Same hashes different results

[philsmd]

Did some test now but was unable to reproduce this. Are you sure that the charset matches with the passwords, i.e. that all hashes *could* definitely be cracked by the mask? E.g are there no special characters etc.

Please also tell us what hardware do you use (cuda/ocl - card model) and/or which kernel is loaded.

MY TESTS:

Code:

// Description: Generates the MSSQL 2005 hashes starting from a password and salt
// Date: 05/22/13
//
// License: belongs to the PUBLIC DOMAIN, donated to hashcat, credits MUST go to hashcat
//          and me for their hard work. Thx
// Disclaimer: WE PROVIDE THE PROGRAM “AS IS” WITHOUT WARRANTY OF ANY KIND, EITHER
//         EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
//         OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
//         Furthermore, NO GUARANTEES THAT IT WORKS FOR YOU AND WORKS CORRECTLY
//
// HOWTO compile: gcc mssql_2005_compute.c -o mssql_2005_compute -lcrypto
// Example usage: ./mssql_2005_compute hashcat 18102152
// 0x010018102152f8f28c8499d8ef263c53f8be369d799f931b2fbe
#include <string.h>
#include <stdio.h>
#include <openssl/sha.h>

#define DIGEST_LENGTH 20
#define MSSQL2005_IDENTIFIER "0100"
#define MAX_PASS_LEN 50
#define MAX_LEN_SALT 8  // 8 octets == 4 hex
#define MAX_LEN_UNICODE_SALT 105
#define HEX_BLOCK_SIZE 2
char*HEX_CHARS="0123456789abcdef";

int generate_hash(char digest[DIGEST_LENGTH],char*salt,char*pass)
{
    int i,len_pass,len_unicode_salt;
    char unicode_salt[MAX_LEN_UNICODE_SALT];
    len_pass=strlen(pass);
    if (len_pass>MAX_PASS_LEN)
    {
        printf("[-] ERROR: password too long. EXIT.\n");
        return 0;
    }
    // Convert pass to uppercase unicode
    memset(unicode_salt,0,MAX_LEN_UNICODE_SALT);
    len_unicode_salt=len_pass*2;
    for (i=0; i<len_pass; i++)
    {
        unicode_salt[i*2]=pass[i];   // Unicode
    }
    // Salt
    memcpy(unicode_salt+len_unicode_salt,salt,4);
    len_unicode_salt+=4;
    SHA_CTX context;
    SHA1_Init(&context);
    SHA1_Update(&context,(unsigned char*)unicode_salt,len_unicode_salt);
    SHA1_Final(digest, &context);
    return 0;
}

void print_hash(unsigned char*salt,unsigned char digest[DIGEST_LENGTH])
{
    int i;
    printf("0x%s",MSSQL2005_IDENTIFIER);
    for (i=0; i<sizeof(salt)/sizeof(char); i++)
    {
        printf("%02x",salt[i]);
    }
    for (i=0; i<DIGEST_LENGTH; i++)
    {
        printf("%02x",digest[i]);
    }
    printf("\n");
}

int parse_salt(char salt[MAX_LEN_SALT],char*input)
{
    int i,j,len_hex=strlen(HEX_CHARS),power,len=strlen(input);
    char*pos;
    if (len<MAX_LEN_SALT)
    {
        fprintf(stderr,"[-] Error: salt is too short, length of %i expected\n",
                MAX_LEN_SALT);
        return 1;
    }
    if (len!=MAX_LEN_SALT)
    {
        fprintf(stderr,"[!] Warning: salt should be *exactly* of length %i, ",
                MAX_LEN_SALT);
        fprintf(stderr,"using only first %i bytes\n",MAX_LEN_SALT);
    }
    memset(salt,0,MAX_LEN_SALT+1);  // null terminator included
    for (i=0; i<MAX_LEN_SALT; i+=HEX_BLOCK_SIZE)
    {
        for (j=0,power=len_hex; j<HEX_BLOCK_SIZE; j++,power/=len_hex)
        {
            pos=strchr(HEX_CHARS,input[i+j]);
            if (pos==NULL)
            {
                fprintf(stderr,"[-] Unexpected character encountered. *Not* a valid");
                fprintf(stderr," hex char. EXIT\n");
                return 1;
            }
            salt[i/HEX_BLOCK_SIZE]+=(pos-HEX_CHARS)*power;
        }
    }
    return 0;
}

void usage()
{
    printf("--- MSSQL 2005 COMPUTE ---\nUSAGE:\n    ./mssql_2005_compute ");
    printf("<PASS> <HEX_SALT>\n");
}

int main(int argc,char**argv)
{
    int i;
    unsigned char digest[DIGEST_LENGTH];
    // COMMAND LINE PARSING
    if (argc<2)
    {
        fprintf(stderr,"[-] Please specify the password. EXIT\n");
        usage();
        return 1;
    }
    if (argc<3)
    {
        fprintf(stderr,"[-] Please specify a salt. EXIT\n");
        usage();
        return 1;
    }
    // END COMMAND LINE PARSING
    char salt[MAX_LEN_SALT+1];
    if (!parse_salt(salt,argv[2]))
    {
        if (!generate_hash(digest,salt,argv[1]))
        {
            // success
            print_hash(salt,digest);
            return 0;
        }
        else
        {
            fprintf(stderr,"[-] Error: password generation was *not* successful");
            return 1;
        }
    }
    return 1;
}

My salt from example (http://hashcat.net/wiki/doku.php?id=example_hashes ): 18102152

My test file: hash_mssql2005
5 lower case letters as per example above

Code:

$ ./mssql_2005_compute testa 18102152 >  hash_mssql2005
$ ./mssql_2005_compute testb 18102152 >> hash_mssql2005
$ ./mssql_2005_compute testc 18102152 >> hash_mssql2005
$ ./mssql_2005_compute hashc 18102152 >> hash_mssql2005

My command line:

Code:

$ cudaHashcat-plus32 -a 3 -m 132 -1 ?l?u?d hash_mssql2005 ?1?1?1?1?1

AND

Code:

$ cudaHashcat-plus32 -a 3 -m 132 -1 ?l hash_mssql2005 ?1?1?1?1?1

The result of my tests are that I always get all hashes cracked and "Status.........: Cracked" in the output (as expected).
Could you try to do the same?