Posts: 6
Threads: 1
Joined: Dec 2019
12-10-2019, 07:22 PM
(This post was last modified: 12-10-2019, 07:53 PM by CHM.)
I'm trying to crack this MD5 hash: -- I've just read the rules, erased---
I know it is an alphanumeric sequence with two / inside and only capital letters. It's not a password though. It's supposed to look like this when decrypted: N960WVLU3DSL4.DM/N960WOYV3DSL4/N960WVLU3DSL4
I really don't know how to use the software and I desperately need your help.
When I try to use the software, I get NvAPI_GPU_GetPerfPoliciesInfo(): NVAPI_GPU_NOT_POWERED.
The hardware I am using is very modest: i5-7300HQ, GTX 1050Ti 4GB, 16GB DDR4, Windows 10 Home 1909 x64
I've tried to read the wiki but it really doesn't make much sense to me. So how can I fix my error and crack my hash? Thank you very much for your help.
(Also I would like to know if someone knows how I can automate the process. Thank you.)
(PS: I know what this hash is meant to be. How can I alternatively use a dictionary attack? I'm a total noob at this sorry)
EDIT: Trying to use another OpenCL device, I got this error which happens with the NVIDIA GPU too: No password candidates received in stdin mode, aborting.. I don't understand what it means and know what to do now. Please help.
Posts: 2,301
Threads: 11
Joined: Jul 2010
12-10-2019, 09:40 PM
(This post was last modified: 12-10-2019, 10:02 PM by undeath.)
Without any further info about the plaintext this is not possible to crack. Two slashes and only capital letters (and numbers and dots?) is not enough info at that length.
And don't use "decrypted" with hashes. Hashes are not decrypted.
Posts: 6
Threads: 1
Joined: Dec 2019
12-10-2019, 10:44 PM
(This post was last modified: 12-10-2019, 10:51 PM by CHM.)
(12-10-2019, 09:40 PM)undeath Wrote: Without any further info about the plaintext this is not possible to crack. Two slashes and only capital letters (and numbers and dots?) is not enough info at that length.
And don't use "decrypted" with hashes. Hashes are not decrypted. What additional info would be required then? As I've said, I'm a complete noob about this and I really need help. I know what it's supposed to look like, the plaintext length and even some parts of the final plaintext. It must be N975U1UEU2xSLy/ N975U1OYM2xSLy/N975U1UEU2xSLy and then apply this logic to other similar hashes from the same list that are different but are small variations of the aformentionned plaintext.
In the plaintext here, x and y are the unknowns and are constant. x is either A, B, C or Z. y is a number in this example but might be a letter too (capital letter) in other hashes from the list.
Posts: 2,301
Threads: 11
Joined: Jul 2010
ok, so there are 4*36 possibilities per hash. That's perfectly doable, but you should write a small script instead of using hashcat for that. hashcat can't utilise its parallelisation well with that few candidates.
If you really want to do that with hashcat you could implement it using a single-word dict and a generated rule file for the x/y placeholders but that would probably be slower than a script because you'd have to deal with hashcat's comparably slow startup time for every single hash.
Posts: 6
Threads: 1
Joined: Dec 2019
12-11-2019, 05:05 AM
(This post was last modified: 12-11-2019, 05:28 AM by CHM.)
(12-10-2019, 11:56 PM)undeath Wrote: ok, so there are 4*36 possibilities per hash. That's perfectly doable, but you should write a small script instead of using hashcat for that. hashcat can't utilise its parallelisation well with that few candidates.
If you really want to do that with hashcat you could implement it using a single-word dict and a generated rule file for the x/y placeholders but that would probably be slower than a script because you'd have to deal with hashcat's comparably slow startup time for every single hash. Thank you, sounds like we're getting closer to finding a solution, but how do I do that? Remember that I'm an absolute noob at this and I have no experience whatsoever with this software or any kind of scripting (and I do wish to learn because there are similar yet different hashes that I must deal with). I do not intent to be a burden or an annoyance, it's just that I really need to deal with those hashes to help people. Thank you.
(PS: In this example, there might be only a few possibilities. But otherwise in reality, the possibilities are
aaaaabbcdwxyz/aaaaaeeedwxyz/aaaaabbcdwxyz
where aaaaa, bb and eee are known, and c, d, w,x,y,z are unknown and to be found.
c is either U, E or S.
d is 99% of the time a number but it can also be a letter.
w is either A, B, C, D, E, F or Z.
x is R or a bigger letter.
y can be any letter from A to L.
z is alphanumeric.
The same letter means that the exact same characters are used)
Posts: 2,301
Threads: 11
Joined: Jul 2010
12-11-2019, 05:28 PM
(This post was last modified: 12-11-2019, 06:54 PM by undeath.)
this code is not extraordinarily fast but should give you an idea:
Code: #!/usr/bin/env python3
from sys import argv
from itertools import product
if len(argv) != 2:
print("usage: {} placeholder_string\nexample: {} aaaaabbcdwxyz/aaaaaeeedwxyz/aaaaabbcdwxyz".format(argv[0], argv[0]))
exit(1)
charmap = {
'c': 'UES',
'd': '1234567890ABCDEFGHIJKLMNOPQRSTUVWXYZ',
'w': 'ABCDEFZ',
'x': 'RSTUVWXYZ',
'y': 'ABCDEFGHIJKL',
'z': 'ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890',
}
placeholder = list(argv[1])
def replace_all(stack, char_map):
return map(lambda a: char_map[a] if a in char_map else a, stack)
def yield_candidates(in_list, char_map):
char_map_list = [(x, list(y)) for x, y in char_map.items()]
for combination in product(*map(lambda x: x[1], char_map_list)):
active_char = {char_map_list[i][0]: combination[i]
for i in range(len(combination))}
yield replace_all(in_list, active_char)
for combination in yield_candidates(placeholder, charmap):
print(''.join(combination))
You can pipe that script's output into hashcat.
Code: python script.py aaaaabbcdwxyz/aaaaaeeedwxyz/aaaaabbcdwxyz | hashcat [hash]
Posts: 6
Threads: 1
Joined: Dec 2019
12-16-2019, 07:11 AM
(This post was last modified: 12-16-2019, 07:28 AM by CHM.)
(12-11-2019, 05:28 PM)undeath Wrote: this code is not extraordinarily fast but should give you an idea:
Code: #!/usr/bin/env python3
from sys import argv
from itertools import product
if len(argv) != 2:
print("usage: {} placeholder_string\nexample: {} aaaaabbcdwxyz/aaaaaeeedwxyz/aaaaabbcdwxyz".format(argv[0], argv[0]))
exit(1)
charmap = {
'c': 'UES',
'd': '1234567890ABCDEFGHIJKLMNOPQRSTUVWXYZ',
'w': 'ABCDEFZ',
'x': 'RSTUVWXYZ',
'y': 'ABCDEFGHIJKL',
'z': 'ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890',
}
placeholder = list(argv[1])
def replace_all(stack, char_map):
return map(lambda a: char_map[a] if a in char_map else a, stack)
def yield_candidates(in_list, char_map):
char_map_list = [(x, list(y)) for x, y in char_map.items()]
for combination in product(*map(lambda x: x[1], char_map_list)):
active_char = {char_map_list[i][0]: combination[i]
for i in range(len(combination))}
yield replace_all(in_list, active_char)
for combination in yield_candidates(placeholder, charmap):
print(''.join(combination))
You can pipe that script's output into hashcat.
Code: python script.py aaaaabbcdwxyz/aaaaaeeedwxyz/aaaaabbcdwxyz | hashcat [hash]
Excellent thank you very much. I do have a few more questions left if you will.
The first string of code seems to indicate this code is not intended for Windows or am I just very bad at this.
How do I input the 'aaaaaa' 'bb' and 'eee'? Do I replace it in " python script.py aaaaabbcdwxyz/aaaaaeeedwxyz/aaaaabbcdwxyz | hashcat [hash]" or should I do something else?
Thank you so very much.
EDIT: I have tried your script and inputted this command: ppython script.py N970WVLcdwxyz/N970WOYVdwxyz/N970WVLcdwxyz | hashcat64 4944a10cbba225888a82ee32011117b9 and I get this error: Started: Mon Dec 16 00:28:12 2019
Stopped: Mon Dec 16 00:28:13 2019
Traceback (most recent call last):
File "script.py", line 37, in <module>
print(''.join(combination))
BrokenPipeError: [Errno 32] Broken pipe
Posts: 2,301
Threads: 11
Joined: Jul 2010
I can reproduce the error you are seeing, but only after the hash has been successfully cracked, hence hashcat exits early.
Posts: 6
Threads: 1
Joined: Dec 2019
12-27-2019, 11:04 PM
(This post was last modified: 12-28-2019, 12:36 AM by CHM.)
(12-16-2019, 01:00 PM)undeath Wrote: I can reproduce the error you are seeing, but only after the hash has been successfully cracked, hence hashcat exits early.
Okay, so how can I get to see the valid result? I can see the valid result when I "crack" a new hash, but not on an existing one. But I'm so glad it works!!!!
EDIT: Nevermind I figured it out. Already cracked results are in the potfile, can be opened by a text editor. I could find that this particular has was N970WVLU0ASFB/N970WOYV0ASFB/N970WVLU0ASFB. I can't thank you enough, this works! This works with all the hashes I needed! Thank you. Thank you very much.
I have made a few modifications to the file because there are a few variants but it works!
I do still have trouble getting some hashes working because they use a slightly different structure and despite the modifications I made to your script, they do not work. You already helped me a lot but I would like to ask you one more time your help on this.
The possibilities are
aaaabbcdwxyz/aaaaeeedwxyz/
where aaaa, bb and eee are known, and c, d, w,x,y,z are unknown and to be found.
c is either U, E or S.
d is 99% of the time a number but it can also be a letter.
w is either A, B, C, D, E, F or Z.
x is R or a bigger letter.
y can be any letter from A to L.
z is alphanumeric.
The source text is like so: T860XXS1ASK1/T860OXM1ASK1/
I modified the script accordingly. So I put this command: python scripTAB.py T860XXcdwxyz/T860OYMdwxyz/ | hashcat64 11cf850ad66bc1490284f7cc8156c6d4
Unfortunately, the program exhausts all possibilities without result.
Posts: 2,301
Threads: 11
Joined: Jul 2010
From what I can see it the script should be able to handle that. Make sure the output word is among the printed candidates and if not we need to figure out why it isn't.
|