Cracking LM
#1
Hi everyone,
I've noticed some very weird behaviors while playing with LM hashes.
So I generated some LM hashes:
Code:
0182BD0BD4444BF836077A718CCDF409:12345678
8C6F5D02DEB21501:ABC
1C3A2B6D939A1021:AAA

When trying to bruteforce these (In 16 bytes form or 32) I get either wrong cracked passwords or "Exhausted". Always, with some certain hashes.

Let's say this hash:
Code:
0182BD0BD4444BF836077A718CCDF409:12345678

Here we go:
Code:
hc64p -m3000 -a3 ..\M\LM.hash ?d?d?d?d?d?d?d?d
** Valid keyfile for beta usage: malik (expires 18.05.2013)

cudaHashcat-plus v0.09 by atom starting...

Hashes: 2
Unique digests: 2
Bitmaps: 8 bits, 256 entries, 0x000000ff mask, 1024 bytes
GPU-Loops: 32
GPU-Accel: 8
Password lengths range: 1 - 7
...
Device #1: Kernel ./kernels/4318/m3000_a3.sm_21.ptx

36077a718ccdf409:8
0182bd0bd4444bf8:1234467

Status.......: Cracked
Input.Mode...: Mask (?d?d?d?d?d?d?d)
Hash.Target..: 0182bd0bd4444bf836077a718ccdf409
Hash.Type....: LM
Time.Running.: 0 secs
Time.Util....: 964.5ms/1.5ms Real/CPU, 0.2% idle
Speed........:  4512.0k c/s Real, 35682.4k c/s GPU
Recovered....: 2/2 Digests, 1/1 Salts
Progress.....: 4352000/10000000 (43.52%)
Rejected.....: 0/4352000 (0.00%)
HWMon.GPU.#1.:  0% Util, 45c Temp, -1rpm Fan

Started: Mon May 28 18:36:43 2012
Stopped: Mon May 28 18:36:45 2012
Notice the second hash.


Another one:
Code:
8C6F5D02DEB21501:ABC

Code:
hc64p -m3000 -a3 -1 ?u?d ..\M\LM.hash ?1?1?1
** Valid keyfile for beta usage: malik (expires 18.05.2013)

cudaHashcat-plus v0.09 by atom starting...

Hashes: 2
Unique digests: 2
Bitmaps: 8 bits, 256 entries, 0x000000ff mask, 1024 bytes
GPU-Loops: 32
GPU-Accel: 8
Password lengths range: 1 - 7
...
Device #1: Kernel ./kernels/4318/m3000_a3.sm_21.ptx

8c6f5d02deb21501:AAC

Status.......: Exhausted
Input.Mode...: Mask (?1?1?1)
Hash.Target..: 00000000000000008c6f5d02deb21501
Hash.Type....: LM
Time.Running.: 0 secs
Time.Left....: 0 secs
Time.Util....: 998.0ms/1.6ms Real/CPU, 0.2% idle
Speed........:    46747 c/s Real, 10930.8k c/s GPU
Recovered....: 1/2 Digests, 0/1 Salts
Progress.....: 46656/46656 (100.00%)
Rejected.....: 0/46656 (0.00%)
HWMon.GPU.#1.:  0% Util, 45c Temp, -1rpm Fan

Started: Mon May 28 18:39:42 2012
Stopped: Mon May 28 18:39:44 2012


One more?
Code:
1C3A2B6D939A1021:AAA

Code:
hc64p -m3000 -a3 -1 ?u?d ..\M\LM.hash ?1?1?1
** Valid keyfile for beta usage: malik (expires 18.05.2013)

cudaHashcat-plus v0.09 by atom starting...

Hashes: 2
Unique digests: 2
Bitmaps: 8 bits, 256 entries, 0x000000ff mask, 1024 bytes
GPU-Loops: 32
GPU-Accel: 8
Password lengths range: 1 - 7
...
Device #1: Kernel ./kernels/4318/m3000_a3.sm_21.ptx


Status.......: Exhausted
Input.Mode...: Mask (?1?1?1)
Hash.Target..: 00000000000000001c3a2b6d939a1021
Hash.Type....: LM
Time.Running.: 0 secs
Time.Left....: 0 secs
Time.Util....: 997.8ms/1.6ms Real/CPU, 0.2% idle
Speed........:    46757 c/s Real, 38278.6k c/s GPU
Recovered....: 0/2 Digests, 0/1 Salts
Progress.....: 46656/46656 (100.00%)
Rejected.....: 0/46656 (0.00%)
HWMon.GPU.#1.:  0% Util, 44c Temp, -1rpm Fan

Started: Mon May 28 18:42:36 2012
Stopped: Mon May 28 18:42:37 2012
Not found!


At first I thought it's my generator which is the problem, I used EGB to make sure of that but, EGB cracked them all correctly!
Code:
LM bfLM.ini %hash%
Maximum password length: 7 characters
Number of GPU to be used: 1
Configuration file: "bfLM.ini"
36077a718ccdf409:8
0182bd0bd4444bf8:1234567
1c3a2b6d939a1021:AAA
8c6f5d02deb21501:ABC

All passwords found! Time elapsed: 0d:0h:0m:1s.


Most if not all of these problems disappear when doing a dictiory attack:
Code:
hc64p -m3000 ..\M\LM.hash ..\M\Odic.dic
** Valid keyfile for beta usage: malik (expires 18.05.2013)

cudaHashcat-plus v0.09 by atom starting...

Hashes: 6
Unique digests: 5
Bitmaps: 8 bits, 256 entries, 0x000000ff mask, 1024 bytes
Rules: 1
GPU-Loops: 32
GPU-Accel: 8
Password lengths range: 1 - 7
...
Device #1: Kernel ./kernels/4318/m3000_a0.sm_21.ptx

Scanned dictionary ..\M\Odic.dic: 20 bytes, 4 words, 4 keyspace, starting attack
...

36077a718ccdf409:8
aad3b435b51404ee:
8c6f5d02deb21501:ABC
1c3a2b6d939a1021:AAA
0182bd0bd4444bf8:1234567

Status.......: Cracked
Input.Mode...: File (..\M\Odic.dic)
Hash.Target..: File (..\M\LM.hash)
Hash.Type....: LM
Time.Running.: 0 secs
Time.Util....: 994.9ms/0.0ms Real/CPU, 0.0% idle
Speed........:        4 c/s Real,        0 c/s GPU
Recovered....: 5/5 Digests, 1/1 Salts
Progress.....: 4/4 (100.00%)
Rejected.....: 0/4 (0.00%)
HWMon.GPU.#1.:  0% Util, 38c Temp, -1rpm Fan

Started: Mon May 28 19:16:21 2012
Stopped: Mon May 28 19:16:23 2012


Tried:
oclHashcat-plus-0.09b15
oclHashcat-plus-0.08

Similar results with oclHashcat-lite-0.10b49.

Am I doing something wrong? I don't think so.
I'm also amazed that nobody noticed this before. Or it's just me?


Messages In This Thread
Cracking LM - by M@LIK - 05-28-2012, 06:17 PM
RE: Cracking LM - by undeath - 05-28-2012, 06:24 PM
RE: Cracking LM - by Hash-IT - 05-28-2012, 06:27 PM
RE: Cracking LM - edit1 - by M@LIK - 05-28-2012, 06:35 PM
RE: Cracking LM - by atom - 05-29-2012, 02:41 PM
RE: Cracking LM - by M@LIK - 05-29-2012, 03:00 PM
RE: Cracking LM - by m4tr1x - 05-29-2012, 06:55 PM
RE: Cracking LM - by M@LIK - 06-12-2012, 02:58 PM
RE: Cracking LM - by atom - 06-12-2012, 05:29 PM