I have a rather stupid question regarding the bruteforce attack. When specifying ?d?d?d?d?d?d?d, does that include up to 7 characters in length or only 7 characters in length?
↧
bruteforce characterlimit
↧
How to Bruteforce a part-known string?
Hello,
I am pretty new to hashcat, the GUI is not working for me because of syntax errors, so I found out how to use the textmode.
My question: How to define a specific word which I know for sure, that it is a part of the string?
My command looks something like this. (lets say that the string I search is: "test2013")
But the process build up like this.
?l
?l?l
?l?l?l
?l?l?l?l
?l?l?l?l2
?l?l?l?l20
?l?l?l?l201
?l?l?l?l2013
but I should look like this
?l2013
?l?l2013
?l?l?l2013
?l?l?l?l2013
to make the process faster. Because it useless to try
2
20
201
2013
because I know for sure the part "2013" is in the string.
How to do this?
thanks
I am pretty new to hashcat, the GUI is not working for me because of syntax errors, so I found out how to use the textmode.
My question: How to define a specific word which I know for sure, that it is a part of the string?
My command looks something like this. (lets say that the string I search is: "test2013")
Code:
hashcat-cli32.exe -m 0 -a 3 -o found.txt hash.txt "?l?l?l?l2013"But the process build up like this.
?l
?l?l
?l?l?l
?l?l?l?l
?l?l?l?l2
?l?l?l?l20
?l?l?l?l201
?l?l?l?l2013
but I should look like this
?l2013
?l?l2013
?l?l?l2013
?l?l?l?l2013
to make the process faster. Because it useless to try
2
20
201
2013
because I know for sure the part "2013" is in the string.
How to do this?
thanks
↧
↧
Tesla K20 (Kepler GK110) benchmark
Ran cudaHashcat-lite64 in benchmark mode on a dual K20 system (stock clocks), thought I'd share the results with the community here:
Edit: ran again in benchmark-mode 1 instead of 0
Edit: ran again in benchmark-mode 1 instead of 0
Code:
--- Benchmark @ 2x Tesla K20m, 2x Xeon E5-2630, 128G RAM ---
~/oclHashcat-lite-0.15# ./cudaHashcat-lite64.bin -b --benchmark-mode 1
Device #1: Tesla K20m, 4799MB, 705Mhz, 13MCU
Device #2: Tesla K20m, 4799MB, 705Mhz, 13MCU
Hash.Type....: MD5
Speed.GPU.#*.: 8287.0M/s
Hash.Type....: md5($pass.$salt)
Speed.GPU.#*.: 8293.3M/s
Hash.Type....: Joomla
Speed.GPU.#*.: 8010.9M/s
Hash.Type....: SHA1
Speed.GPU.#*.: 2848.8M/s
Hash.Type....: SHA-1(Base64), nsldap, Netscape LDAP SHA
Speed.GPU.#*.: 2848.8M/s
Hash.Type....: sha1($pass.$salt)
Speed.GPU.#*.: 2848.8M/s
Hash.Type....: SSHA-1(Base64), nsldaps, Netscape LDAP SSHA
Speed.GPU.#*.: 2849.4M/s
Hash.Type....: Oracle 11g
Speed.GPU.#*.: 2869.0M/s
Hash.Type....: MSSQL(2000)
Speed.GPU.#*.: 2866.5M/s
Hash.Type....: MSSQL(2005)
Speed.GPU.#*.: 2867.9M/s
Hash.Type....: MySQL
Speed.GPU.#*.: 1535.0M/s
Hash.Type....: MD4
Speed.GPU.#*.: 14037.5M/s
Hash.Type....: md4($pass.$salt)
Speed.GPU.#*.: 14018.6M/s
Hash.Type....: NTLM
Speed.GPU.#*.: 13385.2M/s
Hash.Type....: DCC, mscash
Speed.GPU.#*.: 4286.3M/s
Hash.Type....: SHA256
Speed.GPU.#*.: 1364.8M/s
Hash.Type....: sha256($pass.$salt)
Speed.GPU.#*.: 1365.4M/s
Hash.Type....: descrypt, DES(Unix), Traditional DES
Speed.GPU.#*.: 77328.4k/s
Hash.Type....: SHA512
Speed.GPU.#*.: 213.8M/s
Hash.Type....: sha512($pass.$salt)
Speed.GPU.#*.: 213.8M/s
Hash.Type....: Cisco-PIX MD5
Speed.GPU.#*.: 5904.8M/s
Hash.Type....: Double MD5
Speed.GPU.#*.: 2327.9M/s
Hash.Type....: vBulletin < v3.8.5
Speed.GPU.#*.: 2327.9M/s
Hash.Type....: vBulletin > v3.8.5
Speed.GPU.#*.: 1241.7M/s
Hash.Type....: IPB2+, MyBB1.2+
Speed.GPU.#*.: 1678.4M/s
Hash.Type....: LM
Speed.GPU.#*.: 1198.9M/s
Hash.Type....: Oracle 7-10g
Speed.GPU.#*.: 309.4M/s
Hash.Type....: SHA-3(Keccak)
Speed.GPU.#*.: 178.2M/s
Hash.Type....: Half MD5
Speed.GPU.#*.: 5630.2M/s
Hash.Type....: NetNTLMv1-VANILLA / NetNTLMv1+ESS
Speed.GPU.#*.: 4064.7M/s
Hash.Type....: NetNTLMv2
Speed.GPU.#*.: 627.1M/s
Hash.Type....: Cisco-IOS SHA256
Speed.GPU.#*.: 1365.0M/s↧
Catalyst 13.1 Installation Issues
So, I'm pretty sure I'm missing something ridiculously simple with as long as I've been spinning my wheels on this, but I keep getting errors after driver installation on the latest Kali release. I've searched various forums, and the closest I've seen to my situation is thread 2222 here with eljolot's walkthrough - but he's on different architecture.
System as follows:
I have followed eljolot's instructions to the letter (or at least, disregarding a few typos he made made and architectural differences) and got a positive output after installing, but I receive the following error when attempting to run clinfo, fglrxinfo, or my aticonfig --initial:
My research suggested this was due to incorrect linking of the openCL libs; to that end, I attempted to create a symlink for /usr/lib64/libOpenCL.so.1 (and /usr/lib/libOpenCL.so.1 on another installation attempt) but I continue receiving the error.
I followed this up with a manual install of the AMD-APP package package after further investigation; no change.
Since I'm clearly not making any headway, I figured it was time to seek outside help. Any assistance at all would be greatly appreciated. If I need to provide provide any further information, just let me know.
Cheers.
System as follows:
- Debian 3.7.2-0+kali6 x86_64
- AMD 7970
- AMD FX-4170
I have followed eljolot's instructions to the letter (or at least, disregarding a few typos he made made and architectural differences) and got a positive output after installing, but I receive the following error when attempting to run clinfo, fglrxinfo, or my aticonfig --initial:
Code:
clinfo: error while loading shared libraries: libOpenCL.so.1: wrong ELF class: ELFCLASS32My research suggested this was due to incorrect linking of the openCL libs; to that end, I attempted to create a symlink for /usr/lib64/libOpenCL.so.1 (and /usr/lib/libOpenCL.so.1 on another installation attempt) but I continue receiving the error.
I followed this up with a manual install of the AMD-APP package package after further investigation; no change.
Since I'm clearly not making any headway, I figured it was time to seek outside help. Any assistance at all would be greatly appreciated. If I need to provide provide any further information, just let me know.
Cheers.
↧
Is HD 7790 Supported ?
Is ati hd 7790 supported by oclhashcat?
I checked this:
http://hashcat.net/forum/thread-919.html
It wasn't listed but said newer cards work. They are fairly cheap.
I checked this:
http://hashcat.net/forum/thread-919.html
It wasn't listed but said newer cards work. They are fairly cheap.
↧
↧
buying GPU
I want to buy
SAPPHIRE HD6670 1GB GDDR5 PCI-E HDMI / DVI-D / VGA FULL
will it good for hash cracking ?
I am a n00b. Please help. My budget is too low.
SAPPHIRE HD6670 1GB GDDR5 PCI-E HDMI / DVI-D / VGA FULL
will it good for hash cracking ?
I am a n00b. Please help. My budget is too low.
↧
Interessting converation on IRC
Tonight there was an interessting conversation on #hashcat IRC. A User "jnpplf" who's new to hashcat joined and asked couple of questions that we often see from people who have some background on hashcracking but either come from other tools or were not active in the hashcracking world for a few years and have outdated information.
I think it's an interessting read so I asked for epixoip's and jnpplf's permission to post it here and they agreed.
I think it's an interessting read so I asked for epixoip's and jnpplf's permission to post it here and they agreed.
Code:
jnpplf (~jnpplf@unaffiliated/jnpplf) has joined #hashcat
jnpplf If my password dictionary is a) numeric only, and b) huge, is there any feasible way of storing it in something that supports integer storage to save space, but also be able to use it with hashcat?
jnpplf Rough math, I believe that would make my wordlist 186GB as text (though I have others that would require much, much more space), or 78GB as ints
epixoip doesn't make any sense to have a large numeric-only dictionary
epixoip straight wordlist attacks are slower than brute force, and brute forcing digits is fast.
epixoip single 7970 can do len 1 - 12 in just over 3m
jnpplf So, use a mask to 'generate' the numbers?
epixoip yes
jnpplf That makes sense
epixoip for example, -a 3 -i ?d?d?d?d?d?d?d?d?d?d?d?d
jnpplf How much benefit would I see from precomputing the hashes?
epixoip zero
jnpplf Really?
epixoip there's a reason we don't use rainbow tables anymore.
jnpplf Is this a disk speed thing?
epixoip no, it's a "tmto is impractical and slow" thing
epixoip gpus have by and large deprecated rainbow tables
jnpplf Interesting. How about if the hashes are generated with some hardcore key stretching / bcrypt with high rounds?
jnpplf I'm off of my original question and into theory now, apparently my info is way out of date
epixoip you can't have a rainbow table for bcrypt anyway
epixoip or any other salted algorithm
epixoip so that question does not apply
jnpplf Oh, you can't run bcrypt without a salt?
epixoip nope
epixoip nor would you want to
jnpplf Also news to me.
jnpplf catches up to 3 years ago
jnpplf Rainbow tables are /really/ redundant?
epixoip yes
jnpplf Dang.
epixoip no one uses them anymore
jnpplf Well that's an item crossed off of my todo list :)
epixoip haha
jnpplf Don't suppose you have a link to the tmto for rainbow tables being redundant so I can read up on it?
epixoip it's common knowledge, don't know if anyone has bothered to write about it
jnpplf It's not THAT common
epixoip it is among password crackers.
epixoip it's not really something you need to read much about. just do the math
jnpplf If I were trivially capable of doing that math, I probably wouldn't be here
epixoip rainbow tables are large, inflexbile, and you have to have one set per length, and per algorithm. they also don't scale well at all with multiple hashes.
epixoip gpus are fast, flexbile, and scale linearly
jnpplf Interesting. Maybe I'll just spend my time getting better with hashcat's mask syntax then
epixoip good idea
jnpplf So if I wanted to, say, crack (dog|cat)1234, would I have to run two separate attempts? I can't figure out a way of writing a mask to match that.
jnpplf That's supposed to be a logical OR rather than a literal
epixoip you wouldn't use a mask attack for that
epixoip you'd use a hybrid attack
jnpplf dictionary + mask
jnpplf I seeeeeeeee
epixoip right
jnpplf Good stuff, thanks
jnpplf : dont read on it, do a benchmark, digit wordlist vs gpu bruteforcing
epixoip no worries
jnpplf oo, had another question before I shut up
jnpplf What if the second half of the password is derived from the first half? I could pipe in valid values somehow, but that means I don't apply either the mask or dictionary? Just generate something from a shell script and get hashcat to accept external input?
epixoip oclhashcat supports reading from stdin
epixoip cpu hashcat can read from a named pipe
jnpplf so generate_passwords.sh > oclhashcat [...] will work?
epixoip |, not >
epixoip but yes
jnpplf Would | be for cpu hashcat?
jnpplf wouldn't*
epixoip no
epixoip for cpu hashcat you'd have to use mkfifo to create a named pipe
epixoip then specify the name of the pipe as a wordlist
jnpplf Ah. Funky, and beyond my understanding.
epixoip generate_passwords.sh > oclhashcat would replace the contents of the oclhashcat binary with the output of generate_passwords.sh
jnpplf so totally_optimised_awesome_script | oclhashcat -awesome_args is my best bet
jnpplf epixoip, good point
epixoip yep
jnpplf Any idea what the fastest language might be for generating those? I feel like bash isn't the best candidate.
jnpplf Or, alternatively, is that not going to be the bottleneck?
epixoip doesn't matter
epixoip it's going to be slow regardless
jnpplf slow?
jnpplf That's exactly what I don't want.
epixoip it's unavoidable in this instance, as you're generating plains on the cpu and then transferring them to the gpu
epixoip you will not be able to fully utilize the gpu in this instance
jnpplf Unless I could pregenerate the list ;)
jnpplf Or is the CPU still faster?
epixoip straight wordlist attacks are also slow on gpu
epixoip becuase you're not giving them enough work
epixoip in order to fully utilize gpus with wordlists you have to add rules
epixoip for straight wordlist attacks, gpu is either same speed or slower than cpu
jnpplf Hmmm, doesn't look like any of the rules would help in my scenario
epixoip you could always write your own rules, if needed.
jnpplf that's the maskprocessor stuff?
epixoip external mask processor
epixoip standalone implementation of the hashcat mask engine
jnpplf Hmmmmmmmm. So the rules still rely on hashcat's mask formatting, which rules out appending the derived part of the password. Might be able to speed up the prefix generation though?
jnpplf Not sure it would help versus using a dictionary for prefixes as they're known
epixoip no
epixoip the rules are used with wordlists, and have their own syntax. it's a small programming language, really.
epixoip see http://hashcat.net/wiki/doku.php?id=rule_based_attack
jnpplf My problem is that, while the rules look suitably wonderful, the help for maskprocessor makes it look extremely limited
epixoip the rules have nothing to do with maskprocessor
epixoip mask processor is just for processing masks.
epixoip the two have nothing to do with eachother
jnpplf Oh
epixoip maskprocessor is mostly so that you can add hashcat's mask functionality to other programs, like pyrit or john the ripper.
jnpplf "Using maskprocessor to generate rules"
jnpplf That's confusing :p
epixoip oh
epixoip yeah i suppose that is misleading
epixoip english is atom's second language so you will have to forgive him.
epixoip oh no no
epixoip i see what you're referring to
epixoip in that instance, that's actually using mask processor to help you generate repetitive rules
epixoip which is most certainly valid
epixoip like if you wanted to generate a rule that appended two lower alpha to each word in a word list
epixoip you wouldn't want to type that shit by hand
jnpplf Wouldn't that just be a hybrid attack though?
jnpplf dictionary + 2 alpha as a mask?
epixoip so you can just use mask processor to generate the rule file for you: ./mp '$?l$?l'
epixoip yeah, but in some instances you can't use a hybrid attack
epixoip then you can use multi-rules
epixoip in some cases it's also more efficient to use rules than hybrid attack
epixoip such as when using mask + dict with a very small mask
epixoip in that case it would be much more efficient to use rules
jnpplf But if the mask is long, it's more efficient to use the hybrid?
epixoip yes
epixoip if possible
jnpplf Brain is about to crawl out of my ear :p
epixoip what if you want to use a hybird attack + rules?
epixoip can't do it
epixoip but you can use rule chaining
epixoip anyway that's not really maskprocessor's raison d'etre, that was really just mentioned as an aside
epixoip just something neat that you could do with mp
jnpplf The examples on the rule attack page make it look like it's most effective if you're trying to fuzz the wordlist. If the format is fairly predictable, does that make it less useful?
epixoip you could also accomplish the same thing with a shell one-liner, but it would be slower.
epixoip if the format is predictable then you can simply write predicatble rules
jnpplf OK, this is going to be much easier if I just explain what I'm doing :p
epixoip for example, if the algorithm is md5(strtoupper(pass)), then you can use the single rule 'u' for all of your attacks
jnpplf dict + known number of digits + single character checksum
epixoip ok, in that case just use -a 6
epixoip what charset is the checksum comprised of?
jnpplf numeric
epixoip ok so then it's really just dict + known number of digits
epixoip -a 6 dict.txt ?d?d?d?d?d
epixoip or whateer
jnpplf Would that be faster than calculating the final digit?
epixoip yes, much faster
jnpplf So I'm solving the wrong problem :p
epixoip with hybrid attacks, the canddiates are generated on the gpu, enabling full acceleration
jnpplf So the GPU would have to be over 10 times faster than the CPU to make that worthwhile
epixoip and the extra digit on the end only adds 1^10 complexity
epixoip yes
epixoip and the GPU is a lot more than 10 times faster than the CPU
jnpplf Interesting.
epixoip in the case of MD5, GPU is probably 100x faster than CPU
epixoip maybe more
jnpplf This is more likely to be SHA-1
jnpplf Just because 2013 :)
epixoip sha-1 should be about 60x faster than cpu
jnpplf And that assumes a nice saucy AMD card, rather than my midrange NVIDIA?
jnpplf ATI*, I guess
epixoip that doesn't mean much. raw md5 is still the most widely used algorithm for password storage, even in 2013.
epixoip amd is correct. ati doesn't exist anymore.
epixoip and yes, those figures are for a 7970
jnpplf I know, but I rarely see them called AMD cards
epixoip we call them amd cards here
jnpplf Check you guys out :p
epixoip nvidia sucks for password cracking, so it definitely won't be 60x faster
epixoip but it will probably be at least 10x faster than cpu
jnpplf But then the AMD benchmarks seem to be about 6 times faster than CUDA
vn but it rocks for gaming
jnpplf Also that :p
epixoip who plays games?
vn not you, obviously.
epixoip obviously.
jnpplf Worst case, as long as using the GPU isn't obviously horrible compared to the CPU, even with cuda, I'd write for AMD and then offload the processing to someone with an AMD card
jnpplf Or 4, as this case may be :)
jnpplf That said, EC2 offers some GPU nodes now, right? Are they AMD based?
epixoip no
epixoip they're super old teslas
epixoip and telsas are worse than their GT* counterparts for crypto
epixoip ec2 is a massive waste of money if you intend to use it for password cracking
epixoip if this is something you plan to do often, go pick up a cheap AMD gpu, like a 7950
epixoip costs less than an ec2 gpu instance.
epixoip 10x the performance
jnpplf I am learning all the things this evening
epixoip good, good
jnpplf Is this related to your day job?
epixoip yes.
jnpplf infosec, or specificially hash cracking?
jnpplf Stricture? :)
epixoip yes, stricture
jnpplf Oh cool. I've sent some business your way :)
epixoip orly?
jnpplf Well, in truth I've referred people to you
jnpplf It may not have become business
epixoip right on, we appreciate it
jnpplf You're the only company I know of that does it as a core offering
epixoip yup
epixoip i don't know of any others, either
epixoip although we're trying to get into hardware sales as well
jnpplf ASICs, or just selling people 7950s? :p
epixoip no, not asics. just dedicated clusters
epixoip we have a few customers we're building clusters for now, using 7970s and 7990s
jnpplf Why would someone buy a cluster of commodity hardware?
epixoip it's not commodity hardware
epixoip we use enterprise grade hardware with commodity gpus, and a warranty
epixoip we use commodity gpus because there's no better option for crypto
epixoip some would say firepro would be more "appropriate," but our customers don't want to spend 4x as much for half the performance.
epixoip and i don't blame them, i certainly wouldn't advise them to do it
jnpplf Had never heard of them until now.
epixoip firepro?
jnpplf Yeah
jnpplf Just googled them up
epixoip that's amd's professional workstation and server product line
epixoip but they still use the same GPUs as the radeon line
epixoip just underclocked
jnpplf So how many people are at Stricture? 1 - 10 on LinkedIn, but only one with a profile
epixoip 5
jnpplf Interesting
jnpplf Time to go fumble my way through some masks then, I guess
epixoip i already gave you the mask :P
jnpplf Yeah but I'm a spaz ;)
epixoip -a 6 dict ?d?d?d?d?d
epixoip plug n play
epixoip (that's assuming it's word + 4 digits + 1 digit checksum)
jnpplf If I need to go through a few different masks/dicts, is there an obvious efficiency to trying to get them all going in the same execution?
epixoip alter mask appropriately.
epixoip yeah. the more work you give it, the more of the gpu you will utilize
epixoip you have to keep it busy to make efficient use of it
jnpplf So... if my dict were (it isn't) one digit long
jnpplf In fact, ignore that
jnpplf If I know the first n characters of a password, at what point does it become more efficient to use a dictionary versus a mask?
jnpplf Can my mask contain a constant?
epixoip yes, your mask can contain a constant
jnpplf So all passwords begin with 'j', use j?d?d
epixoip yup
epixoip and if that's the case, then it would be more efficient to use a mask
jnpplf How about ja..jc?
epixoip -1 abc j?1?d?d/d...
epixoip er, ? not /
jnpplf And still faster than a dictionary?
epixoip yes
epixoip the mask engine generates candidates on the gpu
epixoip which makes it very fast
jnpplf So this comes back to the 10x / 60x / Nx speed increase of the GPU over the CPU?
epixoip right.
jnpplf So I'd need the keyspace of the additional mask to be 60 or more values if my GPU were 60x faster than my CPU
epixoip i'm not sure what you mean
jnpplf Oh, erm...
jnpplf So if I'm cracking dict + mask, it becomes more efficient to use mask+mask as long as the first mask isn't generating more than 60 candidate values
jnpplf assuming a 60x speed increase on the GPU
epixoip no
jnpplf balls
epixoip that only applies if you're doing additional work
epixoip like in the case of just brute forcing the checksum
epixoip we'd have to 1^10 additional work
epixoip if you're doing a straight mask like in the example above, then it would still only be 1^10 additional complexity over the script that calculates the checksum.
jnpplf Sure
jnpplf So.... you're saying the dictionary is FASTER than the mask as a prefix?
epixoip the mask attack will always be much faster than a dictionary or hybrid attack because all of the canddiates are generated on the GPU, there's no memory or host-to-device transfering happening.
epixoip no.
jnpplf So why would you ever use a dictionary?
epixoip because most people don't crack plaintexts that follow some defined pattern like this
epixoip i'm speaking to your specific case, where you have this one specific pattern that you're exploiting
jnpplf OK, so say I'm cracking 8 digit numeric only
jnpplf Oh wait
jnpplf COnfusing myself, gimme a sec :p
epixoip 8 digit numeric you would absolutely want to do a mask attack, no question
jnpplf What if part of it were predictable though?
jnpplf Yep, did it again
epixoip then you have a choice
jnpplf That's when you use the static mask :p
epixoip right
epixoip you can use constants in the mask, or you can do hybrid
jnpplf I think my brain's hitting its new info limit
epixoip the former would likely be faster
epixoip let me give you some advice: stop talking/thinking about it, and just go try it :P
jnpplf Yeah
epixoip once you start doing it you will understand
jnpplf I've done it before, I was looking for efficiency improvements :)
epixoip there are several different ways to skin this cat
epixoip if you know that the password is exactly 8 characters long, starts with a j, and ends in 5 digits, then mask attack is the obvious choice
epixoip you can just blow through it with j?l?l?d?d?d?d?d
jnpplf If it were 8-starting-with-j or 9-starting-with-x, would I run 2 separate jobs or try to force that into a mask?
epixoip two separate masks
epixoip the attacks will run very quickly
jnpplf Does hashcat accept multiple masks in one run?
epixoip no
epixoip but you can use a for loop
epixoip for m in j?l?l?d?d?d?d?d x?l?l?l?d?d?d?d?d; do ./hashcat -a 3 $m ; done
jnpplf Gotcha
jnpplf OK, that's all I'm going to ask :)
jnpplf Going to go melt my lovely graphics card
jnpplf Thanks a lot for the help
epixoip :)
epixoip no worries
epixoip have fun!
jnpplf rages into the wilderness
jnpplf -a 6 -1 abc hashes.txt j?1?d?d?d... doesn't run
jnpplf Just gives me a syntax error
jnpplf Same if I shift -1 abc to after the hashfile name
jnpplf headdesks
jnpplf Wait. I'm missing the hash type.
jnpplf hnnnngh, it always takes me ages to figure out how many args I'm supposed to be passing to this thing
epixoip using sha1 right?
jnpplf Yeah
jnpplf I added the hash type
jnpplf It was acting like it didn't have enough args, I split my mask into two and it tries to open one half as a file...
epixoip ./hashcat -m 120 -n 80 -u 1024 -o jnpplf.pot hash.txt -a 6 -1 abc hashes.txt j?1?d?d?d
epixoip oh
epixoip i just copy/pasted your line
epixoip and i see your problem
epixoip er nm, no i don't.
jnpplf hash.txt, hashes.txt?
epixoip er yes i do
epixoip sorry, i'm tired
epixoip you're using -a 6 instead of -a 3
epixoip and hash.txt, hashes.txt, whatever your file is called
jnpplf Well you have both, is my point
jnpplf You have an output, an input, and something else
epixoip that's because i just copy/pasted your line and tacked it on mine without reading it :)
jnpplf Ah
jnpplf Seems to be running now :)
epixoip ./hashcat -m 120 -n 80 -u 1024 -o jnpplf.pot hash.txt -a 3 -1 abc j?1?d?d?d
jnpplf That's the ticket, though without the performance args at the moment
jnpplf ooo, this is 550MH/s, versus the 300 or so I was getting with my original approach. Fun :)
epixoip add the performance args, should be able to get a bit more.
jnpplf GPU is 99% util
epixoip sure, but -u for example optimizes the number of loops per iteration.
epixoip so you will still likely see better performance
jnpplf Those args are 100% indecipherable to me ;) I'll try with though
jnpplf Seems a tiny bit faster
jnpplf 555 vs 553 at first glance
jnpplf Computer running like crap ;)
epixoip what gpu is this?
jnpplf 660Ti
epixoip ah
jnpplf That's also on a single hash
epixoip oh you're doing a single ahsh?
jnpplf Will generate a whole crapload to test against later
epixoip you don't want to use -plus then
jnpplf Just trying to get stuff stood up for now
epixoip you want to use -lite
jnpplf I don't even have lite. Separately download?
epixoip yes
epixoip lite is optimized for brute forcing a single hash
jnpplf I'm surprised they're separate binaries though
jnpplf Surely that would be easy to switch in code
jnpplf After all, it knows I'm doing a single hash because I had to use --force
epixoip completely different code base
jnpplf Oh really?
r4d1x not it isnt
epixoip no?
jnpplf grabs popcorn
epixoip atom told me they were quite different
r4d1x sry my reply was to "Surely that would be easy to switch in code"
epixoip oh oh okay :)
jnpplf Ah
epixoip you had me very confused :P
r4d1x epixoip: have you tried running amd and nvidia in the same box at all?
epixoip not with hashcat, but with multiforcer we have
epixoip or were you asking at an os level, like installing drivers for both and having xorg see both
r4d1x just wondering if you had tried with hashcat
epixoip ah. no i've not tried with hashcat
r4d1x might have to throw a 580 in and see what happens
jnpplf Hmm. If I write a mask of j?1?d?d?d..., where -1 is abc, that will only try ja, jb, jc, right? Not jab, jac, jabc...
r4d1x so, im listening to JFK tower, and the controller asks this guy to turn left into a storm, pilot comes back, I'm not turning into that storm, controller repeats turn left, pilot declares emergency, controller says he cant, pilots repeats declaring an emergency, controller clears him to land
jnpplf I've got 1 constant, second character is a choice of 2, 3rd onwards should all be ?d, but my Plain.Text starts with ****
r4d1x moral of the story, if you dont want to comply with the controller, declare and emergency
r4d1x s/and/an
epixoip jnpplf: yes, that's correct. it would only try ja, jb, jc, and not jab, jac, jabc, etc.
jnpplf In fact, why would Plain.Text not show me the full value being tested anyway?
epixoip r4d1x: that's awesome
r4d1x I know right?
r4d1x turn left
r4d1x no
r4d1x turn left
r4d1x FUCK YOU
r4d1x cleared to land
epixoip jnpplf: because it's trying 550 million combinations per second; you want it should print all 550 million of them? :)
jnpplf Then what
jnpplf 's Plain.Text even used for?
epixoip to give you a rough indication of where you are.
jnpplf Starting from the back? :-/
jnpplf Surely the first 4 digits are the most important
jnpplf Hmmm, something is up.
jnpplf Why, if I gave it a 10 digit mask, did it try 8 digits?
jnpplf Exhausted that, moved onto 9
r4d1x becuse you didnt set --pw-min=10
r4d1x lite assumes you want to increment
jnpplf I assumed the length was defined by the number of characters I put in the mask
jnpplf Ah
epixoip are you doing cpu or gpu?
epixoip oh you'r eusing lite
jnpplf I am now, yeah
epixoip right, lite increments
jnpplf Gotcha.
jnpplf But the mask will work fine on its own in plus?
r4d1x unless you specify --increment
jnpplf Freaky :p
epixoip yeah, plus requires an explicit switch (-i) to enable incrementing
r4d1x well, when that increment stuff was added I raised hell
r4d1x but I dont care about lite
epixoip yeah i don't like autoincrement
jnpplf Neither do I, normally
jnpplf This would explain why the progress values were so fast ;)↧
AMD cards
Hello, I have 2 video cards( 6520G (512Mb) and 6750M (1024Mb) ). Hashcat defines them as (Device #1: BeaverCreek, 256MB, 400Mhz, 4MCU; Device #2: Turks, 512MB, 400Mhz, 6MCU ). How to make so that the cards were used to the full?
↧
Ability to select BSSID/ESSID/handshake
When attempting to crack multiple WPA2 handshakes, does Hashcat crack them one at a time? I am assuming this is how it works.
Also, does anyone know of a good way to extract / split the .cap or .hccap file based on handshakes?
Also, does anyone know of a good way to extract / split the .cap or .hccap file based on handshakes?
↧
↧
Four Way Handshake. How many ways ?
Hello guys, how many ways is necessary of the 4-way handshake to be able brute-force it ?
I made a research and some guys tells that 2 ways (1,2 ) is enought, but other guys tells that at least 3 ways of 4.
Could you tell me how many ways is necessary for Hashcat-plus
and the Max lenght password can i do with it ?
Thanks Dudes.
I made a research and some guys tells that 2 ways (1,2 ) is enought, but other guys tells that at least 3 ways of 4.
Could you tell me how many ways is necessary for Hashcat-plus
and the Max lenght password can i do with it ?
Thanks Dudes.
↧
Filter current wordlists by length of the password
Hi all! I tried looking around but can't seem to find a command to specifically say like I want to filter out a list of passwords from a large wordlist if it is 8 characters and above (example).
I am not sure if any tools exist out there that can achieve this, I read something before but I lost the page so I can't find it anymore.
How do you guys generate/sort your dictionaries by length? (Not talking about crunch or whatever full character generation of dicts)
Appreciate the comments!
I am not sure if any tools exist out there that can achieve this, I read something before but I lost the page so I can't find it anymore.
How do you guys generate/sort your dictionaries by length? (Not talking about crunch or whatever full character generation of dicts)
Appreciate the comments!
↧
Deriving Salt used in Hash
I'm new to hashcat and wondering if it is the right tool for this job:
Given a known input text string - 16 digit number (not a password),
and a known output hashed string (11 bytes).
I need to determine the algorithm and salt used to generate the hash.
I think it is MD5 with a salt, but not certain.
Can I use hashcat to do this ?
Given a known input text string - 16 digit number (not a password),
and a known output hashed string (11 bytes).
I need to determine the algorithm and salt used to generate the hash.
I think it is MD5 with a salt, but not certain.
Can I use hashcat to do this ?
↧
GPU recommendation for the IBM System x iDataPlex dx360 M4
Hello
Our university is going to build a HPC-cluster with some IBM System x iDataPlex dx360 M4. :-) Unfortunately instead of AMD GPU's they are probably going to order the Intel Xeon Phi 5110P when it becomes available. In the meantime we can make some tests with common GPU cards...
The dx360M4 does currently support the following GPU's:
- NVIDIA Tesla K20
- NVIDIA Tesla K20X
- NVIDIA VGX K1
- NVIDIA VGX K2
- NVIDIA Tesla K10
- NVIDIA Tesla M2090, 6 GB GDDR5
- NVIDIA Tesla M2070Q
- NVIDIA Quadro 5000, 2.5 GB GDDR5
see http://www.redbooks.ibm.com/abstracts/tips0878.html#gpu
Question:
What AMD/ATI GPU would you suggest for a IBM dx360M4- and hashcat-environment?
Please check an the attachment "IBM-dx360M4_15231A.jpg" with a md5 of 71e2e63900749e418b3562c789677c73
in order to understand the PCIe tray configuration possibility of that machine.
Thank you very much for any help/feedback!
John
![.jpg]()
IBM-dx360M4_15231A.jpg (Size: 47.58 KB / Downloads: 10)
Our university is going to build a HPC-cluster with some IBM System x iDataPlex dx360 M4. :-) Unfortunately instead of AMD GPU's they are probably going to order the Intel Xeon Phi 5110P when it becomes available. In the meantime we can make some tests with common GPU cards...
The dx360M4 does currently support the following GPU's:
- NVIDIA Tesla K20
- NVIDIA Tesla K20X
- NVIDIA VGX K1
- NVIDIA VGX K2
- NVIDIA Tesla K10
- NVIDIA Tesla M2090, 6 GB GDDR5
- NVIDIA Tesla M2070Q
- NVIDIA Quadro 5000, 2.5 GB GDDR5
see http://www.redbooks.ibm.com/abstracts/tips0878.html#gpu
Question:
What AMD/ATI GPU would you suggest for a IBM dx360M4- and hashcat-environment?
Please check an the attachment "IBM-dx360M4_15231A.jpg" with a md5 of 71e2e63900749e418b3562c789677c73
in order to understand the PCIe tray configuration possibility of that machine.
Thank you very much for any help/feedback!
John
IBM-dx360M4_15231A.jpg (Size: 47.58 KB / Downloads: 10)
↧
↧
Basics
Hi,
i'm quite new to hashcat and password cracking so have a little patience with me...
setup:
Intel - 4770k
gigabyte 680GTX
32 GB 2400mhz
crucial ssd
when i try to crack a MD5 Hash i get speed around 2601M/s.
basics:
Q1:
what is the main difference between oclHashcat-plus and lite ?
it seems that plus can do the same stuff like lite, so whats the purpose of the lite version ? when exactly would i choose lite instead of plus ?
Q2:
it seems that hashcat only uses CPU power, why would i ever use this old method ? only if i dont have the proper hardware or is there any other reason ?
Q3:
is there any significant speed difference between a windows8 system and lets say the same hardware powered by ubuntu ?
Q4:
sometimes i stumble over "Forceware", isnt that just an old term for nvidia drivers ? or are they some special drivers around i/we should install to get even better performance ?
i've a lot more questions but let's start with that![Smile]( "Smile")
i'm quite new to hashcat and password cracking so have a little patience with me...
setup:
Intel - 4770k
gigabyte 680GTX
32 GB 2400mhz
crucial ssd
when i try to crack a MD5 Hash i get speed around 2601M/s.
basics:
Q1:
what is the main difference between oclHashcat-plus and lite ?
it seems that plus can do the same stuff like lite, so whats the purpose of the lite version ? when exactly would i choose lite instead of plus ?
Q2:
it seems that hashcat only uses CPU power, why would i ever use this old method ? only if i dont have the proper hardware or is there any other reason ?
Q3:
is there any significant speed difference between a windows8 system and lets say the same hardware powered by ubuntu ?
Q4:
sometimes i stumble over "Forceware", isnt that just an old term for nvidia drivers ? or are they some special drivers around i/we should install to get even better performance ?
i've a lot more questions but let's start with that
↧
Feature request: WEP cracking.
I have been reading this thread requesting WEP attack with OCLHashCat-Plus:
http://hashcat.net/forum/thread-966.html
As long as it is closed, I have reopened another thread here.
I agree with it: +1 for this idea.
It could be interesting to check WEP acceleration: right now I get 20-30.000 keys/second using aircrack-ng. Maybe I could achieve 2x that speed with GPU?
http://hashcat.net/forum/thread-966.html
As long as it is closed, I have reopened another thread here.
I agree with it: +1 for this idea.
It could be interesting to check WEP acceleration: right now I get 20-30.000 keys/second using aircrack-ng. Maybe I could achieve 2x that speed with GPU?
↧
[SOLVED] Hardware support: AMD FirePro
Great job for supporting different types of GPUs.
It would be great if you can support OpenCL GPUs processing by AMD FirePro cards.
I have AMD FirePro V5900 on Linux which use AMD Proprietary Linux x86 Display Driver V 9.0 (http://support.amd.com/us/gpudownload/fi...inux.aspx)
Hahcat-plus call from example script shows Segmentation fault.
Other outputs:
Also with --force option:
Tests with JavaOpenCL (JOCL) has passed, winch means that driver support OpenCL correctly.
It would be great if you can support OpenCL GPUs processing by AMD FirePro cards.
I have AMD FirePro V5900 on Linux which use AMD Proprietary Linux x86 Display Driver V 9.0 (http://support.amd.com/us/gpudownload/fi...inux.aspx)
Hahcat-plus call from example script shows Segmentation fault.
Other outputs:
Code:
./oclHashcat-plus64.bin -t 32 -a 7 example0.hash ?a?a?a?a example.dict --gpu-temp-disable
oclHashcat-plus v0.14 by atom starting...
Hashes: 6494 total, 1 unique salts, 6494 unique digests
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes
Workload: 256 loops, 80 accel
Watchdog: Temperature abort trigger disabled
Watchdog: Temperature retain trigger disabled
Device #1: Cayman, 1024MB, 600Mhz, 8MCU
STOP! Unsupported or bad installed GPU driver version detected!Also with --force option:
Code:
oclHashcat-plus v0.14 by atom starting...
Hashes: 6494 total, 1 unique salts, 6494 unique digests
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes
Workload: 256 loops, 80 accel
Watchdog: Temperature abort trigger disabled
Watchdog: Temperature retain trigger disabled
Device #1: Cayman, 1024MB, 600Mhz, 8MCU
Device #1: Kernel ./kernels/4098/m0000_a1.Cayman_1124.2_1124.2.kernel not found in cache! Building may take a while...
ERROR: ./kernels/4098/m0000_a1.VLIW4.llvmir: No such file or directoryTests with JavaOpenCL (JOCL) has passed, winch means that driver support OpenCL correctly.
↧
Will ATI 7790 be supported soon ?
Will ATI 7790 be supported soon ?
Thank you.
Thank you.
↧
↧
clsetkernelarg error
I upgraded to Catalyst 13.6 and later realized that hashcat wont run in this version so I got AMD uninstall tool to purge the drivers and everything, reinstalled catalyst 13.1 but now I got a clsetkernelarg error.
![[Image: hashcat_error.PNG]]()
Any idea of what I can do to fix this?
thx in advance
![[Image: hashcat_error.PNG]](http://best-practice.se/dump/hashcat_error.PNG)
Any idea of what I can do to fix this?
thx in advance
↧
Opencl.dll is missing
I did a complete removal of drivers using amd catalyst install manager and driver fusion. I then re-installed catalyst 13-1. Using hd6870.
c:\oclHashcat-plus-0.14>oclHashcat-plus32.exe -m 2500 -d 1 -o key 25342_1370543398.hccap g:\noname2
System error: The program can't start because OpenCL.dll is missing from your computer. Try reinstalling the program to fix this problem.
I'm new to AMD so could someone give me a plan?
![[Image: H1vvehb.jpg]]()
c:\oclHashcat-plus-0.14>oclHashcat-plus32.exe -m 2500 -d 1 -o key 25342_1370543398.hccap g:\noname2
System error: The program can't start because OpenCL.dll is missing from your computer. Try reinstalling the program to fix this problem.
I'm new to AMD so could someone give me a plan?
![[Image: H1vvehb.jpg]](http://i.imgur.com/H1vvehb.jpg)
↧
NTLM and Line Length
Hello,
I am a new user to hashcat-plus, but I want to get better. My question is about NTLM input. I have a large list of hashes in the following format:
sys:$NT$7f8fe03093ccxxxx67b109625f6bbf4b
I have tried a bunch of different formats but -m 1000 (NTLM) seems to be the only one that I can get to work, and the only way I can get it to work is to delete the username:$NT$. Other than that I get a line-length exception.
I saw another thread: (https://hashcat.net/forum/thread-2047.html) that explained the format, and it does not look like mine at all. I dont think I am using the right format, but I have tried everything windows related.
Does hashcat have a format that will support the username:$NT$?
jtr has a format 'nt' that works really well, but I want to put my GPUs to work.
Thanks,
Chinchilla
I am a new user to hashcat-plus, but I want to get better. My question is about NTLM input. I have a large list of hashes in the following format:
sys:$NT$7f8fe03093ccxxxx67b109625f6bbf4b
I have tried a bunch of different formats but -m 1000 (NTLM) seems to be the only one that I can get to work, and the only way I can get it to work is to delete the username:$NT$. Other than that I get a line-length exception.
I saw another thread: (https://hashcat.net/forum/thread-2047.html) that explained the format, and it does not look like mine at all. I dont think I am using the right format, but I have tried everything windows related.
Does hashcat have a format that will support the username:$NT$?
jtr has a format 'nt' that works really well, but I want to put my GPUs to work.
Thanks,
Chinchilla
↧