Quantcast
Channel: hashcat Forum - All Forums
Viewing all 7847 articles
Browse latest View live

hcmask file with custom charset usage

December 31, 2019, 5:40 am
$
0
0
Hi there,
While using a file with masks, which include ?1, works well with version 3.1, naturally using the -1 with what
characters needed in the command line, preceding the full path for the file that contains the masks to be
used.
Using this same method but with version 5.1, latest build, every line in the masks file which include ?1
give a "Custom-charset 1 is undefined" message and the mask is ignored.
Can anyone point to what is being done wrong ? Thank you.
Search

Crack Active Directory NTLM/LM hashes

January 2, 2020, 4:40 pm
$
0
0
First and foremost, this is a ethical hack. Unfortunately we are in a situation where a co-worker has reset the AD credentials on a very important account. Because of this, we are locked out of several devices that use LDAP for authentication. Lucky enough, nobody knows the local passwords for the devices. So that's where we are.

I have restored the NTDS.dit and system32\config folders from a few of the domain controllers dating about a week ago. The NTDS.dit should have the old account password. 

After this, I extracted the hashes for the account in question using DSInternals.

So, I have the NTLM hashes and the LM hashes. I have been trying to use hashcat to crack these but I honestly don't know the best way to go about this.

Any advice on the best method or command strings to run?

Thanks!
Matt

Crack Active Directory User NTLM hash

January 2, 2020, 5:21 pm
$
0
0
First and foremost, this is an ethical hack. Unfortunately we are in a situation where a co-worker has reset the AD credentials on a very important account. Because of this, we are locked out of several devices that use LDAP for authentication. Lucky enough, nobody knows the local passwords for the devices. So that's where we are.

I have restored the NTDS.dit and system32\config folders from a few of the domain controllers dating about a week ago. The NTDS.dit should have the old account password. 

After this, I extracted the hashes for the account in question using DSInternals.

So, I have the NTLM hashes and the LM hashes. I have been trying to use hashcat to crack these but I honestly don't know the best way to go about this.

Any advice on the best method or command strings to run?

Thanks!
Matt

New password guessing method

January 3, 2020, 12:31 am
$
0
0
Hi all,


I have created a somewhat new password guessing method. And, I'm really interested in adding this method to hashcat, thus, contributing to hashcat's source code. I don't know where to start. Any help would be appreciated.


The method is pretty much an amalgamation of hashcat's mask, combination, dictionary and rules. Each new password is generated based on a pattern of password parts and patterns are extracted from existing password ditctionaries.


For example the pattern "N|c s Y" is a pattern for passwords beginning with a Capitalized Name, then a Special character and finishes with a Year. The result will be passwords such as:
Hank@1998
Eli$2020
Satoshi-2008


I already have developed the code to generate the passwords using golang. And, I have been able to use it with hashcat in "stdin mode". It works perfectly and the results are promising. But the problem is in fact the speed. It is pretty slow probably because of the relatively limited CPU-GPU bandwidth.


Where can I start my journey toward the goal of adding my passwords generation idea to hashcat? Is there any convention that i should be aware of?


Thanks.

build fail in kernel? -m 2500, cant figure out why

January 3, 2020, 7:55 am
$
0
0
Hi.

I am using hashcat, on parrot OS, with a Radeon R9 380 graphic card.
I have installed Rocm, and it works great. until i try to crack with -m 2500

Then it tells me

* Device #2: Kernel /usr/share/hashcat/OpenCL/m02500-pure.cl build failed - proceeding without this device.

Device 2 is my graphic card.

have anybody here tried it too? or know what the problem could be??

Save mask in wordlist

January 3, 2020, 12:36 pm
$
0
0
Hello, how can i save the all possible combinations in wordlist?
for example i have mask PAS?dWOR?d
i need to save it to .txt file, what is command allow to do this?

NTLM Performance Problem

January 3, 2020, 1:02 pm
$
0
0
Hello,
i have a little performance problem with cracking a NTLM hash.

My Hardware:
Disk: Samsung 970 Plus M.2
GPU: 2x RTX 2080 TI

With Benchmark i get this results:
Quote:Hashmode: 1000 - NTLM

Speed.#1.........: 92787.1 MH/s (24.13ms) @ Accel:128 Loops:1024 Thr:256 Vec:2
Speed.#2.........: 89742.9 MH/s (24.92ms) @ Accel:128 Loops:1024 Thr:256 Vec:2
Speed.#*.........:  182.5 GH/s


With my favorit attack-mode:
Quote:A Wordlist with only 12 words
hashcat64.exe -a 6 -w 4 -i --increment-min=5 NTLM-Hash PW_List.txt -1 ?d?l!@MLK-?? ?1?1?1?1?1?1?1
Speed.#1.........:  8555.0 kH/s (1.05ms) @ Accel:128 Loops:1024 Thr:256 Vec:1
Speed.#2.........:        0 H/s (0.00ms) @ Accel:128 Loops:1024 Thr:256 Vec:1

so i looked at https://hashcat.net/faq/morework and tryed the 1st version with a pipe to hashcat
Quote:hashcat64.exe --stdout -a 6 -i PW_List.txt -1 ?l?d??!@LKM ?1?1?1?1?1?1?1 | hashcat64.exe -m 1000 NTLM-Hash

Speed.#1.........:  306.5 kH/s (2.35ms) @ Accel:512 Loops:1 Thr:64 Vec:1
Speed.#2.........:  315.0 kH/s (2.39ms) @ Accel:512 Loops:1 Thr:64 Vec:1

pure wordlist attack is also not so fast as it looks in the benchmark results:
Quote:hashcat64.exe -O -a 0 -w 4 -m 1000 NTLM-Hash wordlist_600million.txt
Speed.#1.........:  5998.7 kH/s (0.39ms) @ Accel:128 Loops:1 Thr:256 Vec:1
Speed.#2.........:  5912.1 kH/s (0.39ms) @ Accel:128 Loops:1 Thr:256 Vec:1
Speed.#*.........: 11910.9 kH/s

osx errors

January 4, 2020, 6:12 am
$
0
0
keep getting an error when trying a mask attack in mac osx Catalina "zsh: no match found". Dictionary attack is working.
im using hashcat 5.1.0.
Search

Dictionary Attack

January 4, 2020, 1:49 pm
$
0
0
I am working on the WPA and using the Dictionary attack but I keep coming up exhausted and no results..So what would be the best course of action ?? I tried Brute Forcing but my laptop is junk..

i need to know a password

January 5, 2020, 2:06 am
$
0
0
hie ..
happy new year for you all !!!!!!
i ve hashcat 5.1  but i don t know how to do with
i have to know a password of this mail address :  [sensitive/private email address removed]
could you help me ?
best regards from france ....

Hashcat gets exhausted too quickly, HELP!

January 5, 2020, 6:48 pm
$
0
0
So when I 'decrypt' the emails and hashes together I get left with only like 20 results.

The command I use is:
hashcat64.exe -m 0 -a 0 --username [hashes.txt] [wordlist.txt]

then to retrieve results:

hashcat64.exe -m 0 --username --show [hashes.txt] --outfile-format=2 -o [results.txt]

I put in like 350 hash combos, but only get 12 results.
Is there not enough words in my wordlist? It's 435MB.
If that's the problem can anyone link me a good place to get a bunch of password and wordlists?

personal wrapper script that got out of hand, 'hashcrack'

January 6, 2020, 2:11 am
$
0
0
I don't know if this will be of any use to anyone, but I hacked it together to do some of the boring bits, like recognising what hash type a hash might be, running some unpacking scripts if needed, choosing a suitable dictionary and ruleset, etc. 

https://github.com/blacktraffic/hashcrack

It will at least tell you what it's /trying/ to do, if you grep for RUN in the output: 

Code:
C:\hashcrack> python hashcrack.py -i 32hex.txt
Running under win32
Reading file: 32hex.txt
Autodetected NTLM. Probably - or, it might be MD5 (100)x
Ambigious input; could be NTLM, MD5 or MySQL5. Please specify on command line with -t md5 or -t ntlm. For now, enter "ntlm" (default), "md5" : md5
Cracking hash type 0
Selected rules: l33tpasspro.rule, dict Top32Million-probable.txt, inc 0
Using dict and rules
cwd C:\hashcrack\hashcat-5.1.0
RUN: hashcat64.exe -a0 -m 0 32hex.txt dict\Top32Million-probable.txt -r rules\l33tpasspro.rule  --loopback  -O --bitmap-max=26  -w3  --session hc

The general strategy has been reasonably well-tested at a couple of pentest outfits; the actual code is a bit ropey I'm sorry.

Speed comparison WPA/WPA2 (2500) vs WPA/WPA2 PMK (2501)

January 6, 2020, 2:11 am
$
0
0
I have seen many articles state that while the new method lets you start cracking Wifi password without waiting for a handshake the cracking process itself is not faster, however according to this benchmark: https://gist.github.com/iam1980/808f696a...01f91a8b18

Hashcat can crack WPA/WPA2 PMK ~500 times faster than WPA/WPA2 (3200MH/s vs 6300KH/s)

Am I missing something or is -m 2501 that much faster?

Extracted hash from 7z archive and it is 4708 characters long, is that normal?

January 6, 2020, 4:17 am
$
0
0
Example hash for 11600 is much smaller

I used 7z2hashcat

Can i use mask but for hash?

January 6, 2020, 5:30 pm
$
0
0
I want to brute but password will be correct if the hash starts with n zeros can i do this?
Search

Can shannon entropy be used to optimize password carcking?

January 7, 2020, 1:48 am
$
0
0
I am pretty sure 99% of passwords are not random so I'd imagine if hashcat had a mode in which it would not wast time on hashing random passwords cracking speed would increase.

Or perhaps an AI could be developed which would be trained on existing wordlists and by prioritizing more likely password candidates over random passwords make brute forcing much more efficient.

Is there a way to extract a password hash from AESCrypt archive?

January 7, 2020, 8:17 am

Mask 0123456789

January 7, 2020, 11:47 am
$
0
0
Hello, what command is needed to decipher the mask password consists of the numbers: 012345678

hashcat64.exe -m 2500 -a 3 C:\ha\20488_1578425546.hccapx -o www.txt      ????

dapp / digital currency for password cracking

January 9, 2020, 7:47 pm
$
0
0
The hash rates of major crytocoin networks seem staggering (e.g. estimated 120,000,000 TH/s in bitcoin network https://www.blockchain.com/en/charts/hash-rate), even when compared to state of the art cracking systems (e.g. https://terahash.com).

What would it take to create a distributed app (e.g. https://www.dapp.com/) which can leverage various blockchain networks (e.g. based on how closely miner optimized hash matches target hash)? It seems like this could be useful for bruting junk passwords.

From an software architecture standpoint, what would be the biggest challenges or top reasons this is a stupid idea?

Perhaps a new coin (catcoin?) could be created to pay for proof of cracking work.

I am grateful for any insights more informed folks can share.

- Cheers

Can this password type be brute forced?

January 10, 2020, 2:10 am
$
0
0
Please help me understand if this password length and type can be brute forced. I have no prior knowledge and now I am forced to learn Smile

I generated a password with KeePassX that looks like this: fBX9M7r2HZDa2QEVBqo9faMjW9E37nxPBSf
Length: 35
Chars: 0-9a-zA-Z

If it would start with 000000000000000000000000000000000001 ... it would be impossible. There are obviously some rules to the password that should make it "easier".

Is it even possible to crack it within years even? If so, what do I need to understand & learn before proceeding?

Thanks!
Viewing all 7847 articles
Browse latest View live
Search