Thread Rating:
  • 0 Votes - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
vBulletin: md5(md5($pass).$salt) - command line ?!
05-14-2010, 11:40 AM (This post was last modified: 05-14-2010 11:41 AM by vector.)
Post: #1
Question vBulletin: md5(md5($pass).$salt) - command line ?!
I try these:

oclHashcat.exe -m 5 vb3_hashes.txt example.dict ?d

oclHashcat.exe -d 1 -n 8 -m 5 vb3_hashes.txt example.dict ?d

the hashes in vb3_hashes.txt are in format hash:salt

the programme responds this:

Code:
Digests: 2 entries, 2 unique, 0Mb
Salts: 2 entries, 2 unique, 0Mb
Loaded: example.dict (129988)
Maskprocessor: ?d (10)
Summary: 1299880 combination
Platforms: 1
Vendor: NVIDIA Corporation (1 matched)
Kernel: oclHashcat_4_4318.kernel (227254 bytes)
Device #1: GeForce 9800 GTX/9800 GTX+, 511MB, 1836Mhz, 16MCU
WARNING: words in wordlist_right < 128. Can't gain full performance
[s]tatus [p]ause [r]esume [q]uit =>
Threads...: 1, running
Speed.GPU1: 49.30M/s
Speed.GPU*: 49.30M/s
Recovered.: 0/2 Digests, 0/2 Salts
Progress..: 1299880/1299880 (100.00%)
Running...: --:--:--:--
Estimated.: --:--:--:--

Started: Fri May 14 12:31:24 2010
Stopped: Fri May 14 12:31:25 2010

The result is no found passwords !? The same passwords but in MD5 are found ! What I do wrong ?

And one more question - is there option for SIMPLE wordlist (dictionary) attack , NOT combined with any mask attack ?

Thanks in advance !
Find all posts by this user
05-16-2010, 12:00 PM
Post: #2
RE: vBulletin: md5(md5($pass).$salt) - command line ?!
(05-14-2010 11:40 AM)vector Wrote:  The result is no found passwords !? The same passwords but in MD5 are found ! What I do wrong ?

i dont see the problem. you are going to test only 129988 combinations, which requires less than a second. so you're just finished.

(05-14-2010 11:40 AM)vector Wrote:  And one more question - is there option for SIMPLE wordlist (dictionary) attack , NOT combined with any mask attack ?

for plain dictionary attack, use the cpu-based version: hashcat
Visit this user's website Find all posts by this user
05-17-2010, 10:07 AM (This post was last modified: 05-17-2010 10:59 AM by vector.)
Post: #3
RE: vBulletin: md5(md5($pass).$salt) - command line ?!
(05-16-2010 12:00 PM)atom Wrote:  
(05-14-2010 11:40 AM)vector Wrote:  The result is no found passwords !? The same passwords but in MD5 are found ! What I do wrong ?

i dont see the problem. you are going to test only 129988 combinations, which requires less than a second. so you're just finished.

(05-14-2010 11:40 AM)vector Wrote:  And one more question - is there option for SIMPLE wordlist (dictionary) attack , NOT combined with any mask attack ?

for plain dictionary attack, use the cpu-based version: hashcat

Thank you for the answer !
OK finaly I found where I`m wrong Wink

Can I request plain dictionary attack for oclHashcat I think this is extremely useful feature especially for the salted hashes ?
Find all posts by this user
05-17-2010, 11:04 AM
Post: #4
RE: vBulletin: md5(md5($pass).$salt) - command line ?!
vector Wrote:Can I request plain dictionary attack for oclHashcat I think this is very useful future especially for the salted hashes ?

it depends. if we are talking about plain MD5/SHA1 (salted or not), it will be comparatively slow. better use cpu-based version hashcat.

on hashes which require a lot of cycles (phpass, md5(Unix)) it is maybe usefull to have plain dictionary attack. but there are only a few and they are currently not supported by oclHashcat. so i have currently no plans to add them.
Visit this user's website Find all posts by this user
05-18-2010, 04:26 PM (This post was last modified: 05-18-2010 04:26 PM by vector.)
Post: #5
RE: vBulletin: md5(md5($pass).$salt) - command line ?!
(05-17-2010 11:04 AM)atom Wrote:  so i have currently no plans to add them.

lol, actually this is a very pity!
Find all posts by this user
05-19-2010, 07:31 PM
Post: #6
RE: vBulletin: md5(md5($pass).$salt) - command line ?!
I have one more question - what is the maximum number of salted hashes that oclHashcat PRACTICAL supports in multihash work ?

I load ~96 000 hashes list and start brutе-force attack but receive this:

Code:
Threads...: 1, running
Speed.GPU1: 0.00M/s
Speed.GPU*: 0.00M/s
Recovered.: 0/96686 Digests, 0/89927 Salts
Progress..: 0/1000000 (0.00%)
Running...: 00:00:07:24
Estimated.: --:--:--:--

The programme jam or the speed is incredibly slow I`m not sure ...
Find all posts by this user
05-19-2010, 07:56 PM
Post: #7
RE: vBulletin: md5(md5($pass).$salt) - command line ?!
I guess it's still working but the speed is to low to display it.
Find all posts by this user
05-27-2010, 09:26 AM
Post: #8
RE: vBulletin: md5(md5($pass).$salt) - command line ?!
k9 is correct. but i admit, 0.00M/s can confuse a bit. so i planned to change speed-display in the next release v0.20 a bit. speed display will be more user-friendly so that it dynamically recalculates the value to x.xx/s, x.xxk/s or x.xxM/s depending on its speed.
Visit this user's website Find all posts by this user
01-31-2011, 06:14 PM
Post: #9
RE: vBulletin: md5(md5($pass).$salt) - command line ?!
this has been implemented in oclHashcat v0.20
Visit this user's website Find all posts by this user