oldoffice hash, pure kernel not found

January 20, 2022, 2:00 am

≫ Next: mode 10500 dictionary attack fails

≪ Previous: RAR5

$

0

0

Code:

C:\Users\XXX\Desktop\hashcat>hashcat.exe -m 9700 hash.txt pwlist.txt
hashcat (v6.2.5) starting

* Device #1: WARNING! Kernel exec timeout is not disabled.
            This may cause "CL_OUT_OF_RESOURCES" or related errors.
            To disable the timeout, see: https://hashcat.net/q/timeoutpatch
* Device #2: WARNING! Kernel exec timeout is not disabled.
            This may cause "CL_OUT_OF_RESOURCES" or related errors.
            To disable the timeout, see: https://hashcat.net/q/timeoutpatch
CUDA API (CUDA 11.6)
====================
* Device #1: NVIDIA GeForce GTX 1080, 7213/8191 MB, 20MCU

OpenCL API (OpenCL 3.0 CUDA 11.6.58) - Platform #1 [NVIDIA Corporation]
=======================================================================
* Device #2: NVIDIA GeForce GTX 1080, skipped

./OpenCL/m09700_a0-optimized.cl: Pure kernel not found, falling back to optimized kernel
Minimum password length supported by kernel: 0
Maximum password length supported by kernel: 15

Hashes: 1 digests; 1 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates
Rules: 1

Optimizers applied:
* Optimized-Kernel
* Zero-Byte
* Precompute-Init
* Not-Iterated
* Single-Hash
* Single-Salt

Watchdog: Temperature abort trigger set to 90c

Host memory required for this attack: 175 MB

Dictionary cache built:
* Filename..: pwlist.txt
* Passwords.: 100000
* Bytes.....: 851085
* Keyspace..: 99990
* Runtime...: 0 secs

The wordlist or mask that you are using is too small.
This means that hashcat cannot use the full parallel power of your device(s).
Unless you supply more work, your cracking speed will drop.
For tips on supplying more work, see: https://hashcat.net/faq/morework

Approaching final keyspace - workload adjusted.

Session..........: hashcat
Status...........: Exhausted
Hash.Mode........: 9700 (MS Office <= 2003 $0/$1, MD5 + RC4)
Hash.Target......: $oldoffice$0*cecb1e54d9XXXXXXXXXX*70a00...fd33c0
Time.Started.....: Thu Jan 20 17:41:07 2022 (0 secs)
Time.Estimated...: Thu Jan 20 17:41:07 2022 (0 secs)
Kernel.Feature...: Optimized Kernel
Guess.Base.......: File (pwlist.txt)
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........: 27166.6 kH/s (0.81ms) @ Accel:1024 Loops:1 Thr:32 Vec:1
Recovered........: 0/1 (0.00%) Digests
Progress.........: 99990/99990 (100.00%)
Rejected.........: 449/99990 (0.45%)
Restore.Point....: 99990/99990 (100.00%)
Restore.Sub.#1...: Salt:0 Amplifier:0-1 Iteration:0-1
Candidate.Engine.: Device Generator
Candidates.#1....: 123456 -> crossroad
Hardware.Mon.#1..: Temp: 38c Fan:  0% Util: 19% Core: 756MHz Mem:4911MHz Bus:16

Started: Thu Jan 20 17:41:05 2022
Stopped: Thu Jan 20 17:41:09 2022

Sorry, Im new to this, did I do something wrong? How can I crack the oldoffice hash?
Nvidia driver 511.23

---

mode 10500 dictionary attack fails

January 21, 2022, 3:57 pm

≫ Next: Change DES mode Module 14000

≪ Previous: oldoffice hash, pure kernel not found

$

0

0

Hello,

Dictionary attack in mode 10500 on the standard test hash (password "hashcat") fails to find the password even in relatively short wordlists: any dictionary longer than 20-25 words returns "Exhausted" although "hashcat" is on the list. 

Other modes don't seem to have this issue: I tested dictionary attacks in modes 0, 10600, 10700 with dictionaries up to 1 million words - all good. 

I'm running v6.2.4 from command line on a windows machine with the following options: 
>>hashcat.exe -m 10500 pdf10500hash.txt dict30.txt --potfile-disable

Any ideas? Thanks

Change DES mode Module 14000

January 22, 2022, 4:06 pm

≫ Next: Status Exhausted?

≪ Previous: mode 10500 dictionary attack fails

$

0

0

hi to the whole forum,
I was doing a test and I would need to modify hashcat in the DES part ... I have located the file that deals with the decrypt (m14000_a3-pure.cl). The change I would like to make is to have Hashcat decrypt the same keys it generates and then compare the result with the hash I give in input ... who can help me?

Status Exhausted?

January 22, 2022, 6:00 pm

≫ Next: Unable to crack a simple fake password with dictionary and dive.rule

≪ Previous: Change DES mode Module 14000

$

0

0

Very new, don't know much, I'd appreciate the help. I got files I need to crack the password to so I downloaded hashcat and when I ran it, the status was running for maybe 30 seconds then said exhausted. I thought brute forcing a hash goes till it finds something. I ran (hashcat.exe -m0 -a3 -o cracked.txt hash.txt) found that online.

Unable to crack a simple fake password with dictionary and dive.rule

January 13, 2022, 10:52 am

≫ Next: help for bruteforce

≪ Previous: Status Exhausted?

$

0

0

I'm learning how to use hashcat, I more or less understand how brute force attacks works, but I'm still struggling with the dictionary and rules attacks. 


So I created a md5 hash e7624f83b5aa81ca40b1a4d40b2288ae from the fake password "JohnSmith" ( without the quotes ) for testing.

Then I created a dictionary personal.dict with the words:

Code:

John
Smith

Then I tried to "crack" the hash with that dictionary and the dive.rule but hashcat finished without finding the password. I know I must be doing something wrong, but I can't find what.

Code:

hashcat -w 3 -m 0 -a 0 -r ./rules/dive.rule e7624f83b5aa81ca40b1a4d40b2288ae  ./dict/personal.dict

Code:

Session..........: hashcat                               
Status...........: Exhausted
Hash.Mode........: 0 (MD5)
Hash.Target......: e7624f83b5aa81ca40b1a4d40b2288ae
Time.Started.....: Thu Jan 13 19:49:23 2022 (0 secs)
Time.Estimated...: Thu Jan 13 19:49:23 2022 (0 secs)
Kernel.Feature...: Pure Kernel
Guess.Base.......: File (./dict/personal.dict)
Guess.Mod........: Rules (rules/dive.rule)
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........:  907.9 kH/s (0.47ms) @ Accel:256 Loops:256 Thr:64 Vec:1
Recovered........: 0/1 (0.00%) Digests
Progress.........: 198172/198172 (100.00%)
Rejected.........: 0/198172 (0.00%)
Restore.Point....: 2/2 (100.00%)
Restore.Sub.#1...: Salt:0 Amplifier:99072-99086 Iteration:0-256
Candidate.Engine.: Device Generator
Candidates.#1....: John.g -> Sm8ithSm8ith
Hardware.Mon.#1..: Temp: 42c Util: 47% Core:1740MHz Mem:5000MHz Bus:4

Update:
I just tried with best64.rule and combinator.rule and it doesn't find anything.  

For what I understand any of those rule sets should include one rule that put two words of the dictionary one after the other, shouldn't they?.

help for bruteforce

January 23, 2022, 12:18 am

≫ Next: crack ntlm hash

≪ Previous: Unable to crack a simple fake password with dictionary and dive.rule

$

0

0

Hello everyone, good morning! I would like to know how to brute force this string using all the letters of the latin alphabet and the numbers from zero to nine as i can't do it by myself.
$2y$10$CsgimnoQBfiIAvK/xpjBr.ZtVG21QPjeiaIL8MkNmtxM9EuDceiN3

crack ntlm hash

January 25, 2022, 9:34 am

≫ Next: Pound sign

≪ Previous: help for bruteforce

$

0

0

have around 250 hashes i crack with a rtx 3090 it working fine i noticed 6.2.5 was going a bit faster but i mean can i get it to 80000.1 MH

Session..........: hashcat
Status...........: Running
Hash.Mode........: 1000 (NTLM)
Hash.Target......: file.txt
Time.Started.....: Tue Jan 25 12:30:13 2022 (2 mins, 23 secs)
Time.Estimated...: Tue Jan 25 12:40:55 2022 (8 mins, 19 secs)
Kernel.Feature...: Optimized Kernel
Guess.Base.......: File (C:\Users\test\Desktop\hashcat-6.2.4\password.txt)
Guess.Mod........: Rules (rules\dive.rule)
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........: 23090.1 MH/s (14.00ms) @ Accel:256 Loops:128 Thr:128 Vec:1
Recovered........: 65/361 (18.01%) Digests
Progress.........: 3342368325242/14887038538632 (22.45%)
Rejected.........: 36377542266/3342368325242 (1.09%)
Restore.Point....: 32547754/150243612 (21.66%)
Restore.Sub.#1...: Salt:0 Amplifier:41344-41472 Iteration:0-128
Candidate.Engine.: Device Generator
Candidates.#1....: EDITH4444TTIDE -> f10ut!C
Hardware.Mon.#1..: Temp: 70c Fan: 49% Util: 98% Core:1674MHz Mem:9492MHz Bus:16


does that seem slow i did benchmark i found out 125gh but i was informed that at peak settings i mean its not slow but i felt that my radeon 6800 did almost the same

Pound sign

January 25, 2022, 10:25 am

≫ Next: Old Alfa AWUS036H for modern networks?

≪ Previous: crack ntlm hash

$

0

0

Hello there,
I think this was answered in a previous thread which I read ages ago and cant find it now.  How would you go about creating and hcmask to find this password P5£X?p*# . I tried running this ?u?d?s?u?s?l?s?s but found nothing. I then looked at the ?s and ?a and found there is no pound sign? So any password i created witht the £ hashcat failed me. Is there a noobs way of fixing this please.

Cheers Kev

---

Old Alfa AWUS036H for modern networks?

January 25, 2022, 12:56 pm

≫ Next: How to create a script that does the following....? (multiple hashings)

≪ Previous: Pound sign

$

0

0

Hi!

I can get cheap old Alfa AWUS036H 802.11b/g for learning purpuses. As I understand things modern wireless routers use at least n standard which that old usb modem does not support. Will that alfa be able to monitor newer routers or not? Package injection on n network probably wouldnt work?

Thx

How to create a script that does the following....? (multiple hashings)

January 25, 2022, 6:38 pm

≫ Next: Create new module phpbb2_convert

≪ Previous: Old Alfa AWUS036H for modern networks?

$

0

0

I'll try to explain what i'm trying to accomplish as detailed as possible;



1) I have an unknown string with keyspace of 8 char alphanum

2) I also have a *partially* known string with a few characters that are unknown [E.G abcdefgh_UNKNOWNPART_ijklmno]

the unknown characters of the partially known string are the uppercase md5 digest of the unknown 8 char alphanum string mentioned above

3) I also have a known md5 digest to compare against



So in essence i have a partially known password string and am trying to bruteforce the unknown portion of it.


So i need to brute force the 8char alphanum with MD5, it needs to be done in the following way:


- md5 hash the unknown 8 char string (1) [keyspace 8 char alphanum]
- convert the resulting md5 digest to all uppercase
- insert the resulting uppercase md5 digest within the *partially* known string(2) mentioned earlier E.G 

(abcdefgh_UPPER_CASE_MD5_DIGEST_ijklmno)

- hash this new string with MD5

- Compare the md5 digest of this newly hashed string against our known md5 digest (3) mentioned earlier.


How can this be accomplished with Hashcat, natively?

How much slower will this be than the expected ~1/2 speed of MD5 cracking (Since we're doing md5 twice in one script)


Here is a live simple example

Code:

unknown alphanum string = ******

partially known string = abcdef********************************ghijkl

known md5 digest = 1fde66f0c18416f2f7aa94b87f856d66



if our "unknown string" is 12345678, then our partially known string would end up looking like

abcdef25D55AD283AA400AF464C76D713C07ADghijkl


Therefore :


md5(abcdef25D55AD283AA400AF464C76D713C07ADghijkl) = 1fde66f0c18416f2f7aa94b87f856d66

Create new module phpbb2_convert

January 25, 2022, 9:35 pm

≫ Next: DES Decrypt Module 14000_a3-pure.cl

≪ Previous: How to create a script that does the following....? (multiple hashings)

$

0

0

Hello!
Please create new module phpbb2 convert to phpbb3:
Files:
https://github.com/phpbb/phpbb/tree/mast...convertors
phpBB/install/convertors/functions_phpbb20.php
phpBB/install/convertors/convert_phpbb20.php
Code:

PHP Code:

function phpbb_convert_password_hash($hash)
{
global $phpbb_container;

/* @var $manager \phpbb\passwords\manager */
$manager = $phpbb_container->get('passwords.manager');
$hash = $manager->hash($hash, '$H$');

return '$CP$' . $hash;
} 


Example hash:
$CP$phpbb3hash

Signature:
$CP$$H$

Algorithm:
phpass(phpass)

DES Decrypt Module 14000_a3-pure.cl

January 27, 2022, 6:01 am

≫ Next: Shop for advertising

≪ Previous: Create new module phpbb2_convert

$

0

0

Hello,

I wanted to ask something. This function encrypts Des.

DECLSPEC void DES (const u32 K00, ...........)
{
  KXX_DECL u32 k00, k01, k02, k03, k04, k05;
  KXX_DECL u32 k06, k07, k08, k09, k10, k11;
  KXX_DECL u32 k12, k13, k14, k15, k16, k17;
  KXX_DECL u32 k18, k19, k20, k21, k22, k23;
  KXX_DECL u32 k24, k25, k26, k27, k28, k29;
  KXX_DECL u32 k30, k31, k32, k33, k34, k35;
  KXX_DECL u32 k36, k37, k38, k39, k40, k41;
  KXX_DECL u32 k42, k43, k44, k45, k46, k47;

  #ifdef _unroll
  #pragma unroll
  #endif
  for (u32 i = 0; i < 2; i++)
  {
    if (i) KEYSET10 else KEYSET00

    s1(*D63 ^ k00, *D32 ^ k01, *D33 ^ k02, *D34 ^ k03, *D35 ^ k04, *D36 ^ k05, D08, D16, D22, D30);
    s2(*D35 ^ k06, *D36 ^ k07, *D37 ^ k08, *D38 ^ k09, *D39 ^ k10, *D40 ^ k11, D12, D27, D01, D17);
    s3(*D39 ^ k12, *D40 ^ k13, *D41 ^ k14, *D42 ^ k15, *D43 ^ k16, *D44 ^ k17, D23, D15, D29, D05);
    s4(*D43 ^ k18, *D44 ^ k19, *D45 ^ k20, *D46 ^ k21, *D47 ^ k22, *D48 ^ k23, D25, D19, D09, D00);
    s5(*D47 ^ k24, *D48 ^ k25, *D49 ^ k26, *D50 ^ k27, *D51 ^ k28, *D52 ^ k29, D07, D13, D24, D02);
    s6(*D51 ^ k30, *D52 ^ k31, *D53 ^ k32, *D54 ^ k33, *D55 ^ k34, *D56 ^ k35, D03, D28, D10, D18);
    s7(*D55 ^ k36, *D56 ^ k37, *D57 ^ k38, *D58 ^ k39, *D59 ^ k40, *D60 ^ k41, D31, D11, D21, D06);
    s8(*D59 ^ k42, *D60 ^ k43, *D61 ^ k44, *D62 ^ k45, *D63 ^ k46, *D32 ^ k47, D04, D26, D14, D20);

    if (i) KEYSET11 else KEYSET01

    s1(*D31 ^ k00, *D00 ^ k01, *D01 ^ k02, *D02 ^ k03, *D03 ^ k04, *D04 ^ k05, D40, D48, D54, D62);
    s2(*D03 ^ k06, *D04 ^ k07, *D05 ^ k08, *D06 ^ k09, *D07 ^ k10, *D08 ^ k11, D44, D59, D33, D49);
    s3(*D07 ^ k12, *D08 ^ k13, *D09 ^ k14, *D10 ^ k15, *D11 ^ k16, *D12 ^ k17, D55, D47, D61, D37);
    s4(*D11 ^ k18, *D12 ^ k19, *D13 ^ k20, *D14 ^ k21, *D15 ^ k22, *D16 ^ k23, D57, D51, D41, D32);
    s5(*D15 ^ k24, *D16 ^ k25, *D17 ^ k26, *D18 ^ k27, *D19 ^ k28, *D20 ^ k29, D39, D45, D56, D34);
    s6(*D19 ^ k30, *D20 ^ k31, *D21 ^ k32, *D22 ^ k33, *D23 ^ k34, *D24 ^ k35, D35, D60, D42, D50);
    s7(*D23 ^ k36, *D24 ^ k37, *D25 ^ k38, *D26 ^ k39, *D27 ^ k40, *D28 ^ k41, D63, D43, D53, D38);
    s8(*D27 ^ k42, *D28 ^ k43, *D29 ^ k44, *D30 ^ k45, *D31 ^ k46, *D00 ^ k47, D36, D58, D46, D52);

    if (i) KEYSET12 else KEYSET02

    s1(*D63 ^ k00, *D32 ^ k01, *D33 ^ k02, *D34 ^ k03, *D35 ^ k04, *D36 ^ k05, D08, D16, D22, D30);
    s2(*D35 ^ k06, *D36 ^ k07, *D37 ^ k08, *D38 ^ k09, *D39 ^ k10, *D40 ^ k11, D12, D27, D01, D17);
    s3(*D39 ^ k12, *D40 ^ k13, *D41 ^ k14, *D42 ^ k15, *D43 ^ k16, *D44 ^ k17, D23, D15, D29, D05);
    s4(*D43 ^ k18, *D44 ^ k19, *D45 ^ k20, *D46 ^ k21, *D47 ^ k22, *D48 ^ k23, D25, D19, D09, D00);
    s5(*D47 ^ k24, *D48 ^ k25, *D49 ^ k26, *D50 ^ k27, *D51 ^ k28, *D52 ^ k29, D07, D13, D24, D02);
    s6(*D51 ^ k30, *D52 ^ k31, *D53 ^ k32, *D54 ^ k33, *D55 ^ k34, *D56 ^ k35, D03, D28, D10, D18);
    s7(*D55 ^ k36, *D56 ^ k37, *D57 ^ k38, *D58 ^ k39, *D59 ^ k40, *D60 ^ k41, D31, D11, D21, D06);
    s8(*D59 ^ k42, *D60 ^ k43, *D61 ^ k44, *D62 ^ k45, *D63 ^ k46, *D32 ^ k47, D04, D26, D14, D20);

    if (i) KEYSET13 else KEYSET03

    s1(*D31 ^ k00, *D00 ^ k01, *D01 ^ k02, *D02 ^ k03, *D03 ^ k04, *D04 ^ k05, D40, D48, D54, D62);
    s2(*D03 ^ k06, *D04 ^ k07, *D05 ^ k08, *D06 ^ k09, *D07 ^ k10, *D08 ^ k11, D44, D59, D33, D49);
    s3(*D07 ^ k12, *D08 ^ k13, *D09 ^ k14, *D10 ^ k15, *D11 ^ k16, *D12 ^ k17, D55, D47, D61, D37);
    s4(*D11 ^ k18, *D12 ^ k19, *D13 ^ k20, *D14 ^ k21, *D15 ^ k22, *D16 ^ k23, D57, D51, D41, D32);
    s5(*D15 ^ k24, *D16 ^ k25, *D17 ^ k26, *D18 ^ k27, *D19 ^ k28, *D20 ^ k29, D39, D45, D56, D34);
    s6(*D19 ^ k30, *D20 ^ k31, *D21 ^ k32, *D22 ^ k33, *D23 ^ k34, *D24 ^ k35, D35, D60, D42, D50);
    s7(*D23 ^ k36, *D24 ^ k37, *D25 ^ k38, *D26 ^ k39, *D27 ^ k40, *D28 ^ k41, D63, D43, D53, D38);
    s8(*D27 ^ k42, *D28 ^ k43, *D29 ^ k44, *D30 ^ k45, *D31 ^ k46, *D00 ^ k47, D36, D58, D46, D52);

    if (i) KEYSET14 else KEYSET04

    s1(*D63 ^ k00, *D32 ^ k01, *D33 ^ k02, *D34 ^ k03, *D35 ^ k04, *D36 ^ k05, D08, D16, D22, D30);
    s2(*D35 ^ k06, *D36 ^ k07, *D37 ^ k08, *D38 ^ k09, *D39 ^ k10, *D40 ^ k11, D12, D27, D01, D17);
    s3(*D39 ^ k12, *D40 ^ k13, *D41 ^ k14, *D42 ^ k15, *D43 ^ k16, *D44 ^ k17, D23, D15, D29, D05);
    s4(*D43 ^ k18, *D44 ^ k19, *D45 ^ k20, *D46 ^ k21, *D47 ^ k22, *D48 ^ k23, D25, D19, D09, D00);
    s5(*D47 ^ k24, *D48 ^ k25, *D49 ^ k26, *D50 ^ k27, *D51 ^ k28, *D52 ^ k29, D07, D13, D24, D02);
    s6(*D51 ^ k30, *D52 ^ k31, *D53 ^ k32, *D54 ^ k33, *D55 ^ k34, *D56 ^ k35, D03, D28, D10, D18);
    s7(*D55 ^ k36, *D56 ^ k37, *D57 ^ k38, *D58 ^ k39, *D59 ^ k40, *D60 ^ k41, D31, D11, D21, D06);
    s8(*D59 ^ k42, *D60 ^ k43, *D61 ^ k44, *D62 ^ k45, *D63 ^ k46, *D32 ^ k47, D04, D26, D14, D20);

    if (i) KEYSET15 else KEYSET05

    s1(*D31 ^ k00, *D00 ^ k01, *D01 ^ k02, *D02 ^ k03, *D03 ^ k04, *D04 ^ k05, D40, D48, D54, D62);
    s2(*D03 ^ k06, *D04 ^ k07, *D05 ^ k08, *D06 ^ k09, *D07 ^ k10, *D08 ^ k11, D44, D59, D33, D49);
    s3(*D07 ^ k12, *D08 ^ k13, *D09 ^ k14, *D10 ^ k15, *D11 ^ k16, *D12 ^ k17, D55, D47, D61, D37);
    s4(*D11 ^ k18, *D12 ^ k19, *D13 ^ k20, *D14 ^ k21, *D15 ^ k22, *D16 ^ k23, D57, D51, D41, D32);
    s5(*D15 ^ k24, *D16 ^ k25, *D17 ^ k26, *D18 ^ k27, *D19 ^ k28, *D20 ^ k29, D39, D45, D56, D34);
    s6(*D19 ^ k30, *D20 ^ k31, *D21 ^ k32, *D22 ^ k33, *D23 ^ k34, *D24 ^ k35, D35, D60, D42, D50);
    s7(*D23 ^ k36, *D24 ^ k37, *D25 ^ k38, *D26 ^ k39, *D27 ^ k40, *D28 ^ k41, D63, D43, D53, D38);
    s8(*D27 ^ k42, *D28 ^ k43, *D29 ^ k44, *D30 ^ k45, *D31 ^ k46, *D00 ^ k47, D36, D58, D46, D52);

    if (i) KEYSET16 else KEYSET06

    s1(*D63 ^ k00, *D32 ^ k01, *D33 ^ k02, *D34 ^ k03, *D35 ^ k04, *D36 ^ k05, D08, D16, D22, D30);
    s2(*D35 ^ k06, *D36 ^ k07, *D37 ^ k08, *D38 ^ k09, *D39 ^ k10, *D40 ^ k11, D12, D27, D01, D17);
    s3(*D39 ^ k12, *D40 ^ k13, *D41 ^ k14, *D42 ^ k15, *D43 ^ k16, *D44 ^ k17, D23, D15, D29, D05);
    s4(*D43 ^ k18, *D44 ^ k19, *D45 ^ k20, *D46 ^ k21, *D47 ^ k22, *D48 ^ k23, D25, D19, D09, D00);
    s5(*D47 ^ k24, *D48 ^ k25, *D49 ^ k26, *D50 ^ k27, *D51 ^ k28, *D52 ^ k29, D07, D13, D24, D02);
    s6(*D51 ^ k30, *D52 ^ k31, *D53 ^ k32, *D54 ^ k33, *D55 ^ k34, *D56 ^ k35, D03, D28, D10, D18);
    s7(*D55 ^ k36, *D56 ^ k37, *D57 ^ k38, *D58 ^ k39, *D59 ^ k40, *D60 ^ k41, D31, D11, D21, D06);
    s8(*D59 ^ k42, *D60 ^ k43, *D61 ^ k44, *D62 ^ k45, *D63 ^ k46, *D32 ^ k47, D04, D26, D14, D20);

    if (i) KEYSET17 else KEYSET07

    s1(*D31 ^ k00, *D00 ^ k01, *D01 ^ k02, *D02 ^ k03, *D03 ^ k04, *D04 ^ k05, D40, D48, D54, D62);
    s2(*D03 ^ k06, *D04 ^ k07, *D05 ^ k08, *D06 ^ k09, *D07 ^ k10, *D08 ^ k11, D44, D59, D33, D49);
    s3(*D07 ^ k12, *D08 ^ k13, *D09 ^ k14, *D10 ^ k15, *D11 ^ k16, *D12 ^ k17, D55, D47, D61, D37);
    s4(*D11 ^ k18, *D12 ^ k19, *D13 ^ k20, *D14 ^ k21, *D15 ^ k22, *D16 ^ k23, D57, D51, D41, D32);
    s5(*D15 ^ k24, *D16 ^ k25, *D17 ^ k26, *D18 ^ k27, *D19 ^ k28, *D20 ^ k29, D39, D45, D56, D34);
    s6(*D19 ^ k30, *D20 ^ k31, *D21 ^ k32, *D22 ^ k33, *D23 ^ k34, *D24 ^ k35, D35, D60, D42, D50);
    s7(*D23 ^ k36, *D24 ^ k37, *D25 ^ k38, *D26 ^ k39, *D27 ^ k40, *D28 ^ k41, D63, D43, D53, D38);
    s8(*D27 ^ k42, *D28 ^ k43, *D29 ^ k44, *D30 ^ k45, *D31 ^ k46, *D00 ^ k47, D36, D58, D46, D52);
  }
}



Is it possible to have the same function that the decrypt does? Thanks in advance

Shop for advertising

January 27, 2022, 11:15 am

≫ Next: Known String - Sequential Loop

≪ Previous: DES Decrypt Module 14000_a3-pure.cl

$

0

0

Hello,
is there an official shop for Hoodies / stickers / ... ?

Known String - Sequential Loop

January 27, 2022, 7:50 pm

≫ Next: Brute-Forcing KeePass 1.x kdb file - cracked-lib-words failed...Where do I go now?

≪ Previous: Shop for advertising

$

0

0

I've spent a fair amount of time trying to find the answer before reaching out, but maybe someone can help me out. 

I need a specific mask/attack based on the following. 
I know the password is derived from a specific set of characters, in a specific order. But I'd like to loop through all possibilities, for example:

If the complete string is: *j?nXt*WR9?e>o>
I would like to cycle through
*
*j
*j?
....etc.

Further, then I would like to begin with the second character:
j
j?
j?n
....etc. 
Continuing on of course with each next character in the string.  
This would be easy enough to do manually, however the string is 120+ characters.
If there's a specific term or thread that has already explained this, I would appreciate a pointer. 

Thanks!

Brute-Forcing KeePass 1.x kdb file - cracked-lib-words failed...Where do I go now?

January 28, 2022, 3:28 pm

≫ Next: Help-Mode does nothing - ctrl-c gets me back to PowerShell prompt

≪ Previous: Known String - Sequential Loop

$

0

0

I'm lost just like Axl Rose is.

I am new to the hashcat application but it looks very cool. I downloaded it and installed it and then I downloaded the cracklib-words file which is about 16MB of pre-generated (or simply known) dictionary passwords.

It failed to get my KeePass 1.x password back to me.

So, what do I do now...look for bigger dictionary files or what?

---

Help-Mode does nothing - ctrl-c gets me back to PowerShell prompt

January 29, 2022, 6:21 am

≫ Next: RX 580 and Windows

≪ Previous: Brute-Forcing KeePass 1.x kdb file - cracked-lib-words failed...Where do I go now?

$

0

0

I am on Windows 11 executing hashcat.exe in a Windows PowerShell prompt.

When I issue the command: ".\hashcat.exe --help" the software replies with the response: "hashcat (v6.2.5) starting in help mode" but then it's like the screen is frozen. I have to literally ctrl-c to exit back to the PS command prompt. Am I missing something here?

Picture of PowerShell command prompt

RX 580 and Windows

January 29, 2022, 7:49 am

≫ Next: How mod Des for decryptation?

≪ Previous: Help-Mode does nothing - ctrl-c gets me back to PowerShell prompt

$

0

0

Hi everyone,

i am currently trying to get Hashcat to use my AMD RX 580. I have the latest Adrenalin drivers installed. This is the output from hashcat -I:

hashcat (v6.2.5) starting in backend information mode

Unsupported AMD HIP runtime version '4.0' detected! Falling back to OpenCL...

OpenCL Info:
============

OpenCL Platform ID #1
  Vendor..: Intel(R) Corporation
  Name....: Intel(R) OpenCL HD Graphics
  Version.: OpenCL 3.0

  Backend Device ID #1
    Type...........: GPU
    Vendor.ID......: 8
    Vendor.........: Intel(R) Corporation
    Name...........: Intel(R) UHD Graphics 750
    Version........: OpenCL 3.0 NEO
    Processor(s)...: 32
    Clock..........: 1300
    Memory.Total...: 12953 MB (limited to 2047 MB allocatable in one block)
    Memory.Free....: 6432 MB
    OpenCL.Version.: OpenCL C 1.2
    Driver.Version.: 27.20.100.9415

OpenCL Platform ID #2
  Vendor..: Advanced Micro Devices, Inc.
  Name....: AMD Accelerated Parallel Processing
  Version.: OpenCL 2.1 AMD-APP (3302.6)

  Backend Device ID #2
    Type...........: GPU
    Vendor.ID......: 1
    Vendor.........: Advanced Micro Devices, Inc.
    Name...........: Radeon RX 580 Series
    Version........: OpenCL 2.0 AMD-APP (3302.6)
    Processor(s)...: 36
    Clock..........: 1340
    Memory.Total...: 4096 MB (limited to 3264 MB allocatable in one block)
    Memory.Free....: 3968 MB
    OpenCL.Version.: OpenCL C 2.0
    Driver.Version.: 3302.6 (PAL,HSAIL)
    PCI.Addr.BDF...: 02:00.0


Is there anything wrong with the AMD Driver? And how would I tell hashcat to use the RX 580?


Thanks!

How mod Des for decryptation?

January 29, 2022, 11:43 am

≫ Next: TrueCrypt - Can I supply the encrypted container file on the command line?

≪ Previous: RX 580 and Windows

$

0

0

I would need some information to modify the m14000_a3-pure.cl file to get the decrypt des

just reversing order of the keyset on linee 1515 to 1530?

like this :

any example? Best regards

TrueCrypt - Can I supply the encrypted container file on the command line?

January 30, 2022, 7:31 am

≫ Next: Device kernel image is invalid

≪ Previous: How mod Des for decryptation?

$

0

0

I want to know if the hashcat software supports getting the hash for me if I supply the encrypted container file on the commandline?

Because, that's what I've been trying and I am not having any success in hashcat cracking my "known" password.

I'm giving hashcat all characters of my password except 1 letter and it's not finding the password. But the target.hash shows up as the encrypted container file and not the hash itself, so I would really like to see this software update the user better about what it found and what it is doing. Like, "Processing encrypted container", "Found Encrypted Container Hash", and show the real hash target and not just the filename.

The flexibility to allow the dumb end-user to provide the TrueCrypt/VeraCrypt container name and have the hashcat get the hash for them would be incredibly wonderful.

Is this functionality present now, and can it be in the future?

Thanks for reading!

Device kernel image is invalid

January 30, 2022, 9:03 am

≫ Next: AMD Radeon 7850/R7 265 not showing up - Help

≪ Previous: TrueCrypt - Can I supply the encrypted container file on the command line?

$

0

0

Hi all,

I have a problem when running hashcat on Windows 10x64. Here are my setup and versions:

Windows 10x64
AMD Ryzen 7 5800X 8-Core Processor
Nvidia GeForce RTX 2080 Super
Nvidia Game Ready Driver 511.23
Cuda Toolkit 11.6.0_511.23
Hashcat 6.2.5

Here is the message I have when I try to run a benchmark:

Code:

E:\Tools\hashcat-6.2.5>hashcat -b -m 22000
hashcat (v6.2.5) starting in benchmark mode

Benchmarking uses hand-optimized kernel code by default.
You can use it in your cracking session by setting the -O option.
Note: Using optimized kernel code limits the maximum supported password length.
To disable the optimized kernel code in benchmark mode, use the -w option.

* Device #1: WARNING! Kernel exec timeout is not disabled.
            This may cause "CL_OUT_OF_RESOURCES" or related errors.
            To disable the timeout, see: https://hashcat.net/q/timeoutpatch
* Device #2: WARNING! Kernel exec timeout is not disabled.
            This may cause "CL_OUT_OF_RESOURCES" or related errors.
            To disable the timeout, see: https://hashcat.net/q/timeoutpatch
CUDA API (CUDA 11.6)
====================
* Device #1: NVIDIA GeForce RTX 2080 SUPER, 7137/8191 MB, 48MCU

OpenCL API (OpenCL 3.0 CUDA 11.6.58) - Platform #1 [NVIDIA Corporation]
=======================================================================
* Device #2: NVIDIA GeForce RTX 2080 SUPER, skipped

Benchmark relevant options:
===========================
* --optimized-kernel-enable

-------------------------------------------------------------
* Hash-Mode 22000 (WPA-PBKDF2-PMKID+EAPOL) [Iterations: 4095]
-------------------------------------------------------------

cuModuleLoadDataEx(): device kernel image is invalid

* Device #1: Kernel ./OpenCL/markov_le.cl load failed. Error Log:

error  : Binary format for key='0', ident='' is not recognized


* Device #1: Kernel ./OpenCL/markov_le.cl build failed.

Started: Sun Jan 30 11:43:51 2022
Stopped: Sun Jan 30 11:44:03 2022

Before I installed Cuda 11.6, I had Cuda 11.4 and my whole PC just crashed (black screen no cursor, keyboard and mouse RGB went off...) when I tried to run a benchmark. Any tips ?

Thank you