Cracking Russian Passwords
#1
I am not sure how the unicode support works but this is weird.

MD5 Hash: 714d5bc5daad4412e118d1bfd0c7477b
plaintext: ьфдщн

I noticed this on one of the hash cracked list on a forum.

So, I put this plain text in a wordlist and run a dictionary attack. The hash was not cracked.

Can someone verify this?
#2
The hash and the password are not matching here, anyone else?
#3
echo -n 'ьфдщн' | ./hash-generator.pl -0
507620db658a3d55c367cc8273e2ee24

created using this script
http://www.phillips321.co.uk/2012/05/15/...erator-pl/
#4
yep, your plain is wrong.

echo -n 'ьфдщн' | md5sum
507620db658a3d55c367cc8273e2ee24 -
#5
Thanks for the replies Smile

A few points worth noting. Check the MD5 Hash of ьфдщн on the following 2 sites:

http://md5-hash-online.waraxe.us/
http://www.miraclesalad.com/webtools/md5.php -> This gives the same result as md5sum, probably because it is using UTF-8 encoding, same as md5sum.

In any case, this time, I used the MD5 hash and plaintext as follows:

MD5 Hash: 507620db658a3d55c367cc8273e2ee24
Plaintext: ьфдщн

And it is still not able to crack.

Results:

Code:
C:\GPU Bruteforcers\oclHashcat-plus-0.081>oclHashcat-plus32.exe -m 0 -n 160 -a 0
RussianMD5.txt Russian.txt
oclHashcat-plus v0.08 by atom starting...

Hashes: 1
Unique digests: 1
Bitmaps: 8 bits, 256 entries, 0x000000ff mask, 1024 bytes
Rules: 1
GPU-Loops: 128
GPU-Accel: 160
Password lengths range: 1 - 15
Platform: AMD compatible platform found
Watchdog: Temperature limit set to 90c
Device #1: Cypress, 1024MB, 0Mhz, 20MCU
Device #1: Allocating 481MB host-memory
Device #1: Kernel ./kernels/4098/m0000_a0.Cypress.32.kernel (1001600 bytes)

Scanned dictionary Russian.txt: 201 bytes, 14 words, 14 keyspace, starting attac
k...


Status.......: Exhausted
Input.Mode...: File (Russian.txt)
Hash.Target..: 507620db658a3d55c367cc8273e2ee24
Hash.Type....: MD5
Time.Running.: 0 secs
Time.Left....: 0 secs
Time.Util....: 999.7ms/0.0ms Real/CPU, 0.0% idle
Speed........:       14 c/s Real,        0 c/s GPU
Recovered....: 0/1 Digests, 0/1 Salts
Progress.....: 14/14 (100.00%)
Rejected.....: 0/14 (0.00%)
HW.Monitor.#1:  0% GPU, 50c Temp

Started: Thu May 24 07:58:22 2012
Stopped: Thu May 24 07:58:24 2012

Can you please try it as well?
#6
Can somebody try what I suggested above and post their results?
#7
Verified.
Both hashcat and oclHashcat-plus cracked the pass as:
Code:
507620db658a3d55c367cc8273e2ee24:ьфдщн

Note: The dictionary file has to be UTF-8 Unicode (withOUT BOM).

PS: Google translator: ьфдщн::fdschn 0_o
#8
Thank you, M@LIK.

Can you please post the output of oclhashcat-plus session while cracking this password like I did in my post?

Yes, my dictionary file is UTF-8 Encoded.

I am cracking it on Windows 7 x64 platform running on a command line (MS DOS Prompt).

And are you cracking this on Windows or Linux?
#9
Code:
hc64p ..\M\MD5.hash ..\M\Odic.dic -o..\M\OUT.out

cudaHashcat-plus v5.36 by atom starting...

Hashes: 1
Unique digests: 1
Bitmaps: 8 bits, 256 entries, 0x000000ff mask, 1024 bytes
Rules: 1
GPU-Loops: 128
GPU-Accel: 8
Password lengths range: 1 - 15
Watchdog: Temperature abort trigger set to 90c
Watchdog: Temperature retain trigger set to 70c

Scanned dictionary ..\M\Odic.dic: 12 bytes, 1 words, 1 keyspace, starting attack...


Status.......: Cracked
Input.Mode...: File (..\M\Odic.dic)
Hash.Target..: 507620db658a3d55c367cc8273e2ee24
Hash.Type....: MD5
Time.Running.: 0 secs
Time.Util....: 999.5ms/0.0ms Real/CPU, 0.0% idle
Speed........:        1 c/s Real,        0 c/s GPU
Recovered....: 1/1 Digests, 1/1 Salts
Progress.....: 1/1 (100.00%)
Rejected.....: 0/1 (0.00%)
HWMon.GPU.#1.:  0% Util, 39c Temp, -1rpm Fan

Started: Sat May 26 06:33:44 2012
Stopped: Sat May 26 06:33:46 2012

I believe your problem is with the encoding. It has to be No BOM.
I use Windows too.
Use this dictionary, it should work: HERE



PS: cudaHashcat-plus v5.36 FTW!
xD
#10
Thank you again.

I am looking into this. So, as I understand, oclhashcat-plus is not BOM aware. I believe it could be made? For instance, if you encounter the bytes (EF BB FF) in the stream then ignore them and read the remaining, which would be your UTF-8 Encoded String.

Though Unicode itself suggests not to use BOM, so I guess it depends on the type of File Editor I have used for the dictionary.

@M@LIK: What file editor did you use for creating this dictionary? I used Notepad and saved it as UTF-8 Encoding, but I guess it prefixes all the strings with BOM due to which oclhashcat-plus does not work with it.

I could make your dictionary not work once again by just copying a BOM UTF-8 String to your dictionary.

For instance:

Without BOM,

Code:
ьфдщн

It works.

Now, open it with notepad, copy 2 more words which have BOM and append them to above dictionary. It does not work then.

Also, is this documented somewhere that oclhashcat-plus expects the unicode strings to be without BOM or was it your own observation?