Quantcast
Channel: hashcat Forum - All Forums
Viewing all 7673 articles
Browse latest View live

cracking DES with fixed plaintext

March 24, 2015, 2:37 am
$
0
0
Hello everyone,
I'm trying to create rainbow table to cracking DES.
I have a fixed plaintext P, given a ciphertext the task is finding key that was used to encrypt P.
I already read about Hellman, DP, rainbow table method, and i tend to create rainbow table. I've figured out parameters for my table.
But, my problems now is none existing implementation that support to build it (as my search).
Does anyone have an idea?
Thanks for reading.
Search

How to run Hashcat on mac osx 10.6.8 32bit?

March 24, 2015, 5:19 am
$
0
0
Anyone can help me to understand how I can run Hashcat on mac osx 10.6.8 32bit? Thank you.

Mixing GPU Series [ATi]

March 24, 2015, 7:37 am
$
0
0
Does hashcat take advantage of mixed cards on a single system.
Say for example I were to add a R9 280X to my current rig.

So in total I would have
5830
5830
R9 280x

How will this be handled by the OS and by hashcat. I would not be mixing vendors simply series.

My hybrid is not working

March 24, 2015, 3:53 pm
$
0
0
Hi,

I have noticed, that hybrid (dict + ?d?d?d?d) attacks seem not to give any luck... so I decided to check if it is working at all.

1/ I hashed pass999z

md5(pass999z)=aab61febc2d4e4535163680ba3b10320

2/ I ran:

cudaHashcat64.exe -a 6 -m 0 --session=all -t 28 --potfile-disable -w 3 --gpu-temp-abort=85 --gpu-temp-retain=80 "R:\TEMP\tmp749A.tmp" "R:\TEMP\pass.txt" ?a?a?a?l

Where pass.txt contanins only "pass".

Hash found.

3/ I ran


cudaHashcat64.exe -a 6 -m 0 --session=all -t 28 --potfile-disable -w 3 --gpu-temp-abort=85 --gpu-temp-retain=80 "R:\TEMP\tmp749A.tmp" "R:\TEMP\pass.txt" ?a?a?a?a

(last letter changed from a to l)

Hash not found...

4/ I ran

cudaHashcat64.exe -a 6 -m 0 --session=all --potfile-disable -w 3 --gpu-temp-abort=85 --gpu-temp-retain=80 "R:\TEMP\tmp749A.tmp" "R:\TEMP\pass.txt" ?a?a?a?a

(removed -t 28)

Hash found, however it took quite some time, not so ultra fast as previously.

Cuda hashcat 1.35, windows, gtx 970. Let me know what may be the thing here. I though Markov shouldn't narrow the number of combinations, and here it seems it does and it does omit some of them.

I guess I was wrong ? Smile That would quite expect all these foundless nights :-D

HashCat - Current Cluster setup?

March 24, 2015, 7:55 pm
$
0
0
all, I have a bunch of high end HP Servers multi-core blades I can use for a while. I have been playing with OCLHashcat with a mutli-GPU setup at home, but thought if I could leverage a cluster with the CPU's multi-core xeon's it would be good. Everything I have come across appears to be a couple of years old.

any information would be greatly appreciated.

How To Update Hashcat On Kali?

March 25, 2015, 2:36 am
$
0
0
Whenever I type "hashcat" in the terminal, it always says you're using an outdated version, how to update it?

Windows hashcat unrecognized hash

March 25, 2015, 2:00 pm
$
0
0
I want to try to decrypt a Citrix Netscaler password but it gives me an error saying that the hash does not exist (Code 8100) according to the example_hashes page.

Whats wrong?
Here is my code:
Code:
hashcat -m 8100 -a 0 -o C:\cracked.txt C:\hashes.txt C:\wl

Short Wordlists with 8 GPUs

March 25, 2015, 11:06 pm
$
0
0
I have an 8 GPU cluster running GTX 980 GPU's. When I use a small wordlist it only uses a single GPU. I'm using large lists of hashes (100K or more) and it takes about 36 minutes and I'd like to use multiple GPUs to speed this up. I've read this:

https://hashcat.net/forum/thread-4161.html

I've tried the suggestion to pipe in the wordlist but that makes no difference to hashing speed and it still uses a single GPU.

Is there a way to get cudaHashcat to use all GPU's when using a small (10,000 word) dictionary? I've tried the above suggestion which just says to pipe in the wordlist, but that makes no difference. Hashing speed is the same and it still uses only one GPU.

The only option I can think of is to break a large number of hashes into smaller blocks and run 8 cudaHashcat processes and use -d option to specify GPU to balance load.

I'm using v1.35. Here's an example command line:

Code:
cat 10kpasswds.txt | cudaHashcat64.bin -m 400 -w 3 hashes.txt --session mysess1

Thanks very much for any help and thanks for an amazing piece of software.
Search

How to crack a password in this way with hashcat ?

March 26, 2015, 1:41 am
$
0
0
Hello, I am trying to crack a password which is from a HTTP Authorization header.

I don't know anything about the password and I don't have the hash value of the password, but I have the username, realm, method, uri and the nonce.

In order to generate a HTTP client's response, it requires:
Hash 1 = username:realm:password;
Hash 2 = method:uri;
Response = Hash 1:nonce:Hash 2;

How to crack the password by reading a word list and generate a MD5 Hash value for each of the word, and then combine with the username and realm to generate a new Hash(Hash_1), so we can combine it (Hash 2 and nonce) together and generate a response, and then compare it with the given response to check whether they are they same ?

Thank you...and sorry for my bad English.

Issues with Tesla K20m

March 26, 2015, 2:49 am
$
0
0
Hello, I'm having some issues with cudaHashcat v1.35. The error message is cuModuleLoad() 209

I'm using a Tesla K20m on a Windows Server 2008 R2. I'm using the Nvidia Driver 340.84 (http://www.nvidia.com/download/driverRes...8297/en-us) which seems to be the latest driver available for Tesla K20m.

I've been able to run cudaHascat v1.30 without any problems (However i have to change the system date to run it...).

Any ideas about how i can solve this issue ?

Thanks in advance for the help Smile
----------------------------------------------------------------

Here is an example of hashcat execution with the error message:
cudaHashcat64.exe -t 32 -a 7 example0.hash ?a?a?a?a example.dict
cudaHashcat v1.35 starting...

WARN: NvAPI_EnumPhysicalGPUs() -6 NVAPI_NVIDIA_DEVICE_NOT_FOUND

Device #1: Tesla K20m, 4799MB, 705Mhz, 13MCU

Hashes: 6494 hashes; 6494 unique digests, 1 unique salts
Bitmaps: 10 bits, 1024 entries, 0x000003ff mask, 4096 bytes, 17/7 rotates
Applicable Optimizers:
* Zero-Byte
* Precompute-Init
* Precompute-Merkle-Demgard
* Meet-In-The-Middle
* Early-Skip
* Not-Salted
* Not-Iterated
* Single-Salt
* Scalar-Mode
* Raw-Hash
Watchdog: Temperature abort trigger disabled
Watchdog: Temperature retain trigger disabled

ERROR: cuModuleLoad() 209

des / 3des question

March 26, 2015, 7:59 am
$
0
0
Hi,

I understand that Hashcat is a tool for solving hashes, really fast by the looks of it. And I'm into RFID security, where I get to deal with the underlying crypto-algos. At the moment three algos is kind of interesting, DES/3DES/AES to me.

I my world, I've both plain & enc messages. Kind of easy, no salts nor nothing. Just encrypted 8bytes, and I want to use the interesting ideas used from modern pwd breakers like Hashcat, to reverse the key. Bruteforce is raw by nature.

What I'm looking for is sourcecode or a way being able to use the ideas & speed of Hashcat for my purposes. I stumbled here after I read the link below. I thinking in terms of calling Hashcat dll to provide with a possible solution. How do I do that? Making a new "-m " type? plugin?



REF:
http://www.reddit.com/r/crypto/comments/...ruteforce/

Which is still bruteforce,and the link is down. Sad

Question about keyspase

March 26, 2015, 11:25 am
$
0
0
result for --keyspace ?l?d:
v.1.31 - 260
v.1.35 - 10.
Is it error or I must modify my script
for distributed broot-force?
Script for 1.31 for 10 nodes:
-s 0 -l 26
-s 26 -l 26
...
-s 234 -l 26.

WPA Combination attack (skipping passwords)

March 26, 2015, 2:17 pm
$
0
0
I'm using A combination attack that uses 2 dictionaries but it may combine passwords with less than 8 characters length which are meaningless in WPA... how can i make the attack skip these cases?.

just made a search in the forum, I read somewhere that hashcat skips then automatically when using WPA, but I have 24h+ testing this attack and in the status hashcat says 0.00% skipped password... which makes me wonder is it really skipping them?


can anyone confirm? and if that's the case how can i make hashcat to skip them.


Thx in advance.

INFO: removed 1 hash found in pot file

March 26, 2015, 2:22 pm
$
0
0
i run this command :

oclHashcat64.exe -a 6 -m 21 --session=all -p : --force -o "C:\found.txt" --outfile-format=3 --remove -w 2 --gpu-temp-abort=80 "C:HASH.txt" "C:\wordlist.txt" E:\mask.txt

INFO: removed 1 hash found in pot file


how i can save this removed hash in a file please..

Doesn't create output file

March 27, 2015, 6:48 am
$
0
0
I run this command:

Code:
cudaHashcat64.exe --outfile=result.txt --outfile-format=1 -m 10500 -a 3 outpdf.txt ?u?u?u?s?u

and I get this output:

Code:
cudaHashcat v1.35 starting...

Device #1: GeForce GT 630M, 1024MB, 950Mhz, 2MCU

Hashes: 1 hashes; 1 unique digests, 1 unique salts
Bitmaps: 8 bits, 256 entries, 0x000000ff mask, 1024 bytes, 0/1 rotates
Applicable Optimizers:
* Zero-Byte
* Not-Iterated
* Single-Hash
* Single-Salt
* Brute-Force
Watchdog: Temperature abort trigger set to 90c
Watchdog: Temperature retain trigger set to 80c
Device #1: Kernel ./kernels/4318/m10500.sm_21.64.ptx
Device #1: Kernel ./kernels/4318/markov_le_v1.64.ptx
Device #1: Kernel ./kernels/4318/amp_a3_v1.64.ptx

INFO: removed 1 hash found in pot file


Session.Name...: cudaHashcat
Status.........: Cracked
Input.Mode.....: Mask (?u?u?u?s?u)
Hash.Target....: $pdf$4*4*128*-1028*1*16*5a3[CUT HERE]19c876
Hash.Type......: PDF 1.4 - 1.6 (Acrobat 5 - 8)
Time.Started...: 0 secs
Speed.GPU.#1...:        0 H/s
Recovered......: 1/1 (100.00%) Digests, 1/1 (100.00%) Salts
Progress.......: 0/0 (100.00%)
Skipped........: 0/0 (100.00%)
Rejected.......: 0/0 (100.00%)
Restore point..: 0/0 (100.00%)
HWMon.GPU.#1...:  0% Util, 49c Temp, N/A Fan

Started: Fri Mar 27 14:45:49 2015
Stopped: Fri Mar 27 14:45:50 2015

and the results.txt file is empty. Why?
Search

HD Radeon 5870 broken driver

March 27, 2015, 6:33 pm
$
0
0
Heya.

I reactivated my both GPU's.

MSI R5870 Lightning
Sapphire Radeon 5870

both with the latest Drivers - Catalyst 14.12 and put in Crossfire mode.

When I start up Hashcat I get the first weird thing showing:

Code:
Device #1: Cypress, 1024MB, 900Mhz, 20MCU
Device #2: Cypress, 1024MB, 900Mhz, 20MCU

The MSI one has 900Mhz which is correct, but the other one isn't an overclocked one so it should have 850Mhz. Weird but OK.

But my real problem is the following a few lines below.

Code:
ATTENTION! The installed GPU driver in your system is known to be broken!

It will pass over cracked hashes and does not report them as cracked

You can skip that message with the --force command, but I would like to know if there is a better way ( older drivers for example) to make it work properly.

An other strange problem I came across is that the actual working speed is enormous low. The normal hashing mode should be at least by 80.000 hashes per second per GPU but sometimes it shows 425 and 302 and something small like that. Does the wrong driver is problem of that error ? And Which drivers can you refer for that GPU (s) ?

Thanks in advance.

Help with Word 2010 file hash

March 28, 2015, 4:10 pm
$
0
0
Hello guys,

First time poster here, please go easy on me :-)

I've been having a problem with an encrypted Word 2010 file for a couple of days now, and it's driving me mad.

WARNING: Long story inc! Skip to the end for tl;dr!

So, a story...

One fine day a year ago I was on vacation. And took my wife's laptop, fired up Word and started writing. Yes, a real space-opera crime thriller! I was so enthusiastic about it that everyone could see it on my face and they left me alone and gave me space to write. I guess they were as much eager to get a first read on it as much as I was to write it :-)

Of course, the holiday ended and I had to get back home... work an all :-)
Another 'of course' - I had the file locked to keep it from prying eyes while I was swimming with the dolphins. File was in a Dropbox shared folder between me and my wife so I could easily pick it up later.

... and I forgot about it!

Work, stress, small child and a lot of other things preoccupied my mind and I very rarely though back. When I did, I had no time for another thought about it, let alone writing.

And then I quit my job. I decided I had enough of the high volumes of stress daily and found another one. My company let me go on a paid leave during my 'cancellation period'. The time where you're still with the company but you submitted your letter of resignation. English isn't my primary language, so forgive me for not having the correct word here :-)

Anyway, I have the time now. A lot of it. And I never imagined I'd spend a good chunk of it trying to recall of the password I set a year ago! I know it contains the (nick)names of my wife and kid, and I tried every possible combination I could think of!
'wifekid', 'wife kid', 'wife and kid', 'wifebaby', 'wife baby', 'wife and baby', 'wifeykid'.... you get the idea. I even tried 'kidwife', 'kid wife'... etc. Nothing.

Next step was computer help. I downloaded a couple of programs for recovering Word/Office passwords. Most of them commercial and trial, but it didn't bother me. Most of them will at least tell you first 3 characters, and that would get me on a good way. But they were sooo slow! Used CPU instead of GPU and as I couldn't recall of the exact number of characters, I had to go with 8-15 which was horrible.

Some of the apps had advanced filters like 'try only combinations which have all of the following: m, n, p, a, e', no capitalization, use space only from special chars. Even though I have no idea what's the exact pass, I still remember general 'feel' of the password. Should be a surprise as I typed it in a couple of times a day. A year ago :-)

So, this failed. Miserably.

Next was to try and use my help to help my computer to help me.
Freeware or not, all the apps worked with dictionary attacks well. I created a test file and used a custom dictionary - pass was found.

Then I wrote a short C program that will use two arrays. One with my wife's name and all the variations. Second one with my son's name and all the cuddle names we came up with for him. Like "wife", "honey", "sweety" for the first array and "kid", "son", "diablo" for the second. I'm using general terms here, as you noticed above, but only to protect the innocent :-)

And my program created quite an impressive list of words for dictionary attack:
Code:
wifekid
wife kid
wife and kid
kidwife
kid wife
kid and wife
wifeson
wife son
...

The more I added to the arrays, the more exponentially the wordlist grew. But I didn't care. It was processed fairly quickly, withing minutes, and I really didn't care about time. I just wanted the bloody password!

It's not about the writing any more. It's about not trying to allow myself be an idiot! OK, one could argue that train has left the station, but if I can find a way to hop on it on the next station or two, it will still take me where I need to go.

In the end, or nearly at the end, I almost gave up. I have "MS Word Recovery", as it being the fastest of all of the tested so far, running in the background. Hours passed, it's still on the 7-char password attempts. Bruteforce attack not really being configurable, but hey - it works, unlike anything so far, so let's not complain.

Then I though of Google. If you don't know it, Google surely knows who does. So I Googled who can help me help my computer to help me find the password. And HashCat popped up. Quite distinctive from the others, to be honest, on the first glance. Speficically, this thread popped up.

I had my share of fun and excitement just reading about it! People even provided a link to Python script that will get a hash of the Word file. OMG I never downloaded a program and installed it so quickly as Python engine now! Ran it, got the hash and was super-excited. But then I recalled a NirSoft app called hashmyfiles. Wondered if that might help. No, it won't Big Grin

It will give you something like this:
Code:
File    filename.docx
MD5    f99da72790974e455f2b827d6f1c4a16
SHA1    e4f547522ddef353c3ffd71c18c6f9ea28130b90
CRC32    98b5a434
SHA-256    297366ce7f7584cda0229738b96c01909dc79325542fa1ba60a2d3d6b37c6ee2
SHA-512    b54729aab2ee7c5a62bda2032c91e1e8f0c9289c3f68715996c7e1eba91ba9e97fc2a498a6e​1223767c41c7204b3c20ef79ab8846034cc1328d518c26d02a06e
SHA-384    5c765c79b3a1ab65177ef697a704fba08e300dfe4a85cc5aab8259277e2dce05f40f8ff0ba3​7f5e67b8c05bee37ec5f1

I'm just providing this in case someone needs a tool like this. All NirSoft stuff is free, like SysInternals ones.

Back on topic. I downloaded oclHahscat and tried to make it process my Word file hash. Well, I had a good 15-minute fun trying to make it run as I hoped it will. In the end I figured you don't need to say 'hash <hash>' or 'hashfile <path to file>', but just enter hash or the filename Smile Silly me, but hey! I got it working!

Oh the heart stopped as the command was accepted and started working the magic!

BTW, just checking if you are hooked on the story and asking 'what then?! what then?! Well... nothing. I apparently need to invest in my graphics card, as this one's from the time I served in military ages ago. Nvidia GeForce 8600 GT.

Oh, the error message?
"Your card sucks. Remove it from the system and use the one that doesn't".

Not sure if anything can be done about it, so here's the full output. Perhaps there's something I'm doing wrong.

Code:
C:\Users\Six\Downloads\cudaHashcat-1.35>cudaHashcat32.exe -m 9500 -a 3 $office$*2010*100000*128*16*0eba58880beeda50d9ee016b3bf4a8b4*4a641c6b793d956a1fa​6cae11cd3ba42*24e039ca2c0e882e5062eff31f8b3d83c37839a903ee44c05211fd829e4cb6ef
cudaHashcat v1.35 starting...

Device #1: GeForce 8600 GT, 256MB, 1438Mhz, 4MCU
Device #1: WARNING! Kernel exec timeout is not disabled, it might cause you errors of code 702
           You can disable it with a regpatch, see here: http://hashcat.net/wiki/doku.php?id=timeout_patch

Hashes: 1 hashes; 1 unique digests, 1 unique salts
Bitmaps: 8 bits, 256 entries, 0x000000ff mask, 1024 bytes, 0/1 rotates
Applicable Optimizers:
* Zero-Byte
* Single-Hash
* Single-Salt
* Brute-Force
Watchdog: Temperature abort trigger set to 90c
Watchdog: Temperature retain trigger set to 80c


ERROR: Shader Model 1.0 - 1.3 based GPU detected. Support for CUDA was dropped by NVidia.



       Remove it from your system or use -d and select only supported cards.

I have no idea if the regpatch to disable kernel exec timeout will help, but somehow doubt it.

So we got to the bottom line now. And also a tl;dr part :-)

Is there anyone who can help me run this hash for Word 2010?
Code:
Hash redacted - R

Rogue line break above :-)

I'll go check with my friends if someone has high end graphics car so oclHashcat will run on their GPUs, but I assume most of the people on this forum have something like that. And quite possibly much more powerful. Any help is very much appreciated at this point, even if just an advice or a suggestion.

I'm not giving up, and I'm certain I'll find the way to open the document and get my short story back. If I don't find any, I'll get an Amazon cloud server and run the bruteforce attack there and check every week for results Smile

Oh, and thanks to everyone who actually read this topic. I hope this situation is interesting to talk about :-)

hybrid dic + mask

March 29, 2015, 10:03 am
$
0
0
hello,

in (hybrid dic + mask) Attack i use :

dictionary+mask
dic?d?d?d?d

and

mask+dictionary
?d?d?d?ddic

i want to know if i can use this :

?d?d?d?dDICTIONARY?d?d?d?d

thanks

Combinator attack not recognizing -j rule

March 29, 2015, 10:46 am
$
0
0
Hi, This is my first post at the hashcat forum (after entering my first ever 16 characters long passsword to register :-)

I am trying to familiarize myself with the oclhashcat combinator attack to crack a sha256 hash. I created a sha256 hash from the following password:

Code:
chicken-wing

I have two dict which contain one of the two words.

left.dict

Code:
chicken

right.dic
Code:
wing

I used the following command to attempt cracking:

Code:
oclhashcat64.exe -m 1400 -a 1 pass.hash left.dic right.dic -j $-

Cracking attempt exhausted with not hash recovered. Can anyone advise on where I went wrong? Using osclhashcat v1.35 on windows 7

Cheers.

smart bruteforce

March 30, 2015, 5:05 am
$
0
0
i want to crack a password with this rules:
the len for the password is 8-9
the order of the letter is:
0-9: 0-3 chars
a-z:3-5 chars
A-Z: 1 char
!@#$%^ : 0-2 char

for example (Azsx@2#3)
i dont want to do a bruteforce for 0-9,a-z,A-z,!@#$%^ with len 8-9... this is a lot of years...

how can i make this rules in hashcat?

thank u
bob
Viewing all 7673 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>