+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Misc (https://hashcat.net/forum/forum-15.html)
+--- Forum: General Talk (https://hashcat.net/forum/forum-33.html)
+--- Thread: Help with commandline for md5 hash crack (/thread-11014.html)
Help with commandline for md5 hash crack - MilWib - 09-15-2022
Hi there,
I am trying to crack some hashes, which I need to open some files we lost the excel sheet for the passwords.
The password length and composition is always the same and that might help the hashing.
- Password length is 28 char
- The first part of the password is always known and is COMMDEPT#. This lowers the unknown chars to 19.
- The other parts of the password are groups of 4 chars, with a # in the middle. This lowers the unknown chars to 16 and sets password composition to COMMDEPT#????#????#????#????
- The ? char above is anything in A->Z and 0->9.
- No lowercase and no other symbols other than separating # whose position is known.
- Hashing algorithm is plain MD5 (that is MD5(password) = hash)
Can someone help me with creating the right command-line for hashcat?
Thanks in advance!
RE: Help with commandline for md5 hash crack - Snoopy - 09-15-2022
EDIT:
while testing this, this mask is to long, hashcat runs into a bufferoverflow so you will need another apraoch to run this attack gimme some time
EDIT2:
the only thing i came up with (without generating a first part dictionary of more then 40 TB) is using maskprocessor to feed hashcat
Code:
mp64 -1 ?u?d COMMDEPT#?1?1?1?1#?1?1?1?1#?1?1?1?1#?1?1?1?1 | hashcat -O -m0 --status hashbe aware, that this attack will be slow and you will not profit from any inbuilt things like shuffling the candidates, it will straight test the AAAA to 9999 beginning at the end (just see the output of hashcat testet candidates
for simplicity
generate a file mask.txt with content
Code:
?u?d,COMMDEPT#?1?1?1?1#?1?1?1?1#?1?1?1?#?1?1?1?1the rest is simple
Code:
hashcat -a3 -m0 -O -w3 --status hashfile mask.txtadd other options like outputfile when needed
be aware that this mask will generate 16.293.529.225.644.736.512 possible passwords so you will still need some time
RE: Help with commandline for md5 hash crack - MilWib - 09-15-2022
(09-15-2022, 04:52 PM)Snoopy Wrote: EDIT:
while testing this, this mask is to long, hashcat runs into a bufferoverflow so you will need another apraoch to run this attack gimme some time
Yep! Buffer Overflow also here.
I am also getting Failed to initialize NVIDIA RTC library, but CUDA IS installed (C:\Program Files\NVIDIA GPU Computing Toolkit\CUDA\v11.7\bin) since today and NVIDIA drivers are up to date (11.7 CUDA - 516.94 NVIDIA)
OpenCL Platform ID #1
Vendor..: NVIDIA Corporation
Name....: NVIDIA CUDA
Version.: OpenCL 3.0 CUDA 11.7.101
Backend Device ID #1
Type...........: GPU
Vendor.ID......: 32
Vendor.........: NVIDIA Corporation
Name...........: NVIDIA GeForce RTX 3080 Laptop GPU
Version........: OpenCL 3.0 CUDA
Processor(s)...: 48
Clock..........: 1710
Memory.Total...: 16383 MB (limited to 4095 MB allocatable in one block)
Memory.Free....: 15616 MB
Local.Memory...: 48 KB
OpenCL.Version.: OpenCL C 1.2
Driver.Version.: 516.94
PCI.Addr.BDF...: 01:00.0
RE: Help with commandline for md5 hash crack - Snoopy - 09-15-2022
(09-15-2022, 05:42 PM)MilWib Wrote: Yep! Buffer Overflow also here.
I am also getting Failed to initialize NVIDIA RTC library, but CUDA IS installed (C:\Program Files\NVIDIA GPU Computing Toolkit\CUDA\v11.7\bin) since today and NVIDIA drivers are up to date (11.7 CUDA - 516.94 NVIDIA)
try installing release 11.6.2
https://developer.nvidia.com/cuda-toolkit-archive
specific CUDA versions also need specific drivers, cuda 11.6.2 should work just out of the box with any recent driver, please test
also see my EDIT2 above
RE: Help with commandline for md5 hash crack - MilWib - 09-15-2022
(09-15-2022, 05:57 PM)Snoopy Wrote: try installing release 11.6.2
https://developer.nvidia.com/cuda-toolkit-archive
specific CUDA versions also need specific drivers, cuda 11.6.2 should work just out of the box with any recent driver, please test
also see my EDIT2 above
Unfortunately same result, failed to initialise RTC.
So, basically without possibility to avoid buffer overflow it is an almost impossible task?
RE: Help with commandline for md5 hash crack - Snoopy - 09-16-2022
well no, see above, using maskprocessor as input, the attack is possible, but slow
the other way would be generating a dictionary of the first half of the pass, but this would consume around 40 Terrabyte of storage (it would be possible to split these using the start and limit options of hashcat) and combine these dict with a mask of the second half of the password
so using maskprocessor would be slow, using pre generated dictionary would take some time and manual work beforehand
RE: Help with commandline for md5 hash crack - MilWib - 09-16-2022
(09-16-2022, 01:44 PM)Snoopy Wrote: well no, see above, using maskprocessor as input, the attack is possible, but slow
the other way would be generating a dictionary of the first half of the pass, but this would consume around 40 Terrabyte of storage (it would be possible to split these using the start and limit options of hashcat) and combine these dict with a mask of the second half of the password
so using maskprocessor would be slow, using pre generated dictionary would take some time and manual work beforehand
So, for example, I might also go by first letter? For example, I pre-generate all COMMDEPT#A???#????#????#????, then all COMMDEPT#B???#????#????#???? in separate files and, one letter by one letter, I check if there are valid passwords, keep what is valid and scrap remaining?
RE: Help with commandline for md5 hash crack - Snoopy - 09-19-2022
tl;dr dont try it
after some trying around, even halfing the mask isnt enough for mode 6, the longest mask without overflow for hybrid attack is ?1?1#?1?1?1?1
i pregenerated the first 500.000.000 passes (see below) and started hybrid attack with
hashcat -a6 -m0 -O hahsh.txt 500m.txt -1 ?1?1#?1?1?1?1
the result with an RTX 3060 is 11.000 MH/s -> ETA 3 Years and this is just the first 500.000.000 possibilities of 3.656.158.440.062.976, dividing this yould take 7.312.316 more of these pregenerated dicts, so cracking this hash will be somewhat of impossible or a really lucky shot
JFYI
pregenerating mask is
premask.txt
Code:
?u?d,COMMDEPT#?1?1?1?1#?1?1?1?1#?1?1possible combinations, each password candidate would consume 23 bytes, 21 bytes string + \r\n (on windows)
3.656.158.440.062.976 * 23 bytes, yeah some PETA-Bytes
hashcat -a3 --stdout -l 500000000 premask.txt > 500m.txt (~11 GB)
the next one woud be (using start option to skip the first 500.000.000 for generation)
hashcat -a3 --stdout -s 500000000 -l 500000000 premask.txt > 500m.txt