oclHashcat-plus silently truncates password candidates to 15 characters - Printable Version +- hashcat Forum (https://hashcat.net/forum) +-- Forum: Deprecated; Ancient Versions (https://hashcat.net/forum/forum-46.html) +--- Forum: Feature Requests (https://hashcat.net/forum/forum-7.html) +--- Thread: oclHashcat-plus silently truncates password candidates to 15 characters (/thread-443.html)

oclHashcat-plus silently truncates password candidates to 15 characters - lanjelot - 08-27-2011 While conducting a pentest, I needed to crack a super-admin hash, so I ran oclHashcat-plus on a small wordlist with very efficient rules, no luck. Just to be sure, I gave john the ripper a shot as it does not have exactly the same mangling rules as hashcat. The password turned out to be admin123admin123. The reason why oclHashcat-plus did not crack it is because it truncates every password candidate to 15 characters, whatever the hash type. IMHO, users should be aware about this limitation. Maybe a warning statement when oclhashcat starts (among the startup info lines), or somewhere in the --help output would be truely beneficial for everyone. Cheers RE: oclHashcat-plus silently truncates password candidates to 15 characters - Rolf - 08-28-2011 Already does it. RE: oclHashcat-plus silently truncates password candidates to 15 characters - lanjelot - 09-11-2011 What version were you using? Me, I don't have the "Password lengths range: 1 - 15" message you have! Maybe it's because you are on Windows wheras I am on Linux. Anyway, using oclHashcat-plus-0.05, here is the output I get, and the steps to reproduce: $ echo -n admin123admin123 | md5sum | cut -d' ' -f1 | tee admin123.md5 4baee7411b65cadc2c33bdc3a3155e06 $ echo admin123 > admin123.dic $ cat > dup.rule <<'EOF' : d EOF $ /opt/oclHashcat-plus/cudaHashcat-plus -m 0 admin123.md5 admin123.dic -r dup.rule cudaHashcat-plus v0.5 by atom starting... Hashes: 1 Salts: 1 Bitmaps: 8 bits, 256 entries, 0x000000ff mask, 1024 bytes Rules: 2 Platform: NVidia compatible platform found Watchdog: Temperature limit set to 90c Device #1: GeForce GTX 460, 1023MB, 1300Mhz, 7MCU Starting attack in wordlist file mode... Status.......: Exhausted Hash.Type....: MD5 Input.Mode...: File (admin123.dic) Time.Running.: 1 sec Time.Left....: 0 secs Speed........: 0/s Recovered....: 0/1 Digests, 0/1 Salts Progress.....: 2/2 (100.00%) HW.Monitor.#1: 0% GPU, 52c Temp Started: Sun Sep 11 15:32:59 2011 Stopped: Sun Sep 11 15:33:00 2011 $ RE: oclHashcat-plus silently truncates password candidates to 15 characters - Rolf - 09-12-2011 Yeah, it was just a newer version, a beta to be exact. And cats are the same for both Linux and Windows. RE: oclHashcat-plus silently truncates password candidates to 15 characters - atom - 05-08-2012 done with 0.08