Need assistance with veracrypt container
#1
Good day,



I have spent the last two days banging my head against the wall and I am very confused as to why my hash files are not working. I used dd running on debian linux to extract the first 512 bytes from my encrypted file and I saved the file using SHA-512 default settings within veracrypt. However no matter what algorithm I use I am always met with Exhausted status.



.png   hashencrypt.png (Size: 330.57 KB / Downloads: 6)


This is bizare to me as I created a test encrypted file with a password of abc123 and I am using the following instructions to hashcat.



Code:
.\hashcat64 -m 13721 -a 3 -w 4 -S img512.vc abc12?d --self-test-disable


.png   exhausted.png (Size: 147.86 KB / Downloads: 9)



What am I doing wrong here? I feel like I am following the instructions to a tee however it never guesses the right hash even when I have such a simple password as abc123. I am running hashcat on my windows pc because I have two GPU's to use for faster hashing, my other computer (running debian) is using a low end nvidia card so the two AMD cards in this one are much faster. 



I should also add that I even created a txt file wordlist that contained only the exact password abc123 and changed my attack mode from mask attack to brute force and even with the exact password I used, it returns Exhausted status.



Any help is greatly appreciated. Thanks!
Reply
#2
Are you passing `--self-test-disable` for a reason?
Reply
#3
(02-08-2020, 06:05 AM)Chick3nman Wrote: Are you passing `--self-test-disable` for a reason?

Yes, so when I first starting using hashcat on windows It would get stuck on "Initialized device kernels and memory..." , or it would show an empty status. I did some searching and came across this github issue and was using it because it was recommended https://github.com/hashcat/hashcat/issues/1714 the original poster is using a AMD RX580, I ran into the same issue and I am running an AMD RX480 and AMD RX460. I did a fresh clean wipe or all amd drivers and reinstalled the latest drivers as well.
Reply
#4
So on a hunch I decided to download the beta version of hashcat and I am not using the self-test disable argument. This was able to crack the example volume and confirm abc123 is the correct password. I am going to try now for a more complicated password and I will report back but it looks promising.


.png   beta.png (Size: 169.63 KB / Downloads: 6)
Reply
#5
That was going to be my next suggestion. If you have to pass debugging flags like --self-test-disable or --force, you are running in a poor configuration and may need to worry about hashcat and its dependencies as a whole before worrying about issues with specific cracking jobs.
Reply
#6
(02-08-2020, 06:55 AM)Chick3nman Wrote: That was going to be my next suggestion. If you have to pass debugging flags like --self-test-disable or --force, you are running in a poor configuration and may need to worry about hashcat and its dependencies as a whole before worrying about issues with specific cracking jobs.

Thank you for the help, so I for the password I am trying to crack I remember the phrase it spells out and I remember the first character however I forgot if I used a 0 or an o in a few places and as well as what symbol I ended the password with.

Currently I am trying a mask attack which seems to work fairly well however the provided mask rule are pretty inefficient.

Do you know of a way to say "For this one that's supposed to be an o or a 0 or a O just try those 3 options"? Same thing with a 3 or an e and ! or an I ?

If i can pass a simplified mask for these fields it would dramatically reduce the time it should take to find the right combination because I know most of the options its trying right now using ?a are not going to be valid but there doesn't seem to be a reduced charset I can use.

Ideally I would like to create an array of possibilities like ?k = [o, O, 0] ?g = [e, 3, E] , ?p = [i, I, !, 1] etc.
Reply
#7
Nevermind I was able to figure it out and make a custom mask that cracked my volume. What i did was just pass it like so..


Code:
.\hashcat -a 3 myfile.hash ?1 aA@ ?2 o0O ?3 eE3

so if my password was p@ssw0rd then but i couldn't remember if i used an a or @ or o or zero then i just do p?1ssw?2rd and that ended up working.

Code:
.\hashcat -a 3 -m13572 myfile.hash ?1 aA@ ?2 o0O ?3 eE3 p?1ssw?2rd
Reply