Binary Dictionary
#1
Hi,

I am not sure if this was already noticed or reported by someone else or not.

I am running a dictionary attack using oclhashcat-plus against a list of MD5 hashes.

Surprisingly I get 0 results. Let's call this dictionary as wordlist.txt henceforth.

Using some other dictionaries I found the password. I checked this passwords against my original dictionary, wordlist.txt and it is listed there.

On windows:

Code:
type wordlist.txt | findstr "areyouthere"

So, I checked the encoding of the file and found out that the charset is binary.

Code:
file -bi wordlist.txt

charset=binary

this holds true for several other passwords in the dictionary, wordlist.txt. They are present and corresponding to the MD5 hashes I am trying to crack, however, they are not found in the dictionary attack.

I did not see an option in oclhashcat-plus which states to treat the input as binary. I am sure, if command line can find that word in the dictionary then so can, oclhashcat-plus?

Then, why isn't it happening in this case?

I used the grep utility on linux to find the word in the dictionary, wordlist.txt and it does not find it and says: Standard Input: binary

Code:
cat wordlist.txt | grep "areyouthere"

It does not find it.

Code:
cat wordlist.txt | grep -a "areyouthere"

enforcing the input file to be of type text.

it finds it!

I have attempted to fix the wordlist itself by removing any binary data present in it, however its a huge file and I do not think I can manually remove all such entries.

I have tried a couple of filters to extract only the ASCII strings from the dictionary and write the output to another file, lets call it ascii_wordlist.txt

Now, when I try:

Code:
cat ascii_wordlist.txt | grep "areyouthere"

it finds the word now, without enforcing the input type to be text.

So, I used this new wordlist (only ascii entries) in the dictionary attack in oclhashcat-plus and it once again does not crack the corresponding MD5 hashes.
#2
Fixed it, works with JtR Wink
#3
oclHashcat-plus only supports cracking hashes < length 16
#4
@atom: Thanks, Yes I am aware of that fact.

However, how is that related to this issue?

The password in this case is, "areyouthere" which is less than 16 characters in length.

Or does this mean, that if there is a word before "areyouthere" in the dictionary which is of length > 15, it will skip them? I do not think so Smile
#5
I guessed "areyouthere" is some replacement.

Can you compile all required files I need for reproduce, zip them (to ensure they are not modified) and then send to me?