+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Support (https://hashcat.net/forum/forum-3.html)
+--- Forum: hashcat (https://hashcat.net/forum/forum-45.html)
+--- Thread: brute force with 11 length password(MD4) (/thread-8785.html)
brute force with 11 length password(MD4) - Athlon64 - 11-22-2019
Hello,
I was trying to recover a 11 length password with brute force, MD4
I don't understant why this did not work...
hashcat64.exe -m 900 -a 3 -w 3 -O hashmd4.txt ?h?h?h?h?h?h?h?h?h?h?h --increment --increment-min 11 --increment-max 11
hashcat (v5.1.0) starting...
* Device #1: WARNING! Kernel exec timeout is not disabled.
This may cause "CL_OUT_OF_RESOURCES" or related errors.
To disable the timeout, see: https://hashcat.net/q/timeoutpatch
OpenCL Platform #1: NVIDIA Corporation
======================================
* Device #1: GeForce GTX 1060 3GB, 768/3072 MB allocatable, 9MCU
OpenCL Platform #2: Intel(R) Corporation
========================================
* Device #2: AMD Ryzen 7 1700 Eight-Core Processor, skipped.
Hashes: 1 digests; 1 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates
Applicable optimizers:
* Optimized-Kernel
* Zero-Byte
* Precompute-Init
* Precompute-Merkle-Demgard
* Meet-In-The-Middle
* Early-Skip
* Not-Salted
* Not-Iterated
* Single-Hash
* Single-Salt
* Brute-Force
* Raw-Hash
Minimum password length supported by kernel: 0
Maximum password length supported by kernel: 55
Watchdog: Temperature abort trigger set to 90c
Approaching final keyspace - workload adjusted.
Session..........: hashcat
Status...........: Exhausted
Hash.Type........: MD4
Hash.Target......: 9991a482c1ad810b731bcfbeae00bf5b
Time.Started.....: Fri Nov 22 02:02:19 2019 (18 mins, 12 secs)
Time.Estimated...: Fri Nov 22 02:20:31 2019 (0 secs)
Guess.Mask.......: ?h?h?h?h?h?h?h?h?h?h?h [11]
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........: 16200.1 MH/s (66.07ms) @ Accel:256 Loops:512 Thr:1024 Vec:1
Recovered........: 0/1 (0.00%) Digests, 0/1 (0.00%) Salts
Progress.........: 17592186044416/17592186044416 (100.00%)
Rejected.........: 0/17592186044416 (0.00%)
Restore.Point....: 4294967296/4294967296 (100.00%)
Restore.Sub.#1...: Salt:0 Amplifier:3584-4096 Iteration:0-512
Candidates.#1....: 12fe1999f6e -> 6e6f5f6ef6e
Hardware.Mon.#1..: Temp: 67c Fan: 47% Util: 92% Core:1898MHz Mem:3802MHz Bus:16
Started: Fri Nov 22 02:02:15 2019
Stopped: Fri Nov 22 02:20:33 2019
=============
could someone explain please ?
RE: brute force with 11 length password(MD4) - Chick3nman - 11-22-2019
You tested lowercase hex characters, at length 11. Are you certain that the hash you have is MD4, the plaintext is exactly 11 characters, and the plaintext consists only of lowercase hex characters?
RE: brute force with 11 length password(MD4) - Athlon64 - 11-22-2019
Thanks for answer,
lower case +number
MD4
RE: brute force with 11 length password(MD4) - philsmd - 11-22-2019
Code:
hashcat64.exe -m 900 -a 3 -w 3 -O -2 ?l?d hashmd4.txt ?2?2?2?2?2?2?2?2?2?2?2RE: brute force with 11 length password(MD4) - Athlon64 - 11-22-2019
(11-22-2019, 08:55 PM)philsmd Wrote:Code:hashcat64.exe -m 900 -a 3 -w 3 -O -2 ?l?d hashmd4.txt ?2?2?2?2?2?2?2?2?2?2?2
Running, but GPU showing 1% usage, is it normal ?
RE: brute force with 11 length password(MD4) - Athlon64 - 11-23-2019
Did not work, I stopped run after 7 hours...
Session..........: hashcat
Status...........: Bypass
Hash.Type........: MD4
Hash.Target......: 9991a482c1ad810b731bcfbeae00bf5b
Time.Started.....: Fri Nov 22 20:34:29 2019 (7 hours, 2 mins)
Time.Estimated...: Sat Feb 22 06:38:50 2020 (91 days, 3 hours)
Guess.Mask.......: ?2?2?2?2?2?2?2?2?2?2?2 [11]
Guess.Charset....: -1 Undefined, -2 ?l?d, -3 Undefined, -4 Undefined
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........: 16664.0 MH/s (70.16ms) @ Accel:256 Loops:512 Thr:1024 Vec:1
Recovered........: 0/1 (0.00%) Digests, 0/1 (0.00%) Salts
Progress.........: 421138337366016/131621703842267136 (0.32%)
Rejected.........: 0/421138337366016 (0.00%)
Restore.Point....: 9024307200/2821109907456 (0.32%)
Restore.Sub.#1...: Salt:0 Amplifier:42496-43008 Iteration:0-512
Candidates.#1....: g8ueryhnite -> 93uqd93r134
Hardware.Mon.#1..: Temp: 71c Fan: 55% Util: 97% Core:1885MHz Mem:3802MHz Bus:16
RE: brute force with 11 length password(MD4) - Kryczek - 11-25-2019
It was working! You just needed to let it run 91 days.
Can you be more specific about "lower case +number": does it mean [a-z]{10}[0-9] or is it really that each of the 11 characters can be either a lowercase letter or a digit like 93uqd93r134? Speaking of which, do you mean a single digit or an actual number made of possibly several digits?
Also, the utilization was apparently 97% when you stopped it; where did you get "GPU showing 1% usage" from?
RE: brute force with 11 length password(MD4) - Athlon64 - 11-29-2019
Thanks for your answer.
to get 1% usage I checked GPU on windows task manager
The password looks like :
Ha6gd52oKem
or
a626KemMruP
RE: brute force with 11 length password(MD4) - philsmd - 11-29-2019
I don't agree that "H", "K", "M" and "P" are lowercase characters.
It's probably also not the best idea to mask attack such passwords (there are some exception, e.g. if you know that those passwords are not user-choosen and/or randomly generated, but that's even worse for the cracker).
There exists more clever/advanced attack modes for human choosen passwords like rule based attacks etc (see https://hashcat.net/wiki/)
Password length 11 is already very long, even for MD4 ! it's not very feasible to just "brute-force" it.
RE: brute force with 11 length password(MD4) - Athlon64 - 12-03-2019
(11-29-2019, 09:34 AM)philsmd Wrote: I don't agree that "H", "K", "M" and "P" are lowercase characters.Ok, could you please make a suggestion to try ?
It's probably also not the best idea to mask attack such passwords (there are some exception, e.g. if you know that those passwords are not user-choosen and/or randomly generated, but that's even worse for the cracker).
There exists more clever/advanced attack modes for human choosen passwords like rule based attacks etc (see https://hashcat.net/wiki/)
Password length 11 is already very long, even for MD4 ! it's not very feasible to just "brute-force" it.