Automatic /r stripping by hashcat?
#5
I agree with what you are saying.  But in the command output below you can see that:
A. The two wordlist files have the same words but hash to different values because of the presence of \r\n  (hex 0d 0a) vs \n (hex 0a) at the end of each word.
B. When I use the words in windowslist.txt in hashcat they are successful in recovering the hashes that were made using the other wordlist (linuxwords.txt).
C. Using openssl or shasum the words in windowslist.txt hash to a different value that what hashcat successfully recovers.  I am trying to understand why.  Hashcat is doing something to/with the windowslist.txt wordlist that causes the words it contains to hash to different values than I get when using shasum or openssl to hash the list.  The end result is the passwords are recovered (yay!) but the behavior is not what I expected.

# linuxwords.txt and windowswords.txt look the same

Code:
❯ cat linuxwords.txt
hello
goodbye
lucky
snake

❯ cat windowswords.txt
hello
goodbye
lucky
snake

# hexdump and file commands show they are different (\r\n vs \n)

❯ hexdump -c linuxwords.txt
0000000  h  e  l  l  o  \n  g  o  o  d  b  y  e  \n  l  u
0000010  c  k  y  \n  s  n  a  k  e  \n  \n
000001b

❯ hexdump -c windowswords.txt
0000000  h  e  l  l  o  \r  \n  g  o  o  d  b  y  e  \r  \n
0000010  l  u  c  k  y  \r  \n  s  n  a  k  e  \r  \n
000001e

❯ hexdump -C linuxwords.txt
00000000  68 65 6c 6c 6f 0a 67 6f  6f 64 62 79 65 0a 6c 75  |hello.goodbye.lu|
00000010  63 6b 79 0a 73 6e 61 6b  65 0a 0a                |cky.snake..|
0000001b

❯ hexdump -C windowswords.txt
00000000  68 65 6c 6c 6f 0d 0a 67  6f 6f 64 62 79 65 0d 0a  |hello..goodbye..|
00000010  6c 75 63 6b 79 0d 0a 73  6e 61 6b 65 0d 0a        |lucky..snake..|
0000001e

❯ file windowswords.txt
windowswords.txt: ASCII text, with CRLF line terminators

❯ file linuxwords.txt
linuxwords.txt: ASCII text

# linuxwords.txt words hash to a different value than the windowswords.txt.  I expected this.

❯ for word in $(cat linuxwords.txt); do echo -n $word | shasum; done | awk '{print $1}' | tee linuxhashes
aaf4c61ddcc5e8a2dabede0f3b482cd9aea9434d
3c8ec4874488f6090a157b014ce3397ca8e06d4f
1ce1416347075b6070a35ce5e9d26b61d91ea6c3
148627088915c721ccebb4c611b859031037e6ad

❯ for word in $(cat windowswords.txt); do echo -n $word | shasum; done | awk '{print $1}'
e5ad4d3134d03e6bfc4de4f046c7c5d0b52962a5
ad928c1e055bbb0858c452b0d43b3740e53adc31
913e3490a7bf1ad10957f3073c8ea7e02f85bda0
9316338a5ff32b8172cb80d6b92dd6e8708ce46e

# hashcat recovers the hashes made using linuxlist.txt using the windowsword.txt file as the dictionary.  windowslist.txt and words linuxlist.txt words do not hash to the same values but hashcat is still successful.  I did not expect this and this is what I am trying to understand.

❯ hashcat -a 0 -m 100 linuxhashes windowswords.txt --potfile-disable
hashcat (v6.2.6) starting

<--truncated-->

aaf4c61ddcc5e8a2dabede0f3b482cd9aea9434d:hello
1ce1416347075b6070a35ce5e9d26b61d91ea6c3:lucky
148627088915c721ccebb4c611b859031037e6ad:snake
3c8ec4874488f6090a157b014ce3397ca8e06d4f:goodbye

<<--truncated-->
Reply


Messages In This Thread
Automatic /r stripping by hashcat? - by KYMS - 05-10-2024, 03:34 PM
RE: Automatic /r stripping by hashcat? - by KYMS - 05-10-2024, 04:26 PM
RE: Automatic /r stripping by hashcat? - by KYMS - 05-10-2024, 07:06 PM