Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
oclHashcat-plus silently truncates password candidates to 15 characters
08-27-2011, 09:09 PM
Post: #1
oclHashcat-plus silently truncates password candidates to 15 characters
While conducting a pentest, I needed to crack a super-admin hash, so I ran oclHashcat-plus on a small wordlist with very efficient rules, no luck.

Just to be sure, I gave john the ripper a shot as it does not have exactly the same mangling rules as hashcat. The password turned out to be admin123admin123.

The reason why oclHashcat-plus did not crack it is because it truncates every password candidate to 15 characters, whatever the hash type.

IMHO, users should be aware about this limitation. Maybe a warning statement when oclhashcat starts (among the startup info lines), or somewhere in the --help output would be truely beneficial for everyone.

Cheers
Find all posts by this user
08-28-2011, 04:23 AM
Post: #2
RE: oclHashcat-plus silently truncates password candidates to 15 characters
Already does it.
[Image: unledlql.png]
Find all posts by this user
09-11-2011, 03:40 PM (This post was last modified: 09-11-2011 03:44 PM by lanjelot.)
Post: #3
RE: oclHashcat-plus silently truncates password candidates to 15 characters
What version were you using? Me, I don't have the "Password lengths range: 1 - 15" message you have! Smile Maybe it's because you are on Windows wheras I am on Linux.

Anyway, using oclHashcat-plus-0.05, here is the output I get, and the steps to reproduce:

$ echo -n admin123admin123 | md5sum | cut -d' ' -f1 | tee admin123.md5
4baee7411b65cadc2c33bdc3a3155e06
$ echo admin123 > admin123.dic
$ cat > dup.rule <<'EOF'
:
d
EOF
$ /opt/oclHashcat-plus/cudaHashcat-plus -m 0 admin123.md5 admin123.dic -r dup.rule
cudaHashcat-plus v0.5 by atom starting...

Hashes: 1
Salts: 1
Bitmaps: 8 bits, 256 entries, 0x000000ff mask, 1024 bytes
Rules: 2
Platform: NVidia compatible platform found
Watchdog: Temperature limit set to 90c
Device #1: GeForce GTX 460, 1023MB, 1300Mhz, 7MCU

Starting attack in wordlist file mode...


Status.......: Exhausted
Hash.Type....: MD5
Input.Mode...: File (admin123.dic)
Time.Running.: 1 sec
Time.Left....: 0 secs
Speed........: 0/s
Recovered....: 0/1 Digests, 0/1 Salts
Progress.....: 2/2 (100.00%)
HW.Monitor.#1: 0% GPU, 52c Temp

Started: Sun Sep 11 15:32:59 2011
Stopped: Sun Sep 11 15:33:00 2011
$
Find all posts by this user
09-12-2011, 09:31 AM
Post: #4
RE: oclHashcat-plus silently truncates password candidates to 15 characters
Yeah, it was just a newer version, a beta to be exact.
And cats are the same for both Linux and Windows.
Find all posts by this user
05-08-2012, 04:11 PM
Post: #5
RE: oclHashcat-plus silently truncates password candidates to 15 characters
done with 0.08
Visit this user's website Find all posts by this user