06-10-2024, 07:19 AM
(06-10-2024, 05:04 AM)iamryo2416 Wrote: I already extract hash as follow, but strangely, there is no $bitlocker$1. Only $2 and $3 hash string. I run following command and it says no hash was loaded. Can any one help ?
///////////////////// extracted hash ///////////////////////
Encrypted device F:\512G_OS_Win\512_OS_Win.image.001 opened, size 488386MB
Salt: 8f7eb10c6c8ff7feb139c316c79d5079
RP Nonce: a0a3b1e03aa2d7013a000000
RP MAC: cca2a77fe0ab6ad3700fbf10608e5a0d
RP VMK: 690f60fb7706a69a8a0fc6e9f46a77d3864eaef4a8286b3aeb601606692ce1af7db9e5242bbf68cb73a6676c
Hash type: Recovery Password fast attack
$bitlocker$2$16$8f7eb10c6c8ff7feb139c316c79d5079$1048576$12$a0a3b1e03aa2d7013a000000$60$cca2a77fe0ab6ad3700fbf10608e5a0d690f60fb7706a69a8a0fc6e9f46a77d3864eaef4a8286b3aeb601606692ce1af7db9e5242bbf68cb73a6676c
Hash type: Recovery Password with MAC verification (slower solution, no false positives)
$bitlocker$3$16$8f7eb10c6c8ff7feb139c316c79d5079$1048576$12$a0a3b1e03aa2d7013a000000$60$cca2a77fe0ab6ad3700fbf10608e5a0d690f60fb7706a69a8a0fc6e9f46a77d3864eaef4a8286b3aeb601606692ce1af7db9e5242bbf68cb73a6676c
========================
I use 2 different hash_4_crack.txt with following hash string to run hashcat without any luck ! Run 2 times, all with same error result.
first hash_4_crack.txt with following content
===========================================
$bitlocker$2$16$8f7eb10c6c8ff7feb139c316c79d5079$1048576$12$a0a3b1e03aa2d7013a000000$60$cca2a77fe0ab6ad3700fbf10608e5a0d690f60fb7706a69a8a0fc6e9f46a77d3864eaef4a8286b3aeb601606692ce1af7db9e5242bbf68cb73a6676c
===========================================
2nd hash_4_crack.txt with following content
===========================================
$bitlocker$3$16$8f7eb10c6c8ff7feb139c316c79d5079$1048576$12$a0a3b1e03aa2d7013a000000$60$cca2a77fe0ab6ad3700fbf10608e5a0d690f60fb7706a69a8a0fc6e9f46a77d3864eaef4a8286b3aeb601606692ce1af7db9e5242bbf68cb73a6676c
===========================================
//////////////////// hashcat command ///////////////////////
hashcat.exe -m 22100 -a 0 hash_4_crack.txt recovery_passwords.txt
//////////////////// result //////////////////////
D:\bitkocker\hashcat-6.2.6>hashcat.exe -m 22100 -a 0 hash_4_crack.txt recovery_passwords.txt
hashcat (v6.2.6) starting
* Device #1: WARNING! Kernel exec timeout is not disabled.
This may cause "CL_OUT_OF_RESOURCES" or related errors.
To disable the timeout, see: https://hashcat.net/q/timeoutpatch
* Device #2: WARNING! Kernel exec timeout is not disabled.
This may cause "CL_OUT_OF_RESOURCES" or related errors.
To disable the timeout, see: https://hashcat.net/q/timeoutpatch
nvmlDeviceGetFanSpeed(): Not Supported
CUDA API (CUDA 12.5)
====================
* Device #1: NVIDIA GeForce RTX 3060 Laptop GPU, 5122/6143 MB, 30MCU
OpenCL API (OpenCL 3.0 CUDA 12.5.51) - Platform #1 [NVIDIA Corporation]
=======================================================================
* Device #2: NVIDIA GeForce RTX 3060 Laptop GPU, skipped
OpenCL API (OpenCL 3.0 ) - Platform #2 [Intel(R) Corporation]
=============================================================
* Device #3: Intel(R) UHD Graphics, 4800/9725 MB (2047 MB allocatable), 32MCU
OpenCL API (OpenCL 3.0 WINDOWS) - Platform #3 [Intel(R) Corporation]
====================================================================
* Device #4: 11th Gen Intel(R) Core(TM) i7-11800H @ 2.30GHz, skipped
Minimum password length supported by kernel: 4
Maximum password length supported by kernel: 256
Hashfile 'hash_4_crack.txt' on line 1 ($bitlo...692ce1af7db9e5242bbf68cb73a6676c): Salt-value exception
No hashes loaded.
Started: Mon Jun 10 10:49:24 2024
Stopped: Mon Jun 10 10:49:25 2024
What is Sale-value exception means ? Did I miss use command line or did I do anything wrong or just hashcat simply not working ??
Hashcat can't work with $2 and $3. Those are the hashes for the bitlocker recovery key.
The reason you only get those is usually because the user logs on using WindowsHELLO (PIN code).