11-17-2023, 12:55 AM
Hi guys,
I really delayed requesting your help here cause I'm computer savvy (or thought I was) , but I already spent hours on this and can't even launch a basic hashcat command line.
Here is my story :
1/ I have an old XP laptop, linked to a domain. The domain is dead a long time ago. The laptop is dead. The HDD is ok, but it's a rare 50 PIN IDE connector. I order a special USB case for it.
2/ one month after, I receive the USB case, plug the HDD. I use disk2vhd to make a VM out of it. I start the VM
3/ XP starts. Blue screen of death after blue screen of death. Something about the HAL not compatible with Hyper-V. Grab an XP SP3 iso, manage to repair (by reinstalling over). XP starts to logon, inactivated.
4/ I can log on as local admin, Safe mode, reset the activation for 30 days. install an old integration Services iso. XP kinda work. Cool.
5/ But the thing is, I must log as a domain user to access crypted Outlook files. Its is possible because XP retains the cached domain credentials for that user. Of course the password is forgotten. I grab mimikatz from Benjamin DELPY and Vincent LE TOUX. Chrome forbid me to download it, because of course.
6/ mimikatz
privilege::debug
token::elevate
lsadump::cache
Here it is ! the hash in plain text
[NL$1 - 4/9/2011 23:59:20]
RID : 0000045d (1117)
User : CONTOSO\bob
MsCacheV1 : 1xxxxxxxxx2xxxxxxxxx3xxxxxxxxx4x
6/ I grab hashcat v6.2.6, launch it on Windows 7
ERROR : You are probably missing the OpenCL, CUDA or HIP runtime installation.
I go to intel website and and install the latest OpenCL for CPU
Intel® CPU Runtime for OpenCL™ Applications with SYCL support
6/ launch again it on Windows 7
ERROR : "the procedure entry point GetCurrentThreadStackLimits"
seem related to Windows 7
7/ don't like Windows 7 ? ok, I make a VM with latest Windows 11 Pro, 8 GB of RAM, launch
hashcat --backend-info
ERROR :
8/ What ? The latest version, the latest driver, the latest OS and it still doesn't work ?
Maybe if I try an old version ? Nope :
9/ What is TBB by the way ? Maybe searching in the forums will help. I will register.
"Please type hashcat latest version number to register"
Isn't it v6.2.6 ?
Nope, doesn't work.
10/ Finally manage to register (how?)
Search for "TBB"
"One or more of your search terms were shorter than the minimum length"
11/ Okay then I search "Cannot load TBB"
"No result"
12/ Really, nobody except me have this problem ? Maybe Google ?
https://www.google.fr/search?q=hashcat+Cannot+load+TBB
"No result"
Guys I am lost. I am going to sleep.
I really delayed requesting your help here cause I'm computer savvy (or thought I was) , but I already spent hours on this and can't even launch a basic hashcat command line.
Here is my story :
1/ I have an old XP laptop, linked to a domain. The domain is dead a long time ago. The laptop is dead. The HDD is ok, but it's a rare 50 PIN IDE connector. I order a special USB case for it.
2/ one month after, I receive the USB case, plug the HDD. I use disk2vhd to make a VM out of it. I start the VM
3/ XP starts. Blue screen of death after blue screen of death. Something about the HAL not compatible with Hyper-V. Grab an XP SP3 iso, manage to repair (by reinstalling over). XP starts to logon, inactivated.
4/ I can log on as local admin, Safe mode, reset the activation for 30 days. install an old integration Services iso. XP kinda work. Cool.
5/ But the thing is, I must log as a domain user to access crypted Outlook files. Its is possible because XP retains the cached domain credentials for that user. Of course the password is forgotten. I grab mimikatz from Benjamin DELPY and Vincent LE TOUX. Chrome forbid me to download it, because of course.
6/ mimikatz
privilege::debug
token::elevate
lsadump::cache
Here it is ! the hash in plain text
[NL$1 - 4/9/2011 23:59:20]
RID : 0000045d (1117)
User : CONTOSO\bob
MsCacheV1 : 1xxxxxxxxx2xxxxxxxxx3xxxxxxxxx4x
6/ I grab hashcat v6.2.6, launch it on Windows 7
ERROR : You are probably missing the OpenCL, CUDA or HIP runtime installation.
I go to intel website and and install the latest OpenCL for CPU
Intel® CPU Runtime for OpenCL™ Applications with SYCL support
6/ launch again it on Windows 7
ERROR : "the procedure entry point GetCurrentThreadStackLimits"
seem related to Windows 7
7/ don't like Windows 7 ? ok, I make a VM with latest Windows 11 Pro, 8 GB of RAM, launch
hashcat --backend-info
ERROR :
Code:
SYCL CPU RT Warning: Cannot load TBB from neither Windows registry key nor CPU runtime configuration file (cl.cfg / cl.fpga_emu.cfg) ) in C:\Program Files (x86)\Common Files\Intel\Shared Libraries\intel64\ location. The Error message is: Windows error code: 126.
You can ask your administrator to configure TBB library location to CL_CONFIG_TBB_DLL_PATH item in the configuration files.
Or you need to check Windows registry key under HKEY_LOCAL_MACHINE\SOFTWARE\Intel\oneAPI\TBB\ locaiton. The version items under this s location are installed TBB on this machine. The required TBB version is 2021.10.0. You can install the required TBB if it is not li isted in windows registry.
clCreateContext(): CL_OUT_OF_HOST_MEMORY
No devices found/left.
8/ What ? The latest version, the latest driver, the latest OS and it still doesn't work ?
Maybe if I try an old version ? Nope :
Code:
C:\Users\bob\Downloads\hashcat-3.00>hashcat64.exe -t 32 -a 7 example0.hash ?a?a?a?a example.dict
hashcat (v3.00-1-g67a8d97) starting...
OpenCL Platform #1: Intel(R) Corporation
========================================
- Device #1: Intel(R) Core(TM) i7-10700K CPU @ 3.80GHz, 4095/8190 MB allocatable, 8MCU
Hashes: 6494 hashes; 6494 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates
Applicable Optimizers:
* Zero-Byte
* Precompute-Init
* Precompute-Merkle-Demgard
* Meet-In-The-Middle
* Early-Skip
* Not-Salted
* Not-Iterated
* Single-Salt
* Raw-Hash
Watchdog: Temperature abort trigger disabled
Watchdog: Temperature retain trigger disabled
Initializing device kernels and memory...SYCL CPU RT Warning: Cannot load TBB from neither Windows registry key nor CPU runtime configuration file (cl.cfg / cl.fpga_emu.cfg) in C:\Program Files (x86)\Common Files\Intel\Shared Libraries\intel64\ location. The Error message is: Windows error code: 126.
You can ask your administrator to configure TBB library location to CL_CONFIG_TBB_DLL_PATH item in the configuration files.
Or you need to check Windows registry key under HKEY_LOCAL_MACHINE\SOFTWARE\Intel\oneAPI\TBB\ locaiton. The version items under this location are installed TBB on this machine. The required TBB version is 2021.10.0. You can install the required TBB if it is not listed in windows registry.
ERROR: clCreateContext() : -6 : CL_OUT_OF_HOST_MEMORY
9/ What is TBB by the way ? Maybe searching in the forums will help. I will register.
"Please type hashcat latest version number to register"
Isn't it v6.2.6 ?
Nope, doesn't work.
10/ Finally manage to register (how?)
Search for "TBB"
"One or more of your search terms were shorter than the minimum length"
11/ Okay then I search "Cannot load TBB"
"No result"
12/ Really, nobody except me have this problem ? Maybe Google ?
https://www.google.fr/search?q=hashcat+Cannot+load+TBB
"No result"
Guys I am lost. I am going to sleep.