hashcat
advanced password recovery

d0znpp · 08-06-2012, 12:39 AM

Hi all,
I'm use oclHashcat-lite-0.10 with HD6990 on Debian sid.
Need to brute md5($salt.$pass) hash, but could not find it in hash types ;(
Salt is 12345678
Pass is 8 bytes of [a-Z0-9]

First solution to brute it:

Code:

./oclHashcat-lite64.bin --gpu-accel 800 --gpu-loops 1024 --gpu-temp-disable --outfile-watch 0 --restore-timer 0 --custom-charset1 ?l?d?u --hash-type 0 'aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa' SALT1234?1?1?1?1?1?1?1?1

Got low speed (~370M/sec), while salt has 4 byte or more.

While salt has 3 bytes speed is ~8600M/sec

While salt has 1-2 bytes speed is ~10800M/sec

Second trick to brute:

Code:

./oclHashcat-lite64.bin --gpu-accel 800 --gpu-loops 1024 --gpu-temp-disable --outfile-watch 0 --restore-timer 0 --custom-charset1 ?l?d?u --custom-charset2 SALT1234 --hash-type 0 'aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa' ?2?2?2?2?2?2?2?2?1?1?1?1?1?1?1?1

Speed is ~10800M/sec

How to set --pw-skip to skip false combinations?
I can not understand in what sequence will move the characters from the ?2 charset

undeath · 08-06-2012, 12:59 AM

you can try the OSC hash mode.

d0znpp · 08-06-2012, 01:00 AM

(08-06-2012 12:59 AM)undeath Wrote: you can try the OSC hash mode.

i'm sorry. What is OSC?

Quote:MD5
md5($pass.$salt)
Joomla
SHA1
nsldap, SHA-1(Base64), Netscape LDAP SHA
sha1($pass.$salt)
nsldaps, SSHA-1(Base64), Netscape LDAP SSHA
Oracle 11g
MSSQL(2000)
MSSQL(2005)
MySQL
MD4
md4($pass.$salt)
NTLM
Domain Cached Credentials, mscash
SHA256
sha256($pass.$salt)
descrypt, DES(Unix), Traditional DES
SHA512
sha512($pass.$salt)
SL3
Cisco-PIX MD5
Double MD5
vBulletin < v3.8.5
vBulletin > v3.8.5
IPB2+, MyBB1.2+
LM
Oracle 7-10g, DES(Oracle)

undeath · 08-06-2012, 01:26 AM

uhm, sorry. Seems like OSC is not supported by lite. Due to the way lite works you should not use a mask like 12345678?1?1?1?1 ... because lite relies on the first part of the plaintext not to be fixed. Else you will get very low speed. Better use plus for this job.

d0znpp · 08-06-2012, 01:31 AM

OSC is md5($pass.$salt)
i need md5($salt.$pass)

any suggestions?

undeath · 08-06-2012, 01:58 AM

OSC is md5(salt.pass), however it is not supported by lite. Read my other post.

d0znpp · 08-06-2012, 02:28 AM

OSC is md5($pass.$salt), not md5($salt.$pass) and $salt has only 2 bytes.
Try oclHashcat-plus to understand that.

M@LIK · 08-06-2012, 03:44 AM

3947a147feac6b17e0937edbcd5bdff3:12:osCommerce
f63f4265660e1e80a27cfe7f97eba23d:c6:hashes
9e976555d232c95b69de92478c67389f:f6:are
5d3b86659593f8154ea272476c19f0f1:27:md5($salt.$pass)
ecec4eea1802097a51c2609f73ae9f3c:ca:!!

d0znpp · 08-06-2012, 04:06 AM

Hmm. Really strange Wink

But anyway my salt has 8 bytes, not 2.

mastercracker · (This post was last modified: 08-06-2012 04:12 AM by mastercracker.)

(08-06-2012 04:06 AM)d0znpp Wrote: Hmm. Really strange

But anyway my salt has 8 bytes, not 2.

Just make a rule to prepend your salts to every password and use plain MD5 (-m 0) with oclhashcat-plus. However, this will cover only password from 1 to 7 characters. If you truncate your salt and put part as salt and part in the rule file you can increase it to 9 characters (using -m 21) but it starts to be a lot of trouble. From what I have understood, the next version of -plus will have generic mode again that you will be able to use.

hashcat advanced password recovery

hashcat
advanced password recovery