I know. I'm sorry. Here I go:
What I've done:
I even tried to crack the examples from https://hashcat.net/wiki/doku.php?id=example_hashes, but they work flawlessly. Password is hashcat. Got that.
So I think somethings wrong with my attempt to get the password hashes.
I've also tried:
Any hints on what i'm doing wrong?
Using hashcat 4.1.0 on Ubuntu 16.4.
What I've done:
- Created an encrypted USB-Drive (2GB) with TrueCrypt 7.1a. Password is 123456789. No options changed.
- Created an dd dump of the USB-Drive
- Used truecrypt2john.py to get the hashes: got 6 Hashes, 3 normal, 3 hidden (why?)
- Used John with -mask=12345678?d to crack the password.
- Got password 123456789 for the first hidden hash (why?). Nonetheless everything fine so far.
- fdisk -l /dev/sdc1 to get the size of my USB-Drive in bytes
- sudo dd if=/dev/sdc1 of=./banana/512.dd bs=1 skip=1993276928 count=512 to get the last 512 bytes according to https://hashcat.net/wiki/doku.php?id=fre...pt_volumes
- hashcat -m 6211 ./banana/512.dd -a 3 12345678?d to crack the password. But nothing is found. Hashcat even tries 123456789 but doesn't recognize it as password.
- tried to run hashcat with hashes produced by truecrypt2john.py. Same result.
I even tried to crack the examples from https://hashcat.net/wiki/doku.php?id=example_hashes, but they work flawlessly. Password is hashcat. Got that.
So I think somethings wrong with my attempt to get the password hashes.
I've also tried:
- First 512 bytes of USB-Drive
- First and last 512 bytes of /dev/sdc instead /dev/sdc1
- complete dd image of USB-Drive
Any hints on what i'm doing wrong?
Using hashcat 4.1.0 on Ubuntu 16.4.
