+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Support (https://hashcat.net/forum/forum-3.html)
+--- Forum: hashcat (https://hashcat.net/forum/forum-45.html)
+--- Thread: correct command? (/thread-10395.html)
Pages:
1
2
correct command? - 3mu - 10-11-2021
Hi there,
can you help a newbie enter the correct command?
I've looked a lot of videos and commands in the forum, but somehow I can't handle it.
I would like to hack the NTLM password from Windows 10 and have already copied the appropriate hash value for me.
I would use a PC with The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali) Linux as hardware.
CPU: AMD Ryzen 5 1600 Six-Core
GPU: AMD Radeon RX 470 8GB
I would like to get the best performance out of it, i.e. CPU and GPU
My attempt with the wordlist rockyou.txt worked but Hashcat always complained that I didn't have enough lists.
I would be really happy if you can support me.
If you have any questions about the optimization from your side, I'll try to answer everything exactly.
RE: correct command? - Snoopy - 10-11-2021
ntlm is a really really fast hash
if you just use rockyou.txt (i think it has 14 mio passwords) even with an old graphicscard hashcat will test these passwords in seconds (in fact, the whole process starting hashcat and pushing the candidates to the gpu will last longer)
you can use rules to modify the passes and therefore provide more password-candidates (see /rules)
because of the fact ntlm is such a fast hash try bruteforcing it
just a fast lookup with an test-pw
?a 1to6 under a minute
?a 7 an hour max
more common masks length 7-8 like
?l?d,?l?u?d,?a?2?1?1?1?1?a
?l?d,?l?u?d,?a?2?1?1?1?1?1?a
also minutes
OR google it, there are some sites on the internet which have really huge precomputed rainbowtables for ntlm hashes where you can "lookup" these and check whether there are known or not
RE: correct command? - 3mu - 10-12-2021
OK thank you for your information,
can you help me to finde the right command?
and i dont think he use my GPU
if i run this...
hashcat -m 1000 -a 3 /home/hacker/Dokumente/NTLM.txt /home/hacker/Dokumente/rockyou.txt
1 ⨯
hashcat (v6.1.1) starting...
OpenCL API (OpenCL 1.2 pocl 1.6, None+Asserts, LLVM 9.0.1, RELOC, SLEEF, DISTRO, POCL_DEBUG) - Platform #1 [The pocl project]
=============================================================================================================================
* Device #1: pthread-AMD Ryzen 5 1600 Six-Core Processor, 5859/5923 MB (2048 MB allocatable), 12MCU
Minimum password length supported by kernel: 0
Maximum password length supported by kernel: 256
Hashes: 1 digests; 1 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates
Applicable optimizers applied:
* Zero-Byte
* Early-Skip
* Not-Salted
* Not-Iterated
* Single-Hash
* Single-Salt
* Brute-Force
* Raw-Hash
ATTENTION! Pure (unoptimized) backend kernels selected.
Using pure kernels enables cracking longer passwords but for the price of drastically reduced performance.
If you want to switch to optimized backend kernels, append -O to your commandline.
See the above message to find out about the exact limits.
Watchdog: Hardware monitoring interface not found on your system.
Watchdog: Temperature abort trigger disabled.
Host memory required for this attack: 67 MB
The wordlist or mask that you are using is too small.
This means that hashcat cannot use the full parallel power of your device(s).
Unless you supply more work, your cracking speed will drop.
For tips on supplying more work, see: https://hashcat.net/faq/morework
Approaching final keyspace - workload adjusted.
Session..........: hashcat
Status...........: Exhausted
Hash.Name........: NTLM
Hash.Target......: XXXXXXXXXXXXXXXXX (i have edit)
Time.Started.....: Tue Oct 12 10:33:14 2021 (0 secs)
Time.Estimated...: Tue Oct 12 10:33:14 2021 (0 secs)
Guess.Mask.......: jeffhardy [9]
Guess.Queue......: 2512/14336792 (0.02%)
Speed.#1.........: 1562 H/s (0.04ms) @ Accel:1024 Loops:1 Thr:1 Vec:8
Recovered........: 0/1 (0.00%) Digests
Progress.........: 1/1 (100.00%)
Rejected.........: 0/1 (0.00%)
Restore.Point....: 1/1 (100.00%)
Restore.Sub.#1...: Salt:0 Amplifier:0-1 Iteration:0-1
Candidates.#1....: jeffhardy -> jeffhardy
RE: correct command? - Snoopy - 10-12-2021
yeah it seem hashcat just uses your CPU
you can run hashcat -I to see what kind of devices hashcat can utilize, i think you miss some drivers for your GPU
GPU Driver requirements:
- AMD GPUs on Linux require "RadeonOpenCompute (ROCm)" Software Platform (3.1 or later)
- AMD GPUs on Windows require "AMD Radeon Adrenalin 2020 Edition" (20.2.2 or later)
- Intel CPUs require "OpenCL Runtime for Intel Core and Intel Xeon Processors" (16.1.1 or later)
- NVIDIA GPUs require "NVIDIA Driver" (440.64 or later) and "CUDA Toolkit" (9.0 or later)
RE: correct command? - 3mu - 10-12-2021
Yes your are right, the The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali) Linux has not the right driver, i have now try to install the driver, but is not working.
do you khow the best OS for hashcat?
what do you think, is OK if i install Ubuntu 21.04... do i need a GUI or can i install comand line only?
or have yor a better idee?
RE: correct command? - Snoopy - 10-12-2021
i think ubuntu or any other debian-based distro beside k.a.l.i will work
command line will be enough for running hashcat
RE: correct command? - walterlacka - 10-13-2021
Do you mean to use -a0 instead of -a3?
(10-12-2021, 08:30 AM)3mu Wrote: OK thank you for your information,
can you help me to finde the right command?
and i dont think he use my GPU
if i run this...
hashcat -m 1000 -a 3 /home/hacker/Dokumente/NTLM.txt /home/hacker/Dokumente/rockyou.txt
1 ⨯
hashcat (v6.1.1) starting...
OpenCL API (OpenCL 1.2 pocl 1.6, None+Asserts, LLVM 9.0.1, RELOC, SLEEF, DISTRO, POCL_DEBUG) - Platform #1 [The pocl project]
=============================================================================================================================
* Device #1: pthread-AMD Ryzen 5 1600 Six-Core Processor, 5859/5923 MB (2048 MB allocatable), 12MCU
Minimum password length supported by kernel: 0
Maximum password length supported by kernel: 256
Hashes: 1 digests; 1 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates
Applicable optimizers applied:
* Zero-Byte
* Early-Skip
* Not-Salted
* Not-Iterated
* Single-Hash
* Single-Salt
* Brute-Force
* Raw-Hash
ATTENTION! Pure (unoptimized) backend kernels selected.
Using pure kernels enables cracking longer passwords but for the price of drastically reduced performance.
If you want to switch to optimized backend kernels, append -O to your commandline.
See the above message to find out about the exact limits.
Watchdog: Hardware monitoring interface not found on your system.
Watchdog: Temperature abort trigger disabled.
Host memory required for this attack: 67 MB
The wordlist or mask that you are using is too small.
This means that hashcat cannot use the full parallel power of your device(s).
Unless you supply more work, your cracking speed will drop.
For tips on supplying more work, see: https://hashcat.net/faq/morework
Approaching final keyspace - workload adjusted.
Session..........: hashcat
Status...........: Exhausted
Hash.Name........: NTLM
Hash.Target......: XXXXXXXXXXXXXXXXX (i have edit)
Time.Started.....: Tue Oct 12 10:33:14 2021 (0 secs)
Time.Estimated...: Tue Oct 12 10:33:14 2021 (0 secs)
Guess.Mask.......: jeffhardy [9]
Guess.Queue......: 2512/14336792 (0.02%)
Speed.#1.........: 1562 H/s (0.04ms) @ Accel:1024 Loops:1 Thr:1 Vec:8
Recovered........: 0/1 (0.00%) Digests
Progress.........: 1/1 (100.00%)
Rejected.........: 0/1 (0.00%)
Restore.Point....: 1/1 (100.00%)
Restore.Sub.#1...: Salt:0 Amplifier:0-1 Iteration:0-1
Candidates.#1....: jeffhardy -> jeffhardy
RE: correct command? - 3mu - 10-13-2021
Hello everyone,
now I've finally managed to install a system that also supports my GPU driver.
I didn't get it right with Linux, I made several attempts here.
In the end, I managed it with a Windows 10 PC.
when I start hashcat -I
I get a message that something does not fit with the driver, but the calculation is done quite quickly via the GPU.
(i will post all the command output in the bootom from this)
Ok, can we get to my opening question now what could I use the optimal command now?
@walterlacka
I used -a 3 but only because I read it somewhere, I don't know if that's good.
i tried the command
hashcat.exe -m 1000 -a 3 -O c:\hashcat\NTLM.txt c:\hashcat\rockyou.txt
but the performance was so bad that I canceled it again.
and now i have start ths command.
hashcat.exe -m 1000 -a 3 -O c:\hashcat\NTLM.txt
I think that he is now simply trying out all the combinations
with a password of 1-15 characters
from the times I have calculated that he needs 8 days for the experiment.
so I would now just let it go as it is.
---------------
hashcat.exe -I
hashcat (v6.2.4) starting in backend information mode
Unsupported AMD HIP runtime version '0.0.3188' detected! Falling back to OpenCL...
OpenCL Info:
============
OpenCL Platform ID #1
Vendor..: Advanced Micro Devices, Inc.
Name....: AMD Accelerated Parallel Processing
Version.: OpenCL 2.1 AMD-APP (3188.4)
Backend Device ID #1
Type...........: GPU
Vendor.ID......: 1
Vendor.........: Advanced Micro Devices, Inc.
Name...........: Radeon (TM) RX 470 Graphics
Version........: OpenCL 2.0 AMD-APP (3188.4)
Processor(s)...: 32
Clock..........: 1260
Memory.Total...: 8192 MB (limited to 6745 MB allocatable in one block)
Memory.Free....: 8064 MB
OpenCL.Version.: OpenCL C 2.0
Driver.Version.: 3188.4
PCI.Addr.BDF...: 23:00.0
-----------------------------------
hashcat.exe -m 1000 -a 3 -O c:\hashcat\NTLM.txt c:\hashcat\rockyou.txt
hashcat (v6.2.4) starting
Unsupported AMD HIP runtime version '0.0.3188' detected! Falling back to OpenCL...
OpenCL API (OpenCL 2.1 AMD-APP (3188.4)) - Platform #1 [Advanced Micro Devices, Inc.]
=====================================================================================
* Device #1: Radeon (TM) RX 470 Graphics, 8064/8192 MB (6745 MB allocatable), 32MCU
Minimum password length supported by kernel: 0
Maximum password length supported by kernel: 27
Hashes: 1 digests; 1 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates
Optimizers applied:
* Optimized-Kernel
* Zero-Byte
* Precompute-Init
* Meet-In-The-Middle
* Early-Skip
* Not-Salted
* Not-Iterated
* Single-Hash
* Single-Salt
* Brute-Force
* Raw-Hash
Watchdog: Temperature abort trigger set to 90c
Host memory required for this attack: 2950 MB
The wordlist or mask that you are using is too small.
This means that hashcat cannot use the full parallel power of your device(s).
Unless you supply more work, your cracking speed will drop.
For tips on supplying more work, see: https://hashcat.net/faq/morework
Approaching final keyspace - workload adjusted.
Session..........: hashcat
Status...........: Exhausted
Hash.Mode........: 1000 (NTLM)
Hash.Target......: XXXXXXXXXXXXXXXXX (i have edit)
Time.Started.....: Wed Oct 13 09:37:32 2021 (0 secs)
Time.Estimated...: Wed Oct 13 09:37:32 2021 (0 secs)
Kernel.Feature...: Optimized Kernel
Guess.Mask.......: 123456 [6]
Guess.Queue......: 1/14336787 (0.00%)
Speed.#1.........: 821 H/s (0.01ms) @ Accel:512 Loops:1 Thr:128 Vec:1
Recovered........: 0/1 (0.00%) Digests
Progress.........: 1/1 (100.00%)
Rejected.........: 0/1 (0.00%)
Restore.Point....: 1/1 (100.00%)
Restore.Sub.#1...: Salt:0 Amplifier:0-1 Iteration:0-1
Candidate.Engine.: Device Generator
Candidates.#1....: 123456 -> 123456
Hardware.Mon.#1..: Temp: 42c Fan: 0% Util: 4% Core:1227MHz Mem:2000MHz Bus:16
------------------------
hashcat.exe -m 1000 -a 3 -O c:\hashcat\NTLM.txt
hashcat (v6.2.4) starting
Unsupported AMD HIP runtime version '0.0.3188' detected! Falling back to OpenCL...
OpenCL API (OpenCL 2.1 AMD-APP (3188.4)) - Platform #1 [Advanced Micro Devices, Inc.]
=====================================================================================
* Device #1: Radeon (TM) RX 470 Graphics, 8064/8192 MB (6745 MB allocatable), 32MCU
Minimum password length supported by kernel: 0
Maximum password length supported by kernel: 27
Hashes: 1 digests; 1 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates
Optimizers applied:
* Optimized-Kernel
* Zero-Byte
* Precompute-Init
* Meet-In-The-Middle
* Early-Skip
* Not-Salted
* Not-Iterated
* Single-Hash
* Single-Salt
* Brute-Force
* Raw-Hash
Watchdog: Temperature abort trigger set to 90c
Host memory required for this attack: 2950 MB
The wordlist or mask that you are using is too small.
This means that hashcat cannot use the full parallel power of your device(s).
Unless you supply more work, your cracking speed will drop.
For tips on supplying more work, see: https://hashcat.net/faq/morework
Approaching final keyspace - workload adjusted.
Session..........: hashcat
Status...........: Exhausted
Hash.Mode........: 1000 (NTLM)
Hash.Target......: XXXXXXXXXXXXXXXXX (i have edit)
Time.Started.....: Wed Oct 13 09:38:23 2021 (0 secs)
Time.Estimated...: Wed Oct 13 09:38:23 2021 (0 secs)
Kernel.Feature...: Optimized Kernel
Guess.Mask.......: ?1 [1]
Guess.Charset....: -1 ?l?d?u, -2 ?l?d, -3 ?l?d*!$@_, -4 Undefined
Guess.Queue......: 1/15 (6.67%)
Speed.#1.........: 55382 H/s (0.04ms) @ Accel:256 Loops:62 Thr:256 Vec:1
Recovered........: 0/1 (0.00%) Digests
Progress.........: 62/62 (100.00%)
Rejected.........: 0/62 (0.00%)
Restore.Point....: 1/1 (100.00%)
Restore.Sub.#1...: Salt:0 Amplifier:0-62 Iteration:0-62
Candidate.Engine.: Device Generator
Candidates.#1....: s -> X
Hardware.Mon.#1..: Temp: 52c Fan: 0% Util: 5% Core:1247MHz Mem:2000MHz Bus:16
RE: correct command? - Snoopy - 10-13-2021
-a 3 means bruteforce, so your first command where you tried using rockyou.txt was not right adn therefore i dont know what hashcat did there
so just for a fast first run, copy the follwoing lines into a file called basicmasks.txt
Code:
# all [1-6]
?a
?a?a
?a?a?a
?a?a?a?a
?a?a?a?a?a
?a?a?a?a?a?a
# basic v2 [7-8]
?l?d,?l?u?d,?a?2?1?1?1?1?a
?l?d,?l?u?d,?a?2?1?1?1?1?1?athen run hashcat with
Code:
hashcat -a 3 -m 1000 -O -w 3 NTLM.txt basicmasks.txtthis will do a short run with all chars 1-6 positions and then switch the mask for position 7-8, see https://hashcat.net/wiki/doku.php?id=hashcat and https://hashcat.net/wiki/doku.php?id=mask_attack for more infos about masks and options
after this run you can supply another maskfile with other masks or try your dictionary attack but dictionary would be -a 0 so
Code:
hashcat -a 0 -m 1000 -O -w 3 NTLM.txt rockyou.txtalso if you install intel opencl runtime you can also utilize your CPU for cracking, after installing this driver
Code:
hashcat -IRE: correct command? - 3mu - 10-13-2021
Thank you so much...
i will try this in 8 Day if my run is now complite...