Quantcast
Channel: hashcat Forum - All Forums
Viewing all 7817 articles
Browse latest View live

How to use multiple dictionaries?

December 11, 2014, 2:28 pm
$
0
0
Can I use 3 dictionaries or more at the same time? I only found on WIKI how to use 2 dictionaries.

I have 3 dictionaries and I want to have word taken from each one and appended, eg:

<word from dict1><word from dict2><word from dict3>
Search

Status Exhausted

December 11, 2014, 5:40 pm
$
0
0
Hi!
I use this command:
Code:
oclHashcat64.exe -m 2500 hi2.hccap password.txt

And in status, shows me:

Status: Exhausted

[Image: Jf4t8aB.gif]

[Image: AALrbNC.png]

(oclHashcat v1.31 | Windows 7 SP1 | 8 GB RAM | Catalyst Version 14.9)

¿What is the problem?

Many thanks.

Noob asking for help MD5 ($salt.$pass)

December 12, 2014, 3:26 pm
$
0
0
Hello,

some time ago I tested ocl-Hashcat for a brief while and actually managed to crack a hash. However, since then, I forgot a lot about how exactly I was able to do that.

I have a Linux MD5 right now ($salt.$pass) waiting to be cracked, but I want to be sure I am doing everything right.

NVIDIA GT 9400, cudahashcat 1.31 32-bit on Win, MD5 as above, brute-force only.

I remember reading somewhere that I have to convert the Linux MD5 password format to a hex one, so I used an online calculator to convert this:

root:$1$xxxxxxxx$xxx.XXXx.xxxXXXX:0:0::/root:/bin/sh

to that

xxxxxxx_salt_hex_xxxxxxx:xxxxxxxxxxx_pass_hex_xxxxxxxx

of course, only the "xxxxxxxx" and "xxx.XXXx.xxxXXXX" strings were taken into account when recalculating.

Next, I used the >cudahashcat32.exe -m 20 -a 3 passwd -o out.txt (MD5 salt.pass brute-force). Is the procedure above ok overall? Is Hashcat capable of processing /etc/passwd file directly, as John does?

Thanks in advance for your help.

Need help with simple hashcat file

December 13, 2014, 10:34 am
$
0
0
New at this and I need help. This is the command I am trying to run:

F:\Hashcat>cudaHashcat64.exe -a 0 -m 2500 E:\download\hashcat(1).hccap F:\Hashcat\dictionary\rt.txt -o f:\Hashcat\test_found.txt

I am trying to crack the wpa hash on the site. "hashcat is supposed to be the password. I made a text file for a simple dictionary which contains the password, the password with a #1 and with a ! plus a a couple of other words I made up.
When I run the program it never finds the password nor does it print the results.
Can some one tell me what I am doing wrong ?



F:\Hashcat>cudahashcat64.exe -a 0 -m 2500 e:\download\hashcat(1).hccap f:\Hashca
t\dictionary\rt.txt -o f:\Hashcat\test_found.txt
cudaHashcat v1.31 starting...

=====here is my results======

F:\Hashcat>cudahashcat64.exe -a 0 -m 2500 e:\download\hashcat(1).hccap f:\Hashca
t\dictionary\rt.txt -o f:\Hashcat\test_found.txt
cudaHashcat v1.31 starting...

Device #1: GeForce GTX 750 Ti, 2048MB, 1150Mhz, 5MCU
Device #2: GeForce GTX 550 Ti, 1024MB, 1900Mhz, 4MCU

Hashes: 1 hashes; 1 unique digests, 1 unique salts
Bitmaps: 8 bits, 256 entries, 0x000000ff mask, 1024 bytes
Rules: 1
Applicable Optimizers:
* Zero-Byte
* Single-Hash
* Single-Salt
Watchdog: Temperature abort trigger set to 90c
Watchdog: Temperature retain trigger set to 80c
Device #1: Kernel ./kernels/4318/m02500.sm_50.64.ptx
Device #1: Kernel ./kernels/4318/bzero.64.ptx
Device #2: Kernel ./kernels/4318/m02500.sm_21.64.ptx
Device #2: Kernel ./kernels/4318/bzero.64.ptx

Cache-hit dictionary stats f:\Hashcat\dictionary\rt.txt: 46 bytes, 1 words, 1 keyspace


INFO: approaching final keyspace, workload adjusted


Session.Name...: cudaHashcat
Status.........: Exhausted
Input.Mode.....: File (f:\Hashcat\dictionary\rt.txt)
Hash.Target....: hashcat.net (00:25:cf:2d:b4:89 <-> b0:48:7aBig Grin6:76:e2)
Hash.Type......: WPA/WPA2
Time.Started...: 0 secs
Time.Estimated.: 0 secs
Speed.GPU.#1...: 0 H/s
Speed.GPU.#2...: 0 H/s
Speed.GPU.#*...: 0 H/s
Recovered......: 0/1 (0.00%) Digests, 0/1 (0.00%) Salts
Progress.......: 1/1 (100.00%)
Skipped........: 0/1 (0.00%)
Rejected.......: 0/1 (0.00%)
HWMon.GPU.#1...: 0% Util, 39c Temp, N/A Fan
HWMon.GPU.#2...: 0% Util, 42c Temp, N/A Fan

Started: Sat Dec 13 13:30:42 2014
Stopped: Sat Dec 13 13:30:44 2014

F:\Hashcat>

Thanks in advance for any help.

[solved] how to pipe rli2 tot textfile?

December 14, 2014, 6:33 am
$
0
0
Could anyone give me the "windows" code for piping the rli2 stdout results to a textfile??

code :
rli2.exe text1 text2 | ....... ????? >outfile

thank you

4 graphic cards->ok, 5 graphiccards -> not ok

December 14, 2014, 8:19 am
$
0
0
Hy

First i would like to say thank you for quick support in your IRC channel Big Grin
Now i encountered problem, which i guess is better to be discused here...

What is bothering me:

If i install 4x hd5970 on my MB (890FXA-gd70) everything runs ok.
clinfo output is OK,
aticonfig --odgt --adapter=all is able to display temps of all gpus.
oclhashcat runs OK.

When i install 5th hd5970 and after aticonfig --adapter=all --initial -f and reboot:

clinfo output:
PHP Code:
Segmentation fault (core dumped

aticonfig --odgt --adapter=all is not able to display temps of additional graphic card (look at the bottom of code):
PHP Code:
pozi@ubuntu:~$ aticonfig --odgt --adapter=all

Adapter 0 AMD Radeon HD 5900 Series
            Sensor 0Temperature 60.50 C

Adapter 1 AMD Radeon HD 5900 Series
            Sensor 0Temperature 67.00 C

Adapter 2 AMD Radeon HD 5900 Series
            Sensor 0Temperature 61.00 C

Adapter 3 AMD Radeon HD 5900 Series
            Sensor 0Temperature 62.50 C

Adapter 4 AMD Radeon HD 5900 Series
            Sensor 0Temperature 59.50 C

Adapter 5 AMD Radeon HD 5900 Series
            Sensor 0Temperature 61.50 C

Adapter 6 AMD Radeon HD 5900 Series
            Sensor 0Temperature 30.50 C

Adapter 7 AMD Radeon HD 5900 Series
            Sensor 0Temperature 36.00 C
ERROR Get temperature failed for Adapter 8 AMD Radeon HD 5900 Series
ERROR Get temperature failed for Adapter 9 AMD Radeon HD 5900 Series 

but aticonfig --lsa recognise all of them:

PHP Code:
pozi@ubuntu:~$ aticonfig --lsa
0. 1b:00.0 AMD Radeon HD 5900 Series
  1. 1a:00.0 AMD Radeon HD 5900 Series
  2. 17:00.0 AMD Radeon HD 5900 Series
  3. 16:00.0 AMD Radeon HD 5900 Series
  4. 0f:00.0 AMD Radeon HD 5900 Series
  5. 0e:00.0 AMD Radeon HD 5900 Series
  6. 0b:00.0 AMD Radeon HD 5900 Series
  7. 0a:00.0 AMD Radeon HD 5900 Series
  8. 07:00.0 AMD Radeon HD 5900 Series
  9. 06:00.0 AMD Radeon HD 5900 Series 

and lspcie too...

Problem is not graphic card or slot related- i tried every possible combination, it occurs only when i install 5th card.

What i did:
set PCIE latency timer in bios to 96 and 128, neither solves problem

Other informations:

PSU: LEPA 1600W 80plus (there is plenty of wattage unused)
I use PCIE risers, i tested them all and they are working as supposed to.
OS: Ubuntu Server 12.04.4 LTS
catalyst: i have tried 14.9 and 14.12, same problem at both of them
oclHashcat: version 1.31

Can someone please give me some advice? It seems a shame not to use all 5 graphic cards.

<offer to pay removed by philsmd>

Thanks in advance!
martin.po21

Cat Omega

December 15, 2014, 11:51 am
$
0
0
Has anyone here tried Catalyst Omega driver with GPGPU? Does it work with current oclHashcat at all? Is it anything other than a flashy name for a new version with brand new driver bugs (and none of the old ones fixed)? Or did they actually improve things?

possible bug in ?a on 1.31

December 17, 2014, 3:07 am
$
0
0
When going at a large list of sha1 (type 100) passwords I noticed that my final step, -i ?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a yielded 0 results.

After trying with a clean setup and only that step, I found that only numerical passwords were found. Could it be that somehow the code to select charsets is subtly bugged? I could find passwords just fine when I worked around it and made my own custom charset in a file.

Setup: Win7 (dutch) 2*7950, oclhashcat 1.31 and I unfortunately don't know the exact version of the AMD driver. If required for replication of the circumstances I can get that, but I currently am not close to our (airgapped) lab.
Search

Help with cryptext hash: sha1($pass.sha1($pass))

December 17, 2014, 4:21 am
$
0
0
Hello.

I've a sort of files crypted in 2004 with this utility from Nick Payne.
I don't remember the password, but I've a pattern for it (and a charset for hashcat)
As I've a backup of my user data I have the password hash stored in the registry. as I don't remember to have changed this password, I presume that it's "the password".

I tried hashcat witouth success and, reading some documentation, I've found that the stored password is a two steps hash. The algorithm would be like this: sha1($pass.sha1($pass)) that isn't in the algorithm list of hashcat.

And the question is: Can I define this algorithm? (I think no).
If not, how can I generate a dictionary using my charset? (probably statsprocessor).
Because there is a simple code to decrypt files that can be adapted for comparing hashes (It will be slower than hashcat, but...)

Regards,

Javier

Is decrypting a WPA2 TKIP handshake faster than decrypting WPA2 AES?

December 17, 2014, 11:46 am
$
0
0
Hi.

Is decrypting a WPA2 TKIP handshake faster than decrypting WPA2 AES?
Specifically WPA2, not WPA.

I read something that TKIP is broken, but it is not mentioned why.

What Hash is this? Tried everything

December 17, 2014, 7:25 pm
$
0
0
Hey I'm currently trying to find a type of hash. I've tried everything.

Plain Text: testtest

Hash: <removed>

No Salt, nothing. Couldn't manage to figure it out.

Thanks in advance if someone helps out!

Help with md5(md5($username.$pass).$salt)

December 17, 2014, 9:21 pm
$
0
0
Heya everyone.

I have a hash that is in the following format: md5(md5($username.$pass).$salt)

The username is the same for every single hash and it has no salt.

I've tried multiple methods with hashcat but I keep failing. I've tried with passwordsPro and it retrieved the password correctly (but I really hate passwordspro DSmile.

Any suggestion?

Thanks.

Driver Catalyst 14.9 for HP ProBook

December 20, 2014, 8:04 am
$
0
0
Hi everyone. I have a problem with upgrading driver for my HP. Right now I have 13.152.1.9002 driver AMD Radeon HD 7650M. When I upgrade my driver from AMD Radeon site my HP driver doesn't work. What can I do with it.
My hashcat dot run with my driver. Thanks
.jpg  1.JPG (Size: 82.76 KB / Downloads: 7)
.jpg  2.JPG (Size: 49.63 KB / Downloads: 5)

can't get oclhashcat to work

December 20, 2014, 1:42 pm
$
0
0
hi,

i have clean install of kali with all the driver needed and still im getting this error massage when tring to wpa brute force.

oclhashcat -m 2500 -a 3 --force /root/hs/sky18.hccap ?u?u?u?u?u?u?u?u
oclHashcat v1.30 starting...

Device #1: Tahiti, 2879MB, 1100Mhz, 32MCU

Hashes: 1 hashes; 1 unique digests, 1 unique salts
Bitmaps: 8 bits, 256 entries, 0x000000ff mask, 1024 bytes
Applicable Optimizers:
* Zero-Byte
* Single-Hash
* Single-Salt
* Brute-Force
Watchdog: Temperature abort trigger set to 90c
Watchdog: Temperature retain trigger set to 80c
Device #1: Kernel ./kernels/4098/m2500.Tahiti_1445.5_1445.5 (VM).kernel (259332 bytes)
Device #1: Kernel ./kernels/4098/markov_le_v1.Tahiti_1445.5_1445.5 (VM).kernel (94288 bytes)
Device #1: Kernel ./kernels/4098/bzero.Tahiti_1445.5_1445.5 (VM).kernel (30452 bytes)

[s]tatus [p]ause [r]esume [b]ypass [q]uit =>

tried oclhashcat benchmark test and got

oclHashcat v1.30 starting in benchmark-mode...

Device #1: Tahiti, 2864MB, 1100Mhz, 32MCU

STOP! Unsupported or incorrect installed GPU driver detected!
You are STRONGLY encouraged to use the official supported GPU driver for good reasons
See oclHashcat's homepage for official supported GPU drivers
You can use --force to override this but do not post error reports if you do so

used the --force command and it worked no problem.
please advice as i cant get any info on google

thanks

Minimum password length

December 20, 2014, 5:26 pm
$
0
0
I know with hashcat I can specify a minimum password length, but I can't seem to find a similar option with oclhashcat. I'm working on a hybrid attack, and I've already brute forced everything with 7 characters or less, so trying those again is a waste of time. Is there any way to tell oclhashcat to skip passwords less than X characters?
Search

table attack?

December 21, 2014, 5:15 am
$
0
0
Is there a way to do a table attack like in reg hashcat?
I'm looking apply l33t speak to a dictionary/wordlist.

I poked around a bunch but didn't find anything.

TIA.

MD5 salted hashs

December 21, 2014, 5:46 pm
$
0
0
I've got [mostly] down how to use hashcat (and oclhashcat) on unsalted hashes, so I decided to try something harder, a salted hash. I found a cracked md5:salt hash elsewhere and put that, along with the -m 10 example from http://hashcat.net/wiki/doku.php?id=example_hashes into a file, then created a 6 word dictionary with both passwords, including hashcat. However, I fail to find either. The following pruned output:

Code:
hashcat-cli64.exe -a 0 -m 10 md5salt.hash md5salt.dict
Initializing hashcat v0.48 by atom with 6 threads and 32mb segment-size...

Added hashes from file md5salt.hash: 2 (2 salts)

Input.Mode: Dict (md5salt.dict)
Index.....: 1/1 (segment), 6 (words), 45 (bytes)
Recovered.: 0/2 hashes, 0/2 salts
Speed/sec.: - plains, - words
Progress..: 6/6 (100.00%)
Running...: 00:00:00:01
Estimated.: --:--:--:--

It sees the salts, but I don't get any "found" passwords, even though at least one of them *IS* in the dictionary. What am I doing wrong?

Practical PRINCE: 1 CPU + 24 hours = 63% Linkedin hashes cracked, 100% automated

December 22, 2014, 3:58 am
$
0
0
After talking to many people about PRINCE, explaining how it works and what's the idea behind, I've decide to write a little demonstration/tutorial to show how it can be used in a real-life scenario. I hope it will help everyone who is interessted in using PRINCE to get started.

I've selected the Linkedin dump as my demonstration hashlist because it has been taken many times when it comes to any kind of analysis of password guessing, so it became a bit of a reference. It consists of a big number of unique hashes, therefore we can actually see whats happening in realtime just by looking at the cracked hashes while it is cracking. We can see how the patterns are self-created and it proofes that the generated password candidates actually match real-life passwords.

PRINCE was designed for attacking slow hashes. Therefore I'll use "only" CPU hashcat for the demonstration. There will be no GPU involved. The CPU that I am using is an Intel i7-4770K. I've decide to use CPU for this fast hash as it matches the speed for a slow hash using a GPU environment. To be exact, the cracking rate for the demonstration is around 5MH/s, which is roughly as slow as a modern single GPU cracking a $1$ hash (1000 times iterated and salted hash).

To reproduce locally, you need:
To avoid struggling with paths, just copied all the files into the same directory.

In this demonstration we do not make use of the personal aspects optimizer. We assume we have no clue what the password could be.

1. Create a fifo

While oclHashat (GPU) supports reading from stdin, Hashcat (CPU) does not. But you can workaround this missing feature simply by creating a named pipe.

Quote:$ mkfifo fifo

Because of the named pipe we need two shells next.

2. Run princeprocessor in the first shell

Quote:$ ./pp64.bin -o fifo < rockyou.txt

3. Run hashcat in the second shell (Replace the XXX with your CPU architecture)

Quote:$ ./hashcat-cliXXX.bin -m 100 -o linkedin.out linkedin.hash fifo

4. Let it run for 24 hours

Quote:Recovered.: 2223916/3521180 hashes

Easy, isn't it? And that's just with rockyou wordlist. I selected rockyou just to make it reproduceable. With one of my personal wordlists (that I am not going to share, sorry) I was able to get into the 75% range in the same time. If your first results with PRINCE are not that good, don't get demotivated. It takes a bit of experience on how to prepare/filter the input wordlist, using optional rules or how to use the optional princeprocessor parameters like --elem-cnt-min and --elem-cnt-max. I'm going to explain them in a later tutorial.

About efficiency: During the 24 hours a total of ~230 billion password candidates have been generated and tested. If you think 230 billion is a lot, it's not. It's not even the half of the brute-force keyspace of a 7-bit length 6 password. To get a better feeling for this, just think of testing the same keyspace against a TrueCrypt volume (TrueCrypt 5.0+ PBKDF2-HMAC-RipeMD160 + AES). It would take less than 3 days by using two 290x and oclHashcat v1.31.

PRINCE is not only about efficiency, it's also about an infinite runtime. Actually, the infinite runtime was one of the major goals when I designed the algorithm. Instead of stopping the demonstration after 24 hours you can continue to run princeprocessor and it will continue to crack the remaining hashes, on and on, and it will never* stop.

* = Based on your input wordlist. With rockyou.txt wordlist at least not within your lifetime

--
atom

Catalyst v14.9 vs 14.12

December 22, 2014, 7:56 am

Newbie - > 10 years to complete?

December 22, 2014, 10:55 am
$
0
0
So... In Kali Linux managed to capture WPA2 hash (.cap) via wifite. Cleaned and converted to .hccap. Now back in Win7x64 and trying to use Cudahashcat to crack via bruteforce. Ran CudaHashcat64 via: cudaHashcat64.exe -m 2500 -a3 out.hccap ?a?a?a?a?a?a?a?a?a

Speed.GPU.#1.....: 51891 H/s
Time.Estimated....: > 10 Years

I've been reading how fast hashcat is, so I must be doing something wrong. I've also seen tutorials that say they get millions of H/s using their CPU cores, but this seems to be using my GPU.

Please advise...and forgive my newbie'ness. I'm here to learn. Smile
Viewing all 7817 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>