hashcat Forum
7Zip hash woes - Printable Version

+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Support (https://hashcat.net/forum/forum-3.html)
+--- Forum: hashcat (https://hashcat.net/forum/forum-45.html)
+--- Thread: 7Zip hash woes (/thread-7013.html)

Pages: 1 2


7Zip hash woes - malcolmputer - 11-13-2017

I have a particular archive that I made a couple of years back, and I'd like to crack it.  I used 7z2hashcat to export the has from the archive and then imported it into hashcat and it says no hashes found.  If I create a similar sized archive using 7zip now, I can export it's hash and crack it just fine using the same options as I tried on the one I actually want to crack.

I also tried John's 7zip hash util and it exported, but wouldn't import into hashcat either.

I am able to use the tool "7z Crark", and it imports the full 7zip file and seems to work, but the UI is awful, and it doesn't support near the features of hashcat.

I've tried hashcat 4.0.0 and 3.6.0 and both gave the same "hashes not loaded" error.

I don't have a problem posting the hash or PM'ing it if needed, but obviously I can't share the archive.

Any suggestions?


RE: 7Zip hash woes - Chick3nman - 11-13-2017

Is the file name at the start of the hash? If so, remove "[filename]:" from the front of the hash and retry.


RE: 7Zip hash woes - malcolmputer - 11-13-2017

(11-13-2017, 07:50 PM)Chick3nman Wrote: Is the file name at the start of the hash? If so, remove "[filename]:" from the front of the hash and retry.

The John hash did have the filename: before the rest of the hash, but the hashcat one did not.  In any case, it still says no hashes loaded with or without the filename:


RE: 7Zip hash woes - philsmd - 11-13-2017

you need to use -m 11600 for 7-zip

If you see the message "No hashes loaded" it is not the actual message we are interested in here.
The error message that is responsible for letting you know what the problems with each and every hash is will be shown before this final message that not a single hash was loaded.

Please be more specific what the error message is and/or let us know about all errors not only the one that no hashes were loaded (which is kind of interesting to know, but not the one that explains the actual problem that we are interested in).


RE: 7Zip hash woes - malcolmputer - 11-13-2017

(11-13-2017, 09:29 PM)philsmd Wrote: you need to use -m 11600 for 7-zip

If you see the message "No hashes loaded" it is not the actual message we are interested in here.
The error message that is responsible for letting you know what the problems with each and every hash is will be shown before this final message that not a single hash was loaded.

Please be more specific what the error message is and/or let us know about all errors not only the one that no hashes were loaded (which is kind of interesting to know, but not the one that explains the actual problem that we are interested in).

I was using 11600, see below.  I'm happy to enable whatever debugging is needed.

Code:
REDACTED\hashcat-4.0.0>hashcat64.exe -O -w1 -m11600 -a3 ../john.hash ../realhuman_phill.txt
hashcat (v4.0.0) starting...
OpenCL Platform #1: Advanced Micro Devices, Inc.
================================================
* Device #1: Tahiti, 2112/3072 MB allocatable, 28MCU
* Device #2: AMD Phenom(tm) II X6 1055T Processor, skipped.

REDACTED\hashcat-4.0.0/OpenCL/m11600-optimized.cl: Optimized OpenCL kernel not found, falling back to pure OpenCL
 kernel
Hashfile '../john.hash' on line 1 ($7z$1$REDACTED UNLESS REQUESTED
No hashes loaded.

Started: Mon Nov 13 12:41:52 2017
Stopped: Mon Nov 13 12:41:52 2017



RE: 7Zip hash woes - philsmd - 11-13-2017

somehow you managed to again not post the actual error message.
The error message should be shown/explained after the hash within the line:
Hashfile '../john.hash' on line 1 (hash): ERROR_MESSAGE

we are interested in the ERROR_MESSAGE.


RE: 7Zip hash woes - malcolmputer - 11-13-2017

(11-13-2017, 10:34 PM)philsmd Wrote: somehow you managed to again not post the actual error message.
The error message should be shown/explained after the hash within the line:
Hashfile '../john.hash' on line 1 (hash): ERROR_MESSAGE

we are interested in the ERROR_MESSAGE.

I pasted literally the whole output of hashcat.  Maybe the hash is so long that it fills the print buffer before the error message is shown?

Code:
$ ./hashcat-4.0.0/hashcat64.exe -w1 -m11600 -a3 john.hash rockyou.txt
hashcat (v4.0.0) starting...
OpenCL Platform #1: Advanced Micro Devices, Inc.
================================================
* Device #1: Tahiti, 2112/3072 MB allocatable, 28MCU
* Device #2: AMD Phenom(tm) II X6 1055T Processor, skipped.

Hashfile 'john.hash' on line 1 ($7z$1$19$0$$8$b9bbba35e180b4e30000000000000000$-914293439$37376$37364$5b4129a32f037c2ab0b42bf8bd79047c28fe428815680493766b2206f2adce938f8d9eca2262f59a2e9165407e1758a4139d89a40578bc81b9560a9a01d3f8a1cd9ce0fc2489d4cb8bcf85c01f623213f0c44d64fd27dd3877360e0aa2cb51bd37c7c83ad4809db46a4a2630e5250e0fee1d41fd3f221fe91fc6ce2c0b0097fc1e1de558f9c90e163cddb8c9f8ccd5b1f64ccb8d8033c03bb2ab3b063d4c4952305c962595e070af741d36dc0d0338ff11e7fe52ee3eef4839080da0522159b4ddafa1276f2247ab9b2057e942f6e641e464484d253ae736d884776eda093642ccbf2cdf349343d55b10d02e3a4da9a1b930f7a2333f0446d7ae820fc0892d1911cf33d8665be329c73e810a9735293214fafb3c6a26846d87bdaaa7ddbf172a4a4414444155f5c80531437d11d70cd142b86710bcbcdd8ec93686ccbb07db47e4e224f56af63820acc74f5ced317d767350142bc0ea92e34531b0ba950e366383dbdc5b491771b8e34cc16c56debfbacfd19473217520517362f5df9aa1b958ff041b2a3148e3aefc661d807e907e103c581b567ff9fc72155044932b38d45a6cc9cee0276fc6c7697e245d39597de41e890ea6031aceb4c32c706ac74809abc75baae8b9d647e0b6e2bc4699a13f4d69c76e1fe4826851de3faf8eaa65fdfe0b7cce10b3830abb860c1458665935976967d1cde7bf3bbe949f5cb79e237484bd1ce26d27f1db17de979184d2f7d5f213e083bbb1f4bf74f5fd4e76c3da1e4c616cfee77f093ec3eba52c255ac1ce658dd9db28f066dd6f290a1e81ab35ade6e0806bad7edfaacdc952385b222ff3b9a41127f5e2852812343994aaa52bd61265b6296da12448807adfc024b59bcb0619925a690c2110be95f841d1d38fe21354e5ffa469a6296f7c2cce1ec8cda1c1d57b3b45aa62ea650a734caad1d0599ac7f299d6aca1c4302a569a8064303fddfbf52920d6e559b6c2f6fae929e789acd28f3dd85fd600c71a1725450214b07c59a363c4cfc124279ceeb13edcf4bcc48f6963305f70bc20dbd236ecf6aa78d49b75ca810b986655da9a0a03077400facb2387e948de8d0a8008b5dea9b839a50a1f30f70ba2b7966109073c9f61ecb4ce73fd681ed615a99d2e44e489630efec9b49f1c50405769bd5d369178f741f04dd632755bb239ab74c38eb7f944966d949063ed96b7c9c34a504ab236f342c96da57d884513d01fa290ebe97ff02485886d470ccacbbdda4eb799e8747be881e9277b90aa75e03b89adb31410bb90d46a520e7d6ebd3c11f516265fe7dc008f4b0857e34b54b111713a8ca3ccda92ff11d8de3e3b6d8bd56d55600a964009cd68f4147531290bddcf446080d35c371fb9a7fb02e3b5e6b9752a806a80f21438026947c8db8217048aeda6beb9b67dadf236efdae0d8b60fc2d6c2dbcfae268ea5c75a2f05e18391bb271d5a10d65777b78aa8ed5716f7332aa155a3a6c07ced3c020679b11a95d70cf390c5029c7c5eb2046b06a29702ff8eaca6f507ad9a56095ceb2ab2ea2e03454de2ed5f884fda449305aaf9cc489a2014487db12d9b835f19829689976684cf3c5d6cda4feab1d03902e6639f5456b5ea976006ee0ca2fa33d7066969292343ba799b45c39110078d750327f8b7f8cf28f0b235f4b428c32686f167136b0e9267788662623ced646abfb4b31e0d05d4b5cb095cedc44e23bbb250d5df20c26e3cec366621e05312cc5c6b65716d8ba23d88ad9ed55548ace2242253efb880c8b2cc10d95c99e4b4a1cf61c899a4cd0796b1d19fe497c2d77abbcd1c634cac6c4c16524688df8a403695365888a6c28d8932591146701e65eb8a8578ef82551819090c6de847699467391a4cd3add55c6704c8935b69c89af19a5015721cdadc76471b5c4c72ccbc7b0943fe5e1fc829b6e66754e2a1c4d70758617baa18a991d92fdf0534f6d61a8be425af0ce548e94bf715ff3095b5886f04e0970367f0082d101c5a2e7c5bf981887feef0b9d2728fba5db83a8b6ac010ba3a597a9508c5fd555d8dbb75ee16194be4fbcb41ba7bc7bb1fd3e7e362c0177f6c2238bbbcce2ac9455cfd7906accff4f90a5b284a580a1ce177be730aa7da7f603fa5fe12fd57ab9c922681fdbf497f4a719b1825a32c16eb07a12a49673acb1eeb14bb4f6bc9ae1191c0ab5e8d99a14257fecb57975a962d19a2fac2ed7288610868c731cde471f803196f9a912f14bdc789b5b9f79e8138fd23a5e97c7c29fba6e38817c611d6fd120a79ef73e5caca64685b5b898866abf8761ab26b88b2c3808f1dc50d3ac65be6ed664441f71198d193a75b8d4e34de5cf64239daca0975076161170bbcc43700c4b283514e7188fdbee75d6e2b6018022acd48000c15065449d6fe6b095048a7fdd14d6c35d7e34f1273d83c37be2760293a5ed1857425f5682dda6b86125549f0dc70eb821e5c831e926910a9000dbd0a07d12bb361257439aa79fdbe2210694392579b21cea5d29931e0e17233bc6c69de1831cbe0ae9d47405c6497c97fb1eb5f0c43bd9cbce1b86c6e01cf534812342927581b823544be0168d8230b2e3b961c312257c12cfa8da95c892d05dee35585c4ecfd7161ca2395c22913af49f5155e5e72816dc4a184b8fe78fe2dc3a41d95702972794bbd45ee79c57481655896975d52935272c6d7fbc07d63728de11624001bd10b8c3a3fcecb19716dd4cdc34cf3f82d64ac0ec64b708d4d004f8530c654157b498488bf608daa0694cf9cf58b7a0b0d2c89880dad6f53d72a03777f45b55fd646f2253f11cee9e8a0166
No hashes loaded.

Started: Mon Nov 13 20:52:20 2017
Stopped: Mon Nov 13 20:52:21 2017

Code:
cat john.hash |wc -c
74841

Because the full hash is definitely longer than what it showed in the output.


RE: 7Zip hash woes - philsmd - 11-13-2017

are you sure that you are using the latest version of 7z2hashcat from https://github.com/philsmd/7z2hashcat/ ?


RE: 7Zip hash woes - malcolmputer - 11-13-2017

(11-13-2017, 11:36 PM)philsmd Wrote: are you sure that you are using the latest version of 7z2hashcat from https://github.com/philsmd/7z2hashcat/ ?

At first I was using the latest Windows release, but when I started having problems, I checked out the latest from github, got all of the dependencies sorted, and ran it on a linux system. 

Just in case, I cloned it again, and got the same hash.

Could it be a bug in 7z2hashcat?  I hadn't thought about that.


RE: 7Zip hash woes - philsmd - 11-14-2017

I think to understand this problem we might first need to get rid of that long hash within the error message.
A patch like this might help for the time being:
Code:
diff --git a/src/hashes.c b/src/hashes.c
index 8e9fdd7..77eff90 100644
--- a/src/hashes.c
+++ b/src/hashes.c
@@ -1035,7 +1035,7 @@ int hashes_init_stage1 (hashcat_ctx_t *hashcat_ctx)

             if (parser_status < PARSER_GLOBAL_ZERO)
             {
-              event_log_warning (hashcat_ctx, "Hashfile '%s' on line %u (%s): %s", hashes->hashfile, line_num, line_buf, strparser (parser_status));
+              event_log_warning (hashcat_ctx, "Hashfile '%s' on line %u: %s", hashes->hashfile, line_num, strparser (parser_status));

               continue;
             }
@@ -1049,7 +1049,7 @@ int hashes_init_stage1 (hashcat_ctx_t *hashcat_ctx)

             if (parser_status < PARSER_GLOBAL_ZERO)
             {
-              event_log_warning (hashcat_ctx, "Hashfile '%s' on line %u (%s): %s", hashes->hashfile, line_num, line_buf, strparser (parser_status));
+              event_log_warning (hashcat_ctx, "Hashfile '%s' on line %u: %s", hashes->hashfile, line_num, strparser (parser_status));

               continue;
             }
@@ -1065,7 +1065,7 @@ int hashes_init_stage1 (hashcat_ctx_t *hashcat_ctx)

             if (parser_status < PARSER_GLOBAL_ZERO)
             {
-              event_log_warning (hashcat_ctx, "Hashfile '%s' on line %u (%s): %s", hashes->hashfile, line_num, line_buf, strparser (parser_status));
+              event_log_warning (hashcat_ctx, "Hashfile '%s' on line %u: %s", hashes->hashfile, line_num, strparser (parser_status));

               continue;
             }
@@ -1082,7 +1082,7 @@ int hashes_init_stage1 (hashcat_ctx_t *hashcat_ctx)

           if (parser_status < PARSER_GLOBAL_ZERO)
           {
-            event_log_warning (hashcat_ctx, "Hashfile '%s' on line %u (%s): %s", hashes->hashfile, line_num, line_buf, strparser (parser_status));
+            event_log_warning (hashcat_ctx, "Hashfile '%s' on line %u: %s", hashes->hashfile, line_num, strparser (parser_status));

             continue;
           }

note: you can use "git apply this_pach.diff" to apply this patch.

You must apply this to the newest git version of hashcat (the current git sha hash is ea5425 ... at the time of this writing). You also need to make sure that you use make clean; git pull; git apply this_patch.diff; make

If you run hashcat again we might get the error message we need (without that long hash within the line).

This is just a temporarily fix for the error-message-problem. A proper fix would somehow truncate the hash to a fixed size.

After we have the error message, we might understand what the real problem is.