Basic: Did I break my hashcat?

[code9n]

Hashcat 6.2.6 in up to date The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali) rolling release.

a simple test command like:

hashcat -m 0 -a 0 -o <output_file> <md5_hash_file> <word_list> -O

reports that no hashes have been cracked even if they are simple password hashes (of the correct, in this case MD5, hash type) and are definitely in (or some of them are in) the <word_list> given.  (I'm using rockyou.txt).

Here's my <md5_hash_file> :

5965bb7474aadec148948f466568c612
bf6efae04d1872ebb42da1601e53e20d
8bd9b031dd34e106134612f7fb400df1
6fceec81e47c744c4552f26767853881

These are the MD5 hashes for these passwords:

Davey
MaryJane
Password234
squirrel87654^&%$£"ujhtdcCDSA

So the first 3 should be cracked and the 4th probably not but when I run:

hashcat -m 0 -a 0 -o cracked.txt hashesonly.txt rockyou.txt -O


I get the result:


Session..........: hashcat                               
Status...........: Exhausted
Hash.Mode........: 0 (MD5)
Hash.Target......: hashesonly.txt
Time.Started.....: Thu Sep 11 05:12:35 2025 (4 secs)
Time.Estimated...: Thu Sep 11 05:12:39 2025 (0 secs)
Kernel.Feature...: Optimized Kernel
Guess.Base.......: File (rockyou.txt)
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........:  3677.3 kH/s (0.59ms) @ Accel:1024 Loops:1 Thr:1 Vec:8
Recovered........: 0/4 (0.00%) Digests (total), 0/4 (0.00%) Digests (new)
Progress.........: 14344385/14344385 (100.00%)
Rejected.........: 3094/14344385 (0.02%)
Restore.Point....: 14344385/14344385 (100.00%)
Restore.Sub.#1...: Salt:0 Amplifier:0-1 Iteration:0-1
Candidate.Engine.: Device Generator
Candidates.#1....: $HEX[21217265626f756e642121] -> $HEX[042a0337c2a156616d6f732103]
Hardware.Mon.#1..: Temp: 70c Util: 66%


The <output_file> is empty:

 wc cracked.txt
0 0 0 cracked.txt


The potfile is also empty ( ~/.local/share/hashcat/hashcat.potfile )


Same results (no hashes cracked) if I don't specify any output file.

So have I broken my hashcat?  Am I making some basic mistake that I just can't see?  (I pretty new to hashcat but have had results from basic commands like the above before.)


That line:

Candidates.#1....: $HEX[21217265626f756e642121] -> $HEX[042a0337c2a156616d6f732103]

should be the cracked passwords, right?, but it's in hex . . ?


Perhaps I've set something inadvertently?  I found no .config files anywhere or are they called something else?

Maybe I'd be better off just upgrading to version 7.1?  I already uninstalled and re-installed hashcat 6.2.6. . . . ?


Any thoughts or advice gratefully accepted, thanks.

[buka]

The hashes are wrong.
md5(Davey) = bef2880afad8c91c465e37387dc5a43a
md5(Davey\n) = 5965bb7474aadec148948f466568c612

[code9n]

The hashes are wrong.
md5(Davey) = bef2880afad8c91c465e37387dc5a43a
md5(Davey\n) = 5965bb7474aadec148948f466568c612

Yeh, by the time I'd played around trying to get this to work I'd made and deleted several md5 files of easy-to-crack passwords but those are what I had to use as examples.



Starting again trying these hashes:

bf6efae04d1872ebb42da1601e53e20d
8bd9b031dd34e106134612f7fb400df1
ff1059dd642578a8e79f6ab0c8d766d6
dd3e4ccdcb6b73f1e5cd2c770a3560a8

which are for these passwords:

MaryJane
Password234
Dave123
hardpassword


I get this (with no output file to write to):

$ hashcat -a 0 -m 0 hashesonly.txt rockyou.txt -O
hashcat (v6.2.6) starting

OpenCL API (OpenCL 3.0 PoCL 6.0+debian  Linux, None+Asserts, RELOC, SPIR-V, LLVM 18.1.8, SLEEF, DISTRO, POCL_DEBUG) - Platform #1 [The pocl project]
====================================================================================================================================================
* Device #1: cpu-ivybridge-Intel(R) Core(TM) i7-3520M CPU @ 2.90GHz, 6784/13632 MB (2048 MB allocatable), 4MCU

Minimum password length supported by kernel: 0
Maximum password length supported by kernel: 31

Hashes: 4 digests; 4 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates
Rules: 1

Optimizers applied:
* Optimized-Kernel
* Zero-Byte
* Precompute-Init
* Meet-In-The-Middle
* Early-Skip
* Not-Salted
* Not-Iterated
* Single-Salt
* Raw-Hash

Watchdog: Temperature abort trigger set to 90c

Host memory required for this attack: 1 MB

Dictionary cache hit:
* Filename..: rockyou.txt
* Passwords.: 14344385
* Bytes.....: 139921507
* Keyspace..: 14344385

Approaching final keyspace - workload adjusted.         

Session..........: hashcat                               
Status...........: Exhausted
Hash.Mode........: 0 (MD5)
Hash.Target......: hashesonly.txt
Time.Started.....: Sun Sep 14 09:04:25 2025 (4 secs)
Time.Estimated...: Sun Sep 14 09:04:29 2025 (0 secs)
Kernel.Feature...: Optimized Kernel
Guess.Base.......: File (rockyou.txt)
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........:  3673.3 kH/s (0.58ms) @ Accel:1024 Loops:1 Thr:1 Vec:8
Recovered........: 0/4 (0.00%) Digests (total), 0/4 (0.00%) Digests (new)
Progress.........: 14344385/14344385 (100.00%)
Rejected.........: 3094/14344385 (0.02%)
Restore.Point....: 14344385/14344385 (100.00%)
Restore.Sub.#1...: Salt:0 Amplifier:0-1 Iteration:0-1
Candidate.Engine.: Device Generator
Candidates.#1....: $HEX[21217265626f756e642121] -> $HEX[042a0337c2a156616d6f732103]
Hardware.Mon.#1..: Temp: 69c Util: 69%

Started: Sun Sep 14 09:04:24 2025
Stopped: Sun Sep 14 09:04:30 2025


Anyone got any ideas what went wrong?  Not sure I should have that  '1 unique salts' line . . ?

Thanks.

[Spliceguy]

Is not the MD5 conversion for
MaryJane
Password234
Dave123
hardpassword

eb2ceb2f9f1f0d4665a2dc3c4d719aa8
b81e70651fb13d7d7051cc1684c0f91e
862f965e01818297036e2356b70e7c23
2b73c82da5bd006a524149b7ba10941e

[code9n]

Yes, you're both right. I finally realized what the problem was. I was making MD5 hashes on the command line with something like:

touch hashes.txt
touch MaryJane.txt
echo 'MaryJane' > MaryJane.txt
md5sum MaryJane.txt > hashes.txt

repeat for a couple of other easy passwords and >> into hashes.txt then remove the names of the contributing text files with nano leaving only the MD5 hashes.

I think perhaps I was not getting the MD5 hash of MaryJane but of 'MaryJane' or something like that.

Bottom line is you're both right, I assumed this was giving me the correct hashes but it wasn't (my bad) and hence hashcat wasn't finding the passwords in rockyou.txt because 'MaryJane' isn't in rockyou.txt but MaryJane is. Or perhaps I was MD5 hashing MaryJane.txt . . . not sure but solved anyway.

Must pay more attention to the little things.

Thanks to both @buka and @Spliceguy for correct and helpful info.