need help ( paid ) - Printable Version +- hashcat Forum (https://hashcat.net/forum) +-- Forum: Support (https://hashcat.net/forum/forum-3.html) +--- Forum: hashcat (https://hashcat.net/forum/forum-45.html) +--- Thread: need help ( paid ) (/thread-7441.html) |
need help ( paid ) - pietroooo - 04-13-2018 Hello, i got a 1TB veracrypt volume but i forgot the password, i read the tutorial on another thread on how to recover the hash however when i run the command this is what i get C:\Users\Administrator\Downloads>dd.exe if=hashcat_ripemd160_AES_hidden.raw of=D:\file04 bs=1 skip=65536 count=512 rawwrite dd for windows version 0.6beta3. Written by John Newbigin <jn@it.swin.edu.au> This program is covered by terms of the GPL Version 2. skip to 65536 0+0 records in 0+0 records out C:\Users\Administrator\Downloads> anyone that can help me? i'm willing to pay anyone who helps me to recover the hash in bitcoin thank you. RE: need help ( paid ) - slyexe - 04-14-2018 Pretty sure this violates the terms and conditions of the forum rules. Sorry mate. RE: need help ( paid ) - philsmd - 04-14-2018 yeah, I agree. It's also against the spirit of this forum. we are willing to explain and teach you how to use hashcat if you are willing to invest some time and brain power into it... you need to be open to try to understand things and learn things and you should be good to go. Of course we are not here for holding hands, but we can give you some hints or link to resources (other posts/wiki,...) etc https://hashcat.net/wiki/doku.php?id=frequently_asked_questions#how_do_i_extract_the_hashes_from_veracrypt_volumes I think the first hint I could give you here is that you need to run the dd command on the full file/volume etc not on the already extracted "hash". It seems that you are using the already extracted hash from the example hashes page (file called "hashcat_ripemd160_AES_hidden.raw" from https://hashcat.net/wiki/example_hashes). This file is already the extracted "hash". That means that the dd command was already run and that file is already the result of the dd command execution. Again, this means that if you want to run it on a different file/volume/partition, you need to follow the FAQ https://hashcat.net/wiki/doku.php?id=frequently_asked_questions#how_do_i_extract_the_hashes_from_veracrypt_volumes and do both the dd + hashcat, while for the already extracted data (the "hash") you need to skip the dd step. RE: need help ( paid ) - pietroooo - 04-14-2018 (04-14-2018, 11:40 AM)philsmd Wrote: yeah, I agree. It's also against the spirit of this forum. we are willing to explain and teach you how to use hashcat if you are willing to invest some time and brain power into it... you need to be open to try to understand things and learn things and you should be good to go. first of all, thanks for the help, so from what i understood the first if= was supposed to be the encrypted volume? if so i ran C:\Users\Administrator\Downloads>dd.exe if=D:\file04 of=D:\file04.hash bs=1 skip=65536 count=512 rawwrite dd for windows version 0.6beta3. Written by John Newbigin <jn@it.swin.edu.au> This program is covered by terms of the GPL Version 2. skip to 65536 512+0 records in 512+0 records out C:\Users\Administrator\Downloads> and looks like it worked thank you, will try to crack it now edit: ran with -m 13711 if it works does it mean its the right algorithm or it can be any other veracrypt algo? RE: need help ( paid ) - undeath - 04-14-2018 it could be any veracrypt algo |