hashcat Forum
IPB2 md5(md5($salt).md5($pass)) issue? - Printable Version

+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Deprecated; Ancient Versions (https://hashcat.net/forum/forum-46.html)
+--- Forum: Very old oclHashcat-plus Support (https://hashcat.net/forum/forum-23.html)
+--- Thread: IPB2 md5(md5($salt).md5($pass)) issue? (/thread-1173.html)

Pages: 1 2


IPB2 md5(md5($salt).md5($pass)) issue? - hashfixer - 05-16-2012

Found a work around for hash type 2711, untested for otheres. Download and try hashcat_plus v0.07.


I'm having trouble with hashcat plut and hashcat lite with list of IPB2 hashConfusedalts. I can crack them via hashcat 0.39 without a problem, but is tons slower. Maybe someone else can see my mistake?

hash example is:
d59be66565eeb562bb2b724d71b8a4e3:S$~!!

plaintext is:
omgwtf

I tried both oclhashcat plus and oclhashcat lite to crack this via gpu power (dual hd 6950s) and no luck ^.^.

I'm also running ubuntu 12 if that means anything different and am on 64-bit.

here are the commands i'm using, text.txt holds the hash, and tword.txt holds a list of words with the plaintext in it.

Code:
./oclHashcat-lite64.bin -m 2811 d59be66565eeb562bb2b724d71b8a4e3:S$~./

./oclHashcat-plus64.bin -a 0 -m 2811 test.txt tword.txt



RE: IPB2 md5(md5($salt).md5($pass)) issue? - M@LIK - 05-16-2012

Are you sure?
Cause I generated the hash for "omgwtf" and here's what I found:
Code:
7f8f65c062e3a9536fad48fead0af65a:S$~./
7f8f65c062e3a9536fad48fead0af65a: S$~./:omgwtf

2811 = IPB2+, MyBB1.2+ (9 in hashcat-0.39) = md5(md5($salt).md5($pass))



RE: IPB2 md5(md5($salt).md5($pass)) issue? - hashfixer - 05-16-2012

My friend cracked them (not sure what version he used, and came up with them. I double checked in each of the 3 versions and only hashcat 0.39 will crack it for me Undecided. Here are the hashes he cracked (5 of 5 lol).
Code:
d59be66565eeb562bb2b724d71b8a4e3:S$~!!:omgwtf
    860b7672072a1c77514a762bcaaa1f23:*8!"!:pass90
    f179e7768678b3c5daa920bbfc75cffd:Fu~!!:474991
    f7eb3ca367a08a7b862a3e59f23e8328:bY'"!:wincmd32
    149b821d22989dd3625dcbd3a1a62400:EK>"!:imonaboat

Ok I rechecked my commands I used, the salt gets changed, and is why my orignal post the salt don't match the list above. Maybe this has something todo with my issues, but even hashcat-plus loading from a file don't crack it Sad

S$~!! is the correct salt.


RE: IPB2 md5(md5($salt).md5($pass)) issue? - M@LIK - 05-16-2012

Ahh, yes... you gave two different salts -__-

Anyway, the hashes you provide are correct cracks:
Code:
d59be66565eeb562bb2b724d71b8a4e3:S$~!!:omgwtf
f179e7768678b3c5daa920bbfc75cffd:Fu~!!:474991
860b7672072a1c77514a762bcaaa1f23:*8!"!:pass90
f7eb3ca367a08a7b862a3e59f23e8328:bY'"!:wincmd32
149b821d22989dd3625dcbd3a1a62400:EK>"!:imonaboat

Status.......: Cracked
Input.Mode...: File (dict)
Hash.Target..: File (IPB)
Hash.Type....: IPB2+, MyBB1.2+
Time.Running.: 0 secs
Time.Util....: 996.2ms/0.0ms Real/CPU, 0.0% idle
Speed........:       18 c/s Real,        0 c/s GPU
Recovered....: 5/5 Digests, 5/5 Salts
Progress.....: 25/25 (100.00%)
Rejected.....: 7/25 (28.00%)

Try loading the hashes from a file, and use this command:
Code:
./oclHashcat-plus64.bin -m2811 test.txt tword.txt
Make sure that the hashes are with the correct salts and that the passwords are in the dict (tword.txt).


RE: IPB2 md5(md5($salt).md5($pass)) issue? - hashfixer - 05-16-2012

Results:

Code:
./oclHashcat-plus64.bin -m2811 test.txt tword.txt
oclHashcat-plus v0.08 by atom starting...

Hashes: 5
Unique salts: 5
Unique digests: 5
Bitmaps: 8 bits, 256 entries, 0x000000ff mask, 1024 bytes
Rules: 1
GPU-Loops: 32
GPU-Accel: 40
Password lengths range: 1 - 15
Platform: AMD compatible platform found
Watchdog: Temperature limit set to 90c
Device #1: Cayman, 1024MB, 0Mhz, 22MCU
Device #2: Cayman, 1024MB, 0Mhz, 22MCU
Device #1: Allocating 132MB host-memory
Device #1: Kernel ./kernels/4098/m2810_a0.Cayman.64.kernel (1110704 bytes)
Device #2: Allocating 132MB host-memory
Device #2: Kernel ./kernels/4098/m2810_a0.Cayman.64.kernel (1110704 bytes)

Scanned dictionary tword.txt: 41 bytes, 6 words, 6 keyspace, starting attack...

                                    
Status.......: Exhausted
Input.Mode...: File (tword.txt)
Hash.Target..: File (test.txt)
Hash.Type....: IPB2+, MyBB1.2+
Time.Running.: 1 sec
Time.Left....: 0 secs
Time.Util....: 1000.7ms/0.0ms Real/CPU, 0.0% idle
Speed........:       25 c/s Real,        0 c/s GPU
Recovered....: 0/5 Digests, 0/5 Salts
Progress.....: 30/30 (100.00%)
Rejected.....: 5/30 (16.67%)
HW.Monitor.#1:  0% GPU, 45c Temp
HW.Monitor.#2:  0% GPU, 37c Temp

Started: Tue May 15 18:58:14 2012
Stopped: Tue May 15 18:58:15 2012

Could this be a bad driver issue? I'm running Catalyst Version 12.4 under ubuntu 12.04 with two ATI HD 6950 cards not in cross fire.


RE: IPB2 md5(md5($salt).md5($pass)) issue? - M@LIK - 05-16-2012

Then, I'm sorry I don't know what's wrong there.


RE: IPB2 md5(md5($salt).md5($pass)) issue? - hashfixer - 05-16-2012

Thanks for trying.

If I remember correctly, back when I only had one card installed under windows 7, oclhashcat-plus worked fine for a small wordlist attack on the same list.


RE: IPB2 md5(md5($salt).md5($pass)) issue? - atom - 05-16-2012

I guess its all about the multihash -m 2611, -m 2711 and -m 2811 bug in AMD catalyst for < hd77xx. If it works fine on single hashes all you can do is to pray to AMD catalyst coder to fix this issue.


RE: IPB2 md5(md5($salt).md5($pass)) issue? - hashfixer - 05-16-2012

Thanks for the info atom. In windows 7, it seemed to work, but that was with a single card. I wonder if an older driver would solve the problem?


RE: IPB2 md5(md5($salt).md5($pass)) issue? - NeonFlash - 05-21-2012

Hello,

I face the same issue as well with VBulletin and IPB hashes.

I have the plaintexts for the hashes I am trying to crack with oclhashcat-plus v0.081 and even then it does not show the results:

With one Hash it works fine:

Code:
C:\GPU Bruteforcers\oclHashcat-plus-0.081>oclHashcat-plus32.exe -m 2811 -n 160 -
a 0 IPB.txt testIPB.txt
oclHashcat-plus v0.08 by atom starting...

Hashes: 1
Unique salts: 1
Unique digests: 1
Bitmaps: 8 bits, 256 entries, 0x000000ff mask, 1024 bytes
Rules: 1
GPU-Loops: 32
GPU-Accel: 160
Password lengths range: 1 - 15
Platform: AMD compatible platform found
Watchdog: Temperature limit set to 90c
Device #1: Cypress, 1024MB, 0Mhz, 20MCU
Device #1: Allocating 481MB host-memory
Device #1: Kernel ./kernels/4098/m2810_a0.Cypress.32.kernel (1098548 bytes)

Scanned dictionary testIPB.txt: 55 bytes, 7 words, 7 keyspace, starting attack..
.

4cc8b4fce71ca5bfba614cc142d2277e:(4/O!:crime1

Status.......: Cracked
Input.Mode...: File (testIPB.txt)
Hash.Target..: 4cc8b4fce71ca5bfba614cc142d2277e:(4/O!
Hash.Type....: IPB2+, MyBB1.2+
Time.Running.: 1 sec
Time.Util....: 1021.0ms/0.0ms Real/CPU, 0.0% idle
Speed........:        7 c/s Real,        0 c/s GPU
Recovered....: 1/1 Digests, 1/1 Salts
Progress.....: 7/7 (100.00%)
Rejected.....: 0/7 (0.00%)
HW.Monitor.#1:  0% GPU, 53c Temp

Started: Mon May 21 15:38:54 2012
Stopped: Mon May 21 15:38:56 2012

I added a couple of more IPB hashes to the IPB.txt file for which the plain texts are present in testIPB.txt and this time there were no results:

Code:
C:\GPU Bruteforcers\oclHashcat-plus-0.081>oclHashcat-plus32.exe -m 2811 -n 160 -
a 0 IPB.txt testIPB.txt
oclHashcat-plus v0.08 by atom starting...

Hashes: 7
Unique salts: 7
Unique digests: 7
Bitmaps: 8 bits, 256 entries, 0x000000ff mask, 1024 bytes
Rules: 1
GPU-Loops: 32
GPU-Accel: 160
Password lengths range: 1 - 15
Platform: AMD compatible platform found
Watchdog: Temperature limit set to 90c
Device #1: Cypress, 1024MB, 0Mhz, 20MCU
Device #1: Allocating 481MB host-memory
Device #1: Kernel ./kernels/4098/m2810_a0.Cypress.32.kernel (1098548 bytes)

Scanned dictionary testIPB.txt: 55 bytes, 7 words, 7 keyspace, starting attack..
.


Status.......: Exhausted
Input.Mode...: File (testIPB.txt)
Hash.Target..: File (IPB.txt)
Hash.Type....: IPB2+, MyBB1.2+
Time.Running.: 1 sec
Time.Left....: 0 secs
Time.Util....: 1016.7ms/0.0ms Real/CPU, 0.0% idle
Speed........:       48 c/s Real,     4923 c/s GPU
Recovered....: 0/7 Digests, 0/7 Salts
Progress.....: 49/49 (100.00%)
Rejected.....: 0/49 (0.00%)
HW.Monitor.#1:  0% GPU, 53c Temp

Started: Mon May 21 15:40:04 2012
Stopped: Mon May 21 15:40:06 2012

My OS is: Windows 7 64 Bit Ultimate
ATI Catalyst version 12.04
GPU: ATI Radeon HD 5870

If someone else can post their results of oclhashcat-plus v0.08 with multi IPB and VBulletin hashes along with OS/ATI Catalyst Version/GPU info, that would be helpful.

@hashfixer: I am not sure if OS is the issue here, since in my case, I face the same issue with multihashes even while running on Windows 7 x64.

Here is a test performed on VBulletin hashes with 3 char salt (-m 2611)

Please note that, testVB.txt has all the plaintexts for the hashes present in VB.txt.

Code:
C:\GPU Bruteforcers\oclHashcat-plus-0.081>oclHashcat-plus32.exe -m 2611 -n 160 -
a 0 VB.txt testVB.txt
oclHashcat-plus v0.08 by atom starting...

Hashes: 12
Unique salts: 12
Unique digests: 12
Bitmaps: 8 bits, 256 entries, 0x000000ff mask, 1024 bytes
Rules: 1
GPU-Loops: 64
GPU-Accel: 160
Password lengths range: 1 - 15
Platform: AMD compatible platform found
Watchdog: Temperature limit set to 90c
Device #1: Cypress, 1024MB, 0Mhz, 20MCU
Device #1: Allocating 481MB host-memory
Device #1: Kernel ./kernels/4098/m2610_a0.Cypress.32.kernel (1051980 bytes)

Scanned dictionary testVB.txt: 125 bytes, 12 words, 12 keyspace, starting attack
...


Status.......: Exhausted
Input.Mode...: File (testVB.txt)
Hash.Target..: File (VB.txt)
Hash.Type....: vBulletin < v3.8.5
Time.Running.: 1 sec
Time.Left....: 0 secs
Time.Util....: 1018.9ms/0.0ms Real/CPU, 0.0% idle
Speed........:      141 c/s Real,        0 c/s GPU
Recovered....: 0/12 Digests, 0/12 Salts
Progress.....: 144/144 (100.00%)
Rejected.....: 0/144 (0.00%)
HW.Monitor.#1:  0% GPU, 54c Temp

Started: Mon May 21 16:10:52 2012
Stopped: Mon May 21 16:10:54 2012

Next, I tested by keeping only one hash in VB.txt and again running the dictionary attack:

And it cracks:

Code:
C:\GPU Bruteforcers\oclHashcat-plus-0.081>oclHashcat-plus32.exe -m 2611 -n 160 -
a 0 VB.txt testVB.txt
oclHashcat-plus v0.08 by atom starting...

Hashes: 1
Unique salts: 1
Unique digests: 1
Bitmaps: 8 bits, 256 entries, 0x000000ff mask, 1024 bytes
Rules: 1
GPU-Loops: 64
GPU-Accel: 160
Password lengths range: 1 - 15
Platform: AMD compatible platform found
Watchdog: Temperature limit set to 90c
Device #1: Cypress, 1024MB, 0Mhz, 20MCU
Device #1: Allocating 481MB host-memory
Device #1: Kernel ./kernels/4098/m2610_a0.Cypress.32.kernel (1051980 bytes)

Scanned dictionary testVB.txt: 125 bytes, 12 words, 12 keyspace, starting attack
...

6b07cbd574b6ab67b54903409bb2cf28:4Se:dgp12345

Status.......: Cracked
Input.Mode...: File (testVB.txt)
Hash.Target..: 6b07cbd574b6ab67b54903409bb2cf28:4Se
Hash.Type....: vBulletin < v3.8.5
Time.Running.: 1 sec
Time.Util....: 1021.8ms/0.0ms Real/CPU, 0.0% idle
Speed........:        7 c/s Real,        0 c/s GPU
Recovered....: 1/1 Digests, 1/1 Salts
Progress.....: 7/12 (58.33%)
Rejected.....: 0/7 (0.00%)
HW.Monitor.#1:  0% GPU, 53c Temp

Started: Mon May 21 16:12:44 2012
Stopped: Mon May 21 16:12:46 2012

I would be interested to know that when was the first time this issue was reported and is there anything that can be done in the code of oclhashcat-plus to allow it to work with ATI Radeon Cards < hd7xxx for multi IPB and VB Hashes?

Can a hotfix be released?

I will be posting some more results of my test with other attack modes like Hybrid + mask (-a 6).

Here is an interesting result. For multi VBulletin Hashes, the Hybrid + Mask (-a 6) attack works.

I removed the last 2 characters from all the plaintexts. The 2 characters with either lowercase alphabets or a digit. This allowed me to use a Hybrid + Mask attack to test. Here are the results and as you can see, all the hashes got cracked:

Code:
C:\GPU Bruteforcers\oclHashcat-plus-0.081>oclHashcat-plus32.exe -m 2611 -n 160 -
a 6 -1 ?l?d VB.txt testVB.txt ?1?1
oclHashcat-plus v0.08 by atom starting...

Hashes: 12
Unique salts: 12
Unique digests: 12
Bitmaps: 8 bits, 256 entries, 0x000000ff mask, 1024 bytes
GPU-Loops: 64
GPU-Accel: 160
Password lengths range: 1 - 15
Platform: AMD compatible platform found
Watchdog: Temperature limit set to 90c
Device #1: Cypress, 1024MB, 0Mhz, 20MCU
Device #1: Allocating 481MB host-memory
Device #1: Kernel ./kernels/4098/m2610_a1.Cypress.32.kernel (454216 bytes)

Scanned dictionary testVB.txt: 101 bytes, 12 words, 15552 keyspace, starting att
ack...

d7899a37338a09b5d05a78496361d6f2:+,!:d3f4o1
4a1ffb99874f9d8963e9454a039e3771:]:2:1972463
fb0797ac4658a6e79601ec2b6cac7182:'(d:Blah123
8fb67b92cbe1aacdb94ba41f98f305fa:bG::manus123
6eeda5ae77ba340a84caefe0d7c4e967:n1?:egon1313
6b07cbd574b6ab67b54903409bb2cf28:4Se:dgp12345
d51bdff0b4c40ba1aaf228d0fd1be5b6:4bf:storjude
47dbb53a4dcbd13039e7a8dcfd31a782:yZG:aimee2005
b3b65d97df372fd205ef24655a3240b6:Qj3:p1xrkju5s0
93c45aac3f3956f89dcc0a8bffab233f:k^P:p1xrkju5s0
a7d94805854224263049a9aed3fae5b8:73Z:hiegtzs2305
f4271d4095f21b834828b3de65757c4a:j~]:williamsuks

Status.......: Cracked
Input.Base...: File (testVB.txt)
Input.Mod....: Mask (?1?1)
Hash.Target..: File (VB.txt)
Hash.Type....: vBulletin < v3.8.5
Time.Running.: 2 secs
Time.Util....: 2026.2ms/0.0ms Real/CPU, 0.0% idle
Speed........:    55702 c/s Real,    81095 c/s GPU
Recovered....: 12/12 Digests, 12/12 Salts
Progress.....: 177664/186624 (95.20%)
Rejected.....: 64800/177664 (36.47%)
HW.Monitor.#1:  0% GPU, 53c Temp

Started: Mon May 21 16:17:39 2012
Stopped: Mon May 21 16:17:41 2012

Next step was to try a similar Hybrid + Mask (-a 6) attack with multi IPB2 hashes and see if it works:

Code:
C:\GPU Bruteforcers\oclHashcat-plus-0.081>oclHashcat-plus32.exe -m 2811 -n 160 -
a 6 -1 ?l?d IPB.txt testIPB.txt ?1?1
oclHashcat-plus v0.08 by atom starting...

Hashes: 7
Unique salts: 7
Unique digests: 7
Bitmaps: 8 bits, 256 entries, 0x000000ff mask, 1024 bytes
GPU-Loops: 32
GPU-Accel: 160
Password lengths range: 1 - 15
Platform: AMD compatible platform found
Watchdog: Temperature limit set to 90c
Device #1: Cypress, 1024MB, 0Mhz, 20MCU
Device #1: Allocating 481MB host-memory
Device #1: Kernel ./kernels/4098/m2810_a1.Cypress.32.kernel (491748 bytes)

Scanned dictionary testIPB.txt: 41 bytes, 7 words, 9072 keyspace, starting attac
k...


Status.......: Exhausted
Input.Base...: File (testIPB.txt)
Input.Mod....: Mask (?1?1)
Hash.Target..: File (IPB.txt)
Hash.Type....: IPB2+, MyBB1.2+
Time.Running.: 1 sec
Time.Left....: 0 secs
Time.Util....: 1032.9ms/0.0ms Real/CPU, 0.0% idle
Speed........:    61480 c/s Real,    97337 c/s GPU
Recovered....: 0/7 Digests, 0/7 Salts
Progress.....: 63504/63504 (100.00%)
Rejected.....: 0/63504 (0.00%)
HW.Monitor.#1:  0% GPU, 52c Temp

Started: Mon May 21 16:22:08 2012
Stopped: Mon May 21 16:22:10 2012

And, it does not work!

The combination attack (-a 1) also seems to work with Multi VBulletin Hashes:

Code:
C:\GPU Bruteforcers\oclHashcat-plus-0.081>oclHashcat-plus32.exe -m 2611 -n 160 -
a 1 VB.txt testVB.txt testVB2.txt
oclHashcat-plus v0.08 by atom starting...

Hashes: 12
Unique salts: 12
Unique digests: 12
Bitmaps: 8 bits, 256 entries, 0x000000ff mask, 1024 bytes
GPU-Loops: 64
GPU-Accel: 160
Password lengths range: 1 - 15
Platform: AMD compatible platform found
Watchdog: Temperature limit set to 90c
Device #1: Cypress, 1024MB, 0Mhz, 20MCU
Device #1: Allocating 481MB host-memory
Device #1: Kernel ./kernels/4098/m2610_a1.Cypress.32.kernel (454216 bytes)

Scanned dictionary testVB2.txt: 47 bytes, 12 words, 12 keyspace, starting attack
...
Scanned dictionary testVB.txt: 101 bytes, 12 words, 144 keyspace, starting attac
k...

d7899a37338a09b5d05a78496361d6f2:+,!:d3f4o1
4a1ffb99874f9d8963e9454a039e3771:]:2:1972463
fb0797ac4658a6e79601ec2b6cac7182:'(d:Blah123
8fb67b92cbe1aacdb94ba41f98f305fa:bG::manus123
6eeda5ae77ba340a84caefe0d7c4e967:n1?:egon1313
6b07cbd574b6ab67b54903409bb2cf28:4Se:dgp12345
d51bdff0b4c40ba1aaf228d0fd1be5b6:4bf:storjude
47dbb53a4dcbd13039e7a8dcfd31a782:yZG:aimee2005
b3b65d97df372fd205ef24655a3240b6:Qj3:p1xrkju5s0
93c45aac3f3956f89dcc0a8bffab233f:k^P:p1xrkju5s0
a7d94805854224263049a9aed3fae5b8:73Z:hiegtzs2305
f4271d4095f21b834828b3de65757c4a:j~]:williamsuks

Status.......: Cracked
Input.Base...: File (testVB.txt)
Input.Mod....: File (testVB2.txt)
Hash.Target..: File (VB.txt)
Hash.Type....: vBulletin < v3.8.5
Time.Running.: 1 sec
Time.Util....: 1014.6ms/0.0ms Real/CPU, 0.0% idle
Speed........:     1041 c/s Real,    13081 c/s GPU
Recovered....: 12/12 Digests, 12/12 Salts
Progress.....: 1656/1728 (95.83%)
Rejected.....: 600/1656 (36.23%)
HW.Monitor.#1:  0% GPU, 52c Temp

Started: Mon May 21 16:25:37 2012
Stopped: Mon May 21 16:25:39 2012

Even the combination attack (-a 1) does not work with Multi IPB2 Hashes:

Code:
C:\GPU Bruteforcers\oclHashcat-plus-0.081>oclHashcat-plus32.exe -m 2811 -n 160 -
a 1 IPB.txt testIPB.txt testIPB2.txt
oclHashcat-plus v0.08 by atom starting...

Hashes: 7
Unique salts: 7
Unique digests: 7
Bitmaps: 8 bits, 256 entries, 0x000000ff mask, 1024 bytes
GPU-Loops: 32
GPU-Accel: 160
Password lengths range: 1 - 15
Platform: AMD compatible platform found
Watchdog: Temperature limit set to 90c
Device #1: Cypress, 1024MB, 0Mhz, 20MCU
Device #1: Allocating 481MB host-memory
Device #1: Kernel ./kernels/4098/m2810_a1.Cypress.32.kernel (491748 bytes)

Scanned dictionary testIPB2.txt: 27 bytes, 7 words, 7 keyspace, starting attack.
..
Scanned dictionary testIPB.txt: 41 bytes, 7 words, 49 keyspace, starting attack.
..


Status.......: Exhausted
Input.Base...: File (testIPB.txt)
Input.Mod....: File (testIPB2.txt)
Hash.Target..: File (IPB.txt)
Hash.Type....: IPB2+, MyBB1.2+
Time.Running.: 1 sec
Time.Left....: 0 secs
Time.Util....: 1034.5ms/0.0ms Real/CPU, 0.0% idle
Speed........:      332 c/s Real,    41113 c/s GPU
Recovered....: 0/7 Digests, 0/7 Salts
Progress.....: 343/343 (100.00%)
Rejected.....: 0/343 (0.00%)
HW.Monitor.#1:  0% GPU, 53c Temp

Started: Mon May 21 16:27:10 2012
Stopped: Mon May 21 16:27:11 2012

So, it can be concluded that Multi VBulletin Hashes will not work with Dictionary Attack mode.

Multi IPB hashes will not work in any mode!

Need to test some more hash types to see if they are affected as well.

Hope this will help someone who is also facing the same issues.