hashcat Forum

hi folks and thanks for letting me be part of the forum


i am trying to use hashcat on windows 8.1 x64
for penetrationtesting in the company where i am one of the sysadmins i have extracted a domain cached credential and my file is in this format (one per line)

user:hash:domainname:domainshortcut(i dont know what this field is):::

i am using the hashcat gui from hashkiller.co.uk
after i load the file and set up everything it is generating me this command:

hashcat64.exe -a 0 -m 2100 --session=all -p : --status --status-timer=60 -o "mycashfile.txt_found2100.txt" --outfile-format=3 -w 2 --gpu-temp-abort=80 "mycashfile.txt" "rockyou.txt"


when i run this command i get this error:

WARNING: Hashfile 'mycashfile.txt' on line 1 (user:hash:domainname:domainshortcut::
: Line-length exception
WARNING: Hashfile 'mycashfile.txt' on line 2 (user:hash:domainname:domainshortcut::
: Line-length exception
WARNING: Hashfile 'mycashfile.txt' on line 3 (user:hash:domainname:domainshortcut::
: Line-length exception
WARNING: Hashfile 'mycashfile.txt' on line 4 (user:hash:domainname:domainshortcut::
: Line-length exception
Parsed Hashes: 4/4 (100.00%)

ERROR: No hashes loaded

i have tried format mscash and mscash2

i have also tried using JTR with mscash2 and there its parsing the hashes so they are ok. i guess there is an error in my syntax.


any help would be appreciated

Here's an example -m 2100 hash:

$DCC2$10240#tom#e4e938d12fe5974dc42a90120bd9c90f

thanks for the tip.
so far here is where i am:

since its a test i know one of the passwords so i have put it in my worldlist around line 2000
to verify if it will actually work.

i made 2 test files:

file1 is containing the hash as i had it already in this format:
user:hash:domain:domain-short:::

in file2 i used the test hash you gave me and exchanged username und hash with the known one from file1
$DCC2$10241#username#hash
my hash and your testhash have the same length

on my following tests with JTR and hashcat i used format mscash2 on all tests

JTR and file1: process is starting and after a moment its succesfully showing me the password
JTR and file2: process is starting but no password is found

hashcat and file1: process is starting but no password is found
hashcat and file2: same error as in 1st post for sure


seems like hashcat and JTR have a different understanding of the format mscash2??

so the question is how can i dump DCC in the format hashcat needs?

i dumped the hashes i use now with the secretdump.py from here https://github.com/CoreSecurity/impacket

then i also tried the cachedump in The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali) linux
http://tools.The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali).org/password-attacks/creddump
but there i get an error which seems to be a known bug
https://github.com/moyix/creddump/issues/5


so how can i dump the DCC in the format needed by hashcat?

thanks so much in advance already

Why 10241? If you use 10241 it will not work. Both JtR and hashcat use the $DCC2$ format.

because the example you gave me was
$DCC2$10240#tom#e4e938d12fe5974dc42a90120bd9c90f 
and so i exchanged just user and hash and let the rest as it was.
what is the 10240 anyway?
even if i tried it like that
$DCC2$#user#hash
or also
$DCC2$user#hash
it did not work

edit: now i see what you mean. i changed it back to 10240 but still same error