HEXed dictionary

January 22, 2020, 5:35 am

≫ Next: possible to crack .7z file with sha-256?

Hello,

I'm trying to come up with an use-case for dictionaries of passwords converted to HEX. The only pro I see is an possibility to have password on multiple different encoding in a single file and the con that the dictionary require 2-times the storage space of the original dictionary(s). Am I missing something? Is there any other use-case for this feature?

Regards,
Azaran

↧

possible to crack .7z file with sha-256?

January 22, 2020, 7:41 am

≫ Next: Hashcat 5.1.0 never returns results

≪ Previous: HEXed dictionary

I am complete noob at this so please help. from google search, many results kept saying 7z/7zip uses sha-256. then I came across this benchmark from github https://gist.github.com/epixoip/a83d38f4...804a270c40

it shows that 7z each 1080 GPU can only do about 7k to 8k hash/s (assuming password per seconds?), where as for sha-256 can go upwards of 3000 MH/s which is 3 billion hash/s compare to just 8k of 7zip. that is ~370000x faster.

is it possible to use hastcat with SHA256 for 7zip so its faster?

not -m 11600 (archive 7zip)
hashcat64.exe -m 11600 -a 3 hast.txt

instead use -m 1400
hashcat64.exe -m 1400 -a 3 hast.txt

edit: i just realize google is saying 7zip is using AES 256 and not SHA 256. what is the difference? also I can't seem to find AES 256 under help menu for -m in hastcat.

edit 2: google also says "To create that key 7-Zip uses derivation function based on SHA-256 hash algorithm. " so which is it, AES256 or SHA 256 i am so confused.

↧

Hashcat 5.1.0 never returns results

January 22, 2020, 12:56 pm

≫ Next: how to use just lower case alpha numeric only?

≪ Previous: possible to crack .7z file with sha-256?

Hi all,

I'm trying to work through some simple Hashcat examples just to get a feel for it. I tried several hashes from simple passwords to try to brute force them, but no luck. I'm talking PWs that are 4 characters long.

Here's what I tried:

Code:
hashcat64.exe -a 3 -m 0 -p : -o "c:\my\desktop\pw.txt" "c:\my\desktop\hash.txt" -O -1 ?a ?1?1?1?1

This is what I see on the screen:

Code:
C:\my\path\to\hashcat\hashcat-5.1.0>hashcat64.exe -a 3 -m 0 -p : -o "c:\my\desktop\pw.txt" "c:\my\desktop\hash.txt" -O -1 ?a ?1?1?1?1

hashcat (v5.1.0) starting...

C:\my\path\to\hashcat\hashcat-5.1.0>

It doesn't matter what I try...it's like 10 seconds, then "hashcat (v5.1.0) starting..." then another 4 seconds or so, then just back to the prompt. I think the output file got created once but nothing in it.

Ok, so I noticed that there was an example0.cmd in the hashcat directory that looks like it uses a wordlist. Not exactly what I want, but at least I could see hashcat in action. So I tried to run the cmd file (technically the command within the cmd file):

Code:
C:\my\path\to\hashcat\hashcat-5.1.0>hashcat64.exe -t 32 -a 7 example0.hash ?a?a?a?a example.dict

hashcat (v5.1.0) starting...

C:\my\path\to\hashcat\hashcat-5.1.0>

Same issue. I must be missing something. Can anyone help?

Thank you,

Mike

↧

how to use just lower case alpha numeric only?

January 22, 2020, 5:12 pm

≫ Next: question about hashcat speed slow?

≪ Previous: Hashcat 5.1.0 never returns results

I am noob, try to crack .7z, the commands I am currently using is "hashcat64.exe -m 11600 -a 3 hast.txt" but I assume that is basically the same as all CAP, lower case, numbers and special characters.

I tried to use only lower case + numbers without wanting upper or special chars and command looks like "hashcat64.exe -m 11600 -a 3 -1 ?l?d hast.txt". when I did that it says I specified a char set so I need a mask? how to do it without a mask as i use -a 3 means brute force with just lower case + number is what I want.

please help!

↧

question about hashcat speed slow?

January 22, 2020, 6:55 pm

≫ Next: Non-printable chars in hcmask files ?

≪ Previous: how to use just lower case alpha numeric only?

I google searched many place and people's talk and conclusion was that hashcat is fastest at password cracking which is why I am here now.

on my other thread I have questions on how to use commands and stuff but to crack a .7z password command I used is this:

"hashcat64.exe -m 11600 -a 3 hash.txt"

this brute force 7zip archive for all character combination lower/upper case, digits + special char I assume? I get about ~5500 h/s

however I use another software called parallel password recovery for 7z file which disabling cpu and only using GPU, I can get about average 9500 pw/s.

how is this software almost twice as fast and how can I improve hashcat performance? one thing I did notice is that if I use hashcat even though GPU almost always between 98-99% usage, I can still play game, browse or watch video. where as parallel password recovery its average also 99% but everything I do graphic related lags meaning GPU is really stressed.

how can I improve performance in hashcat?

↧

Non-printable chars in hcmask files ?

January 23, 2020, 4:26 am

≫ Next: need batch stop after pass found hccapx

≪ Previous: question about hashcat speed slow?

Hi there,

I know I can do a rule with things like "$\x0d" to append a special char to a word from a wordlist, but I can't seem to achieve the same thing with hcmask files, e.g. this doesn't seem to do what I was hoping.

?d?l,\x0d,?1?1?1?1?1?1?2

where i'd like it to match e,g "fubar\x0d"

Is there any way to get awkward chars like \x0d, or indeed comma into these charsets?

thanks,

↧

need batch stop after pass found hccapx

January 23, 2020, 11:11 am

≫ Next: pkzip mode

≪ Previous: Non-printable chars in hcmask files ?

hello i need command which will stop close batch after pass is found in hccapx file
currently i am using this command in batch when pass is found in passlist1 it still going on and on looking in next word lists
--remove not work with hccapx file

thx

64 -m 2500 -t 25 -o cracked.txt 1.hccapx pass/passlist1.txt
64 -m 2500 -t 25 -o cracked.txt 1.hccapx pass/passlist2.txt
64 -m 2500 -t 25 -o cracked.txt 1.hccapx pass/passlist3.txt

↧

pkzip mode

January 23, 2020, 3:09 pm

≫ Next: Cannot capture WPA handshake on macOS by any means

≪ Previous: need batch stop after pass found hccapx

$pkzip2$3*1*1*0*8*24*...*$/pkzip2$
Is it 17200, 17210, 17220 or 17230

With 17230 i found ~5 passwords for one hash, no one open archive
17200/17210 can`t start

17220 tried billions of passwords, nothing found

↧

Cannot capture WPA handshake on macOS by any means

January 24, 2020, 8:38 am

≫ Next: time estimate

≪ Previous: pkzip mode

In my free time I go in for pen testing and wireless security using my 2018 MacBook Pro. I have been trying to capture 4-way WPA handshake using 3 various tools: airport command, tcpdump and Apple's native Sniffer under Wireless Diagnostics.app. For airport I followed this guide, for tcpdump I followed this one and finally for the macOS native Sniffer I followed this guide. My focus is capturing the handshake the passive way, without using deauthentification. When I started capturing using either tool, I turned off WiFi on my iPhone, waited 15 seconds, then turned it back on and connected to my WiFi (created by Apple's 5th gen Time Capsule) hoping to capture the handshake. Out of my trials, not once was I successful.

I would appreciate if anyone could advise me or point my to the right direction on how I should go about solving this problem.

↧

time estimate

January 24, 2020, 10:52 am

≫ Next: SHA 512

≪ Previous: Cannot capture WPA handshake on macOS by any means

im trying to crack a SHA 512 wallet with 113000 iterations and a password of maximum 13 digits with 2 rx 580 8gb on Hashcat and a identical setup for btcrecover, most probably the password is only lowercase leters, how much do you think is going to take ? each card is reportedly having 10 ~ ms with 3900 ~ h/s in hashcat and 1.79 ~ p/s with btcrecover, in hashcat im trying to hash from 5 to the 13 digits and btcrecover is doing incremental, how much do you guys think is going to take under your experience??

↧

SHA 512

January 24, 2020, 1:08 pm

≫ Next: so hashes/s is same as passwords/s?

≪ Previous: time estimate

Sorry for being a total noob but what would be the command line to hash a SHA512 PROVIDING the Salt, that means, i have the salt but i need the password decrypted out of it...

↧

so hashes/s is same as passwords/s?

January 25, 2020, 3:46 am

≫ Next: SHA256 (AuthMe)

≪ Previous: SHA 512

I tried a few things but please look at these screenshots. https://imgur.com/a/m7RXqV3/layout/grid

one of the screenshot shows the command I used for hascat is:
"hashcat64.exe -m 11600 -a 3 -?l?d hash.txt ?1?1?1?1"

for a total of 4 character password but strangely it doesn't test password length prior to 4 characters. I know this is convenient to skip short passwords but how can I make the command to do all passwords? as combination in total for 4 characters password should be a total combination of 1,727,604, where as this command only shows 36^4 = 1,679,616.

from my other posts I asked about hash/s vs psw/s I thought they are to be different and that hashcat is much faster but it seems that hash is the same password? if you look at the two screenshot:

1. hashcat ~5000 h/s
2. crark-7z ~9500 pw/s

and if you look at the combination of total passwords/hash and add them together numbers do add up exception is that hastcat only at 1,679,616 which is strictly testing only 4 characters length password, while both using only lower case + numbers. so how is this crark-7z almost 2x faster and on the top it also says SHA256. I even tested with a 4 character password on the same .7z archive and both able to find it, except one is much faster which is crark-7z.

I like the idea of hashcat to attack hashes thats generated for different type of encryption but if it's gonna just test password combination what is the point of getting the hash in the first place?

could someone more knowledgeable please help explain, thank you.

↧

SHA256 (AuthMe)

January 25, 2020, 4:16 am

≫ Next: Speeding up bruteforce cracking time

≪ Previous: so hashes/s is same as passwords/s?

You know such a SHA256 hash (Authme), and so. I have the latest version of hashcat and I don’t have this hash! They told me that the number of this hash is 20711, but I don’t have one.

↧

Speeding up bruteforce cracking time

January 25, 2020, 6:32 pm

≫ Next: Hashcat Starts and Stops Immediately

≪ Previous: SHA256 (AuthMe)

Hello, im wondering if there is a way to use custom rules Or masks?
Im trying to crack my talltalk router wifif password from the handshake.
I know my password is 8 charecters long and is a combination of 5 uppercase letters and 3 numbers.
I see in the bruteforce it is trying all hashes ,example- abcdefgh, jkmnpqrt.
Is there a way to make it only search with a max of 5 uppers and 3 numbers in any order
Example- A3B4CDE6, 9TA4VYQ6

↧

Hashcat Starts and Stops Immediately

January 25, 2020, 7:34 pm

≫ Next: Integer overflow detected

≪ Previous: Speeding up bruteforce cracking time

Please help mee

C:\Users\win\Desktop\hashcat-5.1.0>hashcat64.exe -m 2500 C:\Users\win\Desktop\-01.hccapx C:\Users\win\Desktop\wordlist.txt --force
hashcat (v5.1.0) starting...

nvmlDeviceGetFanSpeed(): Not Supported

OpenCL Platform #1: NVIDIA Corporation
======================================
* Device #1: GeForce GTX 960M, 512/2048 MB allocatable, 5MCU

OpenCL Platform #2: Intel(R) Corporation
========================================
* Device #2: Intel(R) HD Graphics 530, 1619/3239 MB allocatable, 24MCU
* Device #3: Intel(R) Core(TM) i7-6700HQ CPU @ 2.60GHz, skipped.

INFO: All hashes found in potfile! Use --show to display them.

Started: Sun Jan 26 04:32:54 2020
Stopped: Sun Jan 26 04:32:55 2020

C:\Users\win\Desktop\hashcat-5.1.0>

↧

Integer overflow detected

January 26, 2020, 5:16 am

≫ Next: Word-4digits-symbol-word

≪ Previous: Hashcat Starts and Stops Immediately

Hi all
Noob question alert!

Im trying to execute a mask attack on a .hccpx file.
I know its 10 characters long and a mix of upper and numbers.
I tried

Code:
hashcat -a 3 -m 2500 --force '/root/Captures/1.hccapx' ?u?d?u?d?u?d?u?d?u?d?u?d?u?d?u?d?u?d?u?d

This resulted in this error..

Code:
Integer overflow detected in keyspace of mask: ?u?d?u?d?u?d?u?d?u?d?u?d?u?d?u?d?u?d?u?d

Thanks

↧

Word-4digits-symbol-word

January 26, 2020, 6:08 am

≫ Next: Hashcat does not see GPU (??)

≪ Previous: Integer overflow detected

I have an MD5 hash that is in the following format:
?u?l?l?l?s?d?d?d?d?u?l?l?l?l?l?l
[Word][symbol][4 digits][Different Word]

Is there any way to run a left/right dictionary with rules to brute the symbol & 4 digits inbetween?

↧

Hashcat does not see GPU (??)

January 26, 2020, 8:19 am

≫ Next: help finding installed hashcat potfile

≪ Previous: Word-4digits-symbol-word

New hashcat user on new setup so good bet it is pilot error. Just don't know how to move forward.

Please advise if more info required or other ways to test

uname -a

Linux JBLinux 4.9.0-11-amd64 #1 SMP Debian 4.9.189-3+deb9u2 (2019-11-11) x86_64 GNU/Linux

===========================

lscpu

Architecture: x86_64
CPU op-mode(s): 32-bit, 64-bit
Byte Order: Little Endian
CPU(s): 4
On-line CPU(s) list: 0-3
Thread(s) per core: 1
Core(s) per socket: 4
Socket(s): 1
NUMA node(s): 1
Vendor ID: GenuineIntel
CPU family: 6
Model: 15
Model name: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz
Stepping: 11
CPU MHz: 1602.000
CPU max MHz: 2403.0000
CPU min MHz: 1602.0000
BogoMIPS: 4799.74
Virtualization: VT-x
L1d cache: 32K
L1i cache: 32K
L2 cache: 4096K
NUMA node0 CPU(s): 0-3
Flags: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx lm constant_tsc arch_perfmon pebs bts rep_good nopl aperfmperf pni dtes64 monitor ds_cpl vmx est tm2 ssse3 cx16 xtpr pdcm lahf_lm kaiser tpr_shadow vnmi flexpriority dtherm

=================================

clinfo

Number of platforms 1
Platform Name Clover
Platform Vendor Mesa
Platform Version OpenCL 1.1 Mesa 13.0.6
Platform Profile FULL_PROFILE
Platform Extensions cl_khr_icd
Platform Extensions function suffix MESA

Platform Name Clover
Number of devices 1
Device Name NV92
Device Vendor NVIDIA
Device Vendor ID 0x10de
Device Version OpenCL 1.1 Mesa 13.0.6
Driver Version 13.0.6
Device OpenCL C Version OpenCL C 1.1
Device Type GPU
Device Profile FULL_PROFILE
Max compute units 16
Max clock frequency 512MHz
Max work item dimensions 3
Max work item sizes 512x512x64
Max work group size 512
=== CL_PROGRAM_BUILD_LOG ===
invalid source Preferred work group size multiple invalid source
Preferred / native vector sizes
char 16 / 16
short 8 / 8
int 4 / 4
long 2 / 2
half 0 / 0 (n/a)
float 4 / 4
double 0 / 0 (n/a)
Half-precision Floating-point support (n/a)
Single-precision Floating-point support (core)
Denormals No
Infinity and NANs Yes
Round to nearest Yes
Round to zero No
Round to infinity No
IEEE754-2008 fused multiply-add No
Support is emulated in software No
Correctly-rounded divide and sqrt operations No
Double-precision Floating-point support (n/a)
Address bits 32, Little-Endian
Global memory size 4294967296 (4GiB)
Error Correction support No
Max memory allocation 1099511627776 (1024GiB)
Unified memory for Host and Device Yes
Minimum alignment for any data type 128 bytes
Alignment of base address 1024 bits (128 bytes)
Global Memory cache type None
Image support No
Local memory type Local
Local memory size 16384 (16KiB)
Max constant buffer size 0
Max number of constant args 0
Max size of kernel argument 4096 (4KiB)
Queue properties
Out-of-order execution No
Profiling Yes
Profiling timer resolution 0ns
Execution capabilities
Run OpenCL kernels Yes
Run native kernels No
Device Available Yes
Compiler Available Yes
Device Extensions cl_khr_global_int32_base_atomics cl_khr_global_int32_extended_atomics cl_khr_local_int32_base_atomics cl_khr_local_int32_extended_atomics cl_khr_byte_addressable_store

NULL platform behavior
clGetPlatformInfo(NULL, CL_PLATFORM_NAME, ...) Clover
clGetDeviceIDs(NULL, CL_DEVICE_TYPE_ALL, ...) Success [MESA]
clCreateContext(NULL, ...) [default] Success [MESA]
clCreateContextFromType(NULL, CL_DEVICE_TYPE_CPU) No devices found in platform
clCreateContextFromType(NULL, CL_DEVICE_TYPE_GPU) Success (1)
Platform Name Clover
Device Name NV92
clCreateContextFromType(NULL, CL_DEVICE_TYPE_ACCELERATOR) No devices found in platform
clCreateContextFromType(NULL, CL_DEVICE_TYPE_CUSTOM) No devices found in platform
clCreateContextFromType(NULL, CL_DEVICE_TYPE_ALL) Success (1)
Platform Name Clover
Device Name NV92

ICD loader properties
ICD loader Name OpenCL ICD Loader
ICD loader Vendor OCL Icd free software
ICD loader Version 2.2.11
ICD loader Profile OpenCL 2.1

========================

lspci | grep VGA

01:00.0 VGA compatible controller: NVIDIA Corporation G92 [GeForce GTS 250] (rev a2)

=======================

hashcat -I

hashcat (v3.30) starting...

* Device #1: Device local mem size is too small

No devices found/left

↧

help finding installed hashcat potfile

January 27, 2020, 11:17 am

≫ Next: how to use just lower case alpha numeric only?

≪ Previous: Hashcat does not see GPU (??)

Does hastcat happen to have a command to show the installed location of the potfile?

My potfile seems to be working fine, loading and removing ~50 or so cracked hashes on launch of hashcat.

I believe I did a make install on macos from a git clone. I don't seem to have a potfile in the top level of that folder

Any other suggestions on how to find the working potfile?

↧

how to use just lower case alpha numeric only?

January 22, 2020, 5:12 pm

≫ Next: Several Words + #'s + characters

≪ Previous: help finding installed hashcat potfile

↧