Quantcast
Channel: hashcat Forum - All Forums
Viewing all 7816 articles
Browse latest View live

TrueCrypt with GUI not working

December 23, 2014, 3:18 am
$
0
0
Hello,

first of all: I've checked the Wiki but I didn't find any article mentioning TC.

I would like to test HashCat with TrueCrypt. The password I created is 6 numbers long for test purposes. I may be stupid but I can't chose any container format in the GUI. There is just the option to use .tmp files or the clipboard therefore I can't start the process.

Could you help me, please? Would be great Smile

Greetings

Chippel
Search

Creating rules

December 23, 2014, 8:37 am
$
0
0
Hello.
Sorry for my English. Is the google translator.
Need help in creating a rules file having such mutations:

Case mutation: the program checks all variations of uppercase/lowercase characters.

Digit mutation: adding several digits to the work (from the dictionary) as prefix and suffix.

Border mutation: similar to the above, but adding not only digits, but also most commonly used combinations like 123, $$$, 666, qwerty, 007, Ñ…Ñ…Ñ… etc.; in addition, adding some chars at both end of the word, e.g. #password#, $password$ and more.

Order mutation: reversing the order (password - drowssap), repeating the word (password - passwordpassword), adding the reversed word (password - passworddrowssap).

Duplicate mutation: duplicating the characters, e.g. ppassword, paassword, passsword, passwword etc.

Year mutation: adding the year (four digits) at the end of the word: password1973, password2002.


I mean these mutations on the basis of elcomsoftu.
My English is poor and harder to understand me Sad
And in the network, there is no specific tutorials on this subject.

Regards Jack

remove unsupported rules

December 24, 2014, 6:14 am
$
0
0
i want to remove unsupported rules from rule file how i do?
when i start cracking hashcat displey this msg (Skipping ruleSmile

Error cuModuleLoad() 209

December 24, 2014, 3:05 pm
$
0
0
I copied screen below. Perhaps there's a problem with my syntax, but it throws the subject error. I'm trying one NTLM hash in hashes.txt and using 8 characters, each of which is ?a. Thanks for some help for a noob!

C:\aaa\HashCat>cudahashcat64 -m 1000 -o output.txt hashes.txt -a 3 ?a?a?a?a?a?a?a?a
cudaHashcat v1.31 starting...

Device #1: GeForce GTX 480, 1536MB, 1401Mhz, 15MCU
Device #2: GeForce GTX 480, 1536MB, 1401Mhz, 15MCU
Device #3: GeForce GTX 480, 1536MB, 1401Mhz, 15MCU

Hashes: 1 hashes; 1 unique digests, 1 unique salts
Bitmaps: 8 bits, 256 entries, 0x000000ff mask, 1024 bytes
Applicable Optimizers:
* Zero-Byte
* Precompute-Init
* Precompute-Merkle-Demgard
* Meet-In-The-Middle
* Early-Skip
* Not-Salted
* Not-Iterated
* Single-Hash
* Single-Salt
* Brute-Force
* Scalar-Mode
* Raw-Hash
Watchdog: Temperature abort trigger set to 90c
Watchdog: Temperature retain trigger set to 80c

ERROR: cuModuleLoad() 209

How to input '-' charactor?

December 25, 2014, 2:03 am
$
0
0
when using cudahashcat-plus64.exe to crack md5.

like cudahashcat-plus64.exe -m 0 -a 3 --force d:\2222222.md5 -?1?1?1?1?1 , string start with '-'
result is program report error!

help ! how can i define a string start with '-' to crack?

–custom-charsetN= (or -1, -2, -3 and -4) is not enough

December 25, 2014, 4:09 am
$
0
0
when i crack some hash like md5, i define custom-charset, but is only 4 custom-charset is support at most, -5 , -6 is not support.
how can i expand the custom-charset to fit more complex input?

old version hashcat

December 25, 2014, 2:05 pm
$
0
0
Hi I need help. who have got old version HashcatGUI and oclHashcat which will be works my graphic adapter with driver 13.152.1.9002 (and older to 8.951.6) AMD Radeon HD 7650M. When I upgrade my driver from AMD site my system doesn't work at all. What can I do with it.
My hashcat dot run with my driver new driver 14.9.
Right now I have speed 3800
Please help.
Thanks

PCI-E 3.0 card in a PCI-E 2.0 mobo

December 25, 2014, 7:50 pm
$
0
0
My current motherboard has only a PCI-E 2.0 x16 slot. I'm more of a casual hashcracker, but want to upgrade my video card. I've looked around, and based on several parameters, I've found a nice one. But it is a PCI-E 3.0 card.

I know PCI-E is backwards compatible, but how much of a hit will I take using the 3.0 card in the 2.0 slot? Should I keep looking for a better [2.0] card?
Search

save md5 generated hashes to the file ?

December 26, 2014, 2:09 am
$
0
0
Hello,

is there anyway to save generated hashes (md5,sha1) from dictionary words or brute-force attack by oclhashcat to the file during cracking process ?

like this :

hash:pass

I mean all hashes not only recovered/cracked..

thank you for help..

Need some direction with combining dictionaries

December 28, 2014, 3:59 am
$
0
0
Hello,

I apologize if this is not the right place to be posting this, but here it goes. I am basically a script kiddy slowly learning things on my spare time. I am currently using hashcatgui v0.44.

I have noticed a lot of passwords with the format being [word 1][word 2][number].
I have cracked multiple hashes that have this format but would like to speed things up. I currently have a wordlist that contains all of the word 1 and 2s I have cracked. I have looked into the combinator attack, but i can't for the life of me figure out how to append a number to the right dictionary. I've read a few places about using the combinator.bin and piping it to oclhashcat, but i am confused by this and don't know where to start. I kind of need a step by step instruction if i am to do this Sad

I know i could use a wordlist combiner and use a &?d rule in a straight attack, but i can only seem to find wordlist mergers.

Any help would be greatly appreciated.

Is my plan a good idea?

December 28, 2014, 10:48 am
$
0
0
So, I have a bad CPU and GPU, however I like cracking hashes. My plan may work, or it may not, please help me.

Plan:

1. Buy a 1TB external hard drive.
2. Download a crap load of wordlists.
3. Sort them if I can be bothered
Now since my hardware is bad I thought this would make thing a little quicker.
4. Make a rainbow table out of those wordlists, so my hardware dosn't have to hash the word every time I run them.

But I am knew to lookup/rainbow tables. If I had 100GB of wordlists, how big would the tables be in size? Also, if it took me 2 hours to run through 100GB of lists, how long would it take on to run through the table?

I am aware that I can only make the table in one algo.

Profit, or not?

Thanks for your help.

Very very smallest the cracking speed 7870 XT

December 29, 2014, 12:27 am
$
0
0
I have

GPU 1
Ati Radeon HD7870 XT With Boost (Tahiti core 7950/2 ( share on 2) = my 7870)

Program to recover WPA/WPA2 passcape and elcomsoft give me speed about 120000-160000 pass/s

oslHashCatGui give me 49312 pass/s
Seems there in oclHashCat is a special limitation on the graphics card

How to remove this limit and who made it and for what???

2 And anyway very small speed on all card less than other programs (passcape and elcomsoft ) on 5000-10000 pass/s

How to contact the developer on this subject?

0% runs too fast no results

December 29, 2014, 11:48 am
$
0
0
I am trying to run hashcat against a Samsung android device (Froyo 2.3)
I have the password.key file: 5b0520517c778eba52424b46523b5a8b89f86d7aac177cad139dccb22b7da62c0728d616
Salt value from settings.db (converted to HEX): 12166d636687e89f

I run the commands through a batch file but the 0% is 0.00 and the progress is minimal. It does not generate results and ends within 2-4 seconds. I am running it on an i5 processor. I am sure based on the progress line that I am doing something wrong.

Can someone help me figure out what I am doing wrong? It generates no results and terminates much quicker than it should based on the timing article I read.

Here is the command I run:

hashcat-cli64.exe -a 3 -n 100 -m 5800 --pw-min=4 --pw-max=7 hash3.txt ?a?a?a?a?a?a?a

hashcat3.txt file contains (password.key (first 40 chars) : SALT)
5b0520517c778eba52424b46523b5a8b89f86d7a:12166d636687e89f

also tried (full password.key file) : SALT) (Doesn't work)
5b0520517c778eba52424b46523b5a8b89f86d7aac177cad139dccb22b7da62c0728d616:12166d6​36687e89f

also tried (full password.key file) : SALT) (works with the second semi colon but doesn't match recommended format)
5b0520517c778eba52424b46523b5a8b89f86d7a:ac177cad139dccb22b7da62c0728d616:12166d​636687e89f



Here are my results:


C:\adb\hashcat-0.48>hashcat-cli64.exe -a 3 -n 100 -m 5800 --pw-min=4 --pw-max=7
hash3.txt ?a?a?a?a?a?a?a
Initializing hashcat v0.48 by atom with 100 threads and 32mb segment-size...

Added hashes from file hash3.txt: 1 (1 salts)
Activating quick-digest mode for single-hash with salt

NOTE: press enter for status-screen


Input.Mode: Mask (?a?a?a?a) [4]
Index.....: 0/1 (segment), 81450625 (words), 0 (bytes)
Recovered.: 0/1 hashes, 0/1 salts
Speed/sec.: - plains, - words
Progress..: 148/81450625 (0.00%)
Running...: --:--:--:--
Estimated.: --:--:--:--


Input.Mode: Mask (?a?a?a?a?a) [5]
Index.....: 0/1 (segment), 7737809375 (words), 0 (bytes)
Recovered.: 0/1 hashes, 0/1 salts
Speed/sec.: - plains, - words
Progress..: 304/7737809375 (0.00%)
Running...: --:--:--:--
Estimated.: --:--:--:--


Input.Mode: Mask (?a?a?a?a?a?a) [6]
Index.....: 0/1 (segment), 735091890625 (words), 0 (bytes)
Recovered.: 0/1 hashes, 0/1 salts
Speed/sec.: - plains, - words
Progress..: 40/735091890625 (0.00%)
Running...: --:--:--:--
Estimated.: --:--:--:--


Input.Mode: Mask (?a?a?a?a?a?a?a) [7]
Index.....: 0/1 (segment), 69833729609375 (words), 0 (bytes)
Recovered.: 0/1 hashes, 0/1 salts
Speed/sec.: - plains, - words
Progress..: 36/69833729609375 (0.00%) <---- Seems like it's not making any progress
Running...: --:--:--:--
Estimated.: --:--:--:--

Started: Mon Dec 29 14:27:29 2014
Stopped: Mon Dec 29 14:27:34 2014 <---- only 5 seconds to run it.


C:\adb\hashcat-0.48>pause
Press any key to continue . . .

Problem running Hashcat

December 29, 2014, 5:06 pm
$
0
0
Hello there, I'm new here. So I wanted to try GPU cracking and I'm having problem running oclHashCat.

My Graphic Card is:
AMD Radeon R7 240 2gb 128bit

I have Catalyst 14.12 installed.

But i still get this error:
Code:
STOP! Unsupported or incorrect installed GPU driver detected!



You are STRONGLY encouraged to use the official supported GPU driver for good re
asons



See oclHashcat's homepage for official supported GPU drivers



Also see: http://hashcat.net/wiki/doku.php?id=upgrading_amd_drivers_how_to



You can use --force to override this but do not post error reports if you do so

Newbie questions

December 29, 2014, 6:14 pm
$
0
0
Okay I was doing bit researches but cant find tutorials for oclhashcat found only for old hashcat and hashcat gui. Now i've got few questions so let me start:

  1. Can I use multiple dictionaries files at once example 20? Or is there anyway to make them in one huge ?
  2. How can i start hashcat to crack using dict only?
  3. Are these encryptions supported: md5(md5($salt).md5($pass)) - MyBB & sha1($salt.sha1($salt.sha1($pass)))??
Search

Wordlists (Tips and Tricks)

December 29, 2014, 8:35 pm
$
0
0
In another thread, epixoip posted this quote:
Quote:...And remember, quality over quantity. Most wordlists you download from the Internet are going to be pure garbage...

This started a few PM's back and forth, and with epixoip's permission, I'm turning the discussion into a public thread in hopes of helping myself and others.

epixoip Wrote:...Real-world passwords make the best wordlists, so the easiest way to clean your wordlist is to simply download a bunch of public leaks, run your wordlists through them, and then only save the passwords that were found in those leaks as the new wordlist.

Then you can "unrule" this list by "unapplying" best64.rule (this is kind of difficult) so that when your list is run with best64.rule, you re-create the same plains + more.

That's the simplest approach.

I have actually been doing that, or close to it. I'm thinking of two lists actually. First is the raw captures, unfiltered. This I use for generating an hcstat file. I'm debating whether to leave the duplicates (not introducing them intentionally though) simply to give more weight to more common "words".

The second, I remove the 1-4 digits and the beginning and end and lowercase everything, and remove duplicates. This becomes my attack dictionary.

epixoip responded:
Quote:You absolutely want to leave duplicates. It's extremely important to have duplicates.

Usually I trim out everything < 6 chars, with the exception of my "Top X" wordlists which are unaltered and probabilistically ordered.

The leaving of duplicates, is that for the "generate an hcstat file" list, the attack list, or both?

As for the <6 characters, I'm on the fence about that. For instance, I've been practicing on the mayhem list. I've found several passwords, including:
  • Swamp8861
  • Scrap1932
  • Pilot8969
just to name a few. There are more examples.

All of these are <6 character words with 4 digits appended. Doing a simple hybrid attack where I append 1-4 digits is easy. But the base words, swamp, scrap, pilot, etc. are all less than 6 characters. If I filter them out, the hybrid would miss these passwords.

I could do a mask ?u?1?1?1?1?d?d?d?d and pick them back up. I'd love to hear thoughts on this from more experienced hash crackers on which approach is better, plus any other tips and tricks for creating a great wordlist(s).

Comments on UNHash talk at 31c3

December 30, 2014, 3:18 am
$
0
0
For those who haven't seen it, here's a link to the talk:

http://mirror.netcologne.de/CCC/congress...ing_hd.mp4

My comments on this:
  • The first 10 minutes is mostly about default password stuff
  • Default password stuff is mostly interessting for pentesters, not so much for forensics
  • UNHash specific background seem to start at ~ 10:20
  • I disagree, you can't crack (preimage) MD5 with only pen and paper (10:48)
  • Agree, don't use brute-force for slow hashes (11:15)
  • How can you crack passphrases? Easy, with PRINCE (11:39)
  • UNHash introduces new rule syntax (11:46)
  • A candidate generator should be able to produce non-english passwords, too (12:45)
  • Agree, machine learning algorithm will fail for passwords (13:26)
  • Postgres involved in this?! For large wordlists > 100 billion this propably will fail (14:56)
  • Writing classifier is bad as it takes time and personal that knows about syntax (17:30)
  • My gutfeeling tells me problems with escaping is preprogrammed (18:00)
  • Theres no specific benefit for UNHash to use any wordlists you like. That's true for nearly all candidate generators (hashcat, prince, jtr, ...) (20:15)
  • It would be interessting to know how fast UNHash can produce new candidates as this is one of the most important factors in password cracking (21:00)
  • Author announced details about comparison but either he didn't do it or I missed it (21:21)
  • Meassurement of guessing efficiency is still not standartized, but it's obvious is will go more into the guesses/cracks direction than it goes into time/cracks as this will work for all algorithms

My impression is that UNHash is near to tools like wordhound, they could be called preprocessors.
I somehow missed the link how the talk on default passwords on the start is related to UNHash.

Dictionary Attack batch

December 30, 2014, 5:12 am
$
0
0
Hello everyone i got tired of entering over and over manually options and other for hashcat Dictionary attack, so i've made simple bat script and wanted to share it with you:
Code:
@echo off
title "Dictionary Attack ~ K3yW0rm"
set /P hashtype=Enter hash id you are willing to crack:
set /P hashfile=Enter your hash filename:
set /P hashdict=Enter location of your dictionaries:
set /P hashfound=Enter name of found file:
Pause
IF "%hashtype%"=="" (
set hashtype=0
)
IF "%hashfound%"=="" (
set hashfound=%hashfile%_found
)

oclHashcat64.exe -m %hashtype% -a 0 %hashfile%.txt %hashdict% -o %hashfound%.txt --outfile-format=3 --remove

Save it as .bat

Run .bat and enter id of encryption or leave blank for plain Md5(0)
After that it will ask you for your hash file name enter only file name so example my hash file is "hashes.txt" i will enter only "hashes"
Next it will ask you for your Dictionaries location.
And last it will ask you for found passwords location, you can leave it blank and it will save it as your hashfile_found.txt Smile

Have fun.

Need to find X in SHA1[(AES-128(X)]

December 30, 2014, 6:13 am
$
0
0
Hi

This is the problem I am trying to solve:

Please take you birthday (day and month) in hexadecimal form. Find message X that SHA1[(AES-128(X)]=0x[18 arbitrary bytes][day][month]. AES key is 0x00000000000000000000000000000000.
For example, if you birthday is January 10th, please find X, that SHA1[AES-128(X))]=0x[18 arbitrary bytes]1001.

I am quite noob to working with problems like this so I was hoping someone could explain how exactly am I supposed to work this out.

Sorry for the vague question but I don't really know what to exactly ask either.
Thanks!

AMD GPU driver installed but not detected

December 31, 2014, 1:50 pm
$
0
0
Hi there,

I am getting this error although I installed the latest amd driver 14.12
Quote:AMD users require Catalyst 14.9 or later
Since 14.12 is higher than 14.9 it should work. Why do I get this message?

[Image: oclhci5uox.png]

Using "--force" is working. But I have problems with rules because they are read by oclhashcat but are not applied successfully.

E. g.:
rule "l" for lowercase is active,
password in dict is "paSSWOrd",
real password to crack is "password"

So oclHashcat should lowercase all chars but it doesn't work. Sad
Changing "paSSWOrd" to "password" in dictionary and remove the rule --> it's working.

This is my start command (currently with --force):
oclHashcat64.exe -m 2500 capture.hccap -r "rules\rule.rule" "dicts\dict.txt" --force

Any ideas?

Thank you very much
Viewing all 7816 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>