hashcat Forum
hybrid attack Netntlm too slow - Printable Version

+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Support (https://hashcat.net/forum/forum-3.html)
+--- Forum: hashcat (https://hashcat.net/forum/forum-45.html)
+--- Thread: hybrid attack Netntlm too slow (/thread-7897.html)

Pages: 1 2


RE: hybrid attack Netntlm too slow - philsmd - 10-27-2018

just for testing:
Code:
hashcat --keyspace -m 5500 -a 6 -1 ?l?u?s possibilities.txt ?1?1?1?1?1?1?1

Code:
hashcat --stdout -a 6 -o temporary_file.txt -s 2 -l 2 -1 ?l?u?s possibilities.txt ?1?1?1?1?1?1?1

Code:
type temporary_file.txt | hashcat -m 5500 hash.txt

note: you should probably reduce the length of the mask to e.g. ?1?1?1 for testing to save disk space (shouldn't really matter too much). or use something like the "head" command on linux.
Code:
hashcat --stdout -a 6 -s 2 -l 2 -1 ?l?u?s possibilities.txt ?1?1?1?1?1?1?1 | head -n 999999 > temporary_file.txt



RE: hybrid attack Netntlm too slow - Marsupilami - 10-27-2018

(10-27-2018, 10:44 PM)philsmd Wrote: just for testing:
Code:
hashcat --keyspace -m 5500 -a 6 -1 ?l?u?s possibilities.txt ?1?1?1?1?1?1?1

Code:
hashcat --stdout -a 6 -o temporary_file.txt -s 2 -l 2 -1 ?l?u?s possibilities.txt ?1?1?1?1?1?1?1

Code:
type temporary_file.txt | hashcat -m 5500 hash.txt

note: you should probably reduce the length of the mask to e.g. ?1?1?1 for testing to save disk space (shouldn't really matter too much). or use something like the "head" command on linux.
Code:
hashcat --stdout -a 6 -s 2 -l 2 -1 ?l?u?s possibilities.txt ?1?1?1?1?1?1?1 | head -n 999999 > temporary_file.txt

Hi again I tried those commands the first command says 128 as output (number of words in possibilities.txt)
the second create a file with all combinations as i would expect i cancelled by 450 MB but the right combination was not in the file

I make further tests in the meantime with more easier passwords.
Sicher1337! only 337! should brute forced then.
hashcat64.exe -m 5500 -a 6 admin.lc admin.txt ?d?d?d?s

i have observed weird behaviour too:
First in admin.txt were all combinations of Sicher1 =>Search Exhaust after seconds
Then I put the right first part Sicher1 in the first row => Search Cracked
But then..
I delete the pot file and start the same command again without altering admin.txt and =>Exhaust
After 3 additional tries (I simply repeat the command dont edit admin.txt) it says cracked..
Do you think that could be a problem of the windows version?

edit:
I repeated the attempt with deleting the correct first part from the first row.
first try: Exhaust
second try:Exhaust
third try: Cracked

how is that possible?


RE: hybrid attack Netntlm too slow - Marsupilami - 11-14-2018

(10-27-2018, 11:44 PM)Marsupilami Wrote:
(10-27-2018, 10:44 PM)philsmd Wrote: just for testing:
Code:
hashcat --keyspace -m 5500 -a 6 -1 ?l?u?s possibilities.txt ?1?1?1?1?1?1?1

Code:
hashcat --stdout -a 6 -o temporary_file.txt -s 2 -l 2 -1 ?l?u?s possibilities.txt ?1?1?1?1?1?1?1

Code:
type temporary_file.txt | hashcat -m 5500 hash.txt

note: you should probably reduce the length of the mask to e.g. ?1?1?1 for testing to save disk space (shouldn't really matter too much). or use something like the "head" command on linux.
Code:
hashcat --stdout -a 6 -s 2 -l 2 -1 ?l?u?s possibilities.txt ?1?1?1?1?1?1?1 | head -n 999999 > temporary_file.txt

Hi again I tried those commands the first command says 128 as output (number of words in possibilities.txt)
the second create a file with all combinations as i would expect i cancelled by 450 MB but the right combination was not in the file

I make further tests in the meantime with more easier passwords.
Sicher1337! only 337! should brute forced then.
hashcat64.exe -m 5500 -a 6 admin.lc admin.txt ?d?d?d?s

i have observed weird behaviour too:
First in admin.txt were all combinations of Sicher1 =>Search Exhaust after seconds
Then I put the right first part Sicher1 in the first row => Search Cracked
But then..
I delete the pot file and start the same command again without altering admin.txt and =>Exhaust
After 3 additional tries (I simply repeat the command dont edit admin.txt) it says cracked..
Do you think that could be a problem of the windows version?

edit:
I repeated the attempt with deleting the correct first part from the first row.
first try: Exhaust
second try:Exhaust
third try: Cracked

how is that possible?

In the meantime i tested this behaviour on different systems and its always the same result. So it has to be a bug in the sequential processing of hashcat.

When I write all combinations to a textfile and search for the correct password with an editor the textfile always contains the correct password but when I start a dictionary attack hashcat says Exhausted.. When i copy the correct password on line 300 for example it is cracked. That shows me that the sequential processing of hashcat is broken.

I checked if the problem is caused by windows version. For this I installed an native Ubuntu machine => same behaviour
I asked a friend to test it on his machine cause I wanted to know if the problem is caused by my card=> same behaviour

Perhaps its a problem of AMD cards cause my friend also owns an AMD-card 

If somebody want to test this behaviour on a NVIDEA-Card pls PM me then I send you the hashes for testing.

Greetings
Marsupilami