Partial recovery - Printable Version +- hashcat Forum (https://hashcat.net/forum) +-- Forum: Deprecated; Previous versions (https://hashcat.net/forum/forum-29.html) +--- Forum: General Help (https://hashcat.net/forum/forum-8.html) +--- Thread: Partial recovery (/thread-4353.html) Pages:
1
2
|
Partial recovery - aprizm - 05-12-2015 So I have been to Crackstation.net trying to crack a few hashes that I wasnt able to crack myself. I got a few partial match. Can someone explain me how these partial match are obtained? is there a way to truncate a sha1 hash to get that partial result or is it something else? I have an example but I cant post it because its against the rule of this site. But if anyone has any info on the matter Im all ears thank you in advance. RE: Partial recovery - epixoip - 05-12-2015 Only way this would make sense is if you were cracking LM. RE: Partial recovery - undeath - 05-12-2015 The only hashes you can have partial matches are LM hashes because they are actually two hashes. RE: Partial recovery - aprizm - 05-12-2015 well I have a SHA-1 hash here that if input in CRACKSTATION gives me a yellow bar and it mentions PARTIAL MATCH and the partial that is given to me is making a lot of sense considaring the source. RE: Partial recovery - radix - 05-12-2015 holy lol RE: Partial recovery - aprizm - 05-12-2015 ok heres the pic ive hidden the hash http://postimg.org/image/4twlk165n RE: Partial recovery - aprizm - 05-12-2015 I do have some understanding of how sha1 encryption works. That is exactly why I dont get how they come up with these partial results. Changing 1 character would theorically change the whole hash but somehow if I copy half the hash x2 and send it as a hash in CrackStation it still gives me the partial. So it is able to get partial results from half a sha1 hash somehow. I really want to understand how they do this Ive pm the author of the siite. This could be very useful in cracking those last hash. RE: Partial recovery - aprizm - 05-12-2015 ok I think I know what happened. After doing a few test with generated sha1 encrypted pass I figured out some of my hash were corrupted. Which explains the partial match. Ive made sha1 hash out of those partial match and they were really close to the perfect match. If this is all true then would it be faster to compare against half a hash instead of the the whole string? Is this already implemented? RE: Partial recovery - aprizm - 05-13-2015 It would be nice if hashcat had an option where you can only computer half the hash and compare it to half of target hash and maybe get a few lucky hit at a faster pace. here is the answer from the guy at CrackStation Taylor Hornby @DefuseSec May 11 @aprizm The index is sorted on the first 64 bits of the hash, so if those match it'll return it as a partial match. RE: Partial recovery - epixoip - 05-13-2015 (05-13-2015, 04:16 AM)aprizm Wrote: It would be nice if hashcat had an option where you can only computer half the hash and compare it to half of target hash and maybe get a few lucky hit at a faster pace. I think you are very confused about how this works. You can't compute "half a hash", and that's not what Taylor's lookup tables are doing either. Lookup tables & lossy hash tables compute the full hash value, but then only store/index X number of bits. This only works for TMTO, this isn't anything hashcat could ever "take advantage of" since hashcat doesn't use lookup tables. |