Quantcast
Channel: hashcat Forum - All Forums
Viewing all 7673 articles
Browse latest View live

Oclhashcat AMD catalyst 14.9 and Kali

April 5, 2015, 5:21 am
$
0
0
Hi. I have been wrestling with this for a week. How can you run oclhashcat on kali linux? I am using a Radeon HD 7750. When I try installing Catalyst 14.9 (which it says to do in readme.txt in oclhashcat) I get an error that I am missing the 3.7 header files. Also, the AMD documentation says that you have to be running Glibc 2.2 or later. Kali has version 2.13. So if I do a forced install, I get the ELF32 error. I have even tried rolling back to kali 1.0.6, which has the 3.12 kernel. Does any one know what I am doing wrong? Do you have to be a C programmer to get this working?
Thanks
Search

Formatted/mask permutations?

April 5, 2015, 10:14 am
$
0
0
I have a hash I want to work with, and it is 13 numbers, 0-12, in random order, non-repeating, separated by hyphens, and enclosed on either side by braces.

For example:
[5-10-3-0-2-7-11-9-6-8-1-12-4]

I have already dumped all 6.2 billion combinations to a series of text files via a PHP script. After reading oclHashcat documentation today, I see it can do permutations, and it can do mask attacks. Can they be combined? An internal perm/mask attack would be worlds faster than reading in 166 GIGABYTES of text files. I cant imagine I'd get any GPU efficiency that way.

Is that type of attack possible?

Maximum length of 31? Why?

April 5, 2015, 1:13 pm
$
0
0
I deleted my original post after finding the wiki page that details the 31 character limit, but decided to repost it... it's between the dashed lines. But I have other questions/issues...

-------------------
I'm doing testing now that I got my GPU's working, and it won't crack a password. I know it's in there as I SHA1'ed the password myself and pasted it in the command line.

When I SHORTEN the password, it works.

When i crack this: 903b8b9cbd54b01dce32d0038821a7725c97806a
Which is: 8|7|9|4|2|10|6|11|12|1|0|5|13|3|14

It does not find it.

When I crack: 4845d07488575413261631f67d57e5678c5ccc8b
Which is: 8|7|9|4|2|10|6|11|12|1|0|5|13|3|1

It finds it. It finds a length 33, fails on 34. Huh?

Now I know old versions of oclhashcat had a limit of 15, but nowhere am I seeing a limit of less than 55 (found that googling somewhere).

Anyone have any idea?
---------------

So, like I said, I found the page that says it can crack a 55 character password, but, it has to be in 2 parts, and each part cant be over 31 characters. That SUCKS. I actually bought $800 in hardware today for this project I'm working on, only to find out I can't do it because of that odd restriction? To top it off - closed source - I can't just change the code (32 characters sure sounds like a bit-related limit to me).

I cant even use the combiner - I'm working with a permutation of numbers. I may have to try it with a special set of masks. Which will VAAAASTLY increase the cracking time. 13 numbers, 0-12, no repeats:

Using my permutated list:
13x12x11x10x9x8x7x6x5x4x3x2x1=6,227,020,800 possible options

Using the masks, assuming I can set a 0-12 range on a single 'character':
13x13x13x13x13x13x13x13x13x13x13x13x13=302,875,106,592,253 hashes

Forty eight THOUSAND times the work.

And this list of 13 numbers is a preliminary test, I was hoping to work with numbers up to 18 (which is absurdly high, but still reasonable if it's a permutation).

Is there ANY way to do this, or am I screwed by a programming limitation?

Can anyone think of a fancy way to make it work? I briefly thought of tables where it was split in half, but that multiples the work many times over as well.

Ugh

Help with a specific mask or rule

April 5, 2015, 1:21 pm
$
0
0
Hello everyone,

I need an help on a rule that can just take the words from a wordlist and permutate like the examples below.
(i know how to do this with masks, but not with wordlist)

1)
  • Word in the wordlist: Hello
  • Chosen digit from me: 9
  • What the plain should be:
    Hello9, Hell9o, Hel9lo, He9llo.....9Hello
<-------------
2)
  • Word in the wordlist: Hello
  • Chosen set of digits: { 9, 1, 8 } and chosen permutation maxcombination with this set: 2 ( 11,18,19,81,91,88,99,89,98)
  • What the plain should be:
    Hello19, Hell19o, Hel19lo, He19llo.....19Hello
    Hello11, Hell11o, Hel11lo, He11llo.....11Hello
    Hello18, Hell18o, Hel18lo, He18llo.....18Hello
    ....................................................
<-------------

3)
  • Word in the wordlist: Help
  • Chosen string: Ab3
  • What the plain should be:
    HelpAb3, HelAb3p, HelAb3lp .... Ab3Help
<-------------




Can someone help me?

cudaHashcat32.exe "recovered 100%"... But no password?

April 5, 2015, 8:00 pm
$
0
0
I created an MD5 hash

"hello" (without quotations)

I'm not posting the hash, because of the forum rules.

I was able to crack it though with a dictionary attack, by putting the word 'hello' within the dictionary. I wanted to test if my setup of hashcat would work.

cudaHashcat32.exe -m 0 -a 0 -o cracked.txt hashes.txt Wordlists\wordlist1.txt

Now, I wanted to run the same situation but by bruteforcing using masks.

cudaHashcat32.exe -m 0 -a 3 -o cracked.txt hashes.txt ?l?l?l?l?l

Output:

Session Name: cudaHashcat
Status: Cracked
Input Mode : Mask <?l?l?l?l?l>
...
...
...
Recovered: 1/1


My problem is, where is the password that was recovered?

HMAC-SHA1 mask

April 6, 2015, 7:03 am
$
0
0
I'm currently trying to make HMAC-SHA1 cracking work with hashcat. To make thing easier, I precomputed a digest with a known "message" and "secret".

Code:
$ echo -n "The quick brown fox jumps over the lazy dog" | openssl dgst -sha1 -hmac "key"
de7c9b85b8b78aa6bc8a7a36f70a90701c9db4d9

Basically, we know that:

secret: "key"
message: "The quick brown fox jumps over the lazy dog"
digest: de7c9b85b8b78aa6bc8a7a36f70a90701c9db4d9

Now, I want to test hashcat by cracking the secret using the mask attack mode given the digest and message.

Using the command below, hashcat wasn't able to find the key. What am I doing wrong?

Code:
$ ./cudaHashcat64.exe -m 150 -a 3 --increment --increment-min=3 --increment-max=3 de7c9b85b8b78aa6bc8a7a36f70a90701c9db4d9:"The quick brown fox jumps over the lazy dog" ?l?l?l

Quote:cudaHashcat v1.35 starting...

Device #1: GeForce GTX 750, 1024MB, 1084Mhz, 4MCU
Device #1: WARNING! Kernel exec timeout is not disabled, it might cause you errors of code 702
You can disable it with a regpatch, see here: http://hashcat.net/wiki/doku.php?id=timeout
_patch

Hashes: 1 hashes; 1 unique digests, 1 unique salts
Bitmaps: 8 bits, 256 entries, 0x000000ff mask, 1024 bytes, 0/1 rotates
Applicable Optimizers:
* Zero-Byte
* Not-Iterated
* Single-Hash
* Single-Salt
* Brute-Force
Watchdog: Temperature abort trigger set to 90c
Watchdog: Temperature retain trigger set to 80c
Device #1: Kernel c:\Users\xxx\cudaHashcat-1.35/kernels/4318/m00150_a3.sm_50.64.ptx
Device #1: Kernel c:\Users\xxx\cudaHashcat-1.35/kernels/4318/markov_be_v4.64.ptx


ATTENTION!
The wordlist or mask you are using is too small.
Therefore, oclHashcat is unable to utilize the full parallelization power of your GPU(s).
The cracking speed will drop.
Workaround: https://hashcat.net/forum/thread-4161.html


Session.Name...: cudaHashcat
Status.........: Exhausted
Input.Mode.....: Mask (?l?l?l) [3]
Hash.Target....: de7c9b85b8b78aa6bc8a7a36f70a90701c9db4d9:The quick brown fox jumps over the lazy do
g
Hash.Type......: HMAC-SHA1 (key = $pass)
Time.Started...: 0 secs
Time.Estimated.: 0 secs
Speed.GPU.#1...: 7891.0 kH/s
Recovered......: 0/1 (0.00%) Digests, 0/1 (0.00%) Salts
Progress.......: 17576/17576 (100.00%)
Skipped........: 0/17576 (0.00%)
Rejected.......: 0/17576 (0.00%)
HWMon.GPU.#1...: 0% Util, 30c Temp, N/A Fan

Started: Mon Apr 06 09:51:25 2015
Stopped: Mon Apr 06 09:51:27 2015

Suggestions for tuning options on overheating AMD 7970

April 6, 2015, 4:06 pm
$
0
0
Hi my AMD 7970 cooling isn't sufficient for running with stock settings, so I want to try throttle the card down so it doesn't overheat past 90 degrees.

I found the workload tuning options:
-n, --gpu-accel=NUM Workload tuning: 1, 8, 40, 80, 160
-u, --gpu-loops=NUM Workload fine-tuning: 8 - 1024

Right now I'm running
c:\ oclhashcat64 --hash-type 2500 --attack-mode 3 -u 1 -n 1
(Note: I suppose -u minimum is 8 even though I specified 1)
It is happily hashing away at 15k/sec.

While I know the card can do 140k/sec with good cooling, that is not an option. The case is open and ambient temp is ~70f.

I wanted to ask the community for is suggestions on how I should set my -u # and -n # settings to find a decent rate that doesn't overheat the card. What are the default tuning settings? I would like to try at 50% of the defaults and work my way up or down depending.

I tried searching but couldn't find a specific reference to this. Any help is greatly appreciated Smile

Status: Exhausted?

April 6, 2015, 8:11 pm
$
0
0
I created a wordlist with one word in it, the password I hashed.
then I put the hashed password in hashes.txt

the word was 'pikachu' (without quotation)

I ran:

cudahashcat64.exe -m 0 -a 0 -o cracked.txt hashes.txt Wordlists\wordlist1.txt

output:
cracked

My problem is, when I add more words to that wordlist of mine and change the password ('cus it's already been cracked), it just doesn't work.

I,E;

wordlist1:

Pikachu
Charizard
Pidgeotto
Charmander

Now, I hash 'Charizard'

then I run the same command;

cudahashcat64.exe -m 0 -a 0 -o cracked.txt hashes.txt Wordlists\wordlist1.txt

It tells me 'Exhausted'

What am I doing wrong?

It only works when my wordlist has the password, not when it has the password and other words in it.
Search

Suggest me some tips and good "small" wordlist for a Hybrid attack

April 7, 2015, 2:09 am
$
0
0
Lately I have realized that many dictionaries is not good , but better to focus on quality (I have around 40gb of useless dictionarys).

Now i think that the best way is to try a Hybrid attack with small wordlists with 4-5-6-7, and a digit mask (?)

Now some questions:
  • I have literally every wordlist on this planet (probably), can you now suggest some wordlist usefull with the Hybrid attack?
  • I'm working on DesUnix passw, should i also try dict+mask that try >8 characters?
  • Can you suggest some good rules over Base64?
  • For Hybrid attacks Dict+mask or mask+dict, what you suggest as mask and as dict words length? (this is the important question for me)

Whatever your help is well appreciated. Thanks!

Issues with install in debian jessie

April 7, 2015, 2:24 pm
$
0
0
I'm having issues installing hashcat in debian jessie. I have tried a tutorial that I found online, but I am having issues unzipping the files. I also tried a dpkg after download and it was the wrong file type. Any help or suggestions would be greatly appreciated.

best64.rule contest

April 8, 2015, 7:41 am
$
0
0
Just thinking... Should we do a new best64 contest or maybe just 30 rules or maybe 100? Do we need to make it entirely different?

Bottleneck, and my 31 character limit. Ideas?

April 9, 2015, 6:41 am
$
0
0
So for anyone who hasnt seen me ranting in the two other threads, I have a project I'm working on where I need to hash a very long 'password'. Thing is, it's not really that long - it's a random sequence of non repeating numbers separated by hyphens, and enclosed in brackets. So since half the characters are known, and the others have limited combinations (21 trillion vs 1.0E26 possibilities), its not that hard to hash. It just has worthless extra data in it. Right now, I'm working on 0-12, which happens to be exactly 31 characters. So I can sorta make that work (more on that in a moment).

That will grow to 14 then possibly up to 20 digits at some point.

oclHashcat has a limit of 31* which the instant I go up to 14 possibilities, its impossible.

Lets talk about 31 characters. Thats about 6 trillion lines of text, at well over a terabyte of data. Feeding that into oclHashcat, even in chunks, is slow as heck.

First question: Which of the following will help speed that up? I'm sure a SSD vs. a western digital green series drive will help tons. Thats on the shopping list. Will memory help? The machine has 8 gb of ram. I don't feel like ram would help. Am I wrong?

What about CPU? Right now the thing has a celeron in it, it used to be a mining rig. Will CPU help hashcat process the dictionary file faster? I tried to feed in a 50gb file last night and it was just... well, lets say I hit ctrl-C after a few hours.

So I tried pipes. Pipes were faster. And I could make it even faster by piping the data directly from the generation script to hashcat, once I convert it to something faster (it was a quick n dirty in PHP, not the fastest thing to be using).

But still a 31 character limit, so ok for the next 2 weeks. Not ok after that.

Which of those will help?

In another thread someone told me about the Amplification process, where you dump data into the GPU via rules (or other ways?) and it's a ton faster. Problem is, with rules, 31 character limit after the rules are processed.

So I tried masks. Which ignore the 31 character limit. Problem is, there are only 4 custom fields, and since my data is NOT random in the traditional sense, the only way to do it is to have -1 012 -2 45 -3 67 -4 98 (012 in -1 so I can mask 1?1 so it ends up 10, 11, or 12). But now, it's checking redundant data. The list will NEVER have a 2-2 or a 10-10 in it. So I can either make a TON of rules to narrow down the dupes (wasting tons of hashing speed constantly reloading the rules) or make less rules, and hash 800trillion hashes instead of 21. Ugh.

Then there are combinations - which also ignore the 31 character limit. Problem is I am then faced with: Make 40,000 different left/right lists (to avoid duplicating hashes) and lose speed loading a list thats hashed in half a second, or unbalance it - make one side huge, and the other only 1-3 numbers. It will be much more GPU efficient that way. But then by unbalancing - say when I'm up to 14, 15 or god forbid 20 numbers, the list becomes impossible and MUST be piped.

Oh, shit. You can't pipe combination attacks.

It's like everything I try is roadblocked somehow. Karma doesn't like me or something.

Oh, had a great idea last night. Named pipes! Make a FIFO file, dump the data into it, and let hashcat read it like a disk file! Speed of pipes, no need for static files, can combo attack it!

Nope. Hashcat reads it as a 0 byte file and errors out.

UGH.

So, given my two problems, anyone her have any ideas? I'm sure a SSD will help. Will ram? CPU?

Any ingenious ideas on how to make a combo attack use pipes? Or how to mask more than 4 custom fields? Or, well, ANYTHING?

I invested in hardware to take on this job, not realizing how many limitations designed specifically to irritate me (in jest, but damn it feels like it!) I'd face.

I'll beg? Smile

Best gpu for $250 or lower

April 9, 2015, 6:29 pm
$
0
0
I was thinking about the raedon 7970 but I read alot of reviews of it getting hot, which is the best for hash cracking md5 types salted and all? Please let me know as I am running a nvidia gti 550 ti lol I Want to upgrade asap and once I get some opinons I am buying it today so I would like to know thank you!

Rule shortcut

April 9, 2015, 7:38 pm
$
0
0
I've noticed in several lists I've been working on lately, I see several email addresses used as passwords. I suspect there are more than what I've found.

I'd like to write a rule to append some common domains to my wordlists. Looking through the wiki, the closest thing I can find is the ? (Append Character) function. However, that only works for 1 character.

Is there a shortcut to append multiple characters or do I have to write a rule, for example append @me.com, like: $@$m$e$.$c$o$m

strange output statsprocessor

April 10, 2015, 2:03 pm
$
0
0
hey all,
i wanted to check the kind of passwords oclhashcat would be checking when i do a bruteforce for a 10 digit hex password so i put this in statsprocessor and got some strange output after the first 15 lines:

statsprocessor-master/src/sp64.bin --custom-charset1=?dabcdef --hex-charset --pw-min=10 infinitum10digithex2.hcstat | head -n 20

... (i cut the first lines to make the post shorter)
3531ea4226
3531
3531!
3531"
3531#
3531$

i have tried with 2 different hcstat files generated from 2 different 10 digit hex dictionaries one of which i hand made, and i have tried with only --hex-charset and only --costum-charset1=?dabcdef and as you see above with both. all the same.

if anyone here can see if i do something wrong please let me know.

thanks.
Search

Error: cuModuleLoad() 209

April 12, 2015, 5:17 am
$
0
0
I'm new to hashcat and cracking in general and I really got no idea what I'm doing wrong:

Os: windows 7 64 bit ( running 64 bit cudahashcat )
GPU: gtx 420M with the latest drivers
I'm trying to crack (non salted) md5 hashes

this what I use to run it:
C:\Users\Name\Desktop\cudaHashcat-1.35\cudaHashcat64.exe -m 0 -a 0 C:\Users\Name\Documents\Hashes\hashes\hashedpass.txt C:\Users\Name\Documents\Hashes\wordlist\* -o C:\Users\Name\Documents\Hashes\cracked.txt --outfile-format=3

screenshot:
[Image: ic4RTff.png]

bug in 1.35?

April 12, 2015, 4:03 pm
$
0
0
I hadn't noticed 1.35 was out, so I just downloaded it. I have been using 1.33. But when I ran 1.35, it didn't recover anything, while the same run with 1.33 did. Here are the command lines.

First I ran 1.35:

Code:
C:\<snip>\hashlist>..\cudaHashcat-1.35\cudaHashcat64.exe -a 0 -m 0 --remove -o 32found.txt 32_left_split_5.txt ..\wordlists -r rules\best64.rule --session=5md5best64

Hashes recovered = 0

Then, without changing anything (other than cudahashcat version; I used command history and just changed the 5 to a 3), I ran 1.33:

Code:
C:\<snip>\hashlist>..\cudaHashcat-1.33\cudaHashcat64.exe -a 0 -m 0 --remove -o 32found.txt 32_left_split_5.txt ..\wordlists -r rules\best64.rule --session=5md5best64

Hashes recovered = 294

I repeated this with a different ruleset and got roughly the same results: 1.35 first - 0 recovered, then 1.33 - 6 recovered.

Is this a bug in 1.35 or did something change between 1.33 or 1.35?

Email passwords ruleset v0.1

April 12, 2015, 9:32 pm
$
0
0
I've been trying my hand some of the hashes.org hashes, and notice some are email addresses. That actually makes sense. An email address will (usually) meet the length requirement, and the "@" and "." meet the special character requirement. Throw in a number and with the lowercase letters, you have characters from 3 different sets meeting that requirement, yet easy to remember. Dumb if the password is the actual email address, but you can't cure stupid.

So I went about collecting some common email domains, then turning them into rules. While I was at it, I thought combining this with the best64 rules would increase the power of my wordlists.

Unfortunately, this does have one drawback. oclhashcat rules are limited to 15 functions. Any domain name with more than 15 characters (including the "@") would be ignored by oclhashcat, and even smaller ones when combined with best64. However, hashcat (cli) works fine for all rules. oclhashcat will only work with some of these rules.

I've attached two files. The email domain list and the resulting ruleset after combining them with best64. Any suggestions for domains I should include are welcome.

So far, rockyou seems to be the best wordlist I've used with these rules. The unabridged english dictionary didn't find anything, nor did the 10,000 most common passwords. Testing is still continuing...

A special thanks to epixoip and coolbry95 for their invaluable advice that helped me get this going.

.txt  email_domains.txt (Size: 420 bytes / Downloads: 7)

.txt  email2.rule.txt (Size: 103 KB / Downloads: 8)

Effective rules

April 13, 2015, 9:05 am
$
0
0
I started off with two rules. One comes with oclHashcat - the other I wrote myself. I then compiled a
huge list of MD5 hashes from the InsidePro forums to use as my target/testing hash list.

For the base dictionary, I merged/sorted/removed dupes between the rockyou dictionary
and passwords from the recent 10 million combo leak. The final dictionary can be downloaded
here for the curious.

I ran my two rules against these hashes with this dictionary and these were the results.

Code:
passwordspro.rule (~3300 rules) - 42.52%
tony.rule (~5500 rules) - 49.44%

I outputted all rules that had a match into a file called match.rule. I then sorted
this file based on occurence and made the following rules out of it. The different sizes could
be useful if time is of essence and/or the hashing algorithm is slow. You could also obviously
head the amount of rules that you want from the top_5000.rule instead.

I done some testing on the same list, and these were the results.

Code:
no rules      - 14.67% found
best 64       - 17.71% found
top_250.rule  - 36.14% found
top_500.rule  - 39.64% found
top_750.rule  - 41.91% found
top_1500.rule - 45.76% found
top_3000.rule - 48.77% found

I realize that the rule set will be kind of biased towards this specific list since it was created
using found passwords from this list. So for further testing, I compiled a list of 1 million hashes
using random passwords from a totally separate HQ cleartext (not cracked!) password leak. These
were the results.

Code:
$ shuf ***.dic | head -n1000000 > random.dic
$ ./md5gen random.dic > random.lst

Code:
no rules      - 8.23%  found
best 64       - 31.42% found
top_250.rule  - 42.97% found
top_500.rule  - 48.16% found
top_750.rule  - 50.97% found
top_1500.rule - 55.80% found
top_3000.rule - 60.59% found


The rules can be downloaded here.

bug in v1.31 to v1.35 on brutforce ?

April 13, 2015, 3:38 pm
$
0
0
Hi I use this line in oclhashcat v1.01 SHA1($pass.$salt) and work correct on r9 290x(gpu card drivers 13.xx) and I try run this on new oclhashcat that are on page from v1.31 to v1.35(gpu card drivers 14.9) and all workspace calc and nothing finded, I get know code algo to know where is password , but again all workspace gone and nothing fineded , on all this new version this is bug or something changed that I not find on wiki ??


here are command line that I use:
oclHashcat64 -1 ?d -m 110 -a 3 ?1?1?1?1?1?1?1?1?1?1?1?1?1?1?1 -n 400 -i --hex-charset --hex-salt --status --status-timer=60 --outfile-format=3 --outfile=password1.txt

next I mod it but should work too but still nothing:

oclHashcat64 -a 3 -m 110 ?d?d?d?d?d?d?d?d?d?d?d?d?d?d?d -w3 --hex-charset --hex-salt --status --status-timer=60 -i --outfile-format=5 --outfile=password1.txt
pause


Hash and salt are 100% ok like I write I use too know pass hash and salt and too not calc nothing.

Password is from 8 to 15 digits max.
Viewing all 7673 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>