I'm getting "separator unmatched" errors even with the generic example hash on the wiki (https://hashcat.net/wiki/doku.php?id=example_hashes). Of course this is going to be something silly and noobarrasing. Can anyone just chuck that hash in and see if it's happening for you as well? What's the proper command line to load/run that hash?
↧
Radmin3 (v3.5) separator unmatched...
↧
Algorithm for algorithm
I know my plaintext password, salt, and hash that appears to be sha512 (128 hexadecimal characters). However using any of the hashcat built-in algorithms don't give the expected hash.
Is there any systemized/programmatic way (i.e. algorithm) I can go about finding the algorithm without the source code, or is this just guess-and-check/lost cause?
Is there any systemized/programmatic way (i.e. algorithm) I can go about finding the algorithm without the source code, or is this just guess-and-check/lost cause?
↧
↧
cuda module hashcat
I want to create a hashcat module
Can modules written in the CUDA language also be included in Hashcat?
Does it have to be an openCL language?
please let me know
Can modules written in the CUDA language also be included in Hashcat?
Does it have to be an openCL language?
please let me know
↧
I want to measure the performance (speed) of the Hashcat module
I want to measure the performance (speed) of the Hashcat module
In addition to comparing hash values in the Hashcat module, I am curious about the time it takes to run the pure module once.
Can you tell me how to do it?
In addition to comparing hash values in the Hashcat module, I am curious about the time it takes to run the pure module once.
Can you tell me how to do it?
↧
Wrong result
I have run Hascat on a MD5 non-salt hash and received a result.
Hash: a1f7d15040d36119c17157fc8e5a430e
Result: 0hfwzuse
I used the following prompt: hashcat.exe -m 0 -a 3 hashes.txt -O
However, the result it not correct.
Is it possible there is another longer password that matches the same hash?
Hash: a1f7d15040d36119c17157fc8e5a430e
Result: 0hfwzuse
I used the following prompt: hashcat.exe -m 0 -a 3 hashes.txt -O
However, the result it not correct.
Is it possible there is another longer password that matches the same hash?
↧
↧
typo scenario password cracking
Hi guys, help me please, have a password in which I can make a mistake
Example : Coca-Cola1985
I could have placed my finger on a adjacent symbol, a space could have accidentally be typed, accidentally I could press shift or caps lock, or a letter could be skiped
How would l a rule that combines all these specifications would look like in a command line, or what should I do to solve this problem, previously thank you![Smile]( "Smile")
Example : Coca-Cola1985
I could have placed my finger on a adjacent symbol, a space could have accidentally be typed, accidentally I could press shift or caps lock, or a letter could be skiped
How would l a rule that combines all these specifications would look like in a command line, or what should I do to solve this problem, previously thank you
↧
VeraCrypt test
Hello!
There is an encrypted VeraCrypt system disk. One os. AES+Whirlpool. I know the password. I decided to try hacking through a hashcut.
I'm loading through Linux.
sudo dd if=/dev/nvme0n1 of=data skip=31744 bs=512 count=1
hashcat -m 13731 -a 3 data 'Pass?s'
But there is no result.
Disk nvme.
100MB EFI System
16MB Microsoft reserved
237GB Micr. basic data
Is the hash definition problem?
There is an encrypted VeraCrypt system disk. One os. AES+Whirlpool. I know the password. I decided to try hacking through a hashcut.
I'm loading through Linux.
sudo dd if=/dev/nvme0n1 of=data skip=31744 bs=512 count=1
hashcat -m 13731 -a 3 data 'Pass?s'
But there is no result.
Disk nvme.
100MB EFI System
16MB Microsoft reserved
237GB Micr. basic data
Is the hash definition problem?
↧
mask brute force
Hello,
I want to know what is the instance on Amazon aws for crack the wpa2 key 22000 ?
i want to test this one : hashcat.exe -m 22000 -a 3 handshake.hc22000 a?a?a?a?a?a?a?a?
or the command for only a-z and 0-9. How long it takes ? thanks.
I want to know what is the instance on Amazon aws for crack the wpa2 key 22000 ?
i want to test this one : hashcat.exe -m 22000 -a 3 handshake.hc22000 a?a?a?a?a?a?a?a?
or the command for only a-z and 0-9. How long it takes ? thanks.
↧
Cable Management
Hey everyone,
i‘m starting to build an 19“ Cracking-Rig with 3x 40490.
I‘m not sure how i will manage the power-cable Management.
Will it be better to put all power-cables together with a strip (better airflow, but perhabs it could get very hot for the cables) or should i leave every powe-cable for itselve?
..sorry for my bad english an greetz from Germany.
i‘m starting to build an 19“ Cracking-Rig with 3x 40490.
I‘m not sure how i will manage the power-cable Management.
Will it be better to put all power-cables together with a strip (better airflow, but perhabs it could get very hot for the cables) or should i leave every powe-cable for itselve?
..sorry for my bad english an greetz from Germany.
↧
↧
Stuck on Hashcat
Hello,
I've been working on a project and I finally got a computer with can run Hashcat on Windows. Current I managed to find it in my directory through cmd. The issue is, is that I can't execute the program. Whenever I try, it says that 'hashcat64.exe', is not recognized as an internal or external command, operable program or batch file. I tried moving hash to to my Systems32 but no dice. What can I do to fix this error?
I've been working on a project and I finally got a computer with can run Hashcat on Windows. Current I managed to find it in my directory through cmd. The issue is, is that I can't execute the program. Whenever I try, it says that 'hashcat64.exe', is not recognized as an internal or external command, operable program or batch file. I tried moving hash to to my Systems32 but no dice. What can I do to fix this error?
↧
[-m 16300] HOW: multiple hashes with the same salt
Hi,
I need to work with hashes of this type (Ethereum Pre-Sale Wallet, PBKDF2-HMAC-SHA256):
$ethereum$w*100...00*ab...00*cd...00
$ethereum$w*200...00*ab...00*cd...00
peculiarity of these hashes is that only one character in the "ecseed" field is different; everything else (ethaddr, bkp) is the same. As a result, I get a warning: "This hash mode plugin cannot crack multiple hashes with the same salt, please select one of the hashes."
Hm. How to process many (thousands) of hashes with the same salt in 16300 mode?
Thanks for your attention.
I need to work with hashes of this type (Ethereum Pre-Sale Wallet, PBKDF2-HMAC-SHA256):
$ethereum$w*100...00*ab...00*cd...00
$ethereum$w*200...00*ab...00*cd...00
peculiarity of these hashes is that only one character in the "ecseed" field is different; everything else (ethaddr, bkp) is the same. As a result, I get a warning: "This hash mode plugin cannot crack multiple hashes with the same salt, please select one of the hashes."
Hm. How to process many (thousands) of hashes with the same salt in 16300 mode?
Thanks for your attention.
↧
Securenotes2hashcat.pl is not extracting some of my hashes
Can anybody help me in extracting my remaining hashes. I extracted all the hashes but the last two of my hashes were not extracted correctly. The iterations are zero and the hashes are not accepted on hashcat how come I circumvent this! Thank You!
↧
KaliLinux CUDA NVRTC_ERROR_INVALID_OPTION
Hello ![Smile]( "Smile")
I'm on the latest The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali) Linux (brand new install).
I have an old GPU, so I installed "legacy nvidia driver", the latest one, which supports my GPU, and still receives updates.
The compatible CUDA version is indicated to be 11.4 (not only as the output of nvidia-smi but also in the official documentation).
When I run hashcat to use CUDA, I unfortunately run into the following issue:
What did I do wrong?
Is there any information you need that I haven't provided? Please don't hesitate![Smile]( "Smile")
Thank you very much for your help!
I'm on the latest The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali) Linux (brand new install).
Code:
─$ cat /proc/version
Linux version 6.6.15-amd64 (devel@The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali).org) (gcc-13 (Debian 13.2.0-13) 13.2.0, GNU ld (GNU Binutils for Debian) 2.42) #1 SMP PREEMPT_DYNAMIC The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali) 6.6.15-2kali1 (2024-04-09)I have an old GPU, so I installed "legacy nvidia driver", the latest one, which supports my GPU, and still receives updates.
Code:
─$ hashcat -I
hashcat (v6.2.6) starting in backend information mode
CUDA Info:
==========
CUDA.Version.: 11.4
Backend Device ID #1
Name...........: NVIDIA GeForce GTX 870M
Processor(s)...: 7
Clock..........: 967
Memory.Total...: 3018 MB
Memory.Free....: 2299 MB
Local.Memory...: 48 KB
PCI.Addr.BDFe..: 0000:01:00.0
OpenCL Info:
============
OpenCL Platform ID #1
Vendor..: The pocl project
Name....: Portable Computing Language
Version.: OpenCL 3.0 PoCL 5.0+debian Linux, None+Asserts, RELOC, SPIR, LLVM 16.0.6, SLEEF, DISTRO, POCL_DEBUG
Backend Device ID #2
Type...........: CPU
Vendor.ID......: 128
Vendor.........: GenuineIntel
Name...........: cpu-haswell-Intel(R) Core(TM) i7-4710MQ CPU @ 2.50GHz
Version........: OpenCL 3.0 PoCL HSTR: cpu-x86_64-pc-linux-gnu-haswell
Processor(s)...: 8
Clock..........: 3500
Memory.Total...: 13866 MB (limited to 2048 MB allocatable in one block)
Memory.Free....: 6901 MB
Local.Memory...: 256 KB
OpenCL.Version.: OpenCL C 1.2 PoCL
Driver.Version.: 5.0+debianCode:
─$ nvidia-smi
Thu May 16 11:30:38 2024
+-----------------------------------------------------------------------------+
| NVIDIA-SMI 470.239.06 Driver Version: 470.239.06 CUDA Version: 11.4 |
|-------------------------------+----------------------+----------------------+
| GPU Name Persistence-M| Bus-Id Disp.A | Volatile Uncorr. ECC |
| Fan Temp Perf Pwr:Usage/Cap| Memory-Usage | GPU-Util Compute M. |
| | | MIG M. |
|===============================+======================+======================|
| 0 NVIDIA GeForce ... Off | 00000000:01:00.0 N/A | N/A |
| N/A 63C P5 N/A / N/A | 704MiB / 3018MiB | N/A Default |
| | | N/A |
+-------------------------------+----------------------+----------------------+
+-----------------------------------------------------------------------------+
| Processes: |
| GPU GI CI PID Type Process name GPU Memory |
| ID ID Usage |
|=============================================================================|
| No running processes found |
+-----------------------------------------------------------------------------+The compatible CUDA version is indicated to be 11.4 (not only as the output of nvidia-smi but also in the official documentation).
When I run hashcat to use CUDA, I unfortunately run into the following issue:
Code:
─$ hashcat -m 0 -a 0 hash.txt /usr/share/wordlists/fasttrack.txt
hashcat (v6.2.6) starting
* Device #1: This hardware has outdated CUDA compute capability (3.0).
For modern OpenCL performance, upgrade to hardware that supports
CUDA compute capability version 5.0 (Maxwell) or higher.
* Device #1: WARNING! Kernel exec timeout is not disabled.
This may cause "CL_OUT_OF_RESOURCES" or related errors.
To disable the timeout, see: https://hashcat.net/q/timeoutpatch
nvmlDeviceGetCurrPcieLinkWidth(): Not Supported
nvmlDeviceGetClockInfo(): Not Supported
nvmlDeviceGetFanSpeed(): Not Supported
nvmlDeviceGetClockInfo(): Not Supported
nvmlDeviceGetTemperatureThreshold(): Not Supported
nvmlDeviceGetTemperatureThreshold(): Not Supported
nvmlDeviceGetUtilizationRates(): Not Supported
CUDA API (CUDA 11.4)
====================
* Device #1: NVIDIA GeForce GTX 870M, 2280/3018 MB, 7MCU
OpenCL API (OpenCL 3.0 PoCL 5.0+debian Linux, None+Asserts, RELOC, SPIR, LLVM 16.0.6, SLEEF, DISTRO, POCL_DEBUG) - Platform #1 [The pocl project]
==================================================================================================================================================
* Device #2: cpu-haswell-Intel(R) Core(TM) i7-4710MQ CPU @ 2.50GHz, 6901/13866 MB (2048 MB allocatable), 8MCU
Minimum password length supported by kernel: 0
Maximum password length supported by kernel: 256
Hashes: 1 digests; 1 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates
Rules: 1
Optimizers applied:
* Zero-Byte
* Early-Skip
* Not-Salted
* Not-Iterated
* Single-Hash
* Single-Salt
* Raw-Hash
ATTENTION! Pure (unoptimized) backend kernels selected.
Pure kernels can crack longer passwords, but drastically reduce performance.
If you want to switch to optimized kernels, append -O to your commandline.
See the above message to find out about the exact limits.
Watchdog: Temperature abort trigger set to 90c
nvrtcCompileProgram(): NVRTC_ERROR_INVALID_OPTION
nvrtc: error: invalid value for --gpu-architecture (-arch)
* Device #1: Kernel /usr/share/hashcat/OpenCL/shared.cl build failed.
* Device #1: Kernel /usr/share/hashcat/OpenCL/shared.cl build failed.
Started: Thu May 16 11:30:31 2024
Stopped: Thu May 16 11:30:31 2024What did I do wrong?
Is there any information you need that I haven't provided? Please don't hesitate
Thank you very much for your help!
↧
↧
Hashcat - APFS – FileVault 2 - apfs2hashcat
Hello,
Did at post at apfs-fuse Github regarding this error I received when trying "apfs2hashcat";
The DMG is from an external harddrive and the host computer is an Apple Silicon Macbook Pro running Sonoma.
It has been imaged on another Mac with a forensic tool made for imaging Apple devices / filesystems.
Any ideas why it fail?
Ran "mmls" which gave me the same results as this post which is that the fifth row has an empty description which should be the APFS-partition.
Best Regards
Did at post at apfs-fuse Github regarding this error I received when trying "apfs2hashcat";
Code:
Info: Found valid GPT partition table on main device. Dumping first APFS partition.
`apfs-dump-quick <path-to-apfs2hashcat>/ApfsLib/CheckPointMap.cpp:36 bool CheckPointMap::Init(oid_t, uint32_t): Asseration (cpm->cpm_o.o_type & OBJECT_TYPE_MASK) ==OBJECT_TYPE_CHECKPOINT_MAP' failed.The DMG is from an external harddrive and the host computer is an Apple Silicon Macbook Pro running Sonoma.
It has been imaged on another Mac with a forensic tool made for imaging Apple devices / filesystems.
Any ideas why it fail?
Ran "mmls" which gave me the same results as this post which is that the fifth row has an empty description which should be the APFS-partition.
Best Regards
↧
Benchmark - NVIDIA Tesla K80
This card has multiple GPUs, so while it is a single card, it acts as 2 GPUs. Evaluating the card as a whole should be done on the total hashrate, not each device's individual performance. CUDA was problematic and had several problems so I had to fall back to the OpenCL interface instead.
Code:
> ./hashcat -b --backend-ignore-cuda
hashcat (v6.2.6-851-g6716447df+) starting in benchmark mode
Benchmarking uses hand-optimized kernel code by default.
You can use it in your cracking session by setting the -O option.
Note: Using optimized kernel code limits the maximum supported password length.
To disable the optimized kernel code in benchmark mode, use the -w option.
* Device #1: This hardware has outdated CUDA compute capability (3.7).
For modern OpenCL performance, upgrade to hardware that supports
CUDA compute capability version 5.0 (Maxwell) or higher.
* Device #2: This hardware has outdated CUDA compute capability (3.7).
For modern OpenCL performance, upgrade to hardware that supports
CUDA compute capability version 5.0 (Maxwell) or higher.
NvAPI_EnumPhysicalGPUs(): NVAPI_NVIDIA_DEVICE_NOT_FOUND
nvmlDeviceGetFanSpeed(): Not Supported
nvmlDeviceGetFanSpeed(): Not Supported
OpenCL API (OpenCL 1.2 CUDA 11.0.228) - Platform #1 [NVIDIA Corporation]
========================================================================
* Device #1: Tesla K80, 11328/11448 MB (2862 MB allocatable), 13MCU
* Device #2: Tesla K80, 11328/11448 MB (2862 MB allocatable), 13MCU
OpenCL API (OpenCL 2.1 WINDOWS) - Platform #2 [Intel(R) Corporation]
====================================================================
* Device #3: AMD Ryzen 7 1700 Eight-Core Processor, skipped
Benchmark relevant options:
===========================
* --backend-devices-virtual=1
* --optimized-kernel-enable
-------------------
* Hash-Mode 0 (MD5)
-------------------
Speed.#1.........: 4627.1 MH/s (93.17ms) @ Accel:1024 Loops:512 Thr:64 Vec:2
Speed.#2.........: 4322.7 MH/s (99.51ms) @ Accel:1024 Loops:512 Thr:64 Vec:2
Speed.#*.........: 8949.8 MH/s
----------------------
* Hash-Mode 100 (SHA1)
----------------------
Speed.#1.........: 1883.8 MH/s (57.75ms) @ Accel:128 Loops:1024 Thr:64 Vec:1
Speed.#2.........: 1751.0 MH/s (62.02ms) @ Accel:128 Loops:1024 Thr:64 Vec:1
Speed.#*.........: 3634.8 MH/s
---------------------------
* Hash-Mode 1400 (SHA2-256)
---------------------------
Speed.#1.........: 776.2 MH/s (69.28ms) @ Accel:256 Loops:64 Thr:256 Vec:1
Speed.#2.........: 728.9 MH/s (73.91ms) @ Accel:256 Loops:64 Thr:256 Vec:1
Speed.#*.........: 1505.1 MH/s
---------------------------
* Hash-Mode 1700 (SHA2-512)
---------------------------
Speed.#1.........: 222.7 MH/s (61.12ms) @ Accel:4 Loops:1024 Thr:256 Vec:1
Speed.#2.........: 208.1 MH/s (65.29ms) @ Accel:4 Loops:1024 Thr:256 Vec:1
Speed.#*.........: 430.8 MH/s
-------------------------------------------------------------
* Hash-Mode 22000 (WPA-PBKDF2-PMKID+EAPOL) [Iterations: 4095]
-------------------------------------------------------------
Speed.#1.........: 87497 H/s (75.37ms) @ Accel:64 Loops:128 Thr:256 Vec:1
Speed.#2.........: 81458 H/s (81.34ms) @ Accel:64 Loops:128 Thr:256 Vec:1
Speed.#*.........: 169.0 kH/s
-----------------------
* Hash-Mode 1000 (NTLM)
-----------------------
Speed.#1.........: 7160.8 MH/s (60.30ms) @ Accel:1024 Loops:512 Thr:64 Vec:4
Speed.#2.........: 6666.4 MH/s (64.65ms) @ Accel:1024 Loops:512 Thr:64 Vec:4
Speed.#*.........: 13827.2 MH/s
---------------------
* Hash-Mode 3000 (LM)
---------------------
Speed.#1.........: 4334.1 MH/s (50.02ms) @ Accel:64 Loops:1024 Thr:256 Vec:1
Speed.#2.........: 4217.3 MH/s (51.49ms) @ Accel:64 Loops:1024 Thr:256 Vec:1
Speed.#*.........: 8551.4 MH/s
--------------------------------------------
* Hash-Mode 5500 (NetNTLMv1 / NetNTLMv1+ESS)
--------------------------------------------
Speed.#1.........: 4302.6 MH/s (50.01ms) @ Accel:256 Loops:256 Thr:256 Vec:4
Speed.#2.........: 4040.7 MH/s (53.36ms) @ Accel:256 Loops:256 Thr:256 Vec:4
Speed.#*.........: 8343.3 MH/s
----------------------------
* Hash-Mode 5600 (NetNTLMv2)
----------------------------
Speed.#1.........: 270.4 MH/s (50.31ms) @ Accel:4 Loops:1024 Thr:256 Vec:2
Speed.#2.........: 257.8 MH/s (52.65ms) @ Accel:4 Loops:1024 Thr:256 Vec:2
Speed.#*.........: 528.2 MH/s
--------------------------------------------------------
* Hash-Mode 1500 (descrypt, DES (Unix), Traditional DES)
--------------------------------------------------------
Speed.#1.........: 165.1 MH/s (82.31ms) @ Accel:32 Loops:1024 Thr:32 Vec:1
Speed.#2.........: 162.6 MH/s (83.73ms) @ Accel:32 Loops:1024 Thr:32 Vec:1
Speed.#*.........: 327.6 MH/s
------------------------------------------------------------------------------
* Hash-Mode 500 (md5crypt, MD5 (Unix), Cisco-IOS $1$ (MD5)) [Iterations: 1000]
------------------------------------------------------------------------------
Speed.#1.........: 2501.3 kH/s (76.69ms) @ Accel:64 Loops:1000 Thr:256 Vec:1
Speed.#2.........: 2298.0 kH/s (76.30ms) @ Accel:64 Loops:1000 Thr:256 Vec:1
Speed.#*.........: 4799.2 kH/s
----------------------------------------------------------------
* Hash-Mode 3200 (bcrypt $2*$, Blowfish (Unix)) [Iterations: 32]
----------------------------------------------------------------
Speed.#1.........: 2404 H/s (56.38ms) @ Accel:2 Loops:16 Thr:11 Vec:1
Speed.#2.........: 2480 H/s (56.11ms) @ Accel:2 Loops:16 Thr:11 Vec:1
Speed.#*.........: 4884 H/s
--------------------------------------------------------------------
* Hash-Mode 1800 (sha512crypt $6$, SHA512 (Unix)) [Iterations: 5000]
--------------------------------------------------------------------
Speed.#1.........: 36644 H/s (88.61ms) @ Accel:64 Loops:1024 Thr:256 Vec:1
Speed.#2.........: 33461 H/s (96.96ms) @ Accel:64 Loops:1024 Thr:256 Vec:1
Speed.#*.........: 70106 H/s
--------------------------------------------------------
* Hash-Mode 7500 (Kerberos 5, etype 23, AS-REQ Pre-Auth)
--------------------------------------------------------
Speed.#1.........: 69558.6 kH/s (48.89ms) @ Accel:64 Loops:128 Thr:32 Vec:1
Speed.#2.........: 70473.9 kH/s (48.26ms) @ Accel:64 Loops:128 Thr:32 Vec:1
Speed.#*.........: 140.0 MH/s
-------------------------------------------------
* Hash-Mode 13100 (Kerberos 5, etype 23, TGS-REP)
-------------------------------------------------
Speed.#1.........: 69964.3 kH/s (72.92ms) @ Accel:192 Loops:64 Thr:32 Vec:1
Speed.#2.........: 70846.1 kH/s (72.02ms) @ Accel:192 Loops:64 Thr:32 Vec:1
Speed.#*.........: 140.8 MH/s
---------------------------------------------------------------------------------
* Hash-Mode 15300 (DPAPI masterkey file v1 (context 1 and 2)) [Iterations: 23999]
---------------------------------------------------------------------------------
Speed.#1.........: 14848 H/s (74.53ms) @ Accel:32 Loops:1024 Thr:64 Vec:1
Speed.#2.........: 14094 H/s (78.06ms) @ Accel:32 Loops:1024 Thr:64 Vec:1
Speed.#*.........: 28942 H/s
---------------------------------------------------------------------------------
* Hash-Mode 15900 (DPAPI masterkey file v2 (context 1 and 2)) [Iterations: 12899]
---------------------------------------------------------------------------------
Speed.#1.........: 7202 H/s (70.93ms) @ Accel:16 Loops:512 Thr:64 Vec:1
Speed.#2.........: 6685 H/s (75.68ms) @ Accel:16 Loops:512 Thr:64 Vec:1
Speed.#*.........: 13888 H/s
------------------------------------------------------------------
* Hash-Mode 7100 (macOS v10.8+ (PBKDF2-SHA512)) [Iterations: 1023]
------------------------------------------------------------------
Speed.#1.........: 88489 H/s (71.78ms) @ Accel:64 Loops:31 Thr:256 Vec:1
Speed.#2.........: 85790 H/s (74.60ms) @ Accel:64 Loops:31 Thr:256 Vec:1
Speed.#*.........: 174.3 kH/s
---------------------------------------------
* Hash-Mode 11600 (7-Zip) [Iterations: 16384]
---------------------------------------------
Speed.#1.........: 97345 H/s (67.14ms) @ Accel:16 Loops:4096 Thr:128 Vec:1
Speed.#2.........: 86755 H/s (72.98ms) @ Accel:16 Loops:4096 Thr:128 Vec:1
Speed.#*.........: 184.1 kH/s
------------------------------------------------
* Hash-Mode 12500 (RAR3-hp) [Iterations: 262144]
------------------------------------------------
Speed.#1.........: 12436 H/s (66.72ms) @ Accel:4 Loops:16384 Thr:256 Vec:1
Speed.#2.........: 11545 H/s (70.80ms) @ Accel:4 Loops:16384 Thr:256 Vec:1
Speed.#*.........: 23981 H/s
--------------------------------------------
* Hash-Mode 13000 (RAR5) [Iterations: 32799]
--------------------------------------------
Speed.#1.........: 8386 H/s (98.58ms) @ Accel:32 Loops:512 Thr:128 Vec:1
Speed.#2.........: 8029 H/s (103.38ms) @ Accel:32 Loops:512 Thr:128 Vec:1
Speed.#*.........: 16415 H/s
--------------------------------------------------------------------------------
* Hash-Mode 6211 (TrueCrypt RIPEMD160 + XTS 512 bit (legacy)) [Iterations: 1999]
--------------------------------------------------------------------------------
Speed.#1.........: 61485 H/s (101.35ms) @ Accel:64 Loops:256 Thr:64 Vec:1
Speed.#2.........: 61285 H/s (103.93ms) @ Accel:64 Loops:256 Thr:64 Vec:1
Speed.#*.........: 122.8 kH/s
-----------------------------------------------------------------------------------
* Hash-Mode 13400 (KeePass 1 (AES/Twofish) and KeePass 2 (AES)) [Iterations: 24569]
-----------------------------------------------------------------------------------
Speed.#1.........: 10068 H/s (54.95ms) @ Accel:4 Loops:1024 Thr:256 Vec:1
Speed.#2.........: 9998 H/s (55.03ms) @ Accel:4 Loops:1024 Thr:256 Vec:1
Speed.#*.........: 20067 H/s
-------------------------------------------------------------------
* Hash-Mode 6800 (LastPass + LastPass sniffed) [Iterations: 100099]
-------------------------------------------------------------------
Speed.#1.........: 2751 H/s (98.61ms) @ Accel:16 Loops:1024 Thr:128 Vec:1
Speed.#2.........: 2641 H/s (103.02ms) @ Accel:16 Loops:1024 Thr:128 Vec:1
Speed.#*.........: 5392 H/s
--------------------------------------------------------------------
* Hash-Mode 11300 (Bitcoin/Litecoin wallet.dat) [Iterations: 200459]
--------------------------------------------------------------------
Speed.#1.........: 1017 H/s (66.80ms) @ Accel:4 Loops:1024 Thr:256 Vec:1
Speed.#2.........: 978 H/s (69.32ms) @ Accel:4 Loops:1024 Thr:256 Vec:1
Speed.#*.........: 1994 H/s
Started: Thu May 16 20:57:52 2024
Stopped: Thu May 16 21:04:01 2024↧
probably a user error
I am a first time user just messing around and when I attempt to start hashcat on windows 11 then I get the following message:
hashcat (v6.2.6) starting
* Device #1: WARNING! Kernel exec timeout is not disabled.
This may cause "CL_OUT_OF_RESOURCES" or related errors.
To disable the timeout, see: https://hashcat.net/q/timeoutpatch
* Device #2: WARNING! Kernel exec timeout is not disabled.
This may cause "CL_OUT_OF_RESOURCES" or related errors.
To disable the timeout, see: https://hashcat.net/q/timeoutpatch
C:\Users\corym\Downloads\hashcat-6.2.6\hashcat-6.2.6>
I did the wddm_timeout_patch.reg steps and still get the same error
hashcat (v6.2.6) starting
* Device #1: WARNING! Kernel exec timeout is not disabled.
This may cause "CL_OUT_OF_RESOURCES" or related errors.
To disable the timeout, see: https://hashcat.net/q/timeoutpatch
* Device #2: WARNING! Kernel exec timeout is not disabled.
This may cause "CL_OUT_OF_RESOURCES" or related errors.
To disable the timeout, see: https://hashcat.net/q/timeoutpatch
C:\Users\corym\Downloads\hashcat-6.2.6\hashcat-6.2.6>
I did the wddm_timeout_patch.reg steps and still get the same error
↧
How are duplicate, but different, hashes for small subset of unique users handled
So I am trying to figure out how hashcat handles duplicates of hashes such as NTLMv2 (5600) when you have say 2500+ hashes for only 12 unique users. My thought was always that the GPU's handled the algorithm and hashing the candidates, but then the CPU takes over for comparing them against the hashes. So to me, having duplicates as long as not in excessive amounts like several hundred thousand shouldn't really slow down the progress as I am currently hitting speeds of like 3300-3400MH/s. So, even if the GPU is doing all the work that it shouldn't slow down the speeds by much.
However, my friend tried to disprove me and his argument looks very appealing and wanted to see if his test was not correct or if someone that knows the platform better could help me understand what is happening under the hood.
I have attached two images, one with 2664 hashes for 12 unique users and one with only a single hash for the 12 unique users.
![.png]( "PNG Image")
ksnip_20240517-113029.png (Size: 265.12 KB / Downloads: 3)
![.png]( "PNG Image")
ksnip_20240517-113214.png (Size: 225.48 KB / Downloads: 3)
However, my friend tried to disprove me and his argument looks very appealing and wanted to see if his test was not correct or if someone that knows the platform better could help me understand what is happening under the hood.
I have attached two images, one with 2664 hashes for 12 unique users and one with only a single hash for the 12 unique users.
ksnip_20240517-113029.png (Size: 265.12 KB / Downloads: 3)
ksnip_20240517-113214.png (Size: 225.48 KB / Downloads: 3)
↧
↧
Extracting Radmin creds from PCAP/NG
Based on the work done by synacktiv, philsmd, and others (and with the radmin3_to_hashcat.pl in mind) I've built an updated "radmin3_to_hashcat.py" that works again with Radmin v3.5. I'm now moving to working on extracting the necessary identifiers from network traces (in pcapng format)... My progress has been basically halted with the verifier (hashh).
So far, I've managed to identify and pull everything out of the trace properly:
Username (type 16): 0x2000 (not 0x1000 like in the registry)
Modulus (type 48): 0x3000
Generator (type 64): 0x4000
Salt (type 80): 0x5000
Verifier (type 96): 0x6000
However, the packet stream contains 2 verifiers (128 bytes a piece). I'm sure I'm missing some crucial piece of the puzzle here, but neither of them work with my test credentials.
Test credentials as parsed from .reg file (pass=freefree) [working]
Username: admin (610064006d0069006e00)
Salt: 52a11b9f447cc3959ae983808e0a2c1095972e8c651d319af603fc937d55afe4
Modulus: 9847fc7e0f891dfd5d02f19d587d8f77aec0b980d4304b0113b406f23e2cec58cafca04a53e36fb68e0c3bff92cf335786b0dbe60dfe4178ef2fcd2a4dd09947ffd8df96fd0f9e2981a32da95503342eca9f08062cbdd4ac2d7cdf810db4db96db70102266261cd3f8bdd56a102fc6ceedbba5eae99e6127bdd952f7a0d18a79021c881ae63ec4b3590387f548598f2cb8f90dea36fc4f80c5473fdb6b0c6bdb0fdbaf4601f560dd149167ea125db8ad34fd0fd45350dec72cfb3b528ba2332d6091acea89dfd06c9c4d18f697245bd2ac9278b92bfe7dbafaa0c43b40a71f1930ebc4fd24c9e5a2e5a4ccf5d7f51544d70b2bca4af5b8d37b379fd7740a682f
Generator: 05
Verifier: 1ca7201aab25f9ef8dc314ac8e533ce1cd6a0f959491c3cae6127894d10ee55cd99a97e620c167d6b80a9f70cf3d21864546ace2d5a6e6fd3a6cbee52eb3dda8609b32e863709655dfea56e6a30a424e1f465e52872ae86aa64a255107a6fd2cbf726552a893494ba08688d2e0a4148fe5b93491ce0b66f1d5db4d63f3c62226be616af0c3fde290c7b7c20d3410599607e9cd6f2f80eb21ca1b9e1dd58a6ac1996742773b9cddcdc2b21f460cea098ce0f7b923e4095dc2c68bfa7fd92c71eb1f96eb8351f66905d93673fb91f4b37b9fae6aa273cccd43f6ab05f9d44103112f6d1a02a08ad9a1d546af259e070bb8a1d454105386facc3adbc2d4861d9aba
Test credentials as parsed from .pcapng file (pass=freefree) [failedobviously]
Username: admin (610064006d0069006e00)
Salt: 52a11b9f447cc3959ae983808e0a2c1095972e8c651d319af603fc937d55afe4
Modulus: 9847fc7e0f891dfd5d02f19d587d8f77aec0b980d4304b0113b406f23e2cec58cafca04a53e36fb68e0c3bff92cf335786b0dbe60dfe4178ef2fcd2a4dd09947ffd8df96fd0f9e2981a32da95503342eca9f08062cbdd4ac2d7cdf810db4db96db70102266261cd3f8bdd56a102fc6ceedbba5eae99e6127bdd952f7a0d18a79021c881ae63ec4b3590387f548598f2cb8f90dea36fc4f80c5473fdb6b0c6bdb0fdbaf4601f560dd149167ea125db8ad34fd0fd45350dec72cfb3b528ba2332d6091acea89dfd06c9c4d18f697245bd2ac9278b92bfe7dbafaa0c43b40a71f1930ebc4fd24c9e5a2e5a4ccf5d7f51544d70b2bca4af5b8d37b379fd7740a682f
Generator: 05
Verifier1:5446391127264d7cd6569f83a359695d83da7ba0a1a0ab7aeec26bae75d2958db1e3347570378aba26113d065453ba77aa36c67b1c243cc78be6e87093eb034413bfc15cb73d7d9435954ab634c32358bb6ad01b9718378c0b0aac4d2d8c045f339fbfe17be6831ae8eb3cd8edd36214e6ca9b76463a535b3b707cac0aa538ec97bf0443f81378c8550c26db32c7341f025f0bb5817bd6ba26499f524e0c73a44fc91b918fb477f9f4eaf6eb45f8bab9fb07617d908e8cf5aaad619e795de9b86f51295ffce76f997a922bd60cae38647a5b7b1f78c345cf1cdeaf1e1020098490fc6a32dc90200dacc901728f95f97e67ed1976ad479db49b1154c8966a7de0
Verifier2:0c0f0af65a5c3ac4b6b861e105f3a85c6eaf5176529991c34c66ebd6c1ec221d6736624d2d89991807fb5f2c4972ab019238cf0b7bc21cb48db22bc0f4f4b544d3e8bc2d1bb67b2b29c9566e2f256ad7c33823048b175d52aae84a4f67b4c96b93abaf37b1786f398d8d031e280f333db1a86ee2912a243be9f1d2b8bcb51f499ceb9af2593c1c463cda245d0acd5477a3ce58f766baec94245ceaa7af5e0fc64574508e894f51703fc75a8175fa5d6ce3d303bd48ccfb431f102e324fa598e799da75b9321ef2748ccf2fb97cb810ce3cb46f893685acbaa3d30574bccffb9c56394010c9ae134e5059b1591c9976559075b02b5a4022d5e0931bcc61549241
Note that the verifiers are different on every capture, while the salt and everything else remains static/intact. If this means I have to crack open the .exe and start reversing, it basically means I'm done here and now. Unless of course anyone has an idea of what's going on that can help me finish this thing.
So far, I've managed to identify and pull everything out of the trace properly:
Username (type 16): 0x2000 (not 0x1000 like in the registry)
Modulus (type 48): 0x3000
Generator (type 64): 0x4000
Salt (type 80): 0x5000
Verifier (type 96): 0x6000
However, the packet stream contains 2 verifiers (128 bytes a piece). I'm sure I'm missing some crucial piece of the puzzle here, but neither of them work with my test credentials.
Test credentials as parsed from .reg file (pass=freefree) [working]
Username: admin (610064006d0069006e00)
Salt: 52a11b9f447cc3959ae983808e0a2c1095972e8c651d319af603fc937d55afe4
Modulus: 9847fc7e0f891dfd5d02f19d587d8f77aec0b980d4304b0113b406f23e2cec58cafca04a53e36fb68e0c3bff92cf335786b0dbe60dfe4178ef2fcd2a4dd09947ffd8df96fd0f9e2981a32da95503342eca9f08062cbdd4ac2d7cdf810db4db96db70102266261cd3f8bdd56a102fc6ceedbba5eae99e6127bdd952f7a0d18a79021c881ae63ec4b3590387f548598f2cb8f90dea36fc4f80c5473fdb6b0c6bdb0fdbaf4601f560dd149167ea125db8ad34fd0fd45350dec72cfb3b528ba2332d6091acea89dfd06c9c4d18f697245bd2ac9278b92bfe7dbafaa0c43b40a71f1930ebc4fd24c9e5a2e5a4ccf5d7f51544d70b2bca4af5b8d37b379fd7740a682f
Generator: 05
Verifier: 1ca7201aab25f9ef8dc314ac8e533ce1cd6a0f959491c3cae6127894d10ee55cd99a97e620c167d6b80a9f70cf3d21864546ace2d5a6e6fd3a6cbee52eb3dda8609b32e863709655dfea56e6a30a424e1f465e52872ae86aa64a255107a6fd2cbf726552a893494ba08688d2e0a4148fe5b93491ce0b66f1d5db4d63f3c62226be616af0c3fde290c7b7c20d3410599607e9cd6f2f80eb21ca1b9e1dd58a6ac1996742773b9cddcdc2b21f460cea098ce0f7b923e4095dc2c68bfa7fd92c71eb1f96eb8351f66905d93673fb91f4b37b9fae6aa273cccd43f6ab05f9d44103112f6d1a02a08ad9a1d546af259e070bb8a1d454105386facc3adbc2d4861d9aba
Test credentials as parsed from .pcapng file (pass=freefree) [failedobviously]
Username: admin (610064006d0069006e00)
Salt: 52a11b9f447cc3959ae983808e0a2c1095972e8c651d319af603fc937d55afe4
Modulus: 9847fc7e0f891dfd5d02f19d587d8f77aec0b980d4304b0113b406f23e2cec58cafca04a53e36fb68e0c3bff92cf335786b0dbe60dfe4178ef2fcd2a4dd09947ffd8df96fd0f9e2981a32da95503342eca9f08062cbdd4ac2d7cdf810db4db96db70102266261cd3f8bdd56a102fc6ceedbba5eae99e6127bdd952f7a0d18a79021c881ae63ec4b3590387f548598f2cb8f90dea36fc4f80c5473fdb6b0c6bdb0fdbaf4601f560dd149167ea125db8ad34fd0fd45350dec72cfb3b528ba2332d6091acea89dfd06c9c4d18f697245bd2ac9278b92bfe7dbafaa0c43b40a71f1930ebc4fd24c9e5a2e5a4ccf5d7f51544d70b2bca4af5b8d37b379fd7740a682f
Generator: 05
Verifier1:5446391127264d7cd6569f83a359695d83da7ba0a1a0ab7aeec26bae75d2958db1e3347570378aba26113d065453ba77aa36c67b1c243cc78be6e87093eb034413bfc15cb73d7d9435954ab634c32358bb6ad01b9718378c0b0aac4d2d8c045f339fbfe17be6831ae8eb3cd8edd36214e6ca9b76463a535b3b707cac0aa538ec97bf0443f81378c8550c26db32c7341f025f0bb5817bd6ba26499f524e0c73a44fc91b918fb477f9f4eaf6eb45f8bab9fb07617d908e8cf5aaad619e795de9b86f51295ffce76f997a922bd60cae38647a5b7b1f78c345cf1cdeaf1e1020098490fc6a32dc90200dacc901728f95f97e67ed1976ad479db49b1154c8966a7de0
Verifier2:0c0f0af65a5c3ac4b6b861e105f3a85c6eaf5176529991c34c66ebd6c1ec221d6736624d2d89991807fb5f2c4972ab019238cf0b7bc21cb48db22bc0f4f4b544d3e8bc2d1bb67b2b29c9566e2f256ad7c33823048b175d52aae84a4f67b4c96b93abaf37b1786f398d8d031e280f333db1a86ee2912a243be9f1d2b8bcb51f499ceb9af2593c1c463cda245d0acd5477a3ce58f766baec94245ceaa7af5e0fc64574508e894f51703fc75a8175fa5d6ce3d303bd48ccfb431f102e324fa598e799da75b9321ef2748ccf2fb97cb810ce3cb46f893685acbaa3d30574bccffb9c56394010c9ae134e5059b1591c9976559075b02b5a4022d5e0931bcc61549241
Note that the verifiers are different on every capture, while the salt and everything else remains static/intact. If this means I have to crack open the .exe and start reversing, it basically means I'm done here and now. Unless of course anyone has an idea of what's going on that can help me finish this thing.
↧
Can You Limit Rule Candidate Lengths?
I'm not sure if this is possible, and I'm still pretty new to hashcat, but is it possible to limit the length of candidates after rules have been applied to a wordlist and reject the rest?
For example, say my wordlist has words varying from 2-20 characters in length. Is there a way that hashcat can only apply the rules in my .rule file to them if the candidate will be between 8-12 characters?
I saw this post, but I'm not exactly sure how the answer works:
https://security.stackexchange.com/quest...een-applie
What would I really put after
if I were to use it?
Thanks for the help!
For example, say my wordlist has words varying from 2-20 characters in length. Is there a way that hashcat can only apply the rules in my .rule file to them if the candidate will be between 8-12 characters?
I saw this post, but I'm not exactly sure how the answer works:
https://security.stackexchange.com/quest...een-applie
What would I really put after
Code:
hashcat /home/user/Desktop/Wordlists/wordlist.txt -r myrule.rule --stdout | len 8 12 |Thanks for the help!
↧
What standards is the example.dict dictionary provided by Hashcat based on?
I am curious as to whether this is a self-produced dictionary or whether there is material based on it. Also, other than example.dict, are there any other dictionaries provided by default?
Thankyou.
Thankyou.
↧