Quantcast
Channel: hashcat Forum - All Forums
Viewing all 7847 articles
Browse latest View live

Dictionary followed by brute force

December 2, 2021, 5:34 am
$
0
0
Hi all,
I have run a dictionary attack against a target hash with no luck, I now need to proceed using brute force in an attempt to continue. However I don’t want to waste time trying hashes I have already tried. 
So my question is, how do I skip hashes I have already attempted in my dictionary during my brute force attack?
Search

Crack WPA2 (.hc22000 file) with list not completing

December 2, 2021, 7:27 am
$
0
0
I have a WPA2 hash file .hc22000 (so mode 22000) but when I try to find the password located in a small list of 5 words it just keeps running but doesn't complete it. I let the command run for an hour before closing it, it kept loading on "Initializing backend runtime for device #1. Please be patient...". I'm using the command:
"hashcat -a 0 -m 22000 hashfile.hc22000 wordlist.txt". Does someone have experience with these .hc22000 files or maybe something wrong with my command?

The hash looks like following:
"WPA*02*<bunch of letters and numbers with a * from time to time>*02"

Text file looks like following:
"
RandomWord
anotherRandomWord
password
notMyPassword
another
"

The command is running when I'm in the folder of hashcat (hashcat-6.2.5) and the files used are located in this folder as well. I get no error codes except  "nvmlDeviceGetFanSpeed(): Not Supported" but this shouldn't be an issue from what I've read.

I'm using a i7-9750h and RTX2060 so you would expect that it wouldn't take that long to get a hash from a 5 word long list (let alone a huge list like rockyou).

P.S. I'm new to hashcat so it's possible I'm missing some obvious steps.

Large dictionary

December 3, 2021, 2:41 pm
$
0
0
Let's say I have a word list of 10 gb when I have 8 gb ram. Does hashcat split a word list automatically, or you have to do it manually?

Hashcat dropper with AMD CPU's and Nvidia GPU

December 4, 2021, 12:44 pm
$
0
0
Help -

Code:
User@Lomarine ~/hashcat
$ ./hashcat -b
hashcat (v6.2.5-18-gd89409ae3+) starting in benchmark mode

Benchmarking uses hand-optimized kernel code by default.
You can use it in your cracking session by setting the -O option.
Note: Using optimized kernel code limits the maximum supported password length.
To disable the optimized kernel code in benchmark mode, use the -w option.

Successfully initialized NVIDIA CUDA library.

Failed to initialize NVIDIA RTC library.

* Device #1: CUDA SDK Toolkit not installed or incorrectly installed.
            CUDA SDK Toolkit required for proper device support and utilization.
            Falling back to OpenCL runtime.

OpenCL API (OpenCL 3.0 CUDA 11.5.121) - Platform #1 [NVIDIA Corporation]
========================================================================
* Device #1: NVIDIA GeForce RTX 3060, 11520/12287 MB (3071 MB allocatable), 28MCU

OpenCL API (OpenCL 2.1 WINDOWS) - Platform #2 [Intel(R) Corporation]
====================================================================
* Device #2: AMD Ryzen 5 2600 Six-Core Processor, skipped

Benchmark relevant options:
===========================
* --optimized-kernel-enable

-------------------
* Hash-Mode 0 (MD5)
-------------------

I have installed all the necessary drivers, but it still does not work, what should I do?



CPU - AMD Ryzen 5 2600 Six-Core Processor              3.40 GHz


GPU - RTX 3060

6 digit password recovery for mega folder

December 4, 2021, 1:30 pm
$
0
0
Hello!

I want to recover an old password for a Mega.nz shared Folder with a 6 digits password key containing only numbers.
I remember the 2 first digits of the password but not the rest 4 digits that come after.
So in summery, I only need to recover 4 unknown numbers in a 6 digits password.

Is that something possible to recover with hashcat? If yes, how would I need to do it?
I'm new to this but I don't mind researching the topic or reaching for help to overcome this issue.

Also, does anyone knows if it possible for Mega.nz to blocked my IP address or computer for excessive wrong attempts?

I hope you will find the time to help me or steer me to the right direction with this matter,
best regards, boii420.

Questions about opencl

December 5, 2021, 2:28 am
$
0
0
Hello,

and sorry for bad english, I have a few questions:
installed hashcat according to this manual

1. I can't use my first and third device at the same time??(which hashcat discovered)
    i have to choose one of them?
    if yes, why can't i use my third device?
3. My integrated video adapter( Intel Corporation UHD Graphics (rev 05) ) cannot be used for brute-force?
    With nvidia + cpu?
3. Is it possible to safely improve the brute-force speed?

Information about my system:

nvidia-smi
Code:
Sun Dec  5 11:46:24 2021     
+-----------------------------------------------------------------------------+
| NVIDIA-SMI 495.44      Driver Version: 495.44      CUDA Version: 11.5    |
|-------------------------------+----------------------+----------------------+
| GPU  Name        Persistence-M| Bus-Id        Disp.A | Volatile Uncorr. ECC |
| Fan  Temp  Perf  Pwr:Usage/Cap|        Memory-Usage | GPU-Util  Compute M. |
|                              |                      |              MIG M. |
|===============================+======================+======================|
|  0  NVIDIA GeForce ...  Off  | 00000000:01:00.0 Off |                  N/A |
| N/A  41C    P8    1W /  N/A |    396MiB /  3911MiB |      5%      Default |
|                              |                      |                  N/A |
+-------------------------------+----------------------+----------------------+
                                                                             
+-----------------------------------------------------------------------------+
| Processes:                                                                  |
|  GPU  GI  CI        PID  Type  Process name                  GPU Memory |
|        ID  ID                                                  Usage      |
|=============================================================================|
|    0  N/A  N/A      1030      G  /usr/lib/xorg/Xorg                45MiB |
|    0  N/A  N/A      1656      G  /usr/lib/xorg/Xorg                156MiB |
|    0  N/A  N/A      1830      G  /usr/bin/gnome-shell              41MiB |
|    0  N/A  N/A      2119      G  /usr/lib/firefox/firefox          137MiB |
|    0  N/A  N/A      2255      G  /usr/lib/firefox/firefox            1MiB |
|    0  N/A  N/A      2483      G  /usr/lib/firefox/firefox            1MiB |
|    0  N/A  N/A      3874      G  /usr/lib/firefox/firefox            1MiB |
+-----------------------------------------------------------------------------+



clinfo
Code:
Number of platforms                              3
  Platform Name                                  Portable Computing Language
  Platform Vendor                                The pocl project
  Platform Version                                OpenCL 1.2 pocl 1.4, None+Asserts, LLVM 9.0.1, RELOC, SLEEF, DISTRO, POCL_DEBUG
  Platform Profile                                FULL_PROFILE
  Platform Extensions                            cl_khr_icd
  Platform Extensions function suffix            POCL

  Platform Name                                  NVIDIA CUDA
  Platform Vendor                                NVIDIA Corporation
  Platform Version                                OpenCL 3.0 CUDA 11.5.100
  Platform Profile                                FULL_PROFILE
  Platform Extensions                            cl_khr_global_int32_base_atomics cl_khr_global_int32_extended_atomics cl_khr_local_int32_base_atomics cl_khr_local_int32_extended_atomics cl_khr_fp64 cl_khr_3d_image_writes cl_khr_byte_addressable_store cl_khr_icd cl_khr_gl_sharing cl_nv_compiler_options cl_nv_device_attribute_query cl_nv_pragma_unroll cl_nv_copy_opts cl_nv_create_buffer cl_khr_int64_base_atomics cl_khr_int64_extended_atomics cl_khr_device_uuid cl_khr_pci_bus_info
  Platform Host timer resolution                  0ns
  Platform Extensions function suffix            NV

  Platform Name                                  Intel(R) CPU Runtime for OpenCL(TM) Applications
  Platform Vendor                                Intel(R) Corporation
  Platform Version                                OpenCL 2.1 LINUX
  Platform Profile                                FULL_PROFILE
  Platform Extensions                            cl_khr_icd cl_khr_global_int32_base_atomics cl_khr_global_int32_extended_atomics cl_khr_local_int32_base_atomics cl_khr_local_int32_extended_atomics cl_khr_byte_addressable_store cl_khr_depth_images cl_khr_3d_image_writes cl_intel_exec_by_local_thread cl_khr_spir cl_khr_fp64 cl_khr_image2d_from_buffer cl_intel_vec_len_hint
  Platform Host timer resolution                  1ns
  Platform Extensions function suffix            INTEL

  Platform Name                                  Portable Computing Language
Number of devices                                1
  Device Name                                    pthread-Intel(R) Core(TM) i5-10300H CPU @ 2.50GHz
  Device Vendor                                  GenuineIntel
  Device Vendor ID                                0x6c636f70
  Device Version                                  OpenCL 1.2 pocl HSTR: pthread-x86_64-pc-linux-gnu-skylake
  Driver Version                                  1.4
  Device OpenCL C Version                        OpenCL C 1.2 pocl
  Device Type                                    CPU
  Device Profile                                  FULL_PROFILE
  Device Available                                Yes
  Compiler Available                              Yes
  Linker Available                                Yes
  Max compute units                              8
  Max clock frequency                            4500MHz
  Device Partition                                (core)
    Max number of sub-devices                    8
    Supported partition types                    equally, by counts
    Supported affinity domains                    (n/a)
  Max work item dimensions                        3
  Max work item sizes                            4096x4096x4096
  Max work group size                            4096
  Preferred work group size multiple              8
  Preferred / native vector sizes             
    char                                                16 / 16   
    short                                              16 / 16   
    int                                                  8 / 8   
    long                                                4 / 4   
    half                                                0 / 0        (n/a)
    float                                                8 / 8   
    double                                              4 / 4        (cl_khr_fp64)
  Half-precision Floating-point support          (n/a)
  Single-precision Floating-point support        (core)
    Denormals                                    Yes
    Infinity and NANs                            Yes
    Round to nearest                              Yes
    Round to zero                                Yes
    Round to infinity                            Yes
    IEEE754-2008 fused multiply-add              Yes
    Support is emulated in software              No
    Correctly-rounded divide and sqrt operations  Yes
  Double-precision Floating-point support        (cl_khr_fp64)
    Denormals                                    Yes
    Infinity and NANs                            Yes
    Round to nearest                              Yes
    Round to zero                                Yes
    Round to infinity                            Yes
    IEEE754-2008 fused multiply-add              Yes
    Support is emulated in software              No
  Address bits                                    64, Little-Endian
  Global memory size                              31344009216 (29.19GiB)
  Error Correction support                        No
  Max memory allocation                          8589934592 (8GiB)
  Unified memory for Host and Device              Yes
  Minimum alignment for any data type            128 bytes
  Alignment of base address                      1024 bits (128 bytes)
  Global Memory cache type                        Read/Write
  Global Memory cache size                        8388608 (8MiB)
  Global Memory cache line size                  64 bytes
  Image support                                  Yes
    Max number of samplers per kernel            16
    Max size for 1D images from buffer            536870912 pixels
    Max 1D or 2D image array size                2048 images
    Max 2D image size                            16384x16384 pixels
    Max 3D image size                            2048x2048x2048 pixels
    Max number of read image args                128
    Max number of write image args                128
  Local memory type                              Global
  Local memory size                              4194304 (4MiB)
  Max number of constant args                    8
  Max constant buffer size                        4194304 (4MiB)
  Max size of kernel argument                    1024
  Queue properties                             
    Out-of-order execution                        Yes
    Profiling                                    Yes
  Prefer user sync for interop                    Yes
  Profiling timer resolution                      1ns
  Execution capabilities                       
    Run OpenCL kernels                            Yes
    Run native kernels                            Yes
  printf() buffer size                            16777216 (16MiB)
  Built-in kernels                                (n/a)
  Device Extensions                              cl_khr_byte_addressable_store cl_khr_global_int32_base_atomics cl_khr_global_int32_extended_atomics cl_khr_local_int32_base_atomics cl_khr_local_int32_extended_atomics cl_khr_3d_image_writes cl_khr_fp64 cl_khr_int64_base_atomics cl_khr_int64_extended_atomics cl_khr_fp64

  Platform Name                                  NVIDIA CUDA
Number of devices                                1
  Device Name                                    NVIDIA GeForce GTX 1650
  Device Vendor                                  NVIDIA Corporation
  Device Vendor ID                                0x10de
  Device Version                                  OpenCL 3.0 CUDA
  Driver Version                                  495.44
  Device OpenCL C Version                        OpenCL C 1.2
  Device Type                                    GPU
  Device Topology (NV)                            PCI-E, 01:00.0
  Device Profile                                  FULL_PROFILE
  Device Available                                Yes
  Compiler Available                              Yes
  Linker Available                                Yes
  Max compute units                              14
  Max clock frequency                            1515MHz
  Compute Capability (NV)                        7.5
  Device Partition                                (core)
    Max number of sub-devices                    1
    Supported partition types                    None
    Supported affinity domains                    (n/a)
  Max work item dimensions                        3
  Max work item sizes                            1024x1024x64
  Max work group size                            1024
  Preferred work group size multiple              32
  Warp size (NV)                                  32
  Max sub-groups per work group                  0
  Preferred / native vector sizes             
    char                                                1 / 1   
    short                                                1 / 1   
    int                                                  1 / 1   
    long                                                1 / 1   
    half                                                0 / 0        (n/a)
    float                                                1 / 1   
    double                                              1 / 1        (cl_khr_fp64)
  Half-precision Floating-point support          (n/a)
  Single-precision Floating-point support        (core)
    Denormals                                    Yes
    Infinity and NANs                            Yes
    Round to nearest                              Yes
    Round to zero                                Yes
    Round to infinity                            Yes
    IEEE754-2008 fused multiply-add              Yes
    Support is emulated in software              No
    Correctly-rounded divide and sqrt operations  Yes
  Double-precision Floating-point support        (cl_khr_fp64)
    Denormals                                    Yes
    Infinity and NANs                            Yes
    Round to nearest                              Yes
    Round to zero                                Yes
    Round to infinity                            Yes
    IEEE754-2008 fused multiply-add              Yes
    Support is emulated in software              No
  Address bits                                    64, Little-Endian
  Global memory size                              4101898240 (3.82GiB)
  Error Correction support                        No
  Max memory allocation                          1025474560 (978MiB)
  Unified memory for Host and Device              No
  Integrated memory (NV)                          No
  Shared Virtual Memory (SVM) capabilities        (core)
    Coarse-grained buffer sharing                Yes
    Fine-grained buffer sharing                  No
    Fine-grained system sharing                  No
    Atomics                                      No
  Minimum alignment for any data type            128 bytes
  Alignment of base address                      4096 bits (512 bytes)
  Preferred alignment for atomics             
    SVM                                          0 bytes
    Global                                        0 bytes
    Local                                        0 bytes
  Max size for global variable                    0
  Preferred total size of global vars            0
  Global Memory cache type                        Read/Write
  Global Memory cache size                        458752 (448KiB)
  Global Memory cache line size                  128 bytes
  Image support                                  Yes
    Max number of samplers per kernel            32
    Max size for 1D images from buffer            268435456 pixels
    Max 1D or 2D image array size                2048 images
    Max 2D image size                            32768x32768 pixels
    Max 3D image size                            16384x16384x16384 pixels
    Max number of read image args                256
    Max number of write image args                32
    Max number of read/write image args          0
  Max number of pipe args                        0
  Max active pipe reservations                    0
  Max pipe packet size                            0
  Local memory type                              Local
  Local memory size                              49152 (48KiB)
  Registers per block (NV)                        65536
  Max number of constant args                    9
  Max constant buffer size                        65536 (64KiB)
  Max size of kernel argument                    4352 (4.25KiB)
  Queue properties (on host)                   
    Out-of-order execution                        Yes
    Profiling                                    Yes
  Queue properties (on device)                 
    Out-of-order execution                        No
    Profiling                                    No
    Preferred size                                0
    Max size                                      0
  Max queues on device                            0
  Max events on device                            0
  Prefer user sync for interop                    No
  Profiling timer resolution                      1000ns
  Execution capabilities                       
    Run OpenCL kernels                            Yes
    Run native kernels                            No
    Sub-group independent forward progress        No
    Kernel execution timeout (NV)                Yes
  Concurrent copy and kernel execution (NV)      Yes
    Number of async copy engines                  3
    IL version                                    (n/a)
  printf() buffer size                            1048576 (1024KiB)
  Built-in kernels                                (n/a)
  Device Extensions                              cl_khr_global_int32_base_atomics cl_khr_global_int32_extended_atomics cl_khr_local_int32_base_atomics cl_khr_local_int32_extended_atomics cl_khr_fp64 cl_khr_3d_image_writes cl_khr_byte_addressable_store cl_khr_icd cl_khr_gl_sharing cl_nv_compiler_options cl_nv_device_attribute_query cl_nv_pragma_unroll cl_nv_copy_opts cl_nv_create_buffer cl_khr_int64_base_atomics cl_khr_int64_extended_atomics cl_khr_device_uuid cl_khr_pci_bus_info

  Platform Name                                  Intel(R) CPU Runtime for OpenCL(TM) Applications
Number of devices                                1
  Device Name                                    Intel(R) Core(TM) i5-10300H CPU @ 2.50GHz
  Device Vendor                                  Intel(R) Corporation
  Device Vendor ID                                0x8086
  Device Version                                  OpenCL 2.1 (Build 0)
  Driver Version                                  18.1.0.0920
  Device OpenCL C Version                        OpenCL C 2.0
  Device Type                                    CPU
  Device Profile                                  FULL_PROFILE
  Device Available                                Yes
  Compiler Available                              Yes
  Linker Available                                Yes
  Max compute units                              8
  Max clock frequency                            2500MHz
  Device Partition                                (core)
    Max number of sub-devices                    8
    Supported partition types                    by counts, equally, by names (Intel)
    Supported affinity domains                    (n/a)
  Max work item dimensions                        3
  Max work item sizes                            8192x8192x8192
  Max work group size                            8192
  Preferred work group size multiple              128
  Max sub-groups per work group                  1
  Preferred / native vector sizes             
    char                                                1 / 32   
    short                                                1 / 16   
    int                                                  1 / 8   
    long                                                1 / 4   
    half                                                0 / 0        (n/a)
    float                                                1 / 8   
    double                                              1 / 4        (cl_khr_fp64)
  Half-precision Floating-point support          (n/a)
  Single-precision Floating-point support        (core)
    Denormals                                    Yes
    Infinity and NANs                            Yes
    Round to nearest                              Yes
    Round to zero                                No
    Round to infinity                            No
    IEEE754-2008 fused multiply-add              No
    Support is emulated in software              No
    Correctly-rounded divide and sqrt operations  No
  Double-precision Floating-point support        (cl_khr_fp64)
    Denormals                                    Yes
    Infinity and NANs                            Yes
    Round to nearest                              Yes
    Round to zero                                Yes
    Round to infinity                            Yes
    IEEE754-2008 fused multiply-add              Yes
    Support is emulated in software              No
  Address bits                                    64, Little-Endian
  Global memory size                              33491492864 (31.19GiB)
  Error Correction support                        No
  Max memory allocation                          8372873216 (7.798GiB)
  Unified memory for Host and Device              Yes
  Shared Virtual Memory (SVM) capabilities        (core)
    Coarse-grained buffer sharing                Yes
    Fine-grained buffer sharing                  Yes
    Fine-grained system sharing                  Yes
    Atomics                                      Yes
  Minimum alignment for any data type            128 bytes
  Alignment of base address                      1024 bits (128 bytes)
  Preferred alignment for atomics             
    SVM                                          64 bytes
    Global                                        64 bytes
    Local                                        0 bytes
  Max size for global variable                    65536 (64KiB)
  Preferred total size of global vars            65536 (64KiB)
  Global Memory cache type                        Read/Write
  Global Memory cache size                        262144 (256KiB)
  Global Memory cache line size                  64 bytes
  Image support                                  Yes
    Max number of samplers per kernel            480
    Max size for 1D images from buffer            523304576 pixels
    Max 1D or 2D image array size                2048 images
    Base address alignment for 2D image buffers  64 bytes
    Pitch alignment for 2D image buffers          64 pixels
    Max 2D image size                            16384x16384 pixels
    Max 3D image size                            2048x2048x2048 pixels
    Max number of read image args                480
    Max number of write image args                480
    Max number of read/write image args          480
  Max number of pipe args                        16
  Max active pipe reservations                    32767
  Max pipe packet size                            1024
  Local memory type                              Global
  Local memory size                              32768 (32KiB)
  Max number of constant args                    480
  Max constant buffer size                        131072 (128KiB)
  Max size of kernel argument                    3840 (3.75KiB)
  Queue properties (on host)                   
    Out-of-order execution                        Yes
    Profiling                                    Yes
    Local thread execution (Intel)                Yes
  Queue properties (on device)                 
    Out-of-order execution                        Yes
    Profiling                                    Yes
    Preferred size                                4294967295 (4GiB)
    Max size                                      4294967295 (4GiB)
  Max queues on device                            4294967295
  Max events on device                            4294967295
  Prefer user sync for interop                    No
  Profiling timer resolution                      1ns
  Execution capabilities                       
    Run OpenCL kernels                            Yes
    Run native kernels                            Yes
    Sub-group independent forward progress        No
    IL version                                    SPIR-V_1.0
    SPIR versions                                1.2
  printf() buffer size                            1048576 (1024KiB)
  Built-in kernels                                (n/a)
  Device Extensions                              cl_khr_icd cl_khr_global_int32_base_atomics cl_khr_global_int32_extended_atomics cl_khr_local_int32_base_atomics cl_khr_local_int32_extended_atomics cl_khr_byte_addressable_store cl_khr_depth_images cl_khr_3d_image_writes cl_intel_exec_by_local_thread cl_khr_spir cl_khr_fp64 cl_khr_image2d_from_buffer cl_intel_vec_len_hint


NULL platform behavior
  clGetPlatformInfo(NULL, CL_PLATFORM_NAME, ...)  No platform
  clGetDeviceIDs(NULL, CL_DEVICE_TYPE_ALL, ...)  No platform
  clCreateContext(NULL, ...) [default]            No platform
  clCreateContext(NULL, ...) [other]              Success [POCL]
  clCreateContextFromType(NULL, CL_DEVICE_TYPE_DEFAULT)  No platform
  clCreateContextFromType(NULL, CL_DEVICE_TYPE_CPU)  No platform
  clCreateContextFromType(NULL, CL_DEVICE_TYPE_GPU)  No platform
  clCreateContextFromType(NULL, CL_DEVICE_TYPE_ACCELERATOR)  No platform
  clCreateContextFromType(NULL, CL_DEVICE_TYPE_CUSTOM)  No platform
  clCreateContextFromType(NULL, CL_DEVICE_TYPE_ALL)  No platform
NOTE: your OpenCL library only supports OpenCL 2.1,
but some installed platforms support OpenCL 3.0.
Programs using 3.0 features may crash
or behave unexpectedly


vga adapters
Code:
sudo lspci -v | grep -i vga
00:02.0 VGA compatible controller: Intel Corporation UHD Graphics (rev 05) (prog-if 00 [VGA controller])
01:00.0 VGA compatible controller: NVIDIA Corporation Device 1f99 (rev a1) (prog-if 00 [VGA controller])


test(intel(skipped) +nvidia)
Code:
root@pc:/home/tester# hashcat -b -m 0 -D 3,2
hashcat (v5.1.0) starting in benchmark mode...

Benchmarking uses hand-optimized kernel code by default.
You can use it in your cracking session by setting the -O option.
Note: Using optimized kernel code limits the maximum supported password length.
To disable the optimized kernel code in benchmark mode, use the -w option.

* Device #1: Not a native Intel OpenCL runtime. Expect massive speed loss.
            You can use --force to override, but do not report related errors.
* Device #2: WARNING! Kernel exec timeout is not disabled.
            This may cause "CL_OUT_OF_RESOURCES" or related errors.
            To disable the timeout, see: https://hashcat.net/q/timeoutpatch
nvmlDeviceGetFanSpeed(): Not Supported

OpenCL Platform #1: The pocl project
====================================
* Device #1: pthread-Intel(R) Core(TM) i5-10300H CPU @ 2.50GHz, skipped.

OpenCL Platform #2: NVIDIA Corporation
======================================
* Device #2: NVIDIA GeForce GTX 1650, 977/3911 MB allocatable, 14MCU

OpenCL Platform #3: Intel(R) Corporation
========================================
* Device #3: Intel(R) Core(TM) i5-10300H CPU @ 2.50GHz, skipped.

Benchmark relevant options:
===========================
* --opencl-device-types=3,2
* --optimized-kernel-enable

Hashmode: 0 - MD5

Speed.#2.........:  8995.5 MH/s (51.83ms) @ Accel:512 Loops:256 Thr:256 Vec:1

Started: Sun Dec  5 11:36:44 2021
Stopped: Sun Dec  5 11:36:51 2021


Why it skipped?
Why does hashcat not want to use the third device?



test(pocl + nvidia)
Code:
root@pc:/home/tester# hashcat -b -m 0 -D 1,2
hashcat (v5.1.0) starting in benchmark mode...

Benchmarking uses hand-optimized kernel code by default.
You can use it in your cracking session by setting the -O option.
Note: Using optimized kernel code limits the maximum supported password length.
To disable the optimized kernel code in benchmark mode, use the -w option.

* Device #1: Not a native Intel OpenCL runtime. Expect massive speed loss.
            You can use --force to override, but do not report related errors.
* Device #2: WARNING! Kernel exec timeout is not disabled.
            This may cause "CL_OUT_OF_RESOURCES" or related errors.
            To disable the timeout, see: https://hashcat.net/q/timeoutpatch
nvmlDeviceGetFanSpeed(): Not Supported

OpenCL Platform #1: The pocl project
====================================
* Device #1: pthread-Intel(R) Core(TM) i5-10300H CPU @ 2.50GHz, skipped.

OpenCL Platform #2: NVIDIA Corporation
======================================
* Device #2: NVIDIA GeForce GTX 1650, 977/3911 MB allocatable, 14MCU

OpenCL Platform #3: Intel(R) Corporation
========================================
* Device #3: Intel(R) Core(TM) i5-10300H CPU @ 2.50GHz, 7984/31939 MB allocatable, 8MCU

Benchmark relevant options:
===========================
* --opencl-device-types=1,2
* --optimized-kernel-enable

Hashmode: 0 - MD5

Speed.#2.........:  8522.4 MH/s (51.04ms) @ Accel:512 Loops:256 Thr:256 Vec:1
Speed.#3.........:  323.6 MH/s (27.29ms) @ Accel:1024 Loops:1024 Thr:1 Vec:8
Speed.#*.........:  8846.1 MH/s

Started: Sun Dec  5 11:37:35 2021
Stopped: Sun Dec  5 11:37:43 2021

system:
Code:
Linux pc 5.11.0-41-generic #45~20.04.1-Ubuntu SMP Wed Nov 10 10:20:10 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux


PS
Сonfig xorg.conf was not found in my system:
Code:
root@pc:/home/tester# find / -iname *xorg.conf*
find: ‘/run/user/1000/gvfs’: Permission denied
find: ‘/run/user/125/gvfs’: Permission denied
/usr/share/man/man5/xorg.conf.d.5.gz
/usr/share/man/man5/xorg.conf.5.gz
/usr/share/X11/xorg.conf.d
/usr/share/doc/xserver-xorg-video-intel/xorg.conf
/etc/X11/xorg.conf.nvidia-xconfig-original

cat /usr/share/doc/xserver-xorg-video-intel/xorg.conf
Section "Device"
Identifier "Intel"
Driver "intel"
# Option "AccelMethod" "uxa"
EndSection



Code:
Newer versions of Ubuntu (and maybe other distributions as well) do not use xorg.conf any longer. Alternatively they use the folder /usr/share/x11/xorg.conf.d/ where you can put in snippets of the config. Create a new file, call it “20-nvidia.conf” and put in the following content:

Section "Device"
Identifier "MyGPU"
Driver "nvidia"
Option "Interactive" "0"
EndSection
if I create this file, my system does not boot at all, it freezes on the logo

Token processing question

December 5, 2021, 3:42 am
$
0
0
I have the following password candidate:

word1word2word3word4word5word6word7word8word9word10word11word12word13word14word15word16

Each actual word length is different and I have a few options for each numbered word (so word1 could be 5-6 different options) and one of the words could have some capitalization in place.

I'm looking for a token processor that can help me represent this in an easy way so that I could either feed it directly to hashcat, or create a word list to then feed it with mode 0.

To give a concise example (using only 4 words, to keep it simple), I'm currently using BTCRecover tokenlists, which works great but is extremely slow:

Code:
+ ^1^word1 ^1^Word1 ^1^wOrd1 ^1^word11 ^1^Word11 ^1^wOrd11
+ ^2^word2 ^2^Word2 ^2^wOrd2 ^2^word22 ^2^Word222 ^2^wordddd222 ^2^worD2
+ ^3^woRD3 ^3^word3 ^3^Word3 ^3^w0rd3 ^3^WORD3 ^3^word33 ^3^Word333
+ ^4^WORd44 ^4^word4 ^4^woRD44 ^4^wOrd4 ^4^WORD4 ^4^Word444 ^4^word4444


Is there any processor I can use that takes a similar input in a way that will allow me to set anchors for the positions, set multiple variations and feed back to hashcat?

Thanks in advance.

Help with new mode for 1Password's B5.sqlite encrypted entries.

December 5, 2021, 11:22 am
$
0
0
Hi, this is my first post on the forum, I've been a long time watcher and recently I've started working on a new mode for 1Password's B5.sqlite encrypted entries. 
I'm having some issues and would like to ask for some help in finalizing my work.

My progress so far can be reviewed here:
https://github.com/brutebrothers/hashcat/pull/1

Here's a detailed breakdown of the what's needed for a decryption (Python):
https://darthnull.org/1pass-roundtrip


The relevant encryption is PBKDF2-HMAC-SHA256 + AES-GCM-256 which is similar to modes 25500 (Stargazer Stellar Wallet XLM) and 26600 (MetaMask Wallet).

The main difference between existing modes and this one is extra steps performed:
- The salt is first passed via a HKDF function and the result is then used as the salt for the PBKDF2 step. This can be done at the hash extraction stage (before hashcat).
- A second HKDF secret is generated based on different parameters (specific to 1password) and is generated at the hash extraction stage (before hashcat).
- The result of the PBKDF2 function is XOR'ed with the second HKDF secret and the result is used as the key for the following AES stages.

I've confirmed my results following the PBKDF2 stage and the XOR with the second HKDF secret, the result is the same as the Python walkthrough, please see here, for exact relevant change:
https://github.com/brutebrothers/hashcat...1R357-R389

My issue is with the following steps and I was hoping for some guidance. I believe I understand my target goal which is to compare the auth tag of the result. So, we have the auth tag extracted (16 last bytes) of the hash presented to hashcat and then later on within the kernel we attempt to end up with the same tag. The tags I get do not compare with the tags we're after and I'm trying to understand what I'm doing wrong. When going over the code I see that `AES_GCM_GCTR` ends up calling AES256_encrypt, any idea why we're not calling decrypt? I did see we have a decrypt function, should I go down that path and try to compare the decryption results with what I expect to find (json)?

I've tried looking for other modes implementing the AES-GCM and learning more, but I didn't find additional references, any guidance would be greatly appreciated.

The code is initial and still WIP, but I wanted to make sure I get a POC working before moving forward.
Search

function write in C

November 30, 2021, 3:32 am
$
0
0

  1. Can someone tell me how to write the following function(in inc_common.cl)
  1. DECLSPEC u32 hc_byte_perm_S (const u32 a, const u32 b, const int c)
  1. with C language
  1. DECLSPEC u32 hc_byte_perm_S (const u32 a, const u32 b, const int c)
  1. {
  1.     u32 r = 0;
  1.     asm volatile ("V_PERM_B32 %0, %1, %2, %3;" : "=v"(r) : "v"(b), "v"(a), "v"(c));
  1.     return r;
  1. }
  1. DECLSPEC u32 hc_byte_perm_S (const u32 a, const u32 b, const int c)
  1. {
  1.     u32 r = 0;
  1.     asm volatile ("prmt.b32 %0, %1, %2, %3;" : "=r"(r) : "r"(a), "r"(b), "r"(c));
  1.     return r;
  1. }
  1. I not familiar with GPU asm

AMD HIP support

December 6, 2021, 1:36 am
$
0
0
Hello.

I'm using RX 470 (Polaris10-Ellesmere) card with Windows 11 (22000.348) and latest 21.12.1 drivers with HIP 4.4 runtime inside.

Unfortunately, hashcat v6.2.5 broke compatibility reporting this error:

hipDeviceGetAttribute(): 1

I also tried v6.2.5+19 beta with the exact same results.

hashcat v6.2.3 doesn't see HIP 4.4 backend of 21.12.1 drivers at all.

But fortunately, hashcat v6.2.4 is working fine - but not for all hashes/ algorithms.

A quick comparison for OpenCL vs HIP using hashcat v6.2.4 and 21.12.1 drivers (Win 11)

HIP API (HIP 4.4)
=================
* Device #1: Radeon (TM) RX 470 Graphics, 8064/8192 MB, 32MCU

---------------------
* Hash-Mode 900 (MD4)
---------------------

Speed.#1.........: 22190.4 MH/s (95.47ms) @ Accel:2048 Loops:512 Thr:64 Vec:1


-----------------------
* Hash-Mode 1000 (NTLM)
-----------------------

Speed.#1.........: 22205.8 MH/s (95.47ms) @ Accel:256 Loops:512 Thr:512 Vec:1


---------------------
* Hash-Mode 3000 (LM)
---------------------

Speed.#1.........:  1049.0 MH/s (63.68ms) @ Accel:4 Loops:1024 Thr:512 Vec:1


-------------------
* Hash-Mode 0 (MD5)
-------------------

Speed.#1.........: 11500.4 MH/s (92.61ms) @ Accel:256 Loops:512 Thr:256 Vec:1


The plugin 2500 is deprecated and was replaced with plugin 22000. For more details, please read: https://hashcat.net/forum/thread-10253.html

------------------------------------------------------
* Hash-Mode 2500 (WPA-EAPOL-PBKDF2) [Iterations: 4095]
------------------------------------------------------

* Device #1: ATTENTION! HIP kernel self-test failed.

Your device driver installation is probably broken.
See also: https://hashcat.net/faq/wrongdriver

Speed.#1.........:  191.5 kH/s (81.13ms) @ Accel:64 Loops:256 Thr:128 Vec:1


---------------------------------------------
* Hash-Mode 11600 (7-Zip) [Iterations: 16384]
---------------------------------------------

Kernel minimum runtime larger than default TDR

Speed.#1.........:        0 H/s (2524.93ms) @ Accel:0 Loops:0 Thr:0 Vec:1


------------------------------------------------------
* Hash-Mode 9600 (MS Office 2013) [Iterations: 100000]
------------------------------------------------------


------------------------------------------------------
* Hash-Mode 9500 (MS Office 2010) [Iterations: 100000]
------------------------------------------------------

Speed.#1.........:    32647 H/s (81.61ms) @ Accel:64 Loops:512 Thr:256 Vec:1


----------------------------------------------------------------------
* Hash-Mode 10700 (PDF 1.7 Level 8 (Acrobat 10 - 11)) [Iterations: 64]
----------------------------------------------------------------------

* Device #1: ATTENTION! HIP kernel self-test failed.

Your device driver installation is probably broken.
See also: https://hashcat.net/faq/wrongdriver

Speed.#1.........:    13513 H/s (74.76ms) @ Accel:2 Loops:1 Thr:1024 Vec:1


---------------------------
* Hash-Mode 1700 (SHA2-512)
---------------------------

Speed.#1.........:  497.0 MH/s (67.31ms) @ Accel:64 Loops:256 Thr:64 Vec:1


-------------------------
* Hash-Mode 11500 (CRC32)
-------------------------

Speed.#1.........: 21330.6 MH/s (49.86ms) @ Accel:256 Loops:512 Thr:256 Vec:1


------------------------------------------------
* Hash-Mode 12500 (RAR3-hp) [Iterations: 262144]
------------------------------------------------

Speed.#1.........:    1874 H/s (1073.21ms) @ Accel:16 Loops:16384 Thr:64 Vec:1


--------------------------------------------
* Hash-Mode 13000 (RAR5) [Iterations: 32799]
--------------------------------------------

Speed.#1.........:    21777 H/s (92.41ms) @ Accel:32 Loops:256 Thr:256 Vec:1

--------------------------------------
* Hash-Mode 17200 (PKZIP (Compressed))
--------------------------------------

* Device #1: ATTENTION! HIP kernel self-test failed.

Your device driver installation is probably broken.
See also: https://hashcat.net/faq/wrongdriver

Speed.#1.........:  504.3 MH/s (41.37ms) @ Accel:20 Loops:512 Thr:64 Vec:1



VS


OpenCL API (OpenCL 2.1 AMD-APP (3354.13)) - Platform #1 [Advanced Micro Devices, Inc.]
======================================================================================
* Device #2: Radeon (TM) RX 470 Graphics, 8064/8192 MB (6745 MB allocatable), 32MCU


---------------------
* Hash-Mode 900 (MD4)
---------------------

Speed.#2.........: 18139.4 MH/s (58.27ms) @ Accel:128 Loops:1024 Thr:256 Vec:1


-----------------------
* Hash-Mode 1000 (NTLM)
-----------------------

Speed.#2.........: 18145.1 MH/s (58.27ms) @ Accel:1024 Loops:512 Thr:64 Vec:1

---------------------
* Hash-Mode 3000 (LM)
---------------------

Speed.#2.........: 11162.4 MH/s (95.02ms) @ Accel:128 Loops:1024 Thr:256 Vec:1


-------------------
* Hash-Mode 0 (MD5)
-------------------

Speed.#2.........: 11500.5 MH/s (92.31ms) @ Accel:512 Loops:1024 Thr:64 Vec:1


The plugin 2500 is deprecated and was replaced with plugin 22000. For more details, please read: https://hashcat.net/forum/thread-10253.html

------------------------------------------------------
* Hash-Mode 2500 (WPA-EAPOL-PBKDF2) [Iterations: 4095]
------------------------------------------------------

Speed.#2.........:  138.3 kH/s (86.00ms) @ Accel:64 Loops:256 Thr:128 Vec:1


---------------------------------------------
* Hash-Mode 11600 (7-Zip) [Iterations: 16384]
---------------------------------------------

Speed.#2.........:    83410 H/s (73.95ms) @ Accel:8 Loops:4096 Thr:256 Vec:1


------------------------------------------------------
* Hash-Mode 9600 (MS Office 2013) [Iterations: 100000]
------------------------------------------------------

* Device #2: ATTENTION! OpenCL kernel self-test failed.

Your device driver installation is probably broken.
See also: https://hashcat.net/faq/wrongdriver

Speed.#2.........:    3969 H/s (84.02ms) @ Accel:512 Loops:256 Thr:256 Vec:1


------------------------------------------------------
* Hash-Mode 9500 (MS Office 2010) [Iterations: 100000]
------------------------------------------------------

Speed.#2.........:    26643 H/s (85.68ms) @ Accel:128 Loops:256 Thr:256 Vec:1


----------------------------------------------------------------------
* Hash-Mode 10700 (PDF 1.7 Level 8 (Acrobat 10 - 11)) [Iterations: 64]
----------------------------------------------------------------------

Speed.#2.........:      375 H/s (291.86ms) @ Accel:1 Loops:1 Thr:256 Vec:1


---------------------------
* Hash-Mode 1700 (SHA2-512)
---------------------------

Speed.#2.........:  394.1 MH/s (84.29ms) @ Accel:128 Loops:128 Thr:64 Vec:1



-------------------------
* Hash-Mode 11500 (CRC32)
-------------------------

Speed.#2.........:  2978.3 MH/s (89.27ms) @ Accel:64 Loops:1024 Thr:128 Vec:1


------------------------------------------------
* Hash-Mode 12500 (RAR3-hp) [Iterations: 262144]
------------------------------------------------

Speed.#2.........:    19908 H/s (78.65ms) @ Accel:4 Loops:16384 Thr:256 Vec:1


--------------------------------------------
* Hash-Mode 13000 (RAR5) [Iterations: 32799]
--------------------------------------------

Speed.#2.........:    18236 H/s (49.53ms) @ Accel:128 Loops:128 Thr:64 Vec:1


--------------------------------------
* Hash-Mode 17200 (PKZIP (Compressed))
--------------------------------------

* Device #2: Skipping hash-mode 17200)
            This is due to a known CUDA/HIP/OpenCL runtime/driver issue (not a hashcat issue)
            You can use --force to override, but do not report related errors.



@atom

Just tell me if you want full benchmark results

Hcxdumptools Not Picking Up Data

December 6, 2021, 2:04 pm
$
0
0
Hello All,

All of my adapters finally arrived and no more TP-Link! Hurray. I've got my Netgear that works fine with all tools except hcx. I've also tried my Alfa AWUS036 and have almost the exact same output. I can't point my finger on what's wrong but I feel like it's not capturing the data it should be. The only time it makes progress is with my wifi points I've previously connected to. Below is my terminal output.

Code:
┌──(The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali)㉿The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali))-[~]
└─$ sudo hcxdumptool -o att.pcapng -i wlan1 --enable_status=31                                              1 ⨯

initialization of hcxdumptool 6.2.5-7-g4d7c072...
warning possible interfere: NetworkManager is running with pid 468

warning possible interfere: wpa_supplicant is running with pid 590


start capturing (stop with ctrl+c)
NMEA 0183 SENTENCE........: N/A
INTERFACE NAME............: wlan1
INTERFACE PROTOCOL........: IEEE 802.11
INTERFACE TX POWER........: 18 dBm (lowest value reported by the device)
INTERFACE HARDWARE MAC....: 6ccdd6c37f91 (not used for the attack)
INTERFACE VIRTUAL MAC.....: baceb640e349 (not used for the attack)
DRIVER....................: mt76x2u
DRIVER VERSION............: 5.4.83-Re4son-v8l+
DRIVER FIRMWARE VERSION...: 0.0.00-b1
openSSL version...........: 1.1
ERRORMAX..................: 100 errors
BPF code blocks...........: 0
FILTERLIST ACCESS POINT...: 0 entries
FILTERLIST CLIENT.........: 0 entries
FILTERMODE................: unused
WEAK CANDIDATE............: 12345678
ESSID list................: 0 entries
ACCESS POINT (ROGUE)......: 50e14ae6a181 (BROADCAST HIDDEN used for the attack)
ACCESS POINT (ROGUE)......: 50e14ae6a182 (BROADCAST OPEN used for the attack)
ACCESS POINT (ROGUE)......: 50e14ae6a183 (used for the attack and incremented on every new client)
CLIENT (ROGUE)............: acde48114664
EAPOLTIMEOUT..............: 20000 usec
EAPOLEAPTIMEOUT...........: 2500000 usec
REPLAYCOUNT...............: 62718
ANONCE....................: 16fab521a4d8dbe495c657c3c58a3c4384255df1c7347a9361f4aeec9b35692a
SNONCE....................: 13d29eb702b2afefc8e555b4634071d13fba4602caa3198fd938b8f478d8f86e

20:48:03 2412/1  ffffffffffff 346f90c60a73 [HIDDEN BEACON]
20:48:03 2412/1  ffffffffffff 44a56edf0f04 Hillarys_Email_Server [BEACON]
20:48:03 2412/1  e45f0170d4dd 50e14ae6a184 Hillarys_Email_Server [ROGUE PROBERESPONSE]
20:48:03 2412/1  e45f0170d4dd 44a56edf0f04 Hillarys_Email_Server [PROBERESPONSE]
20:48:04 2417/2  7c5079402987 44a56edf0f04 Hillarys_Email_Server [AUTHENTICATION]
20:48:04 2417/2  7c5079402987 44a56edf0f04 Hillarys_Email_Server [REASSOCIATION]
20:48:04 2417/2  ffffffffffff d0768fec6e7d Nessa21 WiFi [BEACON]
20:48:04 2417/2  ffffffffffff f2768fec6e7d [HIDDEN BEACON]
20:48:05 2417/2  ffffffffffff 003044439ed7 IBR900-ed6 [BEACON]
20:48:05 2417/2  7c5079402987 44a56edf0f04 Hillarys_Email_Server [EAPOL:M1M2 EAPOLTIME:4952 RC:2 KDV:2]
20:48:05 2417/2  7c5079402987 44a56edf0f04 Hillarys_Email_Server [EAPOL:M3M4ZEROED EAPOLTIME:35 RC:3 KDV:2]
20:48:06 2417/2  001723b1a9a8 d0768fec6e7d Nessa21 WiFi [PROBERESPONSE]
20:48:06 2417/2  e45f0170d4dd 003044439ed7 IBR900-ed6 [PROBERESPONSE]
20:48:08 2422/3  6abbb5267a0c 50e14ae6a185 IBR900-e80 [ROGUE PROBERESPONSE]
20:48:09 2422/3  ffffffffffff 6299115d42a8 [HIDDEN BEACON]
20:48:09 2422/3  e45f0170d4dd 50e14ae6a184 Hillarys_Email_Server [AUTHENTICATION]
20:48:09 2422/3  ffffffffffff bc99115d42ab BLDG83 [BEACON]
20:48:12 2427/4  6abbb5267a0c 50e14ae6a185 IBR900-e80 [AUTHENTICATION]
20:48:15 2427/4  e45f0170d4dd 50e14ae6a184 Hillarys_Email_Server [ASSOCIATION]
20:48:15 2427/4  e45f0170d4dd 50e14ae6a184 Hillarys_Email_Server [EAPOL:M1M2ROGUE EAPOLTIME:2530 RC:62718 KDV:2]
20:48:16 2432/5  ffffffffffff 003044383e81 IBR900-e80 [BEACON]
20:48:16 2432/5  9061ae4252e8 003044383e81 IBR900-e80 [PROBERESPONSE]
20:48:16 2432/5  ffffffffffff 003044383ec0 IBR900-ebf [BEACON]
20:48:21 2437/6  ffffffffffff 6899cd503c32 [HIDDEN BEACON]
20:48:21 2437/6  6abbb5267a0c 003044383ec0 IBR900-ebf [PROBERESPONSE]
20:48:21 2437/6  ffffffffffff 6899cd503c35 philips [BEACON]
20:48:21 2437/6  ffffffffffff 6899cd503c30 IHSABR-GFE [BEACON]
20:48:22 2437/6  925f052d5863 6899cd503c35 philips [PROBERESPONSE]
20:48:22 2437/6  ffffffffffff 6899cd503c34 [HIDDEN BEACON]
20:48:23 2437/6  5c5f67c8c161 50e14ae6a186 IHSABR-GFE [ROGUE PROBERESPONSE]
20:48:23 2437/6  ffffffffffff 6899cd503c31 IHSABR-PineRidgeGuest [BEACON]
20:48:24 2442/7  6abbb5267a0c 50e14ae6a185 IBR900-e80 [REASSOCIATION]
20:48:25 2442/7  ffffffffffff 44a56eee3fd7 ATT-WIFI-92k6 [BEACON]
20:48:29 2447/8  6e58848827a6 44a56eee3fd7 ATT-WIFI-92k6 [PROBERESPONSE]
20:48:34 2452/9  8cc68119b081 50e14ae6a187 ATT-WIFI-92k6 [ROGUE PROBERESPONSE]
20:48:34 2452/9  8cc68119b081 44a56eee3fd7 ATT-WIFI-92k6 [AUTHENTICATION]
20:48:34 2452/9  8cc68119b081 44a56eee3fd7 ATT-WIFI-92k6 [REASSOCIATION]
20:48:34 2452/9  8cc68119b081 44a56eee3fd7 ATT-WIFI-92k6 [EAPOL:M1M2ROGUE EAPOLTIME:2782 RC:62718 KDV:2]
20:48:34 2452/9  8cc68119b081 44a56eee3fd7 ATT-WIFI-92k6 [EAPOL:M1M2ROGUE EAPOLTIME:2372 RC:62718 KDV:2]
20:48:35 2452/9  8cc68119b081 44a56eee3fd7 ATT-WIFI-92k6 [EAPOL:M1M2 EAPOLTIME:6355 RC:2 KDV:2]
20:48:35 2452/9  8cc68119b081 44a56eee3fd7 ATT-WIFI-92k6 [EAPOL:M2M3 EAPOLTIME:2074 RC:3 KDV:2]
20:48:35 2452/9  8cc68119b081 44a56eee3fd7 ATT-WIFI-92k6 [EAPOL:M3M4ZEROED EAPOLTIME:4830 RC:3 KDV:2]
20:48:40 2462/11  ffffffffffff 346f90c60a72 [HIDDEN BEACON]
20:48:40 2462/11  8cc68119b081 346f90c60a70 IHSABR-GFE [PROBERESPONSE]
20:48:40 2462/11  8cc68119b081 346f90c60a71 IHSABR-PineRidgeGuest [PROBERESPONSE]
20:48:40 2462/11  8cc68119b081 346f90c60a75 philips [PROBERESPONSE]
20:48:40 2462/11  ffffffffffff 346f90c60a75 philips [BEACON]
20:48:40 2462/11  ffffffffffff 346f90c60a70 IHSABR-GFE [BEACON]
20:48:40 2462/11  ffffffffffff 346f90c60a74 [HIDDEN BEACON]
20:48:40 2462/11  ffffffffffff 346f90c60a71 IHSABR-PineRidgeGuest [BEACON]
20:48:40 2462/11  ffffffffffff 6899cd51b6c2 [HIDDEN BEACON]
20:48:40 2462/11  ffffffffffff 6899cd51b6c0 IHSABR-GFE [BEACON]
20:48:40 2462/11  ffffffffffff 6899cd51b6c1 IHSABR-PineRidgeGuest [BEACON]
20:48:40 2462/11  ffffffffffff 6899cd51b6c4 [HIDDEN BEACON]
20:48:41 2462/11  ffffffffffff 6899cd51b6c3 [HIDDEN BEACON]
20:48:41 2462/11  acde48114664 346f90c60a75 philips [PMKIDROGUE:2ba6ea1a4efced4fa06bd1de25ee0403 KDV:2]
20:48:41 2462/11  ffffffffffff 6899cd51b6c5 philips [BEACON]
20:48:41 2462/11  acde48114664 6899cd51b6c5 philips [PMKIDROGUE:c3ac9b07a422b3049b8b95be0b577999 KDV:2]
20:49:04 5220/44  ffffffffffff 44a56eee3fd5 ATT-WIFI-92k6_5G [BEACON]
20:49:24 5320/64  ffffffffffff 346f90c60a7c [HIDDEN BEACON]
20:49:24 5320/64  ffffffffffff 346f90c60a7a philips [BEACON]
20:49:24 5320/64  ffffffffffff 346f90c60a7f IHSABR-GFE [BEACON]
20:49:24 5320/64  ffffffffffff 346f90c60a7b [HIDDEN BEACON]
20:49:24 5320/64  ffffffffffff 346f90c60a7d [HIDDEN BEACON]
20:49:24 5320/64  ffffffffffff 346f90c60a7e IHSABR-PineRidgeGuest [BEACON]
20:49:24 5320/64  5c5f67c8c161 346f90c60a7f IHSABR-GFE [PROBERESPONSE]
20:49:24 5320/64  5c5f67c8c161 346f90c60a7e IHSABR-PineRidgeGuest [PROBERESPONSE]
20:49:24 5320/64  5c5f67c8c161 346f90c60a7a philips [PROBERESPONSE]
20:50:16 5765/153 ffffffffffff d0768fec6e7e Nessa21 WiFi 5G [BEACON]
20:50:16 5765/153 ffffffffffff f2768fec6e7e [HIDDEN BEACON]
20:50:16 5765/153 ffffffffffff 003044383ec1 IBR900-ebf-5g [BEACON]
20:50:17 5765/153 9061ae4252e8 d0768fec6e7e Nessa21 WiFi 5G [PROBERESPONSE]
20:50:20 5785/157 ffffffffffff 003044439ed8 IBR900-ed6-5g [BEACON]
20:50:24 5805/161 ffffffffffff 003044383e82 IBR900-e80-5g [BEACON]
20:50:24 5805/161 ffffffffffff 44a56edf0f02 Hillarys_Email_Server_5G [BEACON]
20:50:24 5805/161 5c5f67c8c161 44a56edf0f02 Hillarys_Email_Server_5G [PROBERESPONSE]
20:50:32 2412/1  ffffffffffff 6899cd51aeb0 IHSABR-GFE [BEACON]
20:50:32 2412/1  ffffffffffff 6899cd51aeb4 [HIDDEN BEACON]
20:50:32 2412/1  ffffffffffff 6899cd51aeb2 [HIDDEN BEACON]
20:50:32 2412/1  ffffffffffff 6899cd51aeb1 IHSABR-PineRidgeGuest [BEACON]
20:50:32 2412/1  e45f0170d4dd 6899cd51aeb5 philips [PROBERESPONSE]
20:50:32 2412/1  ffffffffffff 6899cd51aeb5 philips [BEACON]
20:50:33 2412/1  ffffffffffff 6899cd51aeb3 [HIDDEN BEACON]
20:50:33 2412/1  8cc68119b081 6899cd51aeb0 IHSABR-GFE [PROBERESPONSE]
20:50:33 2412/1  acde48114664 6899cd51aeb5 philips [PMKIDROGUE:1b6cb41383f82f3608d2916e9b2085d9 KDV:2]
20:50:33 2412/1  7c5079402987 50e14ae6a184 Hillarys_Email_Server [AUTHENTICATION]
20:50:33 2412/1  7c5079402987 50e14ae6a184 Hillarys_Email_Server [REASSOCIATION]
20:50:33 2412/1  7c5079402987 50e14ae6a184 Hillarys_Email_Server [EAPOL:M1M2ROGUE EAPOLTIME:2469 RC:62718 KDV:2]
20:50:34 2412/1  7c5079402987 44a56edf0f04 Hillarys_Email_Server [EAPOL:M1M2ROGUE EAPOLTIME:364 RC:62718 KDV:2]
20:50:34 2412/1  7c5079402987 44a56edf0f04 Hillarys_Email_Server [EAPOL:M1M2 EAPOLTIME:8873 RC:1 KDV:2]
20:50:34 2412/1  7c5079402987 44a56edf0f04 Hillarys_Email_Server [EAPOL:M2M3 EAPOLTIME:3237 RC:2 KDV:2]
20:50:34 2412/1  7c5079402987 44a56edf0f04 Hillarys_Email_Server [EAPOL:M3M4ZEROED EAPOLTIME:2104 RC:2 KDV:2]
20:50:34 2412/1  b0e4d5993c88 50e14ae6a188 Nessa21 WiFi [ROGUE PROBERESPONSE]
20:50:34 2412/1  b0e4d5993c88 6899cd51aeb1 IHSABR-PineRidgeGuest [PROBERESPONSE]

failed to read packet: Network is down
20:50:43 2422/3  e45f0170d4dd 44a56edf0f04 Hillarys_Email_Server [AUTHENTICATION]
20:50:43 2422/3  e45f0170d4dd 44a56edf0f04 Hillarys_Email_Server [EAPOL:M1M2 EAPOLTIME:5267 RC:1 KDV:2]
20:50:55 2437/6  ffffffffffff 6899cd503c33 [HIDDEN BEACON]
20:51:06 2452/9  8cc68119b081 44a56eee3fd7 ATT-WIFI-92k6 [EAPOL:M1M2 EAPOLTIME:4824 RC:1 KDV:2]
20:51:06 2452/9  8cc68119b081 44a56eee3fd7 ATT-WIFI-92k6 [EAPOL:M2M3 EAPOLTIME:3386 RC:2 KDV:2]
20:51:06 2452/9  8cc68119b081 44a56eee3fd7 ATT-WIFI-92k6 [EAPOL:M3M4ZEROED EAPOLTIME:3291 RC:2 KDV:2]
20:51:39 5220/44  023b15e6ffa7 44a56eee3fd5 ATT-WIFI-92k6_5G [PROBERESPONSE]
20:52:54 5785/157 4a620d7fc26f 003044439ed8 IBR900-ed6-5g [PROBERESPONSE]                                       
20:53:07 2412/1  ffffffffffff 54833a8ec121 Evans wifi [BEACON]                                                 
20:55:35 5785/157 3e38218a4664 50e14ae6a189 IBR900-ebf [ROGUE PROBERESPONSE]
20:56:09 2417/2  5a0067db2485 50e14ae6a18a ATT-WIFI-92k6_5G [ROGUE PROBERESPONSE]

failed to read packet: Network is down
20:57:41 2462/11 socket error: failed to transmit proberesponse
20:57:47 2462/11  28ad181e3986 6899cd51b6c5 philips [PROBERESPONSE]
21:02:30 5805/161 f49634c24c0a 003044383e82 IBR900-e80-5g [PROBERESPONSE]

MacOSX plist file format conversion

December 6, 2021, 5:13 pm
$
0
0
I'm trying to recover a lost password on a Mac OSX Snow Leopard (10.6.8 I believe) computer, but I'm having no luck trying to figure out how to convert the encoded password string into a form hashcat can use. (I'm also at the very bottom of a hashcat learning curve.) I see it says that mode 122 works against these passwords. I can access the user's plist file by mounting the hard drive on my Linux machine. The plist file contains an "authentication_authority" key with a two-element array as a value. The second element of that array appears to be the encoded password. It looks like this:

Code:
<key>authentication_authority</key>
<array>
    <string>;ShadowHash;</string>
    <string>;Kerberosv5;;<username>@LKDC:SHA1.<hexdata>;LKDC:SHA1.<hexdata>;</string>
</array>

The two <hexdata> elements are perhaps salt and password? I found a program called hashdump.py which purports to massage Mac OSX password plist files for use by hashcat, but it appears to be aimed at a later version of Mac OSX and has no comments to describe the logical steps it's performing. Consequently, I can't quite figure out what it's doing.

I've taken a couple blind stabs at simply extracting parts of that Kerberosv5 line but just get token length exceptions. I've so far tried

Code:
SHA1.<hexdata>;SHA1.<hexdata>
<hexdata>.<hexdata>
SHA1(<hexdata>.<hexdata>)
SHA1($<hexdata>.$<hexdata>)

Looking at the Algorithms section of the --help output, it seems the format 120 (sha1($salt.$pass)) is similar to what I might need, so I tried that (or rather, took a stab at trying that). Those are the last couple formatting attempts in the block above. Instead of "token length" errors I got "Separator unmatched." Maybe I'm moving slowly in the right direction, but I'm still pretty much stumbling around in the dark and could use some advice.

Is there some straightforward recipe to convert the above encoded password data into something hashcat can munch on? I just have the one password to crack, so doing it manually is fine.

Why is my Litecoin hash "only" 112 characters long?

December 7, 2021, 12:05 am
$
0
0
Hi all,

I'm getting the line-length exception error I read about in other posts, but I can't find a solution for it.

The example hash for a Bitcoin/Litecoin wallet has 305 characters, starting with $bitcoin$96$...
My Litecoin wallet, when using bitcoin2john and similar tools I found, gives a hash with 112 characters. I've changed some of the characters to show you what it looks like:

$bitcoin$64$XXXc3c5c58212dd4ec2261bXXX1b6c0e787d1eaab10XXX9bb70870153db3b539$16$4601abbXXX1c046e$62055$2$00$2$00

Why won't Hashcat recognize this as a Litecoin wallet hash?
It's an old wallet, from 2013 I think, but that shouldn't matter, right?

Any help is greatly appreciated!

Michael

unfeasible wordlists

December 7, 2021, 10:52 am
$
0
0
Feeding hashcat with wordlist is by far an excellent way to begin the cracking process, but I do face an issue with wordlist generating software, because when I generate a wordlist based on a custom charset to target a password that I already know; I come not to find that password within the generated wordlist. has it anything to do with the algorithm used by the software to produce the given input? any suggestions?

Can a Cowpatty word list be used with Hash at?

December 7, 2021, 12:59 pm
$
0
0
If there's an answer to this question I'm sorry for asking I've been searching but can't find one.
My question is can you use a Cowpatty generated worrdlist with Hashcat and if so is there a special command or do I just run it normally?
Search

I installed the driver Hashcat wanted and now it wants 7.4 but all I can find is 7.5

December 7, 2021, 4:34 pm
$
0
0
I'm using a Nvidia 3070 OC and an AMD 3700x running Windows 11.
I had a 2070 Super and it would run PKMD's in MH/s. I start to run the new rug and it's running the same things in KH/s it says I'm using the wrong driver I follow the wiki and install the correct driver now I'm getting ptxas application ptx input,line0;fatal : Unsupported version 7.5; current version is 7.4 and device ones build fails. It's seeing my GPU as device one and two.
I entered the argument -d2 now it initializes but won't run it's said please be patient. 
That's fine because I've been searching for an hour for the 7.4 driver hoping to fix it but I can't find it.
I'm running the line: Hashcat -m 22000 capture worrdlist -a 0 -w 4 -d2 output.
With the 2070 I installed Cuda and was done any idea what the problem could be.

Is there has error with these functions

December 1, 2021, 11:19 pm
$
0
0
Is there have error in selector or left/right rotate with these two functions (in inc_common.cl)

(I think the undo_utf16be_S has error in left/right rotate operation)

DECLSPEC void undo_utf16be_S (const u32 *in1, const u32 *in2, u32 *out)
{
  #if defined IS_NV

  out[0] = hc_byte_perm_S (in1[0], in1[1], 0x4602);
  out[1] = hc_byte_perm_S (in1[2], in1[3], 0x4602);
  out[2] = hc_byte_perm_S (in2[0], in2[1], 0x4602);
  out[3] = hc_byte_perm_S (in2[2], in2[3], 0x4602);

  #elif (defined IS_AMD || defined IS_HIP) && HAS_VPERM == 1

  out[0] = hc_byte_perm_S (in1[0], in1[1], 0x04060002);
  out[1] = hc_byte_perm_S (in1[2], in1[3], 0x04060002);
  out[2] = hc_byte_perm_S (in2[0], in2[1], 0x04060002);
  out[3] = hc_byte_perm_S (in2[2], in2[3], 0x04060002);

  #else

  out[0] = ((in1[0] & 0x0000ff00) >>  8) | ((in1[0] & 0xff000000) >> 16)
        | ((in1[1] & 0x0000ff00) <<  8) | ((in1[1] & 0xff000000) <<  0);
  out[1] = ((in1[2] & 0x0000ff00) >>  8) | ((in1[2] & 0xff000000) >> 16)
        | ((in1[3] & 0x0000ff00) <<  8) | ((in1[3] & 0xff000000) <<  0);
  out[2] = ((in2[0] & 0x0000ff00) >>  8) | ((in2[0] & 0xff000000) >> 16)
        | ((in2[1] & 0x0000ff00) <<  8) | ((in2[1] & 0xff000000) <<  0);
  out[3] = ((in2[2] & 0x0000ff00) >>  8) | ((in2[2] & 0xff000000) >> 16)
        | ((in2[3] & 0x0000ff00) <<  8) | ((in2[3] & 0xff000000) <<  0);

  #endif
}


and


DECLSPEC void undo_utf16le_S (const u32 *in1, const u32 *in2, u32 *out)
{
  #if defined IS_NV

  out[0] = hc_byte_perm_S (in1[0], in1[1], 0x6420);
  out[1] = hc_byte_perm_S (in1[2], in1[3], 0x6420);
  out[2] = hc_byte_perm_S (in2[0], in2[1], 0x6420);
  out[3] = hc_byte_perm_S (in2[2], in2[3], 0x6420);

  #elif (defined IS_AMD || defined IS_HIP) && HAS_VPERM == 1

  out[0] = hc_byte_perm_S (in1[0], in1[1], 0x06040200);
  out[1] = hc_byte_perm_S (in1[2], in1[3], 0x06040200);
  out[2] = hc_byte_perm_S (in2[0], in2[1], 0x06040200);
  out[3] = hc_byte_perm_S (in2[2], in2[3], 0x06040200);

  #else

  out[0] = ((in1[0] & 0x000000ff) >>  0) | ((in1[0] & 0x00ff0000) >>  8)
        | ((in1[1] & 0x000000ff) << 16) | ((in1[1] & 0x00ff0000) <<  8);
  out[1] = ((in1[2] & 0x000000ff) >>  0) | ((in1[2] & 0x00ff0000) >>  8)
        | ((in1[3] & 0x000000ff) << 16) | ((in1[3] & 0x00ff0000) <<  8);
  out[2] = ((in2[0] & 0x000000ff) >>  0) | ((in2[0] & 0x00ff0000) >>  8)
        | ((in2[1] & 0x000000ff) << 16) | ((in2[1] & 0x00ff0000) <<  8);
  out[3] = ((in2[2] & 0x000000ff) >>  0) | ((in2[2] & 0x00ff0000) >>  8)
        | ((in2[3] & 0x000000ff) << 16) | ((in2[3] & 0x00ff0000) <<  8);

  #endif
}


when I use following to test the left/right rotate operation

u32 in1[4], in2[4], out[4];

in1[0] = 0x03020100;
in1[1] = 0x13121110;
in1[2] = 0x23222120;
in1[3] = 0x33323130;

in2[0] = 0x07060504;
in2[1] = 0x17161514;
in2[2] = 0x27262524;
in2[3] = 0x37363534;



undo_utf16be_S(in1, in2, out);

undo_utf16le_S(in1, in2, out);


the utf16be_S output is:

out[0] = 0x13110301
out[1] = 0x33312321
out[2] = 0x17150705
out[2] = 0x37352725

and the utf16le_S output is:

out[0] = 0x12100200
out[1] = 0x32302220
out[2] = 0x16140604
out[2] = 0x36342624

as the selector for utf16be_S is 0x4602, and the selector for utf16le_S is 0x6420,  the left/right rotate operation
result is not compatible with the selector operation result. 

I may have two issues, definitely one. Can someone look at this?

December 7, 2021, 6:51 pm
$
0
0
I've been trying to figure this out for hours the definite issue is I'm getting, "Time out is not disabled". I understand it needs the patch but I can't figure out how to do it at least not in a way I feel safe trying so if someone could explain that to me step by step I would be very grateful.
Now tonight defiantly isn't my night I'm using Windows 11 and for the past hour I have tried everything to copy a paste the field in the PowerShell but the dam thing wont let me so I have screenshots. My Windows 10 computer isn't set up for Hashcat it doesn't have a GPU.
I'm not going  to bother wasting your time with all the specs because they are in the field in the screenshots except for I'm using an AMD 3700X CPU and I already mentioned Windows 11.
My old rig had a 2070Super and was running in MH/s the 3070 OC is running KH/s I can't figure out the reason for any of these issues. With the 2070 I installed Cuda and I was off but this one has the mentioned problem and I'm getting, "Optimized kernel requested but not available or not required. Falling back to pure kernel". I don't have any idea if that's good or bad.
I'm attaching the four screenshots that show the output any help is greatly apricated.

Again I'm sorry about the screenshots I tried for an hour and I can't get anything to copy it selects like a champ but it wont copy at all.

.png   Screenshot (14).png (Size: 282.6 KB / Downloads: 1)

.png   Screenshot (15).png (Size: 318.23 KB / Downloads: 0)

.png   Screenshot (16).png (Size: 248.68 KB / Downloads: 0)

.png   Screenshot (17).png (Size: 334.98 KB / Downloads: 0)

How to extract passcode from iphone 6s?

December 8, 2021, 11:06 am
$
0
0
i have iphone 6s 
how to export hash passcode using the 26500 method?

https://github.com/tihmstar/uido2hashcat
there is this link, but how to work with the script?
I personally think that we should first compile this script, because it is in C++, and only then run it, and then I have no idea what is there

Debrief: Cracked Ethereum wallet - a beginners approach

December 8, 2021, 6:00 pm
$
0
0
Hi,

First of all I want to say thanks. Started my short hashcat journey a week ago to resolve a password to an old wallet file for Ethereum.

I struggled a bit to find the exact combined solution so I wanted to write this post in case it comes up for other users while searching. 
Mods: please feel free to delete if this doesn't add value to the forum.

My passwords tend to follow a predictable pattern. Some symbols, some letters, some numbers and some more symbols. 

I first made a list of all the words I commonly used in passwords over the last 10 years. This turned out to be less than 100 words. I put these in a text file which was called text.txt and put it in the same folder as hashcat main executable file.

I then created a rule set using the wiki documents. This would modify each text be adding the symbols before it and then adding some numbers, symbols at the end of it. 
I put each rule on a different line. Saved this as rule.txt and also placed it in the same folder.

Then (with help from searching the forums and the wiki and discord) I put in the following command in hashcat:
hashcat -a 0 text.txt -r rule.txt --stdout -o output.txt

This created an output.txt file of several thousand passwords that combined my words with all kinds of numbers and symbols that I would normally use when creating a password. This is what will be used in the crack. 

It is funny when you look at that output file you realize that many of those passwords could've been my password.

I converted my Ethereum wallet keystore information into the correct format using the same approach as this website:
https://stealthsploit.com/2017/06/12/eth...-cracking/
which is basically: `$ethereum$s*n*r*p*salt*ciphertext*mac`
I saved this in a text file called hasheth.txt and put this in the same folder as the other text files mentioned above.

I then ran the following command:
hashcat -w 3 -m 15700 hasheth.txt output.txt

About 70% through the process I got my successful cracked password notification.
Thank you folks Smile
Viewing all 7847 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>