hashcat Forum
Exhausted with password on list - Printable Version

+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Support (https://hashcat.net/forum/forum-3.html)
+--- Forum: hashcat (https://hashcat.net/forum/forum-45.html)
+--- Thread: Exhausted with password on list (/thread-11600.html)



Exhausted with password on list - hashkatkat46 - 09-11-2023

Hi everyone,

I have been trying to crack my own windows password, that I set as abc123. I followed these steps but somehow, I always end up getting an exhausted output, even though the password is on the list:
1. Created a copy of the SAM and System files from System32 folder.
2. Obtained hash with impacket -secretsdump and saved it on a txt file (hash.txt).
3. Ran Hash ID with the following result:
Possible Hashs:
[+] MD5
[+] Domain Cached Credentials - MD4(MD4(($pass)).(strtolower($username)))
4. Created a list of passwords with cupp -i (abc.txt). I used “abc” and “123” to generate the passwords.
5. Ran sudo hashcat -m 0 hash.txt abc.txt and got this output:
└─$ sudo hashcat -m 0 hash.txt abc.txt
hashcat (v6.2.6) starting
OpenCL API (OpenCL 3.0 PoCL 3.1+debian  Linux, None+Asserts, RELOC, SPIR, LLVM 15.0.6, SLEEF, DISTRO, POCL_DEBUG) - Platform #1 [The pocl project]
==================================================================================================================================================
* Device #1: pthread-penryn-Intel(R) Core(TM) i3-10110U CPU @ 2.10GHz, 1094/2252 MB (512 MB allocatable), 2MCU
 
Minimum password length supported by kernel: 0
Maximum password length supported by kernel: 256
 
Hashes: 1 digests; 1 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates
Rules: 1
 
Optimizers applied:
* Zero-Byte
* Early-Skip
* Not-Salted
* Not-Iterated
* Single-Hash
* Single-Salt
* Raw-Hash
 
ATTENTION! Pure (unoptimized) backend kernels selected.
Pure kernels can crack longer passwords, but drastically reduce performance.
If you want to switch to optimized kernels, append -O to your commandline.
See the above message to find out about the exact limits.
 
Watchdog: Temperature abort trigger set to 90c
 
Host memory required for this attack: 0 MB
 
Dictionary cache hit:
* Filename..: abc.txt
* Passwords.: 242
* Bytes.....: 2360
* Keyspace..: 242
 
The wordlist or mask that you are using is too small.
This means that hashcat cannot use the full parallel power of your device(s).
Unless you supply more work, your cracking speed will drop.
For tips on supplying more work, see: https://hashcat.net/faq/morework
 
Approaching final keyspace - workload adjusted.          
 
Session..........: hashcat                               
Status...........: Exhausted
Hash.Mode........: 0 (MD5)
Hash.Target......: 7X6XXXeXX57c8XXdfXX303XXX0eXX3eX
Time.Started.....: Mon Sep 11 03:08:19 2023 (0 secs)
Time.Estimated...: Mon Sep 11 03:08:19 2023 (0 secs)
Kernel.Feature...: Pure Kernel
Guess.Base.......: File (abc.txt)
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........:   180.5 kH/s (0.07ms) @ Accel:256 Loops:1 Thr:1 Vec:4
Recovered........: 0/1 (0.00%) Digests (total), 0/1 (0.00%) Digests (new)
Progress.........: 242/242 (100.00%)
Rejected.........: 0/242 (0.00%)
Restore.Point....: 242/242 (100.00%)
Restore.Sub.#1...: Salt:0 Amplifier:0-1 Iteration:0-1
Candidate.Engine.: Device Generator
Candidates.#1....: 1232008 -> cba_2020
Hardware.Mon.#1..: Util:  7%
 
Started: Mon Sep 11 03:08:17 2023
Stopped: Mon Sep 11 03:08:21 2023
----------------------------------------------------------------------------
What could I be doing wrong? I have tried using other hash-modes but it keeps showing an exhausted result. I have been searching the internet for a while but have not found a way to resolve this.
Thanks in advance.


RE: Exhausted with password on list - Snoopy - 09-11-2023

first of all, windows pass is NTLM which is mode 1000 not 0

second, assuming your hashtarget is masked properly, your hash is also wrong

abc123. or abc123 doesnt end up in a NTLM hash starting with 7

the only hash starting with 7 would be abc123 and the old windows network LM style (which is disabled, i think for some years now) but again, if masked properly rest of the hash aslo didnt match

so something went wrong when extractiong the hash