hashcat Forum
What is my password? - Printable Version

+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Support (https://hashcat.net/forum/forum-3.html)
+--- Forum: hashcat (https://hashcat.net/forum/forum-45.html)
+--- Thread: What is my password? (/thread-11554.html)

What is my password? - rodrigo.Brasil - 08-11-2023

Run this:
Code:
hashcat.exe -m 1000  --potfile-disable 5e486282398373e0b4bedf01db16b795 -a 3 P?b?bsztorZs201 --quiet

It will show:

5e486282398373e0b4bedf01db16b795:PásztorZs201

If I open the potfile in a hex editor, I have
Code:
50 C3 A1 73 7A 74 6F 72 5A 73 32 30 31
P  à ¡  s  z  t  o  r  Z  s  2  0  1  

But, if I try to replicate it in python with this code:
Code:
import hashlib, binascii
val = bytearray.fromhex("50c3a1737a746f725a73323031")
hashcalc = binascii.hexlify(hashlib.new('md4', val).digest()).decode()
print(f"{hashcalc} != 5e486282398373e0b4bedf01db16b795")
# d65e9927549a762507bae550ba54969a != 5e486282398373e0b4bedf01db16b795

It will not work, but the same code worked for all other password without non-english character! 

How to force hashcat to print the $HEX[] format? What encoding mistake I am doing?

RE: What is my password? - Snoopy - 08-11-2023

welcome to the hell of character encodings

your hexeditor opened your file using utf-8 resulting in your shown hex BUT take a look at this, NTLM uses UTF16le for characterencoding and here we go

Code:
val = 'PásztorZs201'
hash = hashlib.new('md4', val.encode('utf-8')).digest()
hash = binascii.hexlify(hash)
print(f"{hash}")
hash = hashlib.new('md4', val.encode('utf-16le')).digest()
hash = binascii.hexlify(hash)
print(f"{hash}")
hash = hashlib.new('md4', val.encode('iso-8859-15')).digest()
hash = binascii.hexlify(hash)
print(f"{hash}")
hash = hashlib.new('md4', val.encode('UTF-8').decode('iso-8859-15').encode('utf-16le')).digest()
hash = binascii.hexlify(hash)
print(f"{hash}")

b'd65e9927549a762507bae550ba54969a'
b'e3fcd123f5bdadf2a0e61472fd13869c'
b'594fd6650f079efc9b8bfb0a1627ba70'
b'5e486282398373e0b4bedf01db16b795'

last line is the desired hash but but you see the needed conversation to get there?

RE: What is my password? - rodrigo.Brasil - 08-11-2023

(08-11-2023, 06:35 PM)Snoopy Wrote: welcome to the hell of character encodings

your hexeditor opened your file using utf-8 resulting in your shown hex BUT take a look at this, NTLM uses UTF16le for characterencoding and here we go

Soo... The correct input was:

Code:
val = bytearray.fromhex("5000c300a10073007a0074006f0072005a007300320030003100")

Now I really don't understand. I know NTLM uses UTF16le. And yes, I was doing it (but didn't realize in my first post). I put the core hash just because all this problems.
  • From a utf-8 input, the hashcat convert to utf16le, hash it and check. 
  • If it find, it convert back to utf-8 and save in pot file? 
  • Did the hexeditor change something? Does it show EXCACTLY what I have in the file?

What do I need to know about encoding to not make mistakes? 

Because the same code doesn't worked for this case:
Code:
        val = 'vascão.321'
        hash = hashlib.new('md4', val.encode('utf-16le')).digest()
        print("db4f8d140ddc16d9b77578d07f1e9782") # value I want

So this use another encoding. What am I missing?

RE: What is my password? - rodrigo.Brasil - 08-11-2023

Like this case, I really can't find the correct encoding to try in python:

Code:
hashcat.exe -m 1000  --potfile-disable eab5b5c892e0748ecd8977611385356d -a 3 ?b?bm?b?br.83F --quiet

eab5b5c892e0748ecd8977611385356d:ömür.83F

The good thing is that hashcat does all this encoding hell for us!

RE: What is my password? - Snoopy - 08-14-2023

mom wrong

RE: What is my password? - Snoopy - 08-14-2023

take a look at this (i switched to windows codepage because, yeah windows)

Code:
strings = ['PásztorZs201', 'ömür.83F', 'vascão.321']
for val in strings:

    hash = hashlib.new('md4', val.encode().decode('windows-1252').encode('utf-16le')).digest()
    hash = binascii.hexlify(hash)
    print(f"{hash} : {val}")

hexstrings = ['50C3A1737A746F725A73323031', 'c3b66dc3bc722e383346', '76617363C3A36F2E333231']
for hexes in hexstrings:

    val =  bytes.fromhex(hexes).decode('windows-1252')
    hash = hashlib.new('md4', val.encode('utf-16le')).digest()
    hash = binascii.hexlify(hash)
    print(f"{hash} : {val} : {hexes}")

b'5e486282398373e0b4bedf01db16b795' : PásztorZs201
b'eab5b5c892e0748ecd8977611385356d' : ömür.83F
b'0e9e45ceb1bf4b13740482ecef3a6f15' : vascão.321
b'5e486282398373e0b4bedf01db16b795' : PásztorZs201 : 50C3A1737A746F725A73323031
b'eab5b5c892e0748ecd8977611385356d' : ömür.83F : c3b66dc3bc722e383346
b'0e9e45ceb1bf4b13740482ecef3a6f15' : vascão.321 : 76617363C3A36F2E333231

the diff in stringoutput, yeah next cool thing (terminal)

as you can see it works for pastor and ömür, regarding vascao is your hash wrong (try to crack it and you will see you hash is wrong)