Using hashcat

February 10, 2014, 9:26 pm

≫ Next: Benchmark K10 and Rejected hash

≪ Previous: newbie

$

0

0

Hi @all,

sorry, I am not a professional in computer and password recovery. As I'm coming from Germany I am looking for a guy, in the best case from Germany as well, helping me in practise to find some lost words.....

Who can help me - ways of contact: mail, skype, wa, phone :-)

Kind regards

Andreas

---

Benchmark K10 and Rejected hash

February 11, 2014, 10:10 am

≫ Next: New major feature preview of v1.02; debug rules

≪ Previous: Using hashcat

$

0

0

Hi

I use cudaHascat and try to break "crypt" passwords with a dictionnary+rules file (Hardware: 3x Nvidia K10)

I think i have an issue with the speed (Very slow) compared to benchmarks. 112.7 kH/s is'nt very fast. When i use benchmark-mod=1 with "crypt", i have: 128.3 MH/s

An other strange thing is the number of rejected hash (almost 100% ?) How is it possible ?

Session.Name...: cudaHashcat
Status.........: Running
Rules.Type.....: File (cudaHashcat-1.01/crypt.rule)
Input.Mode.....: File (dico.lst)
Hash.Target....: File (crypt.hashes)
Hash.Type......: descrypt, DES(Unix), Traditional DES
Time.Started...: Tue Feb 11 18:59:32 2014 (6 secs)
Time.Estimated.: Fri Feb 21 20:28:58 2014 (10 days, 1 hour)
Speed.GPU.#1...: 18777 H/s
Speed.GPU.#2...: 18781 H/s
Speed.GPU.#3...: 18804 H/s
Speed.GPU.#4...: 18809 H/s
Speed.GPU.#5...: 18768 H/s
Speed.GPU.#6...: 18766 H/s
Speed.GPU.#*...: 112.7 kH/s
Recovered......: 0/1432 (0.00%) Digests, 0/1147 (0.00%) Salts
Progress.......: 60530238764562/158790171105922 (38.12%)
Rejected.......: 60513402828306/60530238764562 (99.97%)
HWMon.GPU.#1...: 99% Util, 50c Temp, -1% Fan
HWMon.GPU.#2...: 99% Util, 59c Temp, -1% Fan
HWMon.GPU.#3...: 99% Util, 55c Temp, -1% Fan
HWMon.GPU.#4...: 99% Util, 58c Temp, -1% Fan
HWMon.GPU.#5...: 99% Util, 56c Temp, -1% Fan
HWMon.GPU.#6...: 99% Util, 59c Temp, -1% Fan

And rules to generate "crypt.rule":

./mp64.bin -1 0 ":" > crypt.rule
./mp64.bin -1 0 "r" >> crypt.rule
./mp64.bin -1 0 "d" >> crypt.rule
./mp64.bin -1 0 "c" >> crypt.rule
./mp64.bin -1 0 "cd" >> crypt.rule
./mp64.bin -1 0 "cr" >> crypt.rule

./mp64.bin -1 0123456789 "^?1'8" >> crypt.rule
./mp64.bin -1 0123456789 "^?1^?1'8" >> crypt.rule
./mp64.bin -1 0123456789 "^?1^?1^?1'8" >> crypt.rule
./mp64.bin -1 0123456789 "^?1^?1^?1^?1'8" >> crypt.rule


Where is my mistake ?


Thx

New major feature preview of v1.02; debug rules

February 11, 2014, 12:46 pm

≫ Next: error:clGetPlatformIDs -64

≪ Previous: Benchmark K10 and Rejected hash

$

0

0

Here's just a brief description of the new debug rule feature, I'm a bit in hurry.

Most of you guys know it already from hashcat CPU and many wished to have this feature for oclHashcat as well. That wasn't possible for a long time but due to some architecture changed it's possible now!!

This feature is primarily aimed for generating new rules but it's also good if you want to find out which of your words in your dictionaries are efficient or which rules in your rulesets crack the most hashes. But for this example, I'll only focus on the rule generator:

##
## 1. Crack some hashes with random generated rules with a small wordlist
##

Quote:
root@ht:~/oclHashcat-1.02# ./oclHashcat64.bin example0.hash example.dict --generate-rules 100 --debug-mode 3 --quiet
cf61d5aed48e2c5d68c5e3d2eab03241:alex999999999
alex99:Z5 Z2
a4bf29620bb32f40c3fc94ad1fc3537a:_hallo12
hallo12:^_
ba114384cc2dbf2f2e3230b803afce86:321654987Q
321654987:$Q
77719e24d4e842c8c87d91e73c7d1a8f:1123581322
1123581321:oAL *98 +8
e2a3f66b3de94593e2e0a6e5208b55af:anais20072007
anais2007:Y4
77108d6b734f4f4e06639fced921b1fe:1234qwerQ
1234qwer:$Q
66dec649460b9ebfdb3f513c2985525c:wrestlingg
wrestling:Z1
8c0d31cadefef386ed4ebb2daf1b80be:newports12
newports21:*98 p4

##
## 2. Above example is just for display of the use, usually you would do --debug-file which would contain the following information instead:
##

Quote:
root@ht:~/oclHashcat-1.02# cat debug.rules
alex99:Z5 Z2
hallo12:^_
321654987:$Q
1123581321:oAL *98 +8
anais2007:Y4
1234qwer:$Q
wrestling:Z1
newports21:*98 p4

##
## 3. Optimize rules with new rule-optimizer:
##

Quote:
root@ht:~/oclHashcat-1.02# tools/rules_optimize/rules_optimize.bin < debug.rules | sort -u
^_
*98 +8
*98 p4
$Q
Y4
Z1
Z5 Z2

... What it did, it removed the "oAL" function since it wasn't neccessary, thus sort -u packing rate will increase.

In the last days I was running -g runs of oclHashcat in an endless loop, always with around 10k generated rules. In total I collected around 50k of new rules, each of it cracked at least one hash.

Now I just re-run those 50k rules on my full dictionaries, it had great effect

Tip: You can also sort the results by occourance

error:clGetPlatformIDs -64

February 12, 2014, 5:41 am

≫ Next: clGetPlatformIDs() -1001 ON BOOTCAMP

≪ Previous: New major feature preview of v1.02; debug rules

$

0

0

when I use hashcat, I got an error as bellow:
ERROR:clGetPlatformIDs() -64

win7+ATI Mobility Radeon HD 5650
I have installed the latest drivers

HashcatGUI_0311+oclHashcat-1.01

Can anyone suggest how I can fix it ?

Thank you.

clGetPlatformIDs() -1001 ON BOOTCAMP

February 12, 2014, 8:43 am

≫ Next: oclhashcat error

≪ Previous: error:clGetPlatformIDs -64

$

0

0

hello i have a error:

clGetPlatformIDs() -1001


i install bootcamp and the latest drivers for this plataform:

Catalyst Control Center
Version 2011.0104.2155.39304


I have Ati radeon HD 6770

any fix?

thank you

oclhashcat error

February 12, 2014, 2:27 pm

≫ Next: Not sure about the stats WPA/WPA2

≪ Previous: clGetPlatformIDs() -1001 ON BOOTCAMP

$

0

0

I try to use oclhashcat and it says no AMD/SDS compatible platform found.
Please help

Not sure about the stats WPA/WPA2

February 12, 2014, 5:39 pm

≫ Next: Password generation from HDD

≪ Previous: oclhashcat error

$

0

0

Ok, so I've heard a lot of good things about hashcat, so I wanted to give it a try. I got a 4-way handshake, I've made it in the final version *.hccap

I have a pretty new laptop, i7, NVIDIA GeForce 740 2GB, etc

Now... I have a wordlist, and I am using this command (windows 8) to try a dictionary attack:

Quote:cudaHashcat64.exe -m 2500 -u 4096 c:\Hacking\wireless\tp-link.hccap c:\Hacking\cracking\wordlist\Romanian.dic

and I get the following results

Quote:Hashes: 1 total, 1 unique salts, 1 unique digests
Bitmaps: 8 bits, 256 entries, 0x000000ff mask, 1024 bytes
Rules: 1
Applicable Optimizers:
* Zero-Byte
* Single-Hash
* Single-Salt
Watchdog: Temperature abort trigger set to 90c
Watchdog: Temperature retain trigger set to 80c
Device #1: GeForce GT 740M, 2048MB, 1032Mhz, 2MCU
Device #1: Kernel ./kernels/4318/m2500.sm_35.64.ptx
Device #1: Kernel ./kernels/4318/bzero.64.ptx

Cache-hit dictionary stats c:\Hacking\cracking\wordlist\Romanian.dic: 13889073 b
ytes, 1068103 words, 1068103 keyspace

[s]tatus [p]ause [r]esume [b]ypass [q]uit =>
Session.Name...: cudaHashcat
Status.........: Running
Input.Mode.....: File (c:\Hacking\cracking\wordlist\Romanian.dic)
Hash.Target....: TP-LINK (xx:xx:xx:xx:xx:xx <-> xx:xx:xx:xx:xx:xx)
Hash.Type......: WPA/WPA2
Time.Started...: Wed Feb 12 17:45:04 2014 (1 sec)
Time.Estimated.: Wed Feb 12 17:46:16 2014 (1 min, 8 secs)
Speed.GPU.#1...: 16513 H/s
Recovered......: 0/1 (0.00%) Digests, 0/1 (0.00%) Salts
Progress.......: 33816/1068103 (3.17%)
Rejected.......: 5144/33816 (15.21%)
HWMon.GPU.#1...: 99% Util, 49c Temp, N/A Fan

[s]tatus [p]ause [r]esume [b]ypass [q]uit =>

This means that 16513 passwords are tried per second ?
It's pretty good, in comparation to aircrack, even though I've seen some youtube videos, where the speed was 70k (almost the same GPU card), and it's real big difference.

This was the dictionary attack.

Trying it with mp64, I get better results, but I am not sure if I understand correctly, anyway, here is the bruteforce attack with 6 letters:

Quote:mp64.exe ?l?l?l?l?l?l | cudaHashcat64.exe -m 2500 c:\Hacking\wireless\tp-link.hccap

I get this results:

Quote:Hashes: 1 total, 1 unique salts, 1 unique digests
Bitmaps: 8 bits, 256 entries, 0x000000ff mask, 1024 bytes
Rules: 1
Applicable Optimizers:
* Zero-Byte
* Single-Hash
* Single-Salt
Watchdog: Temperature abort trigger set to 90c
Watchdog: Temperature retain trigger set to 80c
Device #1: GeForce GT 740M, 2048MB, 1032Mhz, 2MCU
Device #1: Kernel ./kernels/4318/m2500.sm_35.64.ptx
Device #1: Kernel ./kernels/4318/bzero.64.ptx

Starting attack in stdin mode...


Session.Name...: cudaHashcat
Status.........: Exhausted
Input.Mode.....: Pipe
Hash.Target....: TP-LINK (xx:xx:xx:xx:xx:xx <-> xx:xx:xx:xx:xx:xx)
Hash.Type......: WPA/WPA2
Time.Started...: Wed Feb 12 17:34:36 2014 (1 min, 10 secs)
Speed.GPU.#1...: 0 H/s
Recovered......: 0/1 (0.00%) Digests, 0/1 (0.00%) Salts
Progress.......: 308915776
Rejected.......: 308915776
HWMon.GPU.#1...: 0% Util, 47c Temp, N/A Fan

Started: Wed Feb 12 17:34:36 2014
Stopped: Wed Feb 12 17:35:48 2014

From this stats, I understand that 308915776 were processed in ... 1 minute and 10 seconds ?!

It's a really big difference from dictionary to bruteforce.

Did I get it wrong or... I am way to far from the truth ?

Password generation from HDD

February 13, 2014, 2:15 am

≫ Next: Session / Restore files

≪ Previous: Not sure about the stats WPA/WPA2

$

0

0

I'm currently working on cracking a sha512crypt hash. I've got an image of the hard disk it came from so I'm trying to initally concentrate on generating word lists from the disk image.

Other than simply using 'strings' across the image (which I've already done), I'd be interested if anyone uses a more intelligent methods of generating keyword lists from disk images.

My next plan was to try and generate a wordlist from the mounted filesystem with all compound files expanded, which I suspect will give me a more accurate wordlist, capturing words which fall across sector boundaries, inside archives etc.

In this instance, the file system of the target device if EXT4, but I'd also be interested in tools for NTFS based systems or tools for generating keyword lists from specific system areas such as pagefile/hyberfile (e.g. using tools such as violatility to structure the data prior to extraction)

Any comments of advice would be appreciated
Cheers
D

---

Session / Restore files

February 13, 2014, 6:39 am

≫ Next: Mac OSX 10.8 and 10.9 Questions

≪ Previous: Password generation from HDD

$

0

0

Good morning!

I've searched and could not find this- could anyone please explain to me the files involved in oclhashcat sessions? Basically, I'm running a long-ass session using VCL, which is not the most reliable, and want to be able to back up my session every now and then.

So, if I wanted to take a snapshot of the running session, what would I need? Obviously the .restore file, but what else?

Thanks!

Mac OSX 10.8 and 10.9 Questions

February 13, 2014, 7:47 am

≫ Next: Kernel not found m2500.ati rv770_9372.cal

≪ Previous: Session / Restore files

$

0

0

Hello, I'm new here and have a few questions.

I looked through the wiki and found out how to use hashcat 0.47 and oclHashcat 1.01 very nicely and they are amazing programs.

However, Hashcat appears to be VERY slow at cracking PBKDF2 Salted SHA512 passwords (-m 7100). This is in not only hashcat 0.47 but also oclHashcat. When I try for a (-m 1722) password, it goes much faster, much more than a million per second guesses. But, when I do (-m 7100) password hashes, I get around 5 guesses per second.

All tests done on the same computer (GTX 660, i7 processor, Windows 7). All tests done on the same version of hashcat (varying between ocl and normal for both of them).
Same passwords, just different types of hashes.
Doing a brute force attack and dictionary attack, doesn't matter, still same rates.

Thank you for your help! I'm not sure if PBKDF2 makes it longer time requirement to crack or not?

Thanks for any information or hints about what I am doing wrong!

Kernel not found m2500.ati rv770_9372.cal

February 13, 2014, 8:40 am

≫ Next: SHA256 bug when salt is really big?

≪ Previous: Mac OSX 10.8 and 10.9 Questions

$

0

0

Hi
I use oclHashcat v1.01 and i missing 1 kernel :/
i use --force
Hashes: 1 total, 1 unique salts, 1 unique digests
Bitmaps: 8 bits, 256 entries, 0x000000ff mask, 1024 bytes
Applicable Optimizers:
* Zero-Byte
* Single-Hash
* Single-Salt
* Brute-Force
Watchdog: Temperature abort trigger set to 90c
Watchdog: Temperature retain trigger set to 80c
Device #1: ATI RV770, 512MB, 900Mhz, 10MCU
Device #1: Kernel ./kernels/4098/m2500.ATI RV770_937.2_CAL 1.4.1734.kernel not found in cache! Building may take a while...
ERROR: clBuildProgram() -11

I have a ATI Radeon 4880
Catalyst V 12.6
Win 7 64

Can i have the Download to the Missing Kernel?

SHA256 bug when salt is really big?

February 13, 2014, 10:27 am

≫ Next: How can we have a comma? (",")

≪ Previous: Kernel not found m2500.ati rv770_9372.cal

$

0

0

*** I HOPE I AM NOT BREAKING THE 'NO-POSTING HASHES RULE' BY THIS THREAD SINCE BOTH HASHES ARE HOME-MADE **



So, I declare beforehand that I might be stupid but I do believe that there is a bug materializing in oclhashcat when a SHA256 hash is derived from a password with a really big salt. Please note that hashcat DOES NOT suffer from the same problem; it works fine and manages to find the passwords in both cases in the following examples.

In my opinion the bug is due to some kind of overflow of an internal buffer. No error is output; oclhashcat simply fails to find the password.

The bug occurs in cases where the SALT is big (regarding the length).

Here are 2 examples so you see what I mean:



Example 1 (SUCCESS):
~~~~~~~~~~~~~~~~~
SALT : [@36 Dirty,men!#]
SALT AS HEX: 5B4033362044697274792C6D656E21235D

For password= 1234567 -> password+SALT= 1234567[@36 Dirty,men!#]
SHA256= 50192dbc1081f1c143c2c856358981e17682e9864a2497b268e148288c8a7047

For password= 1111111 -> password+SALT= 1111111[@36 Dirty,men!#]
SHA256= eb628e51afdf3ff3d1113a3de49c83116ff83a4052e7c12b355f3eb4e56eed96


1) Put in hash file ONLY the 1st hash:
-----------------------------------
1234567:50192dbc1081f1c143c2c856358981e17682e9864a2497b268e148288c8a7047:5B40333​62044697274792C6D656E21235D

Check if oclhashcat finds the password: oclhashcat64.exe -m 1410 hash.txt --username --hex-salt --increment --increment-min=7 -1 1234567 -a 3 ?1?1?1?1?1?1?1
Result: password "1234567" found!


2) Delete from hash file the previous hash and put in the 2nd hash:
-----------------------------------------------------------
1111111:eb628e51afdf3ff3d1113a3de49c83116ff83a4052e7c12b355f3eb4e56eed96:5B40333​62044697274792C6D656E21235D

Check if oclhashcat finds the password: oclhashcat64.exe -m 1410 hash.txt --username --hex-salt --increment --increment-min=7 -1 1234567 -a 3 ?1?1?1?1?1?1?1
Result: password "1111111" found!


3) Now put BOTH hashes in the hash file:
------------------------------------- 1234567:50192dbc1081f1c143c2c856358981e17682e9864a2497b268e148288c8a7047:5B40333​62044697274792C6D656E21235D 1111111:eb628e51afdf3ff3d1113a3de49c83116ff83a4052e7c12b355f3eb4e56eed96:5B40333​62044697274792C6D656E21235D

Check if oclhashcat finds both passwords: oclhashcat64.exe -m 1410 hash.txt --username --hex-salt --increment --increment-min=7 -1 1234567 -a 3 ?1?1?1?1?1?1?1

Result: SUCCCESS, BOTH PASSWORDS FOUND AS EXPECTED

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++​++++++++++++++++++



Example 2 (FAILURE):
~~~~~~~~~~~~~~~~~
SALT : [@36 Dirty, Ugly and Filthy old men!#]
SALT AS HEX: 5B4033362044697274792C2055676C7920616E642046696C746879206F6C64206D656E21235D

For password= 1234567 -> password+SALT= 1234567[@36 Dirty, Ugly and Filthy old men!#]
SHA256= 756d043c22902e67d2696f5bd689a9328828cda937f3fc7a6bdd568c7ea272e4

For password= 1111111 -> password+SALT= 1111111[@36 Dirty, Ugly and Filthy old men!#]
SHA256= 043023a9f4d3eaf068c4945bc2918670e6b480946113958c89cd62e678b27ffc


1) Put in hash file ONLY the 1st hash:
-----------------------------------
1234567:756d043c22902e67d2696f5bd689a9328828cda937f3fc7a6bdd568c7ea272e4:5B40333​62044697274792C2055676C7920616E642046696C746879206F6C64206D656E21235D

Check if oclhashcat finds the password: oclhashcat64.exe -m 1410 hash.txt --username --hex-salt --increment --increment-min=7 -1 1234567 -a 3 ?1?1?1?1?1?1?1
Result: password "1234567" found!


2) Delete from hash file the previous and put in the 2nd hash:
-----------------------------------------------------------
1111111:043023a9f4d3eaf068c4945bc2918670e6b480946113958c89cd62e678b27ffc:5B40333​62044697274792C2055676C7920616E642046696C746879206F6C64206D656E21235D

Check if oclhashcat finds the password: oclhashcat64.exe -m 1410 hash.txt --username --hex-salt --increment --increment-min=7 -1 1234567 -a 3 ?1?1?1?1?1?1?1
Result: password "1111111" found!


3) Now put BOTH hashes in the hash file:
-------------------------------------
1234567:756d043c22902e67d2696f5bd689a9328828cda937f3fc7a6bdd568c7ea272e4:5B40333​62044697274792C2055676C7920616E642046696C746879206F6C64206D656E21235D 1111111:043023a9f4d3eaf068c4945bc2918670e6b480946113958c89cd62e678b27ffc:5B40333​62044697274792C2055676C7920616E642046696C746879206F6C64206D656E21235D

Check if oclhashcat finds both passwords: oclhashcat64.exe -m 1410 hash.txt --username --hex-salt --increment --increment-min=7 -1 1234567 -a 3 ?1?1?1?1?1?1?1

Result: ** FAILURE !! ** None of the 2 found!!



4) Let's try a mix. Put in hash file one of the 2 hashes from example #1 (which has a smaller salt) and a hash from example #2 (larger salt):
---------------------------------------------------------------
1234567:50192dbc1081f1c143c2c856358981e17682e9864a2497b268e148288c8a7047:5B40333​62044697274792C6D656E21235D
1111111:043023a9f4d3eaf068c4945bc2918670e6b480946113958c89cd62e678b27ffc:5B40333​62044697274792C2055676C7920616E642046696C746879206F6C64206D656E21235D

Check if oclhashcat finds both passwords: oclhashcat64.exe -m 1410 hash.txt --username --hex-salt --increment --increment-min=7 -1 1234567 -a 3 ?1?1?1?1?1?1?1

Result: ** Semi-FAILURE !! ** Only the one with the smaller salt is found!


I hope you understand what I mean...



PS: while editing the above I realized that whenever I mention the big salt
"5B40333362044697274792C2055676C7920616E642046696C746879206F6C64206D656E21235D" it ends up somehow visually split, ie:

"5B40333​
62044697274792C2055676C7920616E642046696C746879206F6C64206D656E21235D"

and there is no way to make it appear as a whole entity. No clue there....

How can we have a comma? (",")

February 13, 2014, 11:13 am

≫ Next: symbol lookup error when i use cudaHashcat32

≪ Previous: SHA256 bug when salt is really big?

$

0

0

I am experiencing a problem regarding the comma character (",") when I am trying to define it as part of the password. Please look at the examples:


Static word (space between 2 words): Pretty Secret
oclhashcat64.exe -m 1400 SHA256.txt --username -1 1234567 -a 3 "?1?a?a?a?aPretty Secret"

Works fine!


Static word (space and "?" between 2 words): Pretty ? Secret
oclhashcat64.exe -m 1400 SHA256.txt --username -1 1234567 -a 3 "?1?a?a?a?aPretty ? Secret"
ERROR: syntax error

Adding a 2nd "?" does the trick: oclhashcat64.exe -m 1400 SHA256.txt --username -1 1234567 -a 3 "?1?a?a?a?aPretty ?? Secret"
success!


Static word (space and "," between 2 words): Pretty, Secret
oclhashcat64.exe -m 1400 SHA256.txt --username -1 1234567 -a 3 "?1?a?a?a?aPretty, Secret"
ERROR: syntax error

Adding a 2nd "," does not work. Adding a "\" before the "," does not work either.

So, how can we have a comma (",") for this kind of configuration?

symbol lookup error when i use cudaHashcat32

February 13, 2014, 2:35 pm

≫ Next: r7 260x Bonaire - driver problem w/ 1.01

≪ Previous: How can we have a comma? (",")

$

0

0

Hey everyone, i got a weird problem that i got this error when i use cudaHashcat32.

./cudaHashcat32.bin: symbol lookup error: ./cudaHashcat32.bin: undefined symbol: nvmlInit_v2.

i see someone ask it here now, i did upgrade my nvidia to 331, and i use bumblebee because i got nvidia and intel together.

anyone know how to solve it? its will be great!

Thanks, Or

r7 260x Bonaire - driver problem w/ 1.01

February 14, 2014, 9:38 am

≫ Next: Any way to apply certain rules/criteria on created passwords?

≪ Previous: symbol lookup error when i use cudaHashcat32

$

0

0

Hi, have problem with catalyst 13.12 ATI r7 260 x
nearly after start program stopped...
with Elcomsoft Wireless Security Auditor 5.2.272 - have similar situation (but get error "not init OCL" )
with Elcomsoft Wireless Security Auditor 5.09.313 - worked
could you help me, please ?
What happens ? install catalyst 13.9 or 13.4 not possible on this card,
OS win7 x64

E:\Disk D\Pictures\! Документы и заметки\itcs.com.ua\я записная книжка\Снятие па
роля с Wi - Fi\3.1 oclHashcat-1.01\oclHashcat-1.01>oclHashcat32.exe --hash-type
2500 C:\Users\Raketa\Desktop\new\new2.hccap C:\Users\Raketa\Desktop\new\wordlist
.txt
oclHashcat v1.01 starting...

Hashes: 1 total, 1 unique salts, 1 unique digests
Bitmaps: 8 bits, 256 entries, 0x000000ff mask, 1024 bytes
Rules: 1
Applicable Optimizers:
* Zero-Byte
* Single-Hash
* Single-Salt
Watchdog: Temperature abort trigger disabled
Watchdog: Temperature retain trigger disabled
Device #1: Bonaire, 2048MB, 1100Mhz, 14MCU
Device #1: Kernel ./kernels/4098/m2500.Bonaire_1348.5_1348.5 (VM).kernel (309660
bytes)
Device #1: Kernel ./kernels/4098/bzero.Bonaire_1348.5_1348.5 (VM).kernel (30484
bytes)

Cache-hit dictionary stats C:\Users\Raketa\Desktop\new\wordlist.txt: 2044058553
bytes, 185866729 words, 185866729 keyspace

[s]tatus [p]ause [r]esume [b]ypass [q]uit =>
Session.Name...: oclHashcat
Status.........: Running
Input.Mode.....: File (C:\Users\Raketa\Desktop\new\wordlist.txt)
Hash.Target....: vv (6c:719:98:4d:3d <-> b0:48:7a8:87:52)
Hash.Type......: WPA/WPA2
Time.Started...: Fri Feb 14 19:24:38 2014 (5 secs)
Time.Estimated.: Fri Feb 14 20:46:09 2014 (1 hour, 21 mins)
Speed.GPU.#1...: 39827 H/s
Recovered......: 0/1 (0.00%) Digests, 0/1 (0.00%) Salts
Progress.......: 207872/185866729 (0.11%)
Rejected.......: 0/207872 (0.00%)

[s]tatus [p]ause [r]esume [b]ypass [q]uit =>
Next dictionary / mask in queue selected, bypassing current one

Session.Name...: oclHashcat
Status.........: Exhausted
Input.Mode.....: File (C:\Users\Raketa\Desktop\new\wordlist.txt)
Hash.Target....: vv (6c:719:98:4d:3d <-> b0:48:7a8:87:52)
Hash.Type......: WPA/WPA2
Time.Started...: Fri Feb 14 19:24:38 2014 (10 secs)
Time.Estimated.: Fri Feb 14 20:53:08 2014 (1 hour, 28 mins)
Speed.GPU.#1...: 39967 H/s
Recovered......: 0/1 (0.00%) Digests, 0/1 (0.00%) Salts
Progress.......: 351232/185866729 (0.19%)
Rejected.......: 0/351232 (0.00%)

Started: Fri Feb 14 19:24:38 2014
Stopped: Fri Feb 14 19:24:48 2014

---

Any way to apply certain rules/criteria on created passwords?

February 14, 2014, 10:07 am

≫ Next: Can add crypto-1 algorithm ?

≪ Previous: r7 260x Bonaire - driver problem w/ 1.01

$

0

0

(This is both posted in hashcat and oclHashcat as its a common question)


When performing a dictionary attack (any kind) with a set of rules, is there a way to discard the created password (from the dictionary + the rule(s)) before it gets fed to the algo if it doesn't meet certain criteria?

For example, discard criteria:
1) length: minimum length and maximum length
2) reject if more than one letter is UPPERCASE
3) reject if all characters are numbers, etc,,,,


Before I get comments like "make sure the rules you use meet those criteria in the first place" so passwords created meet them, let me give you a real example:

1) we do a simple mask attack for up to 7 characters: ?a?a?a?a?a?a?a
2) we find from the above that users tend to use only one UPPERCASE letter, 1 to 2 numbers and only 1 symbol
3) we now use one or more of our dictionaries with the rules under the \rule directory provided. The passwords that will be created will definitely not meet the above criteria and its more than certain that there will be millions of waisted cpu/gpu cycles.

So, what could we do?

Length: ok, we could have discarded from our dictionaries all words below 7 length, BUT we do want to have smaller words (for example 3 letters) as when the rules are applied (or multiple dictionaries used) we will end up with more than 7 length:
Example: from dictionary1 word is "the", from dictionary2 "pe" and rule adds "2014", so password -> "thepe2014"

So, its not a good idea to drop all words below 7 length.
On the other hand, we might end with words with huge length: "thisisahugewordthatismoreorlessuseless" is worthless when we know that the password is definitely smaller than 12 characters.


Reject if more than one letter is UPPERCASE:

ok, we can manually process all the rules provided in the package (under \rules) but we are talking about serious labor involved (thousands of lines/rules)


I hope with the above it is clear what I am talking about....

Can add crypto-1 algorithm ?

February 15, 2014, 6:11 am

≫ Next: Is this a bug?

≪ Previous: Any way to apply certain rules/criteria on created passwords?

$

0

0

Hello,

Any chance to consider adding the crypto-1 algorithm ? It's the Mifare "security".
Crypto-1 weakness is widely documented and implemented here : http://code.google.com/p/crapto1/

The well known tool mfcuk (http://code.google.com/p/mfcuk/) works on CPU.
It would be faster on GPU !

I create a track ticket (https://hashcat.net/trac/ticket/311).

Regards.

Is this a bug?

February 15, 2014, 12:29 pm

≫ Next: HELP XD - Script

≪ Previous: Can add crypto-1 algorithm ?

$

0

0

I've tried this both in Windows and in Linux and seem to get the same result:

root@kali:~# hashcat -m 2500 -a 1 capfile.hccap dictionary.txt -o crack.txt (replace hashcat with hashcat-cli64.exe for Windows)

Input.Mode: Dict (dictionary.txt)
Index.....: 1/1 (segment), 1679616 (words), 8398080 (bytes)
Recovered.: 0/1 hashes, 0/1 salts
Speed/sec.: 774 plains, - words
Progress..: 0/1679616 (0.00%)
Running...: 00:00:06:28
Estimated.: --:--:--:--

When I do the --stdout command in the command line, I see normal output, namely the 8 characters combined from my 4 character length dictionary, but for whatever reason, I can't seem to get the progress meter to register, so I guess it's not attempting to crack the key.

I'm using the latest version; 0.47

I figure that if I made an error in the options that it would terminate.

Any idea what I might be doing wrong?

HELP XD - Script

February 15, 2014, 7:06 pm

≫ Next: strange behaviour when using dictionary

≪ Previous: Is this a bug?

$

0

0

Pretty much what I am trying to do is
I have 1 file with a bunch of Usernames, I have another file with username:hashs.

Now I want to match these so The usernames from first file matches with username:hashs from the second file, and get a new username:hash file.

Please help :x

strange behaviour when using dictionary

February 15, 2014, 7:52 pm

≫ Next: How many lines of code is oclHashcat?

≪ Previous: HELP XD - Script

$

0

0

Hi folks,
I am trying to use the cuda version of hashcat to hack a WPA/WPA2 cap file (from my own router). So I create a basic dictionary with 100 words amongst which is the password of the router. Then I try something like:
(the cap has been converted to hccap)

cudaHashcat64.exe -m 2500 output.hccap mydictionary.txt

goes through the dictionary and does not find anything.


Then I try

cudaHashcat64.exe -a3 -m 2500 output.hccap mydictionary.txt

and it works!!
But it is much slower and does not utilise all my GPUs. The first version is much faster and utilises all the GPUs.


BTW, aircrack-ng can perform the dictionary crack correctly.

Any ideas?

Thanks