hashcat 0.41 putting something other than hash in .pot file
#2
(11-27-2012, 01:25 AM)Kgx Pnqvhm Wrote: Hashcat 0.41 64-bit for Windows is putting a hex string in the hashcat.pot file that is not the hash.

You are quite correct.

Consider the file of MD5 hashes:

45a1c034872ef39150102a07f7d8c94f
649a38c0b5b1d949ee31e7d820925621
ac950af509c913bc38d5a7f9552b1989
d656daf037a059bf60ad45ddee0cfd25
fe7a2d3e0cd6d9c181316f7551d43708

Using the following passwords in a dictionary:

THANKGODIAMOKNOW
TIGERANDDIPSTICK
LOOKING4AGOODMAN
FISHING4RELATION

you can then run hashcat as follows:

hashcat -a 0 -m 0 hash pass

Hashcat will display the following information:

fe7a2d3e0cd6d9c181316f7551d43708:THANKGODIAMOKNOW
d656daf037a059bf60ad45ddee0cfd25:TIGERANDDIPSTICK
649a38c0b5b1d949ee31e7d820925621:LOOKING4AGOODMAN
45a1c034872ef39150102a07f7d8c94f:FISHING4RELATION

which are the correct hashes, paired with the correct passwords, yet in the hashcat.pot file:

3e2d7afec1d9d60c756f31810837d451:THANKGODIAMOKNOW
f0da56d6bf59a037dd45ad6025fd0cee:TIGERANDDIPSTICK
c0389a6449d9b1b5d8e731ee21569220:LOOKING4AGOODMAN
34c0a14591f32e87072a10504fc9d8f7:FISHING4RELATION

The hashes in the pot file seem to be unrelated to the passwords, yet the hashes displayed on stdout are correct. I've verified this on both the OS X port as well as the Linux port.

You can "fix" this behaviour by using --output-file=your.pot --output-format=0. This will cause the correct hashes to be written to "your.pot".


Messages In This Thread
RE: hashcat 0.41 putting something other than hash in .pot file - by Waffle - 12-22-2012, 07:05 PM