+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Misc (https://hashcat.net/forum/forum-15.html)
+--- Forum: General Talk (https://hashcat.net/forum/forum-33.html)
+--- Thread: Dictiionary Attack - how-to-question (/thread-9139.html)
RE: Dictiionary Attack - how-to-question - philsmd - 04-22-2020
I think under macOS you can't really install the driver by downloading and installing "the new" or a "different" one from the Intel (vendor) page or similar. I think under macOS the only thing you could do is to test different macOS versions (sierra, mojave, catalina etc).
but I'm no macOS user or macOS expert, maybe somebody else knows if something could be done to fix driver problems.
BTW: it's not enough to just post the error message, it's also important to know if any other hash type did succeed without error and which of the hash types failed. maybe you can post the whole output of hashcat -b ?
RE: Dictiionary Attack - how-to-question - Grazze - 04-22-2020
copied - here´s the entire thread:
osx-lhind6519:hashcat u545634$ ./hashcat -b
hashcat (v5.1.0-1774-gf96594ef) starting in benchmark mode...
Benchmarking uses hand-optimized kernel code by default.
You can use it in your cracking session by setting the -O option.
Note: Using optimized kernel code limits the maximum supported password length.
To disable the optimized kernel code in benchmark mode, use the -w option.
OpenCL API (OpenCL 1.2 (Apr 18 2019 20:03:31)) - Platform #1 [Apple]
====================================================================
* Device #1: Intel(R) Core(TM) i5-4260U CPU @ 1.40GHz, skipped
* Device #2: HD Graphics 5000, 1472/1536 MB (384 MB allocatable), 40MCU
Benchmark relevant options:
===========================
* --optimized-kernel-enable
Hashmode: 0 - MD5
Speed.#2.........: 289.5 MH/s (71.40ms) @ Accel:8 Loops:128 Thr:512 Vec:1
Hashmode: 100 - SHA1
Speed.#2.........: 99657.0 kH/s (51.52ms) @ Accel:8 Loops:32 Thr:512 Vec:1
Hashmode: 1400 - SHA2-256
Speed.#2.........: 41723.0 kH/s (61.78ms) @ Accel:4 Loops:32 Thr:512 Vec:1
Hashmode: 1700 - SHA2-512
Speed.#2.........: 11369.6 kH/s (56.50ms) @ Accel:8 Loops:4 Thr:512 Vec:1
Hashmode: 22000 - WPA-PBKDF2-PMKID+EAPOL (Iterations: 4095)
Speed.#2.........: 4983 H/s (62.88ms) @ Accel:16 Loops:4 Thr:512 Vec:1
Hashmode: 1000 - NTLM
Speed.#2.........: 454.8 MH/s (91.14ms) @ Accel:16 Loops:128 Thr:512 Vec:1
Hashmode: 3000 - LM
Speed.#2.........: 73270.9 kH/s (69.71ms) @ Accel:2 Loops:1024 Thr:64 Vec:1
Hashmode: 5500 - NetNTLMv1 / NetNTLMv1+ESS
Speed.#2.........: 282.8 MH/s (73.10ms) @ Accel:16 Loops:64 Thr:512 Vec:1
Hashmode: 5600 - NetNTLMv2
Speed.#2.........: 21658.6 kH/s (59.40ms) @ Accel:8 Loops:8 Thr:512 Vec:1
Hashmode: 1500 - descrypt, DES (Unix), Traditional DES
Speed.#2.........: 2610.1 kH/s (1002.59ms) @ Accel:1 Loops:1024 Thr:64 Vec:1
Hashmode: 500 - md5crypt, MD5 (Unix), Cisco-IOS $1$ (MD5) (Iterations: 1000)
Speed.#2.........: 133.5 kH/s (72.26ms) @ Accel:32 Loops:15 Thr:512 Vec:1
Hashmode: 3200 - bcrypt $2*$, Blowfish (Unix) (Iterations: 32)
* Device #2: ATTENTION! OpenCL kernel self-test failed.
Your device driver installation is probably broken.
See also: https://hashcat.net/faq/wrongdriver
Speed.#2.........: 417 H/s (46.28ms) @ Accel:1 Loops:1 Thr:16 Vec:1
Hashmode: 1800 - sha512crypt $6$, SHA512 (Unix) (Iterations: 5000)
Speed.#2.........: 1682 H/s (72.50ms) @ Accel:4 Loops:8 Thr:512 Vec:1
Hashmode: 7500 - Kerberos 5, etype 23, AS-REQ Pre-Auth
Speed.#2.........: 3424.5 kH/s (93.53ms) @ Accel:2 Loops:64 Thr:64 Vec:1
Hashmode: 13100 - Kerberos 5, etype 23, TGS-REP
Speed.#2.........: 3530.8 kH/s (91.51ms) @ Accel:2 Loops:64 Thr:64 Vec:1
Hashmode: 15300 - DPAPI masterkey file v1 (Iterations: 23999)
Speed.#2.........: 842 H/s (62.94ms) @ Accel:16 Loops:4 Thr:512 Vec:1
Hashmode: 15900 - DPAPI masterkey file v2 (Iterations: 12899)
Speed.#2.........: 417 H/s (58.84ms) @ Accel:8 Loops:2 Thr:512 Vec:1
Hashmode: 7100 - macOS v10.8+ (PBKDF2-SHA512) (Iterations: 1023)
clBuildProgram(): CL_BUILD_PROGRAM_FAILURE
Error: out of memory.
* Device #2: Kernel /Users/u545634/hashcat/OpenCL/m07100-pure.cl build failed.
it´s really interesting and mind-widening getting to talk with hashcat experts like you are -
RE: Dictiionary Attack - how-to-question - Grazze - 04-23-2020
is there a way I can specify password patterns in "-a 3" mode with following constraints:
-> minimum password length is 8 characters
-> the first letter is an upper-case letter
-> the rest of the password can be upper-case letters, lower-case letters, digits (0-9) and one special character "@"
the attack vector should start with password length of 8 characters, if the password is not cracked, then the attack vector should continue with 9 characters etc. this should work with an "--increment" - though I dont know yet what this vector looks like - could anyone help me out ?
RE: Dictiionary Attack - how-to-question - philsmd - 04-23-2020
In general you would use a command like this:
Code:
hashcat -m 14700 -a 3 -w 3 --increment --increment-min 8 -2 ?u?l?d@ extracted_hash.txt ?u?2?2?2?2?2?2?2?2?2instead of -2 you could also use --custom-charset2 (or any other custom charset, like -4, -3, -2, -1 and use it within the mask with ?4, ?3, ?2, ?1 respectively).
But there is a big problem here: mask attacks of course try all possibilities and therefore are most of the time not the most clever approach, especially if it comes to slow hash types like itunes... the length matters a lot here and you are already trying lengths that get infeasible to crack within a reasonable time frame (months to years).
I would suggest looking into dictionary based attacks combined with rules etc (see https://hashcat.net/wiki/).
Brute-forcing or mask attack are not always the most clever attacks... you need to find more efficient/targetted approaches that are more feasible than just "brute-force it".
RE: Dictiionary Attack - how-to-question - Grazze - 04-23-2020
ohk, copied. the rule-based attack as such is considered the most complicated but most efficient attack - it gets even more complicated in combination with a "wordlist" - I will try this, what I understood from your proposed command "-2 ?u?l?d@" is that "-2" is some kind of attack vector nomination in which upper (?u) and lower (?l) case letters, digits (?d) and the special character (@) are combined, what does "-w 3" do ?
RE: Dictiionary Attack - how-to-question - philsmd - 04-23-2020
-w is for the workload profile, see the output of the hashcat --help command:
Code:
hashcat --help
...
- [ Workload Profiles ] -
# | Performance | Runtime | Power Consumption | Desktop Impact
===+=============+=========+===================+=================
1 | Low | 2 ms | Low | Minimal
2 | Default | 12 ms | Economic | Noticeable
3 | High | 96 ms | High | Unresponsive
4 | Nightmare | 480 ms | Insane | Headlessyou could say that -w 3 actually would be optional, but it's always recommended to think about this option and how to likely improve performance
RE: Dictiionary Attack - how-to-question - Grazze - 04-27-2020
I entered:
Started: Mon Apr 27 23:44:43 2020
Stopped: Mon Apr 27 23:44:43 2020
osx-lhind6519:hashcat u545634$ ./hashcat -d 2 $ ... -a 6 Manifest1.txt password.txt ?d?d?d?d
hashcat (v5.1.0-1774-gf96594ef) starting...
OpenCL API (OpenCL 1.2 (Apr 18 2019 20:03:31)) - Platform #1 [Apple]
====================================================================
* Device #1: Intel(R) Core(TM) i5-4260U CPU @ 1.40GHz, skipped
* Device #2: HD Graphics 5000, 1472/1536 MB (384 MB allocatable), 40MCU
Minimum password length supported by kernel: 0
Maximum password length supported by kernel: 256
Hash '$': Token length exception
No hashes loaded.
How can I fix the token length exception and why is it that hashes are not loaded ?
RE: Dictiionary Attack - how-to-question - Grazze - 04-27-2020
I just noticed I forgot the hashmode -m 14700
I entered:
./hashcat -d 2 -m 14700 Manifest1.txt $ ... -a 6 password.txt ?d?d?d?d
RE: Dictiionary Attack - how-to-question - Grazze - 04-28-2020
I just happened to crack my itunes backup password - jumping around in my room -/. thnx philsmd for your support
RE: Dictiionary Attack - how-to-question - philsmd - 04-28-2020
glad to hear that. well done !