ctx.w1[3] = uint_to_hex_lower8_le ((bl >>  0) & 255) <<  0 | uint_to_hex_lower8_le ((bl >>  8) & 255) << 16;
    ctx.w2[0] = uint_to_hex_lower8_le ((ch >> 16) & 255) <<  0 | uint_to_hex_lower8_le ((ch >> 24) & 255) << 16;
    ctx.w2[1] = uint_to_hex_lower8_le ((ch >>  0) & 255) <<  0 | uint_to_hex_lower8_le ((ch >>  8) & 255) << 16;
    ctx.w2[2] = uint_to_hex_lower8_le ((cl >> 16) & 255) <<  0 | uint_to_hex_lower8_le ((cl >> 24) & 255) << 16;
    ctx.w2[3] = uint_to_hex_lower8_le ((cl >>  0) & 255) <<  0 | uint_to_hex_lower8_le ((cl >>  8) & 255) << 16;
    ctx.w3[0] = uint_to_hex_lower8_le ((dh >> 16) & 255) <<  0 | uint_to_hex_lower8_le ((dh >> 24) & 255) << 16;
    ctx.w3[1] = uint_to_hex_lower8_le ((dh >>  0) & 255) <<  0 | uint_to_hex_lower8_le ((dh >>  8) & 255) << 16;
    ctx.w3[2] = uint_to_hex_lower8_le ((dl >> 16) & 255) <<  0 | uint_to_hex_lower8_le ((dl >> 24) & 255) << 16;
    ctx.w3[3] = uint_to_hex_lower8_le ((dl >>  0) & 255) <<  0 | uint_to_hex_lower8_le ((dl >>  8) & 255) << 16;
    ctx.w4[0] = uint_to_hex_lower8_le ((eh >> 16) & 255) <<  0 | uint_to_hex_lower8_le ((eh >> 24) & 255) << 16;
    ctx.w4[1] = uint_to_hex_lower8_le ((eh >>  0) & 255) <<  0 | uint_to_hex_lower8_le ((eh >>  8) & 255) << 16;
    ctx.w4[2] = uint_to_hex_lower8_le ((el >> 16) & 255) <<  0 | uint_to_hex_lower8_le ((el >> 24) & 255) << 16;
    ctx.w4[3] = uint_to_hex_lower8_le ((el >>  0) & 255) <<  0 | uint_to_hex_lower8_le ((el >>  8) & 255) << 16;
    ctx.w5[0] = uint_to_hex_lower8_le ((fh >> 16) & 255) <<  0 | uint_to_hex_lower8_le ((fh >> 24) & 255) << 16;
    ctx.w5[1] = uint_to_hex_lower8_le ((fh >>  0) & 255) <<  0 | uint_to_hex_lower8_le ((fh >>  8) & 255) << 16;
    ctx.w5[2] = uint_to_hex_lower8_le ((fl >> 16) & 255) <<  0 | uint_to_hex_lower8_le ((fl >> 24) & 255) << 16;
    ctx.w5[3] = uint_to_hex_lower8_le ((fl >>  0) & 255) <<  0 | uint_to_hex_lower8_le ((fl >>  8) & 255) << 16;
    ctx.w6[0] = uint_to_hex_lower8_le ((gh >> 16) & 255) <<  0 | uint_to_hex_lower8_le ((gh >> 24) & 255) << 16;
    ctx.w6[1] = uint_to_hex_lower8_le ((gh >>  0) & 255) <<  0 | uint_to_hex_lower8_le ((gh >>  8) & 255) << 16;
    ctx.w6[2] = uint_to_hex_lower8_le ((gl >> 16) & 255) <<  0 | uint_to_hex_lower8_le ((gl >> 24) & 255) << 16;
    ctx.w6[3] = uint_to_hex_lower8_le ((gl >>  0) & 255) <<  0 | uint_to_hex_lower8_le ((gl >>  8) & 255) << 16;
    ctx.w7[0] = uint_to_hex_lower8_le ((hh >> 16) & 255) <<  0 | uint_to_hex_lower8_le ((hh >> 24) & 255) << 16;
    ctx.w7[1] = uint_to_hex_lower8_le ((hh >>  0) & 255) <<  0 | uint_to_hex_lower8_le ((hh >>  8) & 255) << 16;
    ctx.w7[2] = uint_to_hex_lower8_le ((hl >> 16) & 255) <<  0 | uint_to_hex_lower8_le ((hl >> 24) & 255) << 16;
    ctx.w7[3] = uint_to_hex_lower8_le ((hl >>  0) & 255) <<  0 | uint_to_hex_lower8_le ((hl >>  8) & 255) << 16;

    //at this point, from what I understand I should have sha512($pass) in hex

    //and this part - making sha512(sha512($pass)) is where I believe I got something wrong I've tried doing it in three different ways (really just trial and error)

    // first attempt:
    // sha512_transform (ctx.w0, ctx.w1, ctx.w2, ctx.w3, ctx.w4, ctx.w5, ctx.w6, ctx.w7, ctx.h);

    // second attempt:
    // sha512_update_128 (&ctx, w0, w1, w2, w3, w4, w5, w6, w7, 128);

    // third attempt:
    // u64 final[32] = { 0 };
    // final[ 0] = hl32_to_64 (w0[0], w0[1]);
    // final[ 1] = hl32_to_64 (w0[2], w0[3]);
    // final[ 2] = hl32_to_64 (w1[0], w1[1]);
    // final[ 3] = hl32_to_64 (w1[2], w1[3]);
    // final[ 4] = hl32_to_64 (w2[0], w2[1]);
    // final[ 5] = hl32_to_64 (w2[2], w2[3]);
    // final[ 6] = hl32_to_64 (w3[0], w3[1]);
    // final[ 7] = hl32_to_64 (w3[2], w3[3]);
    // final[ 8] = hl32_to_64 (w4[0], w4[1]);
    // final[ 9] = hl32_to_64 (w4[2], w4[3]);
    // final[10] = hl32_to_64 (w5[0], w5[1]);
    // final[11] = hl32_to_64 (w5[2], w5[3]);
    // final[12] = hl32_to_64 (w6[0], w6[1]);
    // final[13] = hl32_to_64 (w6[2], w6[3]);
    // final[14] = hl32_to_64 (w7[0], w7[1]);
    // final[15] = hl32_to_64 (w7[2], w7[3]);

    sha512_update (&ctx, final, 64);

    sha512_update (&ctx, s, salt_len);

    sha512_final (&ctx);

    const u32 r0 = l32_from_64_S (ctx.h[7]);
    const u32 r1 = h32_from_64_S (ctx.h[7]);
    const u32 r2 = l32_from_64_S (ctx.h[3]);
    const u32 r3 = h32_from_64_S (ctx.h[3]);

    COMPARE_M_SCALAR (r0, r1, r2, r3);
  }
Search

Custom mask generator

December 25, 2019, 5:09 pm
$
0
0
For starters, I'm on a mac if that matters. I recently learned about masks but I'm finding their usage a bit limiting. I know I can specify min-max length for the passwords, but is there a way I can define something like:

1 - password length in range: 6,10
2 - number of lowercase letters:4,8
3 - number of digits: 0,3
4 - number of uppercase letters: 0,1
5 - number of special characters: 0,2

I know that I can manually try to create permutations of lists of masks that would output into something like that, but I can see two problems with this approach: 

1 - using multiple masks some strings could end up being repeated, and I'm not sure if hashcat automatically skips repeated strings
2 - the generated masks wouldn't likely be in order of most likely to be real passwords, which would slow down the process a lot.

So is there a way to simply specify these parameters or I'd have to "brute force" my way into making as many customs masks as possible? Also, as a side question, is there a way to make hashcat choose the "most likely" passwords in order USING MULTIPLE MASKS? From what I understand, once a mask starts it runs until it's exhausted, I wonder if there is a way to alternate between masks using the most likely passwords across the entire character space of the masks.

Sorry if this was a bit confusing, I'm happy to clarify anything if needed be. Thank you for your time (and Merry Christmas Big Grin )

How can find a sha256 hash start with ***** with hashcat & markprocessor?

December 25, 2019, 7:09 pm
$
0
0
Instead of find a full hash, is there anyway for hashcat to find a bunch of hash start with a given prefix & print it to a file? How may i do that?

Cracking Couchbase Admin Password

December 26, 2019, 7:30 am
$
0
0
Hi all,

I couldn't find this on google, so hopefully it might help someone else. BTW, this is a test hash generated on my machine and doesn't matter to anyone.

First, find config.dat on the server. In config.dat, find the string "plain", e.g.

h m\0\0\0 plainm\0\0\00bl/nSj6e7vZS5KQqHmoTER7Z4cgTcDSL5vZTeaaFEAqCpxpLh m

take 0'b...'h as bolded - lose the initial '0' and the trailing 'h' - and base64 decode, then ASCII hex encode to get

6e5fe74a3e9eeef652e4a42a1e6a13111ed9e1c81370348be6f65379a685100a82a71a4b

The salt is first 16 bytes , hmac result is next 20 bytes

salt 6e5fe74a3e9eeef652e4a42a1e6a1311
hmac 1ed9e1c81370348be6f65379a685100a82a71a4b

For hashcat, construct target hash as hmac : salt, so like this for my example: 

1ed9e1c81370348be6f65379a685100a82a71a4b:6e5fe74a3e9eeef652e4a42a1e6a1311

Then crack with hashcat mode 160 and --hex-salt :

hashcat64.exe -m 160 target.txt Top32Million-probable.txt -w3 --hex-salt -O  -r rules\InsidePro-PasswordsPro.rule

..

1ed9e1c81370348be6f65379a685100a82a71a4b:6e5fe74a3e9eeef652e4a42a1e6a1311:password


I should code up something to do the extraction for me, but I haven't got round to it as yet. 

Tested on Couchbase 6.0.0 Community. 

( for completeness, this is basically a copy of my blog post here  https://gravitas-shortfall.blogspot.com/...sword.html )

n00b Question: DES3CBC

December 26, 2019, 8:21 am
$
0
0
I am trying to run the bellow hash and have tried 14000, 14100, 7700 and 7800 with no success. The dash between the 16 and 32 characters is throwing me off.

Any direction would be appreciated!

Example:

{DES3CBC}1:8sxxx2tn9xxblx05-0t05x6xx64u5h3x19x1j63kxxxxjpz9t

Hashcat DES restore file manual EDIT

December 27, 2019, 12:35 am
$
0
0
Hello,

I try to manually edit my restore file for a des crack.
I want to get at ca. 74% progress.
I got e.g. to 75% by editing words_cur to 00 00 00 00 06 00 00 00 (https://hashcat.net/wiki/doku.php?id=restore)
But I fail when e.g. trying e.g. 00 00 00 00 05 00 00 01, it says value to big. As should be clear I don't entirely understand how it works yet...would be nice if some one could enlighten me.

Oh and for completeness this is the command/mask I use:

hashcat -m 14000 hashes.txt -o cracked.txt -a 3 -1 /usr/share/hashcat/charsets/DES_full.charset --hex-charset ?1?1?1?1?1?1?1?1 -w 4 --outfile-format 5

Wordlist + Bruteforce Attack

December 27, 2019, 9:45 am
$
0
0
Hello,
how is it possible to make an Wordlist+Bruteforce Combinated Attack?

I have a worlist with ~100 Words, and want to combinate it with a bruteforce Attack... something like:

Code:
hashcat -a ? -m 13721 hash.hash -i -1 ?l?s Line_form_Wordlist?1?1?1?1?1

Any idea ?

8char hash ?l?d

December 27, 2019, 4:45 pm
$
0
0
Hey all, I am new to pentesting in general and also hashcat. I am wondering if this would be the correct command to try and find a password where I know it's 8 characters long, and contains lowercase a-z and 1-9. no way of knowing which one is a number and which one is a letter.

example of possible pass: wa5kz73 4j9z2k4x atpz32s9 etc

here is the command I'm running: hashcat -m 2500 1.hccapx -w 4 -a 3 -1 ?l?d ?1?1?1?1?1?1?1?1

is this correct? is there a better way to accomplish cracking this hash?

thanks.
Search

Problem with a Zip hash

December 29, 2019, 1:39 am
$
0
0
Hi,

I've tried the example zip2 hash which works fine. I used zip2john which generated the below hash.

$zip2$*0*3*0*aa33493ed70a8f9b9e53ac4cff362725*b19a*76*ed822f56d416c9df9fe0559264df880228e6deabe33b4c7fe57879e39de1e5b40af8913783bc0c560559193f5038bfb5045dcbea771bc22ca039e8737ef3003d3e3a0a47f768a1fb831ff239119f89ff3fc9a22f68aaaaeb0f95282b4192bf7dd2bfdbb0e39d0ad7a6010a782835611ce56f622357fc*6f64be4c9863d32897de*$/zip2$

I receive this error.

on line 1 ($zip2$...357fc6f64be4c9863d32897de$/zip2$): Separator unmatched

Any ideas?

full parallel power of device

December 22, 2019, 9:27 pm
$
0
0
Good Morning,
hashcat has been running a script for more than 10 hours on my daughter's MacBook Air
the script is : 
./hashcat -d 2 hash.txt -m 14800 -a 3 rockyou.txt

As I am monitoring the status, I have continuously the following message:
  • The wordlist or mask that you are using is too small.This means that hashcat cannot use the full parallel power of your device(s).Unless you supply more work, your cracking speed will drop.For tips on supplying more work, see: https://hashcat.net/faq/morework
  • Approaching final keyspace - workload adjusted. 


I went to the far/morework to see if I could use the full parallel power of the device but I am not sure what to do. 

Any help, please?
Thanks in advance
Session..........: hashcat
Status...........: Running
Hash.Name........: iTunes backup >= 10.0
Hash.Target......: $itunes_backup$*10*0783521847d7acc15efeec094f40b44a...4d70b5
Time.Started.....: Mon Dec 23 06:16:04 2019 (8 mins, 47 secs)
Time.Estimated...: Mon Dec 23 06:24:51 2019 (0 secs)
Guess.Mask.......: 654321 [6]
Guess.Queue......: 17/14336792 (0.00%)
Speed.#2.........:        0 H/s (0.35ms) @ Accel:2 Loops:16 Thr:256 Vec:1
Recovered........: 0/1 (0.00%) Digests
Progress.........: 0/1 (0.00%)
Rejected.........: 0/0 (0.00%)
Restore.Point....: 0/1 (0.00%)
Restore.Sub.#2...: Salt:0 Amplifier:0-1 Iteration:2688596-2688600
Candidates.#2....: 654321 -> 654321

 

Hashcat exhausted. Is it a problem with the dict. or me?

December 29, 2019, 11:13 pm
$
0
0
Hash:
a5eb219d0e475315fa0b6aa8c285c0b25c5c5f2f:1kyMVIri2ANGzbUxfGa

algorithm: SHA1 + salt


My command:
.\hashcat64.exe -m 110 -a 0 a5eb219d0e475315fa0b6aa8c285c0b25c5c5f2f:1kyMVIri2ANGzbUxfGa realuniq.lst -O

Even without -O at the end, the hashcat gets exhausted. Wat to do?

hashcat binary download

December 30, 2019, 7:04 pm
$
0
0
Hi, all

How can I download the latest hashcat binary?

I couldn't find hashcat binary download link in GitHub..

Please Help!!

December 31, 2019, 5:18 am
$
0
0
Can anybody please help me crack my encrypted backup password for my itunes??? If u can pls dm........ please i need dire help
Viewing all 7847 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>