+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Support (https://hashcat.net/forum/forum-3.html)
+--- Forum: hashcat (https://hashcat.net/forum/forum-45.html)
+--- Thread: Problem with Hashcat and mscash2 (/thread-5903.html)
Problem with Hashcat and mscash2 - bluehuehuehue - 09-27-2016
hi folks and thanks for letting me be part of the forum
i am trying to use hashcat on windows 8.1 x64
for penetrationtesting in the company where i am one of the sysadmins i have extracted a domain cached credential and my file is in this format (one per line)
user:hash:domainname:domainshortcut(i dont know what this field is):::
i am using the hashcat gui from hashkiller.co.uk
after i load the file and set up everything it is generating me this command:
hashcat64.exe -a 0 -m 2100 --session=all -p : --status --status-timer=60 -o "mycashfile.txt_found2100.txt" --outfile-format=3 -w 2 --gpu-temp-abort=80 "mycashfile.txt" "rockyou.txt"
when i run this command i get this error:
WARNING: Hashfile 'mycashfile.txt' on line 1 (user:hash:domainname:domainshortcut::
: Line-length exception
WARNING: Hashfile 'mycashfile.txt' on line 2 (user:hash:domainname:domainshortcut::
: Line-length exception
WARNING: Hashfile 'mycashfile.txt' on line 3 (user:hash:domainname:domainshortcut::
: Line-length exception
WARNING: Hashfile 'mycashfile.txt' on line 4 (user:hash:domainname:domainshortcut::
: Line-length exception
Parsed Hashes: 4/4 (100.00%)
ERROR: No hashes loaded
i have tried format mscash and mscash2
i have also tried using JTR with mscash2 and there its parsing the hashes so they are ok. i guess there is an error in my syntax.
any help would be appreciated
RE: Problem with Hashcat and mscash2 - atom - 09-27-2016
Here's an example -m 2100 hash:
$DCC2$10240#tom#e4e938d12fe5974dc42a90120bd9c90f
RE: Problem with Hashcat and mscash2 - bluehuehuehue - 09-28-2016
thanks for the tip.
so far here is where i am:
since its a test i know one of the passwords so i have put it in my worldlist around line 2000
to verify if it will actually work.
i made 2 test files:
file1 is containing the hash as i had it already in this format:
user:hash:domain:domain-short:::
in file2 i used the test hash you gave me and exchanged username und hash with the known one from file1
$DCC2$10241#username#hash
my hash and your testhash have the same length
on my following tests with JTR and hashcat i used format mscash2 on all tests
JTR and file1: process is starting and after a moment its succesfully showing me the password
JTR and file2: process is starting but no password is found
hashcat and file1: process is starting but no password is found
hashcat and file2: same error as in 1st post for sure
seems like hashcat and JTR have a different understanding of the format mscash2??
so the question is how can i dump DCC in the format hashcat needs?
i dumped the hashes i use now with the secretdump.py from here https://github.com/CoreSecurity/impacket
then i also tried the cachedump in The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali) linux
http://tools.The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali).org/password-attacks/creddump
but there i get an error which seems to be a known bug
https://github.com/moyix/creddump/issues/5
so how can i dump the DCC in the format needed by hashcat?
thanks so much in advance already
RE: Problem with Hashcat and mscash2 - atom - 09-28-2016
Why 10241? If you use 10241 it will not work. Both JtR and hashcat use the $DCC2$ format.
RE: Problem with Hashcat and mscash2 - bluehuehuehue - 09-28-2016
because the example you gave me was
$DCC2$10240#tom#e4e938d12fe5974dc42a90120bd9c90f
and so i exchanged just user and hash and let the rest as it was.
what is the 10240 anyway?
even if i tried it like that
$DCC2$#user#hash
or also
$DCC2$user#hash
it did not work
edit: now i see what you mean. i changed it back to 10240 but still same error