MD5 mask cracking - exhausted/different result each time - alekw - 08-05-2020
Hello,
yesterday I needed to crack one MD5 hash, which I didn't manage with hashcat.
I recovered it by tcpdump-ing my FTP server, and I was very surprised hashcat did not found it.
I thought I get the mask right - I was using before aircrack-ng, so I am not completely new to this stuff.
I am using latest version 6.1.1 on windows 10 cmd/PS.
I wouldn't dare to send bug report to github after one day with hashcat, so I am asking here
Could someone tell me what is wrong?
For testing I am using md5 hash f86bdb19deb2c5ab632734b8d884ce06:testowy
(I hope it is OK to post hash together with its plaintext)
Code: hashcat.exe -a 3 -m 0 hashes2.txt testo?l?l
Code: hashcat.exe -a 3 -m 0 hashes2.txt test?l?l?l
With 2 variables I repeat this command few times, delete potfile inbetween, and i get different result each time: usually correct, frequently wrong, sometimes exhausted.
With 3 or more variables hashcat is always exhausted.
Optimization -O does not change anything.
Code: hashcat.exe -a 3 -m 0 hashes2.txt testo?l?l
hashcat (v6.1.1) starting...
OpenCL API (OpenCL 1.2 ) - Platform #1 [Intel(R) Corporation]
=============================================================
* Device #1: Intel(R) Pentium(R) CPU 2117U @ 1.80GHz, skipped
* Device #2: Intel(R) HD Graphics, 1336/1400 MB (350 MB allocatable), 6MCU
Minimum password length supported by kernel: 0
Maximum password length supported by kernel: 256
Hashes: 1 digests; 1 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates
Applicable optimizers applied:
* Zero-Byte
* Early-Skip
* Not-Salted
* Not-Iterated
* Single-Hash
* Single-Salt
* Brute-Force
* Raw-Hash
ATTENTION! Pure (unoptimized) backend kernels selected.
Using pure kernels enables cracking longer passwords but for the price of drastically reduced performance.
If you want to switch to optimized backend kernels, append -O to your commandline.
See the above message to find out about the exact limits.
Watchdog: Hardware monitoring interface not found on your system.
Watchdog: Temperature abort trigger disabled.
Host memory required for this attack: 77 MB
The wordlist or mask that you are using is too small.
This means that hashcat cannot use the full parallel power of your device(s).
Unless you supply more work, your cracking speed will drop.
For tips on supplying more work, see: https://hashcat.net/faq/morework
Approaching final keyspace - workload adjusted.
f86bdb19deb2c5ab632734b8d884ce06:testowx
Session..........: hashcat
Status...........: Cracked
Hash.Name........: MD5
Hash.Target......: f86bdb19deb2c5ab632734b8d884ce06
Time.Started.....: Wed Aug 05 15:11:58 2020 (0 secs)
Time.Estimated...: Wed Aug 05 15:11:58 2020 (0 secs)
Guess.Mask.......: testo?l?l [7]
Guess.Queue......: 1/1 (100.00%)
Speed.#2.........: 79777 H/s (0.12ms) @ Accel:1024 Loops:1 Thr:8 Vec:1
Recovered........: 1/1 (100.00%) Digests
Progress.........: 676/676 (100.00%)
Rejected.........: 0/676 (0.00%)
Restore.Point....: 0/676 (0.00%)
Restore.Sub.#2...: Salt:0 Amplifier:0-1 Iteration:0-1
Candidates.#2....: testona -> testoqg
Started: Wed Aug 05 15:11:54 2020
Stopped: Wed Aug 05 15:11:59 2020
another result:
Code: hashcat.exe -a 3 -m 0 hashes2.txt testo?l?l
hashcat (v6.1.1) starting...
OpenCL API (OpenCL 1.2 ) - Platform #1 [Intel(R) Corporation]
=============================================================
* Device #1: Intel(R) Pentium(R) CPU 2117U @ 1.80GHz, skipped
* Device #2: Intel(R) HD Graphics, 1336/1400 MB (350 MB allocatable), 6MCU
Minimum password length supported by kernel: 0
Maximum password length supported by kernel: 256
Hashes: 1 digests; 1 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates
Applicable optimizers applied:
* Zero-Byte
* Early-Skip
* Not-Salted
* Not-Iterated
* Single-Hash
* Single-Salt
* Brute-Force
* Raw-Hash
ATTENTION! Pure (unoptimized) backend kernels selected.
Using pure kernels enables cracking longer passwords but for the price of drastically reduced performance.
If you want to switch to optimized backend kernels, append -O to your commandline.
See the above message to find out about the exact limits.
Watchdog: Hardware monitoring interface not found on your system.
Watchdog: Temperature abort trigger disabled.
Host memory required for this attack: 77 MB
The wordlist or mask that you are using is too small.
This means that hashcat cannot use the full parallel power of your device(s).
Unless you supply more work, your cracking speed will drop.
For tips on supplying more work, see: https://hashcat.net/faq/morework
Approaching final keyspace - workload adjusted.
f86bdb19deb2c5ab632734b8d884ce06:testowp
Session..........: hashcat
Status...........: Cracked
Hash.Name........: MD5
Hash.Target......: f86bdb19deb2c5ab632734b8d884ce06
Time.Started.....: Wed Aug 05 15:16:44 2020 (0 secs)
Time.Estimated...: Wed Aug 05 15:16:44 2020 (0 secs)
Guess.Mask.......: testo?l?l [7]
Guess.Queue......: 1/1 (100.00%)
Speed.#2.........: 231.1 kH/s (0.12ms) @ Accel:1024 Loops:1 Thr:8 Vec:1
Recovered........: 1/1 (100.00%) Digests
Progress.........: 676/676 (100.00%)
Rejected.........: 0/676 (0.00%)
Restore.Point....: 0/676 (0.00%)
Restore.Sub.#2...: Salt:0 Amplifier:0-1 Iteration:0-1
Candidates.#2....: testona -> testoqg
Started: Wed Aug 05 15:16:40 2020
Stopped: Wed Aug 05 15:16:45 2020
or even
Code: hashcat.exe -a 3 -m 0 hashes2.txt testo?l?l
hashcat (v6.1.1) starting...
OpenCL API (OpenCL 1.2 ) - Platform #1 [Intel(R) Corporation]
=============================================================
* Device #1: Intel(R) Pentium(R) CPU 2117U @ 1.80GHz, skipped
* Device #2: Intel(R) HD Graphics, 1336/1400 MB (350 MB allocatable), 6MCU
Minimum password length supported by kernel: 0
Maximum password length supported by kernel: 256
Hashes: 1 digests; 1 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates
Applicable optimizers applied:
* Zero-Byte
* Early-Skip
* Not-Salted
* Not-Iterated
* Single-Hash
* Single-Salt
* Brute-Force
* Raw-Hash
ATTENTION! Pure (unoptimized) backend kernels selected.
Using pure kernels enables cracking longer passwords but for the price of drastically reduced performance.
If you want to switch to optimized backend kernels, append -O to your commandline.
See the above message to find out about the exact limits.
Watchdog: Hardware monitoring interface not found on your system.
Watchdog: Temperature abort trigger disabled.
Host memory required for this attack: 77 MB
The wordlist or mask that you are using is too small.
This means that hashcat cannot use the full parallel power of your device(s).
Unless you supply more work, your cracking speed will drop.
For tips on supplying more work, see: https://hashcat.net/faq/morework
Approaching final keyspace - workload adjusted.
Session..........: hashcat
Status...........: Exhausted
Hash.Name........: MD5
Hash.Target......: f86bdb19deb2c5ab632734b8d884ce06
Time.Started.....: Wed Aug 05 15:17:35 2020 (0 secs)
Time.Estimated...: Wed Aug 05 15:17:35 2020 (0 secs)
Guess.Mask.......: testo?l?l [7]
Guess.Queue......: 1/1 (100.00%)
Speed.#2.........: 93737 H/s (0.10ms) @ Accel:1024 Loops:1 Thr:8 Vec:1
Recovered........: 0/1 (0.00%) Digests
Progress.........: 676/676 (100.00%)
Rejected.........: 0/676 (0.00%)
Restore.Point....: 676/676 (100.00%)
Restore.Sub.#2...: Salt:0 Amplifier:0-1 Iteration:0-1
Candidates.#2....: testona -> testoqg
Started: Wed Aug 05 15:17:32 2020
Stopped: Wed Aug 05 15:17:37 2020
3 variables:
Code: hashcat.exe -a 3 -m 0 hashes2.txt test?l?l?l
hashcat (v6.1.1) starting...
OpenCL API (OpenCL 1.2 ) - Platform #1 [Intel(R) Corporation]
=============================================================
* Device #1: Intel(R) Pentium(R) CPU 2117U @ 1.80GHz, skipped
* Device #2: Intel(R) HD Graphics, 1336/1400 MB (350 MB allocatable), 6MCU
Minimum password length supported by kernel: 0
Maximum password length supported by kernel: 256
Hashes: 1 digests; 1 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates
Applicable optimizers applied:
* Zero-Byte
* Early-Skip
* Not-Salted
* Not-Iterated
* Single-Hash
* Single-Salt
* Brute-Force
* Raw-Hash
ATTENTION! Pure (unoptimized) backend kernels selected.
Using pure kernels enables cracking longer passwords but for the price of drastically reduced performance.
If you want to switch to optimized backend kernels, append -O to your commandline.
See the above message to find out about the exact limits.
Watchdog: Hardware monitoring interface not found on your system.
Watchdog: Temperature abort trigger disabled.
Host memory required for this attack: 77 MB
The wordlist or mask that you are using is too small.
This means that hashcat cannot use the full parallel power of your device(s).
Unless you supply more work, your cracking speed will drop.
For tips on supplying more work, see: https://hashcat.net/faq/morework
Approaching final keyspace - workload adjusted.
Session..........: hashcat
Status...........: Exhausted
Hash.Name........: MD5
Hash.Target......: f86bdb19deb2c5ab632734b8d884ce06
Time.Started.....: Wed Aug 05 15:28:28 2020 (0 secs)
Time.Estimated...: Wed Aug 05 15:28:28 2020 (0 secs)
Guess.Mask.......: test?l?l?l [7]
Guess.Queue......: 1/1 (100.00%)
Speed.#2.........: 1292.8 kH/s (1.78ms) @ Accel:1024 Loops:1 Thr:8 Vec:1
Recovered........: 0/1 (0.00%) Digests
Progress.........: 17576/17576 (100.00%)
Rejected.........: 0/17576 (0.00%)
Restore.Point....: 17576/17576 (100.00%)
Restore.Sub.#2...: Salt:0 Amplifier:0-1 Iteration:0-1
Candidates.#2....: testeri -> testqxq
Started: Wed Aug 05 15:28:25 2020
Stopped: Wed Aug 05 15:28:29 2020
RE: MD5 mask cracking - exhausted/different result each time - philsmd - 08-05-2020
very bad. we call this false positive (or just a wrong result)..
just try with -D 1 , it will work perfectly fine.
it seems to be a driver problem, because the same code works on each and every other opencl/cuda device perfectly fine.
maybe you can update the driver or something. otherwise I would recommend to use a modern NVIDIA GPU or use -D 1.
I don't think we can do much here. can't reproduce this on my systems. The command works perfectly fine and the correct results are returned (testowy).
BTW: for the next time, do not forget that forum rules do not allow posting hashes
RE: MD5 mask cracking - exhausted/different result each time - alekw - 08-05-2020
Thank you for reply
|