(01-03-2018, 09:12 AM)philsmd Wrote: If hashcat says
Status...........: Cracked

and the hash is outputted together with an appended number of chars/digits, it means that this appended string is the password.

I think that when you saw $7z$0$19$0$........91:Anfug2 , the Anfug2 part was the actual password and you need to use it to open the 7-Zip file (.7z)

Also please stop trying to convinve yourself that something needs to be a  SHA-256 hash if it isn't. A litecoin "hash" is not a sha256 hash and neither a 7zip "hash" is a SHA-256 hash. Apples are apples, oranges are oranges. Don't try to convert one type into the other or compare completely different things with each other.
If you know you have a 7-zip "hash", you need to crack it with -m 11600. If you know that (whenever you got access to the wallet.dat file) that you have a litecoin "hash" (by converting it with bitcoin2john.py), you need to use the -m 11300 hash type. Nothing of this has directly to do with SHA-256, that's a very different algorithm

(01-03-2018, 03:31 PM)philsmd Wrote: no. the command should look something like this:

Code:

hashcat64 -m 11600 -a 0 -w 3 -o Done.txt Hash.txt realuniq.lst

-a 0 is for wordlist attack mode (see --help)