Help with 7Z Hash - Printable Version +- hashcat Forum (https://hashcat.net/forum) +-- Forum: Support (https://hashcat.net/forum/forum-3.html) +--- Forum: hashcat (https://hashcat.net/forum/forum-45.html) +--- Thread: Help with 7Z Hash (/thread-7114.html) |
Help with 7Z Hash - highamperage - 12-17-2017 Hello, I am new to using hashcat so please forgive me if I am missing something stupid. Anyway, I am trying to access a .7Z file to which I've forgotten the password. I'm pretty sure it's a combination of other various passwords I have used, so plan to add them all to a dictionary file and configure Hashcat to try every possible combmination of them. However, before I get to that stage - I understand I need to obtain the hash from the .7Z file so have downloaded and used "7z2hashcat64-1.2" I then used the following command: "7z2hashcat64-1.2.exe file.7z >temphash" and a file was saved called "temphash" I then run: hashcat64.exe -a 3 -m 11600 temphash It returns: Hashfile 'temphash' on line 1 *hash text omitted* No hashes loaded. I then change the temphash file to unicode and resave, running the same command again, only to receive: Hashfile 'temphash' on line 1 ( ■$): Signature unmatched Hashfile 'temphash' on line 2 (): Line-length exception No hashes loaded. Does anyone have any input? Am I missing something? Thanks! RE: Help with 7Z Hash - slyexe - 12-17-2017 Check to see if your Hash matches the same context of the example. Appears there is something wrong with your hash would be my first assumption. https://hashcat.net/wiki/doku.php?id=example_hashes Otherwise, if you're just running a bruteforce with no parameters it could be the other reason for throwing an error. Quote:hashcat64.exe -a 3 -m 11600 temphash This won't do anything. You need to add a length to the attack if you haven't already. hashcat64.exe -a 3 -m 11600 temphash password?d?d?d?d for example. RE: Help with 7Z Hash - highamperage - 12-17-2017 Thank you for the input! Unfortunately, I just tried "hashcat64.exe -a 3 -m 11600 temphash password?d?d?d?d" and had the same issue. I took a look at the link you posted, and aside from my hash being much much longer - the basic formatting appears to be the same. What might cause a problem with the hash itself - a corrupt file, or might I have done something incorrectly during the 7z to hash extraction process? Edit: The hash I collected is around 29,000 characters and starts like this: $7z$1$19$0$$8$7f8cc98364a4d2ad0000000000000000$1700138637$14672$14660$e22b5a......... RE: Help with 7Z Hash - slyexe - 12-17-2017 (12-17-2017, 07:03 AM)highamperage Wrote: What might cause a problem with the hash itself - a corrupt file, or might I have done something incorrectly during the 7z to hash extraction process? I just tried to create a 7z with a password and use 7z2hashcat with no success. 7z2hashcat64-1.2.exe testzip.7z WARNING: the file 'testzip.7z' unfortunately can't be used with hashcat since the data length in this particular case is too long (361488 of the maximum allowed 327528 bytes). pause Press any key to continue . . . Will try another one here in a couple. Maybe someone else can share some light in the mean time. RE: Help with 7Z Hash - philsmd - 12-17-2017 Do you use powershell? or just cmd (without powershell)? I noticed that for some reasons the default output format for powershell is utf16le (not ascii). Even if 7z2hashcat only outputs ascii the out-file command (which is responsible to write the output within powershell) converts it to the default output format (which in my case was utf16le with powershell). Maybe something like this helps in powershell Code: 7z2hashcat64-1.2.exe file.7z | out-file -encoding ascii temphash Again, this is not a problem with 7z2hashcat, it is just the powershell that rewrites the correct ascii output to utf16le (default encoding under powershell?) update: it seems that you can set the default encoding of the out-file command also with an environment variable like this: Code: $PSDefaultParameterValues['Out-File:Encoding'] = "ascii" RE: Help with 7Z Hash - highamperage - 12-18-2017 Unfortunately, this did not work either. (I tried in powershell) - the results are the same. I've tried getting the data to match that of the example, meaning determining the number of data sets between the "$" and removing the extra data from my hash file - some of which I was thinking may be a turnicated part of the encrypted data and not part of the actual hash. However, when I attempt this and remove the data after the 11th "$" I get a " Separator unmatched" error regardless of which combination of data I remove. If I remove it after the 12th "$" I get the typical "hashes not loaded" error. RE: Help with 7Z Hash - highamperage - 12-18-2017 So, I've been examining the output of this process. The hash that is generated for the actual two files I want to crack is 29,000 characters long. I've created a few test files 7Z files and run it against them. For each test file, the hash output is a much shorter 418 characters and does not generate errors once used in Hashcat. Any ideas anyone? |