hashcat Forum
Missing partial password chunk in LM cracking - Printable Version

+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Deprecated; Ancient Versions (https://hashcat.net/forum/forum-46.html)
+--- Forum: Very old oclHashcat-lite Support (https://hashcat.net/forum/forum-22.html)
+--- Thread: Missing partial password chunk in LM cracking (/thread-903.html)

Pages: 1 2 3


RE: Missing partial password chunk in LM cracking - atom - 02-09-2012

OK! check out the new oclHashcat-plus beta in /beta. I have implented it that way. It is writing the cracked halfes to outfile/screen AND to hashcat.pot and you can run at any time:

Quote:oclHashcat-plus64 -m 3000 hashes.txt --show

and get the assembled results.



RE: Missing partial password chunk in LM cracking - chort - 02-09-2012

Excellent! I'll attempt to try this before you wake up.


RE: Missing partial password chunk in LM cracking - mastercracker - 02-10-2012

(02-09-2012, 06:59 PM)atom Wrote: OK! check out the new oclHashcat-plus beta in /beta. I have implented it that way. It is writing the cracked halfes to outfile/screen AND to hashcat.pot and you can run at any time:

Quote:oclHashcat-plus64 -m 3000 hashes.txt --show

and get the assembled results.
It works as described but there are a couple of points that could be better:

1) When you do the --show, having the ability to do also --remove for the fully cracked hash would be great.

2) Right now, the output with --show is on screen and can be redirected to a file using ">" but it would be more natural with the -o switch. I tried it, it does not bug -plus but does not do anything.

3) The uncracked part is shown as ******* right now. It does the job but does not discriminate with an actual ******* value since it's also 7 characters long. That's why, I was suggesting something like <not found> because you cannot mistaken it with an actual value since it's in lowercase and it's more than 7 characters long. While at it, a special code could be useful for space characters (since you don't see it especially if it is at the end of the password. I currently don't have a solution for this but we need to think about it.

4) It would be great to have a routine that checks the .pot file at the beginning so that there is no time wasted recracking the same hash (halves) over and over. For example let's say that for 50 full LM hash (100 halves unique or not), 99 were already cracked in the past, only 1 hash would be left to searched. So as soon as it is cracked, the attack finishes and you don't have to go through the rest of the attacks keyspace.



RE: Missing partial password chunk in LM cracking - atom - 02-10-2012

(02-10-2012, 03:35 PM)mastercracker Wrote: 1) When you do the --show, having the ability to do also --remove for the fully cracked hash would be great.

already implemented! opposite of --show is --left

(02-10-2012, 03:35 PM)mastercracker Wrote: 2) Right now, the output with --show is on screen and can be redirected to a file using ">" but it would be more natural with the -o switch. I tried it, it does not bug -plus but does not do anything.

OK, please add to wiki

(02-10-2012, 03:35 PM)mastercracker Wrote: 3) The uncracked part is shown as ******* right now. It does the job but does not discriminate with an actual ******* value since it's also 7 characters long. That's why, I was suggesting something like <not found> because you cannot mistaken it with an actual value since it's in lowercase and it's more than 7 characters long. While at it, a special code could be useful for space characters (since you don't see it especially if it is at the end of the password. I currently don't have a solution for this but we need to think about it.

OK, please add to wiki

Quote:4) It would be great to have a routine that checks the .pot file at the beginning so that there is no time wasted recracking the same hash (halves) over and over. For example let's say that for 50 full LM hash (100 halves unique or not), 99 were already cracked in the past, only 1 hash would be left to searched. So as soon as it is cracked, the attack finishes and you don't have to go through the rest of the attacks keyspace.

no, i dont like that idea. imagine your hashcat.pot becomes 8gb big with time, hashcat would need to load and sort it each time. instead of this you could run hashcat with --left (from section 1) and overwrite the hashfile and then start with usual work




RE: Missing partial password chunk in LM cracking - mastercracker - 02-10-2012

Ok. I have added the 2 ideas in the Awaiting implementation section of the Wiki.


RE: Missing partial password chunk in LM cracking - f0cker - 02-23-2012

Hello,

Where can I get the beta version from I really need this functionality? I'm in the middle of a pen-test and I can only get half the LM hash with rainbow tables.

Cheers


RE: Missing partial password chunk in LM cracking - undeath - 02-23-2012

the beta versions are not publicly available.


RE: Missing partial password chunk in LM cracking - f0cker - 02-23-2012

(02-23-2012, 12:51 PM)undeath Wrote: the beta versions are not publicly available.

Damn I thought as much, thanks for the quick reply. Any chance I can get hold of it and help with testing?

Edit:
I've cracked it. A £ symbol in the second half of the hash was causing all the problems, that character also doesn't display properly on hashcat stdout or outputting to file. I know what it is because I added it to my mask, any ideas on the best way around this? Tried outputting as hex and converting it but it outputs as a3 when it should be c2a3 I think, should I raise a bug for this or should it be expected?


RE: Missing partial password chunk in LM cracking - atom - 02-23-2012

@f0cker thats the correct behaivior. if its not correct displayed in your shell its more likely its a terminal emulation problem.


RE: Missing partial password chunk in LM cracking - atom - 02-23-2012

@mastercracker latest beta supports LM chunks, try out pls