To crack passwords with Russian symbols - Printable Version +- hashcat Forum (https://hashcat.net/forum) +-- Forum: Developer (https://hashcat.net/forum/forum-39.html) +--- Forum: hashcat (https://hashcat.net/forum/forum-40.html) +--- Thread: To crack passwords with Russian symbols (/thread-8794.html) |
To crack passwords with Russian symbols - eugene_777 - 11-27-2019 Hello. Help me, please. I have read a lot of to topics into this forum, but I can't understand how to crack passwords with Russian symbols. For instance, I have the test NTLM hash from the SAM file. The password is "2ц". How can I make a hashcat to crack a password? I tried on this way "hashcat -a 3 -m 1000 e:\testvmhash.txt -1 charsets/standard/Russian/ru_cp1251.hcchr ?1?1", but it's doesn't work. Thanks in advance. RE: To crack passwords with Russian symbols - undeath - 11-27-2019 This is a limitation of hashcat's UTF16-based kernels. See https://github.com/hashcat/hashcat/issues/2121 In the case of NTLM you can work around it by using the MD4 kernel with forced UTF-16LE encoding. See --encoding-to and --encoding-from options. RE: To crack passwords with Russian symbols - eugene_777 - 11-27-2019 Ок. If I understood right my request should look as: hashcat -a 3 -m 1000 e:\testvmhash.txt -1 charsets/standard/Russian/ru_cp1251.hcchr ?d?1 --encoding-to=UTF-16LE but it doesn't work anyway. What kind charsets do I need choose i my case? RE: To crack passwords with Russian symbols - undeath - 11-27-2019 You need to use the MD4 (900) hash mode, not NTLM (1000) in that case. And you probably need to specify the --encoding-from option. RE: To crack passwords with Russian symbols - eugene_777 - 11-27-2019 (11-27-2019, 03:42 PM)undeath Wrote: You need to use the MD4 (900) hash mode, not NTLM (1000) in that case. And you probably need to specify the --encoding-from option.I tried it but it doesn't work also. What about charset? Maybe is the problem is in it? I want to notice that hashcat does the operation so quickly even I'm putting a password 10 symbol length and use the above request. I think I do something wrong... RE: To crack passwords with Russian symbols - undeath - 11-27-2019 your command should probably look like this: hashcat -a 3 -m 900 e:\testvmhash.txt -1 charsets/standard/Russian/ru_cp1251.hcchr ?d?1 --encoding-to=utf16le --encoding-from=cp1251 If that doesn't work, what's hashcat's output? RE: To crack passwords with Russian symbols - eugene_777 - 11-27-2019 (11-27-2019, 04:34 PM)undeath Wrote: your command should probably look like this: Session..........: hashcat Status...........: Exhausted Hash.Name........: MD4 Hash.Target......: 28d04ccdb00e22ee19dca313722571e9 Time.Started.....: Wed Nov 27 16:43:48 2019 (0 secs) Time.Estimated...: Wed Nov 27 16:43:48 2019 (0 secs) Guess.Mask.......: ?1?d [2] Guess.Charset....: -1 charsets/standard/Russian/ru_cp1251.hcchr, -2 Undefined, -3 Undefined, -4 Undefined Guess.Queue......: 1/1 (100.00%) Speed.#1.........: 1062.5 kH/s (0.06ms) @ Accel:64 Loops:67 Thr:1024 Vec:1 Recovered........: 0/1 (0.00%) Digests Progress.........: 670/670 (100.00%) Rejected.........: 0/670 (0.00%) Restore.Point....: 10/10 (100.00%) Restore.Sub.#1...: Salt:0 Amplifier:0-67 Iteration:0-67 Candidates.#1....: $HEX[e032] -> $HEX[ff37] Hardware.Mon.#1..: Temp: 38c Fan: 0% Util: 1% Core:1657MHz Mem:4513MHz Bus:16 Started: Wed Nov 27 16:43:44 2019 Stopped: Wed Nov 27 16:43:49 2019 I would like to specify I mean it work but I can't get right result. RE: To crack passwords with Russian symbols - philsmd - 11-27-2019 I'm pretty sure the --encoding-from and --encoding-to only works correctly with -a 0, i.e. only works with dictionary attacks. The solution for this problem is quite easy, but also not perfectly ideal... the problem is that every 2nd byte could be a 00 byte, but it won't be a 00 byte if a multi-byte characters is used (yeah, that's confusing and encoding is challenging !!!). This works with -a 3 Code: echo -e "\x32\xd1\x86" > pass.txt result is (hash masked as per forum rules): 13edXXXe66580c90XXXXfad6b0XXX7fb:$HEX[32004604] There are some caveats here... you should be aware that all tools here have some limitations... let's start from the .hcchr file.. it cannot really deal with the new line character 0a, but you can use --hex-charset for that... test.pl also doesn't assume 0a in the input , it's a newline for it... and also for hashcat itself it would be more "safe" to use the $HEX[] notation, just to be 100% sure the right input is applied (when dealing with some strange encodings it's always difficult to exactly be sure beforehand which chars are in the input/output) btw 32d186 is the hex converted and UTF-8 encoded 2ц password, which is 32004604 in utf16le (note the missing 00 after the 46, that's why -m 1000 fails, but it's a known limitation) RE: To crack passwords with Russian symbols - undeath - 11-27-2019 Thanks for the correction, philsmd! In that case it's probably easiest to use stdin for the attack, like this: Code: hashcat --stdout -a3 -1 charsets/standard/Russian/ru_cp1251.hcchr '?1?d'| hashcat -m900 28d04ccdb00e22ee19dca313722571e9 --encoding-to=utf16le --encoding-from=cp1251 But this will greatly limit the cracking speed compared to "normal" attacks, especially for a fast hash mode like md4. |