hashcat Forum

Full Version: DES(Unix): Terrible Bug
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
This is a bug report related to descrypt (-m1500) on CPU's hashcat only.
Whenever the flag\s --remove OR\AND -o is\are set while attacking descrypt list, hashcat messes the original hashfile OR\AND the outfile up... very badly.

It increases the last character value in the hash by two:
hashfile: // eight valid descrypt hashes, four only have an actual password

hc64 -m1500 -a3 --pw-min=2 --remove -o outfile hashfile ?d?d
Recovered.: 4/8 hashes, 4/8 salts

Now hashfile: // notice the last chars

outfile: // notice the last char in the last hash
> LkxEVth80uebe

Note that some hashes remain intact, don't ask me why.
But all the other hashes undergo an awful alteration causing them to be invalid and un-crackable.

This bug seems to have complicated results, but I'm not discussing it any further cause I'm pretty sure it's all about one flaw.
CPU hashcat does not support DEScrypt
Moved the thread to beta section
Haha, this just got worse.
hashcat-cli64.exe from https://hashcat.net/files/hashcat-0.41.7z is happy to crack any des hash using -m1500.

Folks, please welcome the new hidden algos...

NOTE: All my tests were done on hashcat-0.41. hashcat-0.42b1 has the bug too, but with different results.
I tested it with these 2, obviously minus the passwords:


Found them both, (obviously), and did not mess the hashes up. Does this only happen with lots of DES hashes?
As I mentioned:
M@LIK Wrote: [ -> ]Note that some hashes remain intact, don't ask me why.

Mostly the outfile is the victim. And, yes, I also noticed nothing happens with two hashes. Try with, say, 20 hashes, make sure that 10 at least remain uncracked and use --remove and -o.
Its correct I did not disable the module so that it stays hidden. Thats why I moved this thread into beta so that the public does not see it since its not working as it should. That why I take no bug reports on it, sorry.
That sounds a bit awkward. It explains a lot though.

Anyways, sorry, I did not mean to spoil this.
Waiting for this getting officially supported.