New - What am I missing?
#1
Hello all, I am very new to hashcat and from what I am seeing online my syntax seems to be ok but hashcat starts and immediately says "exhausted". I have tried using a rockyou.txt attack (the password is in the list) and a mask attack with filling in half of the 12 characters. The mask attack also immediately goes to "exhausted" status. My syntax is as follows:

Dictionary attack:
hashcat -m 110 -a 0 hash.txt /usr/share/hashcat/rockyou.txt

Mask attack:
hashcat -m 110 -a 3 hash.txt 481616?d?d?d?d?d?d

Thanks in advance.
Reply
#2
Can you post the full output - full command line, and the results?

This is what a successful run (but unsuccessful crack) looks like ('hashcat') happens to not be in RockYou:

Code:
$ hashcat -m 110 -a 0 110.hash /home/royce/crack/rockyou.txt
hashcat (v5.1.0-1403-g87022919) starting...

========================================================================
* Device #1: GeForce GTX 970, 1010/4041 MB allocatable, 13MCU
* Device #2: GeForce GTX 750 Ti, 500/2002 MB allocatable, 5MCU

OpenCL API (OpenCL 1.2 LINUX) - Platform #2 [Intel(R) Corporation]
==================================================================
* Device #3: Intel(R) Core(TM) i5-2500K CPU @ 3.30GHz, skipped

Hashes: 1 digests; 1 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates
Rules: 1

Applicable optimizers:
* Zero-Byte
* Early-Skip
* Not-Iterated
* Single-Hash
* Single-Salt
* Raw-Hash

Minimum password length supported by kernel: 0
Maximum password length supported by kernel: 256
Minimim salt length supported by kernel: 0
Maximum salt length supported by kernel: 256

ATTENTION! Pure (unoptimized) backend kernels selected.
Using pure kernels enables cracking longer passwords but for the price of drastically reduced performance.
If you want to switch to optimized backend kernels, append -O to your commandline.
See the above message to find out about the exact limits.

Watchdog: Temperature abort trigger set to 90c

Host memory required for this attack: 444 MB

Dictionary cache built:
* Filename..: /home/royce/crack/rockyou.txt
* Passwords.: 14344391
* Bytes.....: 139921497
* Keyspace..: 14344384
* Runtime...: 2 secs

Approaching final keyspace - workload adjusted.  

Session..........: hashcat                      
Status...........: Exhausted
Hash.Name........: sha1($pass.$salt)
Hash.Target......: 2fc5a684737ce1bf7b3b239df432416e0dd07357:2014
Time.Started.....: Sat Oct 12 07:00:49 2019 (2 secs)
Time.Estimated...: Sat Oct 12 07:00:51 2019 (0 secs)
Guess.Base.......: File (/home/royce/crack/rockyou.txt)
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........:  8113.6 kH/s (7.56ms) @ Accel:1024 Loops:1 Thr:64 Vec:1
Speed.#2.........:  5417.1 kH/s (6.50ms) @ Accel:1024 Loops:1 Thr:64 Vec:1
Speed.#*.........: 13530.7 kH/s
Recovered........: 0/1 (0.00%) Digests
Progress.........: 14344384/14344384 (100.00%)
Rejected.........: 0/14344384 (0.00%)
Restore.Point....: 14037131/14344384 (97.86%)
Restore.Sub.#1...: Salt:0 Amplifier:0-1 Iteration:0-1
Restore.Sub.#2...: Salt:0 Amplifier:0-1 Iteration:0-1
Candidates.#1....: 1452123 -> 046379656
Candidates.#2....: $HEX[303436333739333839] -> $HEX[042a0337c2a156616d6f732103]
Hardware.Mon.#1..: Temp: 41c Fan: 39% Util: 22% Core:1050MHz Mem:3004MHz Bus:8
Hardware.Mon.#2..: Temp: 30c Fan: 33% Util: 32% Core:1058MHz Mem:2700MHz Bus:8

Started: Sat Oct 12 07:00:36 2019
Stopped: Sat Oct 12 07:00:51 2019

Notice that it finished very quickly - it's a fast hash (and a relatively short wordlist for that fast of a hash)
~
Reply
#3
Thank you, dictionary output first:

hashcat -m 110 -a 0 hash.txt /usr/share/hashcat/rockyou.txt --force
hashcat (v4.0.1) starting...

OpenCL Platform #1: Intel(R) Corporation
========================================
* Device #1: Intel(R) Core(TM) i3-8130U CPU @ 2.20GHz, 1459/5838 MB allocatable, 4MCU

OpenCL Platform #2: The pocl project
====================================
* Device #2: pthread-Intel(R) Core(TM) i3-8130U CPU @ 2.20GHz, 2048/4379 MB allocatable, 4MCU

Hashes: 1 digests; 1 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates
Rules: 1

Applicable optimizers:
* Zero-Byte
* Early-Skip
* Not-Iterated
* Single-Hash
* Single-Salt
* Raw-Hash

Password length minimum: 0
Password length maximum: 256
Salt length minimum: 0
Salt length maximum: 256

ATTENTION! Pure (unoptimized) OpenCL kernels selected.
This enables cracking passwords and salts > length 32 but for the price of drastical reduced performance.
If you want to switch to optimized OpenCL kernels, append -O to your commandline.

Watchdog: Hardware monitoring interface not found on your system.
Watchdog: Temperature abort trigger disabled.
Watchdog: Temperature retain trigger disabled.

* Device #1: build_opts '-I /usr/share/hashcat/OpenCL -D VENDOR_ID=8 -D CUDA_ARCH=0 -D AMD_ROCM=0 -D VECT_SIZE=1 -D DEVICE_TYPE=2 -D DGST_R0=3 -D DGST_R1=4 -D DGST_R2=2 -D DGST_R3=1 -D DGST_ELEM=5 -D KERN_TYPE=110 -D _unroll -cl-opt-disable'
* Device #2: build_opts '-I /usr/share/hashcat/OpenCL -D VENDOR_ID=64 -D CUDA_ARCH=0 -D AMD_ROCM=0 -D VECT_SIZE=1 -D DEVICE_TYPE=2 -D DGST_R0=3 -D DGST_R1=4 -D DGST_R2=2 -D DGST_R3=1 -D DGST_ELEM=5 -D KERN_TYPE=110 -D _unroll'
Dictionary cache hit:
* Filename..: /usr/share/hashcat/rockyou.txt
* Passwords.: 14344385
* Bytes.....: 139922210
* Keyspace..: 14344385

- Device #1: autotuned kernel-accel to 1024
- Device #1: autotuned kernel-loops to 1
- Device #2: autotuned kernel-accel to 1024
- Device #2: autotuned kernel-loops to 1
[s]tatus [p]ause [r]esume [b]ypass [c]heckpoint [q]uit => [s]tatus [p]ause [r]esume [b]ypass [c]heckpoint [q]uit => s

Session..........: hashcat
Status...........: Running
Hash.Type........: sha1($pass.$salt)
Hash.Target......: e5d8870e5bdd*****cab8dbe07a942c8669e56d6:*********
Time.Started.....: Sat Oct 12 10:54:36 2019 (3 secs)
Time.Estimated...: Sat Oct 12 10:54:40 2019 (1 sec)
Guess.Base.......: File (/usr/share/hashcat/rockyou.txt)
Guess.Queue......: 1/1 (100.00%)
Speed.Dev.#1.....: 2801.3 kH/s (0.91ms)
Speed.Dev.#2.....: 1197.0 kH/s (2.33ms)
Speed.Dev.#*.....: 3972.0 kH/s
Recovered........: 0/1 (0.00%) Digests, 0/1 (0.00%) Salts
Progress.........: 9412608/14344385 (65.62%)
Rejected.........: 0/9412608 (0.00%)
Restore.Point....: 9400320/14344385 (65.53%)
Candidates.#1....: budda0708 -> bubu71493
Candidates.#2....: bubu6_fufi -> bubba211
HWMon.Dev.#1.....: N/A
HWMon.Dev.#2.....: N/A

Approaching final keyspace - workload adjusted.

Session..........: hashcat
Status...........: Exhausted
Hash.Type........: sha1($pass.$salt)
Hash.Target......: e5d8870e5bdd*****cab8dbe07a942c8669e56d6:*********
Time.Started.....: Sat Oct 12 10:54:36 2019 (4 secs)
Time.Estimated...: Sat Oct 12 10:54:40 2019 (0 secs)
Guess.Base.......: File (/usr/share/hashcat/rockyou.txt)
Guess.Queue......: 1/1 (100.00%)
Speed.Dev.#1.....: 2787.5 kH/s (0.88ms)
Speed.Dev.#2.....: 1142.0 kH/s (2.11ms)
Speed.Dev.#*.....: 3929.4 kH/s
Recovered........: 0/1 (0.00%) Digests, 0/1 (0.00%) Salts
Progress.........: 14344385/14344385 (100.00%)
Rejected.........: 0/14344385 (0.00%)
Restore.Point....: 14340096/14344385 (99.97%)
Candidates.#1....: $HEX[2134396265616473] -> $HEX[042a0337c2a156616d6f732103]
Candidates.#2....: !carolyn -> !4@tePAssw0rds
HWMon.Dev.#1.....: N/A
HWMon.Dev.#2.....: N/A

Started: Sat Oct 12 10:54:35 2019
Stopped: Sat Oct 12 10:54:41 2019
Reply
#4
hashcat -m 110 -a 3 hash.txt 481616?d?d?d?d?d?d
hashcat (v4.0.1) starting...

* Device #2: Not a native Intel OpenCL runtime. Expect massive speed loss.
You can use --force to override, but do not report related errors.
OpenCL Platform #1: Intel(R) Corporation
========================================
* Device #1: Intel(R) Core(TM) i3-8130U CPU @ 2.20GHz, 1459/5838 MB allocatable, 4MCU

OpenCL Platform #2: The pocl project
====================================
* Device #2: pthread-Intel(R) Core(TM) i3-8130U CPU @ 2.20GHz, skipped.

Hashes: 1 digests; 1 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates

Applicable optimizers:
* Zero-Byte
* Early-Skip
* Not-Iterated
* Single-Hash
* Single-Salt
* Brute-Force
* Raw-Hash

Password length minimum: 0
Password length maximum: 256
Salt length minimum: 0
Salt length maximum: 256

ATTENTION! Pure (unoptimized) OpenCL kernels selected.
This enables cracking passwords and salts > length 32 but for the price of drastical reduced performance.
If you want to switch to optimized OpenCL kernels, append -O to your commandline.

Watchdog: Hardware monitoring interface not found on your system.
Watchdog: Temperature abort trigger disabled.
Watchdog: Temperature retain trigger disabled.

* Device #1: build_opts '-I /usr/share/hashcat/OpenCL -D VENDOR_ID=8 -D CUDA_ARCH=0 -D AMD_ROCM=0 -D VECT_SIZE=8 -D DEVICE_TYPE=2 -D DGST_R0=3 -D DGST_R1=4 -D DGST_R2=2 -D DGST_R3=1 -D DGST_ELEM=5 -D KERN_TYPE=110 -D _unroll -cl-opt-disable'
- Device #1: autotuned kernel-accel to 1024
- Device #1: autotuned kernel-loops to 1
Approaching final keyspace - workload adjusted.

Session..........: hashcat
Status...........: Exhausted
Hash.Type........: sha1($pass.$salt)
Hash.Target......: e5d8870e5bdd*****cab8dbe07a942c8669e56d6:*********
Time.Started.....: Sat Oct 12 11:02:14 2019 (1 sec)
Time.Estimated...: Sat Oct 12 11:02:15 2019 (0 secs)
Guess.Mask.......: 481616?d?d?d?d?d?d [12]
Guess.Queue......: 1/1 (100.00%)
Speed.Dev.#1.....: 2612.4 kH/s (0.99ms)
Recovered........: 0/1 (0.00%) Digests, 0/1 (0.00%) Salts
Progress.........: 1000000/1000000 (100.00%)
Rejected.........: 0/1000000 (0.00%)
Restore.Point....: 1000000/1000000 (100.00%)
Candidates.#1....: 481616079738 -> 481616494964
HWMon.Dev.#1.....: N/A

Started: Sat Oct 12 11:02:13 2019
Stopped: Sat Oct 12 11:02:15 2019
Reply
#5
But if I know that password is in the file, why would it not find it?
Reply
#6
example hashes can be found here (or use -m 110 --example):
https://hashcat.net/wiki/doku.php?id=example_hashes
Reply
#7
My apologies, guys, I'm new to this. I did check on the example hashes and I believe I have the correct mode. I physically added the password to the rockyou.txt file just to make sure it was there. I just don't understand why it's not finding it if my syntax and path to my .txt file are correct.

For the mask attack I posted above, does it seem to be formatted okay?

Neither are working for me so I am a bit confused.
Reply
#8
if the example hash works (from the wiki page, password for the example hash is hashcat), so should every other hash given the correct hash, salt, password.

there could be many problems.
1. your hash was not generated with the same algorithm (see for instance differences between 110 and 120)
2. salt is not complete or in wrong format (binary vs hex salt)
3. the password is not correct
etc etc

just test the example hash and confirm if it is working and if that is working you need to find out why your other example (your original hash/salt/password) is not cracking (maybe some of the reasons from above)
Reply
#9
This is very helpful, thank you. The example hash worked right away, so I need to dig deeper on my hash:salt and see if I can figure this out. I really appreciate the help.
Reply