Quantcast
Channel: hashcat Forum - All Forums
Viewing all 7847 articles
Browse latest View live

Identify unknown hash format

November 21, 2021, 1:24 pm
$
0
0
Hi, I stumbled across this hash:

dsd+GIwaqTaFH4XXXXXXXXXXXHh+MTkXXXXXXXkW18o=

I don't know what format it is in and it was not recognized by both hashcat and hashid.
Does anyone know what this could be?
Thanks in advance
Search

Best practices to generate a long and complex password?

November 21, 2021, 4:45 pm
$
0
0
Hello,

I have been playing with hashcat for the past weeks as I’m facing a challenge where I have to recover a password for a Multibit wallet (mode 22500) from an user that was referred to me. The password is likely to be long (from 15 to 20 characters) and to be made up of letters, digits and symbols. Phew!

Fortunately, the letters and digits are not random. For his passwords, the user chooses words and numbers that have meaning to him and he has a rough idea of what he might have used for his wallet. (I say rough idea because he created his wallet in 2013 when he was inebriated!) Letter capitalization follows predictable and common patterns. The special symbols are trickier since they are random; however, it appears as if they are only 5 characters possible.

Thus, I have two files: a list of words and a list of numbers. Now, say I would like to use them to generate a password with the structure below. Word 1 and Word 2 are taken from the same wordlist; same goes for Number 1 and Number 2.
  • 0 to 3 special characters.
  • Word 1.
  • Number 1.
  • 0 to 3 special characters.
  • Word 2.
  • Number 2.
  • 0 to 3 special characters.
For example, the passwords below would fit within the structure above:
  • %*Julie93!/Mark91/
  • ///Julie02*Mark02
  • Julie55//*Mark56
Here’s what I’m doing right now to create such a password structure:
  • I use Combinator to generate all combinations possible for Word 1 and Number 1.
  • I use Maskprocessor to add 0 to 3 special characters for each entry generated by the Combinator.
  • I append Word 2 to each entry generated by the Maskprocessor.
  • At this stage, I have a list of partial passwords (like Julie93!/Mark). I run this list through hashcat (attack mode = 0) and I stack three rules: a rule that prepends 0 to 3 special characters to the password; a rule that appends Number 2 to the password; and a rule that appends 0 to 3 special characters to the password.
While this method works, it feels convoluted and restrictive. Is there a better way to achieve what I want? What are your thoughts?

md5crypt brutforce for pass 13 lenght

November 23, 2021, 6:27 am
$
0
0
Hello

i try to brutforce md5crypt i got

Integer overflow detected in keyspace of mask: ?1?1?1?1?1?1?1?1?1?1?1?1?1

my password have 13 in lenght and have only ?l?d

the password is only in hex

and i use this commande

hashcat.exe -O -m 500 md5.hash -a 3 ?1?1?1?1?1?1?1?1?1?1?1?1?1 --increment -1 ?l?d --increment-min 13 --force -w 4 --opencl-device-types 1,2 -w 4 --force

can help for this

Windows 10 Hash seems to be wrong

November 24, 2021, 12:05 pm
$
0
0
I don't know if it's the right place to ask but,
I've tried diffrent SAM dumpers and i never succeded to crack my windows password (even though it's only numbers)
Here is the command i'm using :
Code:
hashcat.exe -m 1000 -a 3 -w 3 -O --outfile result.txt hashes.txt.sam --increment ?d?d?d?d?d?d?d
I hope someone will be able to help me
Have a good day

what i have to set to break a 32char aes256 key?

November 25, 2021, 12:25 am

Several potfiles - is it possible to omit hashes already cracked in next job?

November 25, 2021, 6:34 am
$
0
0
Hello. I have several potfile files with "recovered" passwords. Is it possible to compare all files when starting new job in order to skip cracking those hashes that are already cracked? I mean:

for example i have a file not_cracked.txt where are stored 300 hashes
I have another files:
cracked1.txt and cracked2.txt where are cracked hashes from other jobs (other not_cracked files) (some are duplicated, available in not_cracked, but not all).

Is it possible for hashcat to look inside crackedX.txt if there are cracked hashes available in not_cracked.txt to speed up cracking process? Or is it possible only in potfile that already results are saved in current job?

Thanks.

encrypted itunes backup help

November 25, 2021, 11:24 am
$
0
0
Hi all, i really need a bit of advice from someone with experience. I'm brand new to the forum and new to Hashcat, i'm only here because i've ended up with a crisis on my hands. My backup of my iphone has somehow ended up encrypted and i have no idea what the password might be, all my photos of my kids growing up, holidays etc are all on that backup so i'm desperate to retrieve it.
The password might be a mix of upper and lower case letters, numbers, misspelt words and of any length and i really would appreciate advice on the best way to crack it.
I've already created the .txt file to crack from the manifest.plist and hashcat is up and running, its just knowing how to attack it.
All advice would be very much appreciated. Lee

md5 with two different salts

November 27, 2021, 1:45 am
$
0
0
How to perform
Quote:md5($salt1.$pass.$salt2)

on hashcat?

Now I use JTR with dynamic to do this, but it can only use CPU and really slow.
Search

5268ac routers

November 27, 2021, 11:49 am
$
0
0
I figured I'd start a new thread specific for the PACE/ARRIS 5268AC routers. After collecting over 500 passwords, and learning C++ to create an algorithm to determine the multiplier (which works great for NVG589, 599 and 210) it failed to recover a multiplier no matter what encoding I used to create a set of keys from the passwords.
So decided to play around with the physical hardware. Following guides on nomotion and spun.io I gained access to the router and the firmware. Many months of piddling away, has now allowed me root access to the kernel, but like the dog who caught the bus... what do I do with that now that I caught it? 
[Image: H8tK6gj.jpg]

There must be somebody here who has experience looking at a linux 2 kernel and investigate its capabilities. So consider this a cry for help or assistance. Please join in if you have any interest in digging deeper into this router and discover its mysteries!

Hcxtools Freezes Mid Operation

November 27, 2021, 12:45 pm
$
0
0
For some reason when I run hcxdump it takes several minutes to start and will pick up 3 or 4 out of probably 20 nearby networks which Wifite can find as can any Aircrack-ng commands. I'm even using four of the Alfa 9dbi antennas on my Alfa AC1900. Not only that but it takes almost fifteen minutes in between networks as opposed to seconds or a few minutes between each. If I manually kill "Networkadapter.services" it will not even run saying "Network Is Down". If I use airmon-ng check kill or manually kill the wpa_supplicant it makes no difference in results. Aircrack-ng applications, Besside, and Wifite all detect networks with no issue. Here's what my terminal looks like and after a half hour no new networks have popped up. I'm running The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali) in a Virtual Box.


Code:
┌──(roc㉿Rocuronium)-[~]
└─$ sudo airmon-ng check kill
[sudo] password for roc:

Killing these processes:

    PID Name
  1245 wpa_supplicant

                                                                                                                                                                                       
┌──(roc㉿Rocuronium)-[~]
└─$ sudo hcxdumptool -i wlan0 -o GalleriaMall.pcapng --enable_status=1
initialization of hcxdumptool 6.2.4-62-gafc9e51...

start capturing (stop with ctrl+c)
NMEA 0183 SENTENCE........: N/A
INTERFACE NAME............: wlan0
INTERFACE PROTOCOL........: unassociated
INTERFACE TX POWER........: 0 dBm (lowest value reported by the device)
INTERFACE HARDWARE MAC....: 00c0caaedd33 (not used for the attack)
INTERFACE VIRTUAL MAC.....: 00c0caaedd33 (not used for the attack)
DRIVER....................: rtl8814au
DRIVER VERSION............: 5.14.0-kali4-amd64
DRIVER FIRMWARE VERSION...:
openSSL version...........: 1.1
ERRORMAX..................: 100 errors
BPF code blocks...........: 0
FILTERLIST ACCESS POINT...: 0 entries
FILTERLIST CLIENT.........: 0 entries
FILTERMODE................: unused
WEAK CANDIDATE............: 12345678
ESSID list................: 0 entries
ACCESS POINT (ROGUE)......: 000dc2377263 (BROADCAST HIDDEN used for the attack)
ACCESS POINT (ROGUE)......: 000dc2377264 (BROADCAST OPEN used for the attack)
ACCESS POINT (ROGUE)......: 000dc2377265 (used for the attack and incremented on every new client)
CLIENT (ROGUE)............: c022507c6834
EAPOLTIMEOUT..............: 20000 usec
EAPOLEAPTIMEOUT...........: 2500000 usec
REPLAYCOUNT...............: 62528
ANONCE....................: 3a4e60aa2d7d064b41aa98bf4eccf0633be0e78ecff43c3ef4cb0229588971f4
SNONCE....................: bf353673c46030e8b44e989a4cb8faaa329b8b158b55c07de98e0b517549ecac

13:23:59 2447/8  c022507c6834 bc99115d4233 N60 wifi [PMKIDROGUE:6a91c174352638c5a5385746b527db61 KDV:2]
13:24:19 2452/9  8cc6816c337e 980d678e2bea n60B [PMKID:69ed33987e137136f7700a8949ab859c KDV:2]
13:24:19 2452/9  8cc6816c337e 980d678e2bea n60B [EAPOL:M1M2 EAPOLTIME:4617 RC:0 KDV:2]
13:24:19 2452/9  8cc6816c337e 980d678e2bea n60B [EAPOL:M2M3 EAPOLTIME:48 RC:1 KDV:2]
13:24:19 2452/9  8cc6816c337e 980d678e2bea n60B [EAPOL:M3M4ZEROED EAPOLTIME:19 RC:1 KDV:2]
13:40:45 5222/44  7c5079402987 44a56edf0f02 Hillarys_Email_Server_5G [EAPOL:M1M2 EAPOLTIME:4 RC:1 KDV:2]
13:40:45 5222/44  7c5079402987 44a56edf0f02 Hillarys_Email_Server_5G [EAPOL:M2M3 EAPOLTIME:4406 RC:2 KDV:2]
13:40:45 5222/44  7c5079402987 44a56edf0f02 Hillarys_Email_Server_5G [EAPOL:M3M4ZEROED EAPOLTIME:27 RC:2 KDV:2]
13:40:52 5224/44  7c5079402987 44a56edf0f02 Hillarys_Email_Server_5G [EAPOL:M1M2 EAPOLTIME:31 RC:1 KDV:2]
13:40:52 5224/44  7c5079402987 44a56edf0f02 Hillarys_Email_Server_5G [EAPOL:M2M3 EAPOLTIME:68 RC:2 KDV:2]
13:40:52 5224/44  7c5079402987 44a56edf0f02 Hillarys_Email_Server_5G [EAPOL:M3M4ZEROED EAPOLTIME:43 RC:2 KDV:2]

decrypt with dictionary

November 28, 2021, 4:15 am
$
0
0
I am launching the following command with the keys correctly:

hashcat -o -m 22000 --force pass.22000 ~/auditorias/rockyou.txt

but it throws me the following error:

No hash-mode matches the structure of the input hash.


is there something i am missing ???

HashcatGUI v.1.3.1

November 30, 2021, 3:18 am
$
0
0
Hi, 

So I have been trying to download BlandyUK's Hashcatgui v.1.1.3 on his link:
https://share.blandyuk.co.uk/apps/HashcatGUI_v1.3.1.zip

As you might have noticed the link is down and I have been trying again for the past three days Sad


Does anyone have a copy ? I have also checked on HASHKILLER and there is only previous versions available. 

Thanks Big Grin

function write in C

November 30, 2021, 3:32 am
$
0
0

  1. Can someone tell me how to write the following function(in inc_common.cl)
  1. DECLSPEC u32 hc_byte_perm_S (const u32 a, const u32 b, const int c)
  1. with C language
  1. DECLSPEC u32 hc_byte_perm_S (const u32 a, const u32 b, const int c)
  1. {
  1.     u32 r = 0;
  1.     asm volatile ("V_PERM_B32 %0, %1, %2, %3;" : "=v"(r) : "v"(b), "v"(a), "v"(c));
  1.     return r;
  1. }
  1. DECLSPEC u32 hc_byte_perm_S (const u32 a, const u32 b, const int c)
  1. {
  1.     u32 r = 0;
  1.     asm volatile ("prmt.b32 %0, %1, %2, %3;" : "=r"(r) : "r"(a), "r"(b), "r"(c));
  1.     return r;
  1. }
  1. I not familiar with GPU asm

zelcore wallet

November 30, 2021, 9:04 am
$
0
0
Hello

Does anyone know what settings to use to force a zelcore wallet? This would be an AES-256-CTR algorithm (not sure) I have already built my password list based on what I remember ..

Thanks a lot in advance

(Mode120)Token length exception No hashes loaded.

November 30, 2021, 12:46 pm
$
0
0
I'm trying to use mode 120 (sha1($salt.$pass)) to crack a password with hash and salt available:
Password hash: SHA-1 98584b7a2e26e636636e80c0a61249c5f15dadc6
Password salt: 50617373776f7264436865636b4861736830f64e5df716f143 (hex bytes, prepended to password)

Hence the content of `hashes.txt` is `50617373776f7264436865636b4861736830f64e5df716f143:98584b7a2e26e636636e80c0a61249c5f15dadc6`.
Note that the salt and the hash are both not larger than 64 bytes. 
I ran ` .\hashcat.exe -m 120 .\hashes.txt` and get this error:
Code:
Minimum password length supported by kernel: 0
Maximum password length supported by kernel: 256
Minimim salt length supported by kernel: 0
Maximum salt length supported by kernel: 256

Hashfile '.\hashes.txt' on line 1 (506173...2e26e636636e80c0a61249c5f15dadc6): Token length exception
No hashes loaded.


Any ideas on why this is happening?
Search

OpenCL kernel self-test failed.

November 30, 2021, 2:43 pm
$
0
0
Hi there, I'm attempting to brute-force a Office 2013 hash (mode 9600) with an RX Vega 64. Tried on both 6.2.4 and the latest beta available from https://hashcat.net/beta/. My graphics driver is on the latest update (21.11.1) according to the Radeon software. I looked around and found the solution to use the beta however this doesn't work for my device. I've read this is likely an AMD issue but is there a version that would work with my setup?

sha512 salt length limit

November 30, 2021, 4:31 pm
$
0
0
So, I have a question. I have come across a sha512 hash and salt and the hash reads in fine in hashcat but this developer has a salt that is 1000+ bytes long. Hashcat comes back with an error "token length exception" which I think is related to the stupid long salt length. Is hashcat limited in the length of the salt or is there some other issue that I may be overlooking?

Encrypted Apple Core Storage Volume - I'm stuck

December 1, 2021, 10:15 am
$
0
0
Hey Folks,

So. I've got an image of an old drive from my old Mac which has some files on it I would like to get back, the machine is around 11 or so years old now.

I tried to recover it using TestDisk and PhotoRec but the file partition itself is encrypted.

Has anyone had to deal with this before? Or does anyone recommend a good place to start?

[Image: 20211129-initial-screen.png]

Thanks

Is there has error with these functions

December 1, 2021, 11:19 pm
$
0
0
Is there have error in selector or left/right rotate with these two functions (in inc_common.cl)


DECLSPEC void undo_utf16be_S (const u32 *in1, const u32 *in2, u32 *out)
{
  #if defined IS_NV

  out[0] = hc_byte_perm_S (in1[0], in1[1], 0x4602);
  out[1] = hc_byte_perm_S (in1[2], in1[3], 0x4602);
  out[2] = hc_byte_perm_S (in2[0], in2[1], 0x4602);
  out[3] = hc_byte_perm_S (in2[2], in2[3], 0x4602);

  #elif (defined IS_AMD || defined IS_HIP) && HAS_VPERM == 1

  out[0] = hc_byte_perm_S (in1[0], in1[1], 0x04060002);
  out[1] = hc_byte_perm_S (in1[2], in1[3], 0x04060002);
  out[2] = hc_byte_perm_S (in2[0], in2[1], 0x04060002);
  out[3] = hc_byte_perm_S (in2[2], in2[3], 0x04060002);

  #else

  out[0] = ((in1[0] & 0x0000ff00) >>  8) | ((in1[0] & 0xff000000) >> 16)
        | ((in1[1] & 0x0000ff00) <<  8) | ((in1[1] & 0xff000000) <<  0);
  out[1] = ((in1[2] & 0x0000ff00) >>  8) | ((in1[2] & 0xff000000) >> 16)
        | ((in1[3] & 0x0000ff00) <<  8) | ((in1[3] & 0xff000000) <<  0);
  out[2] = ((in2[0] & 0x0000ff00) >>  8) | ((in2[0] & 0xff000000) >> 16)
        | ((in2[1] & 0x0000ff00) <<  8) | ((in2[1] & 0xff000000) <<  0);
  out[3] = ((in2[2] & 0x0000ff00) >>  8) | ((in2[2] & 0xff000000) >> 16)
        | ((in2[3] & 0x0000ff00) <<  8) | ((in2[3] & 0xff000000) <<  0);

  #endif
}


and


DECLSPEC void undo_utf16le_S (const u32 *in1, const u32 *in2, u32 *out)
{
  #if defined IS_NV

  out[0] = hc_byte_perm_S (in1[0], in1[1], 0x6420);
  out[1] = hc_byte_perm_S (in1[2], in1[3], 0x6420);
  out[2] = hc_byte_perm_S (in2[0], in2[1], 0x6420);
  out[3] = hc_byte_perm_S (in2[2], in2[3], 0x6420);

  #elif (defined IS_AMD || defined IS_HIP) && HAS_VPERM == 1

  out[0] = hc_byte_perm_S (in1[0], in1[1], 0x06040200);
  out[1] = hc_byte_perm_S (in1[2], in1[3], 0x06040200);
  out[2] = hc_byte_perm_S (in2[0], in2[1], 0x06040200);
  out[3] = hc_byte_perm_S (in2[2], in2[3], 0x06040200);

  #else

  out[0] = ((in1[0] & 0x000000ff) >>  0) | ((in1[0] & 0x00ff0000) >>  8)
        | ((in1[1] & 0x000000ff) << 16) | ((in1[1] & 0x00ff0000) <<  8);
  out[1] = ((in1[2] & 0x000000ff) >>  0) | ((in1[2] & 0x00ff0000) >>  8)
        | ((in1[3] & 0x000000ff) << 16) | ((in1[3] & 0x00ff0000) <<  8);
  out[2] = ((in2[0] & 0x000000ff) >>  0) | ((in2[0] & 0x00ff0000) >>  8)
        | ((in2[1] & 0x000000ff) << 16) | ((in2[1] & 0x00ff0000) <<  8);
  out[3] = ((in2[2] & 0x000000ff) >>  0) | ((in2[2] & 0x00ff0000) >>  8)
        | ((in2[3] & 0x000000ff) << 16) | ((in2[3] & 0x00ff0000) <<  8);

  #endif
}


when I use following to test the left/right rotate operation

u32 in1[4], in2[4], out[4];

in1[0] = 0x03020100;
in1[1] = 0x13121110;
in1[2] = 0x23222120;
in1[3] = 0x33323130;

in2[0] = 0x07060504;
in2[1] = 0x17161514;
in2[2] = 0x27262524;
in2[3] = 0x37363534;



undo_utf16be_S(in1, in2, out);

undo_utf16le_S(in1, in2, out);


the utf16be_S output is:

out[0] = 0x13110301
out[1] = 0x33312321
out[2] = 0x17150705
out[2] = 0x37352725

and the utf16le_S output is:

out[0] = 0x12100200
out[1] = 0x32302220
out[2] = 0x16140604
out[2] = 0x36342624

as the selector for utf16be_S is 0x4602, and the selector for utf16le_S is 0x6420,  the left/right rotate operation
result is not compatible with the selector operation result. 

mask attack on windows 10

December 2, 2021, 2:12 am
$
0
0
Hallo,

i've a test pdf with hash code: $pdf$2*3*128*-1036*1*16*f59a08b183f9f...
I know the test password: wlkdi1

It's no surprise that "./hashcat.exe -m 10500 hash2 -a 3 -1abcdefghijklmnopqrstuvwxyz01 wlkd?11" cracks the password.
But why runs "./hashcat.exe -m 10500 hash2 -a 3 -1abcdefghijklmnopqrstuvwxyz012 wlkd?11" in Status "exhausted" ?

Thank you

.png   pic1.PNG (Size: 40.19 KB / Downloads: 0)

.png   pic2.PNG (Size: 40.24 KB / Downloads: 0)
Viewing all 7847 articles
Browse latest View live
Search