02-07-2012, 09:12 AM (This post was last modified: 02-07-2012, 09:12 AM by forumhero.)
if the password is more than 7 character, how do i find the other half? i created an LM hash of the word "password" but missing the "d" at the end once found, even though i specified mask of 8 char, it limits to 7 char.
what chort says is correct, however oclHashcat-lite uses --increment mode by default. Even if his mask is set to 8x?l, it will start with 1x?l and iterate through 7x?l and ignores the 8th ?l. This is why oclHashcat-lite reports "cracked". It can do this only in case if both sides have been found. It is just not displaying the 2nd half. Looks like an unknown bug. Have to investigate. Thanks for reporting.
(02-07-2012, 10:03 AM)atom Wrote: what chort says is correct, however oclHashcat-lite uses --increment mode by default. Even if his mask is set to 8x?l, it will start with 1x?l and iterate through 7x?l and ignores the 8th ?l. This is why oclHashcat-lite reports "cracked". It can do this only in case if both sides have been found. It is just not displaying the 2nd half. Looks like an unknown bug. Have to investigate. Thanks for reporting.
I had reported it in the Announcement section. It cracks the hash but the second part is not shown in the output. I suspect that it's because the second part is cracked first and eventually it's value gets replaced or overwritten when the first part is crack afterward.
I have double-checked on my GPU. It seems that attacks with uppercase and numbers work fine. It gave a problem with a password containing a ! at the end. Here was my command line:
I can provide the exact hash if you need it. The password was 14 characters long. By the way, in your example, it was not very efficient to use ?l for this algo. However it proves that OclHashcat-lite treats it efficiently as an uppercase. If a user puts ?l?u in the command line, will it double the keyspace searched or it will just use the equivalent of ?u by default?
(02-09-2012, 10:45 AM)atom Wrote: dont like the way how lm is done in lite, plus will be different. suggestions are welcome
This is just a brainstorming session to start some ideas. Again, I think that everything would be much simpler for you to code if you would only have to deal with the halves of the LM hash. However, if you want to please all the users, you could always make 2 modes: LM and HalfLM. I guess however that if the LM mode works it's more or less relevant to have the HalfLM as well. Bottom line of what I want to say is that if it make things easier to code, I think that the splitting and assembling of the LM hash is doable by the users but I am not sure that most people will want to sacrifice that. You can code everything considering only the halves, have a routine that parse and split the LM hash, crack them and save the cracked halves in a file like LM.pot. At the end of the attack, you can do a lookup in the LM.pot file to reassemble the full LM hash and output to the user defined file the whole hash with the found password and put <not found> in the case of a LM hash where only one of it's halves have been found like PASSWOR<not found>. Actually, keeping the LM.pot file and quick lookup at the start might prevent retrying to crack the same halves over and over. I am just not sure if the price of doing a lookup, will always be faster then cracking an HalfLM of short length. For the statistics, I would keep the number of halves and not the number of hashes to display what has been found so far (when you press the s key).
For the -lite version, as soon as 1 half is cracked, I would like the status display to autoupdate and mention the fact that at least one half have been cracked.
P.S. I don't know if you could replicate the problem I mentioned earlier but I just realized that I did not revert to previous driver like you asked me to do into another post (about MD5(Wordpress) mode rejecting all the words of the wordlist) so it could still potentially come from that as well. I will try that as soon as I get back home.