DES, Hex-Charset and Split/Limit??
#1
I'm right now attempting to derive the NTLM hash from an NTLMv1-ESS hash.

I've managed to crack the 2nd part of the NTLM hash, used ct3 to calc the last 4 chars of the hash, but need to crack one final remaining bit of DES.

Configuring my rig as follows:


Code:
# /opt/hashcat-5.1.0/hashcat64.bin -m 14000 -w4 -a 3 -1 /opt/hashcat-5.1.0/charsets/DES_full.charset --hex-charset deshash ?1?1?1?1?1?1?1?1

Works fine, but will take about 7 days to complete.

So deciding to throw some money into the mix i'm renting a few p3.16XL instances from amazon and intend to break up the keyspace.

I try the argument as advertised in the usage statement in order to determine the keyspace values to use...

Code:
# /opt/hashcat-5.1.0/hashcat64.bin -m 14000 -w4 -a 3 -1 /opt/hashcat-5.1.0/charsets/DES_full.charset --hex-charset deshash ?1?1?1?1?1?1?1?1 --keyspace

and get a short version of the hashcat usage statement back at me.


Code:
Usage: /opt/hashcat-5.1.0/hashcat64.bin [options]... hash|hashfile|hccapxfile [dictionary|mask|directory]...

Try --help for more help.

moving the --keyspace statement around doesn't resolve anything.

*googles* - Finds: https://hashcat.net/forum/thread-5818.html

and wings it assuming: 34359738368 is an accurate number to use.

But now with split and limit my commands start looking like:


Code:
# /opt/hashcat-5.1.0/hashcat64.bin -m 14000 -w4 -a 3 -1 /opt/hashcat-5.1.0/charsets/DES_full.charset --hex-charset deshash ?1?1?1?1?1?1?1?1 -s 0 -l 5726623061

which returns a decent estimate of approximately 9hours or so to crack.

So I move to number 2...

Code:
# /opt/hashcat-5.1.0/hashcat64.bin -m 14000 -w4 -a 3 -1 /opt/hashcat-5.1.0/charsets/DES_full.charset --hex-charset deshash ?1?1?1?1?1?1?1?1 -s 5726623061 -l 11453246122

and now I get an estimate of 18 hours.

... number 3... and so on.

Am I right in thinking that the limit is being ignored for some reason in calculation of the estimated time? Is it performing as intended/expected? The way it almost exactly increases by a similar proportion each time is confusing me somewhat.

Then there are the percentages complete.
The first rig, after 1.5 hrs sits as 15% ish complete.
The second rig, after 1hr and 10 minutes, sits at 37.5% complete (which I think  is nearer 7.5% because i'm pretty sure it started at near 30% already progressed)
The third rig after 1 hour and 10 minutes... 42.5% (which I think is nearer 2.5% because i'm pretty sure it started at near 40%).
and so on.

All rigs are identical and are cracking at practically the same 345GH/s rate.

I just need to confirm i'm actually progressing through the keyspace as expected, and anyone able to confirm the actual figure I should use for the keyspace given --keyspace doesn't appear to work for DES at least it would be much appreciated. Thanks.
Reply


Messages In This Thread
DES, Hex-Charset and Split/Limit?? - by Scriptmonkey_ - 11-07-2019, 11:30 PM