12-22-2012, 07:05 PM
(11-27-2012, 01:25 AM)Kgx Pnqvhm Wrote: Hashcat 0.41 64-bit for Windows is putting a hex string in the hashcat.pot file that is not the hash.
You are quite correct.
Consider the file of MD5 hashes:
45a1c034872ef39150102a07f7d8c94f
649a38c0b5b1d949ee31e7d820925621
ac950af509c913bc38d5a7f9552b1989
d656daf037a059bf60ad45ddee0cfd25
fe7a2d3e0cd6d9c181316f7551d43708
Using the following passwords in a dictionary:
THANKGODIAMOKNOW
TIGERANDDIPSTICK
LOOKING4AGOODMAN
FISHING4RELATION
you can then run hashcat as follows:
hashcat -a 0 -m 0 hash pass
Hashcat will display the following information:
fe7a2d3e0cd6d9c181316f7551d43708:THANKGODIAMOKNOW
d656daf037a059bf60ad45ddee0cfd25:TIGERANDDIPSTICK
649a38c0b5b1d949ee31e7d820925621:LOOKING4AGOODMAN
45a1c034872ef39150102a07f7d8c94f:FISHING4RELATION
which are the correct hashes, paired with the correct passwords, yet in the hashcat.pot file:
3e2d7afec1d9d60c756f31810837d451:THANKGODIAMOKNOW
f0da56d6bf59a037dd45ad6025fd0cee:TIGERANDDIPSTICK
c0389a6449d9b1b5d8e731ee21569220:LOOKING4AGOODMAN
34c0a14591f32e87072a10504fc9d8f7:FISHING4RELATION
The hashes in the pot file seem to be unrelated to the passwords, yet the hashes displayed on stdout are correct. I've verified this on both the OS X port as well as the Linux port.
You can "fix" this behaviour by using --output-file=your.pot --output-format=0. This will cause the correct hashes to be written to "your.pot".