hashcat Forum - Old hashcat Support

Text manipulation with hashcat

Tue, 07 Jun 2016 21:47:48 +0000

So I have a list of hashes that are in ID:username:SHA1pass format.

I'd like my output list to be in username:plaintext format of all the ones that were able to be cracked. What is the best way of doing this with a dictionary file?

Integrated AMD GPU with oclHashcat

Tue, 07 Jun 2016 06:16:09 +0000

Hello,
Sorry if this sounds like a stupid question but just bare with it as i have a different idea in mind.

from what i've understand from the wiki is that there are three versions of hashcat
1- hashcat for Intel/AMD CPUs
2- cudaHashcat for NVidia GPUs
3- oclHashcat for AMD GPUs

so cuda/oclHashcat works only with GPUs, now correct me if i'm wrong that oclHaschat works also with AMD integrated GPU (APU)? right? i mean i'm not talking here about performance and speed, just if i got the information correctly?

thanks in advanced.

Combolist decrypt

Sat, 04 Jun 2016 10:03:03 +0000

I want to decrypt a user:hash combolist in a result of user:pass.
Basically i want to replace the found lines and remove the others.
Example:

Flexu88:[redacted]
to:
Flexu88:word
Or even Flexu88:[redacted]:word

-m 13100 (Kerberos 5 TGS-REP etype 23) return Invalid hash-type specified ???

Sun, 29 May 2016 14:38:02 +0000

cudaHashcat64.exe -a 0 -m 13100

return- "ERROR: Invalid hash-type specified"

I'm running above win 10(x64) with the last NVidia driver

hashcat-3.00 beta syntax

Thu, 19 May 2016 15:34:21 +0000

I'm using the latest beta for tests with two GTX980TI's and see issues with using both cards.

Should the "--opencl-devices 1,2" flag use both cards ?

Using this command from the documentation:

./hashcat64.bin --opencl-device-type 2 --opencl-devices 1,2 -t 32 -a 7 example0.hash ?a?a?a?a example.dict

The output shows only GPU #1 with stats:

Session.Name...: hashcat
Status.........: Aborted
Input.Left.....: Mask (?a?a?a?a) [4]
Input.Right....: File (example.dict)
Hash.Target....: File (example0.hash)
Hash.Type......: MD5
Time.Started...: Thu May 19 15:24:21 2016 (21 secs)
Time.Estimated.: Thu May 19 15:24:56 2016 (11 secs)
Speed.Dev.#1...: 4204.2 MH/s (2.75ms)
Speed.Dev.#2...: 0 H/s (0.00ms)
Speed.Dev.#*...: 4204.2 MH/s
Recovered......: 2190/6494 (33.72%) Digests, 0/1 (0.00%) Salts
Recovered/Time.: CUR:N/A,N/A,N/A AVG:0.00,0.00,0.00 (Min,Hour,Day)
Progress.......: 86670408916/136302297088 (63.59%)
Rejected.......: 0/86670408916 (0.00%)
Restore.Point..: 0/129988 (0.00%)
HWMon.GPU.#1...: 0% Util, 53c Temp, 0% Fan
HWMon.GPU.#2...: 0% Util, 44c Temp, 0% Fan

When I augment the command to use individual cards (i.e. "--opencl-devices 1" and/or "--opencl-devices 2") each card works without issue by itself.

Log for card 1 only:

Device #1: GeForce GTX 980 Ti, 1533/6135 MB allocatable, 1291Mhz, 22MCU
Device #2: GeForce GTX 980 Ti, skipped

Hashes: 6494 hashes; 6494 unique digests, 1 unique salts

Log for card 2 only:

Device #1: GeForce GTX 980 Ti, skipped
Device #2: GeForce GTX 980 Ti, 1535/6143 MB allocatable, 1291Mhz, 22MCU

Hashes: 6494 hashes; 6494 unique digests, 1 unique salts

Am I missing something else? If so just point me back to the documentation and I'll re-read it again.

Your help is greatly appreciated!

gpu intel

Tue, 17 May 2016 06:54:13 +0000

What is the difference version of hashcat-3.00-beta-6 with other versions?
This edition combines graphics power and is cpu?
Like you do not use the full power of cpu?
Is there a way to make full use of cpu?
Details Photos:
https://www.sendspace.com/file/6i7now

ASP.NET Membership Password Hash

Mon, 16 May 2016 09:10:16 +0000

I am trying to use hashcat with an .NET Membership password hash.
I have a 40 bytes long hashvalue which is sha1 and encoded in base64. Second I have a 128 bytes long salt which seem to be hex values in upper-case.

So first I convert the base64 pw hash:

echo -n "XGO********************B1nA=" | base64 --decode | xxd -ps

which gives me the 40 bytes sha1 hash:
5c******************************1b01d670

The salt is

FC7040D218A2FDEADF7BC1C341CD61D1D246BE570BD2E7D312F4C42BDE7DBEA6B34013D1B7700FAAFEAFEED96CAEF52ACAA6D38FF9FB9E392AD62C0048DC08A0

I then prepare a file with the following format:

FC7040D218A2FDEADF7BC1C341CD61D1D246BE570BD2E7D312F4C42BDE7DBEA6B34013D1B7700FAAFEAFEED96CAEF52ACAA6D38FF9FB9E392AD62C0048DC08A0:5c******************************1b01d670

When I run hashcat with the following command

hashcat -m 140 --hex-salt ./sha1 ../wordlists/rockyou.txt

I get an line length exception

If I pass shorter salts, hashcat excepts the input, so I guess the problem is with the 128byte salt. Maybe the salt is in the wrong format ?

Thanks in advance for any help

cracking a pdf

Fri, 13 May 2016 20:56:48 +0000

Hello,
Total noob
So I have a pdf - unable to open without a password. I have zero idea of the length , characters or anything about the password. I know the pdf has 128 bit RCA4 encryption. I only have a intel core i3, and no gfx cards.

1) Is it possible to crack the password in reasonable time < 1 month? A brute force program is telling me 1 year+.

2) How do I go about this ? I have generated the hash using pdf2john.py and tried using hashcat but it just keeps telling me hash was not read.

Thanks

gpu intel

Thu, 12 May 2016 17:37:24 +0000

hi
Intel graphics card should be used for which hashcat version?plz link download

Trying to crack NTLMv2

Mon, 09 May 2016 15:06:18 +0000

So I captured a NTLMv2 hash using embedded UNC from one of my Windows 7 machines using the Metasploit SMB server.

When I try to crack it using -m 1000 and a mask attack knowing the first characters I get an error saying something about the length is wrong and "skipping line"? Can someone tell me the exact command I should be using to perform a mask attack against NTLMv2 hash?

Thank-you in advance!

Hash seems simple but i can't identify it

Sun, 08 May 2016 02:05:35 +0000

Hello everyone, i m testing web application, and made an account with simple password and got a hash like this:
c2tuXllXXXXyXnXXdXXxajXjXXhXdz09
Then i made another account with the same password and got the same hash. I suppose there is no salt in it.
So i tried with hash-identifier (which showed me MD5 ) and HashID (which showed me DNSSEC NSEC3)
I proceeded with the hashcat and tried to "crack" it with the dictionary (my password in it):

Code:
hashcat -m 0 -a 0 -o found.txt --remove testmyhash.txt bigpass.txt

Quote:Input.Mode: Dict (bigpass.txt)
Index.....: 3/3 (segment), 960618 (words), 10499593 (bytes)
Recovered.: 0/1 hashes, 0/1 salts
Speed/sec.: - plains, - words
Progress..: 960618/960618 (100.00%)
Running...: --:--:--:--
Estimated.: --:--:--:--

with no results , also tried dictionary with only one password (correct one)

and i m confused. All right, maybe it is NSEC3 (that method looks very rare), and i need oclhashcat to "crack" that. Videocard only in my windows pc. I'm doing this:

Code:
cudahashcat64.exe -m 8300 -a 0 -o found.txt --remove testmyhash.txt bigpass.txt

,
but it keeps yelling at me:

Quote:WARNING: Hash 'testmyhash.txt' Line-length exception

Is there a method which helps me to identify hash algorithm if i know the password? Is it really NSEC3? Thanks in advance.

NetNTLMv2 Cyrillic symbols issue

Fri, 06 May 2016 13:23:57 +0000

Hi!
I'm trying to crack NetNtlmv2 hash with known password

test::test-PC:1122334455667788:EE8BE66E931EE5F78502E43AB0755EB7:0101000000000000B74CFB6137A6D101B672CD72950FCF320000000002000A0073006D006200310032000100140053004500520056004500520032003000300038000400160073006D006200310032002E006C006F00630061006C0003002C0053004500520056004500520032003000300038002E0073006D006200310032002E006C006F00630061006C000500160073006D006200310032002E006C006F00630061006C000800300030000000000000000000000000300000EFD2A20880C73783FE82407EB41E4B3FE2D57CF015812BDC3DBC367618B9B8E30A0010000000000000000000000000000000000009001C0063006900660073002F0064006100750074006F0076002D00700063000000000000000000

password is cyrillic "a" (unicode 0430)

when i try method described here hashcat didn't manage to recover this pass.

Then i tried to run hashcat using mask ?b?b --incremental

Useless again.

Password was successfully cracked using john.

Hashcat successfully crack hashes with latin passwords, for example

test::test-PC:1122334455667788:66B41928700FEA503B80D86372FE1164:0101000000000000206CC1C437A6D101A0D0BEE8D9BE72C80000000002000A0073006D006200310032000100140053004500520056004500520032003000300038000400160073006D006200310032002E006C006F00630061006C0003002C0053004500520056004500520032003000300038002E0073006D006200310032002E006C006F00630061006C000500160073006D006200310032002E006C006F00630061006C00080030003000000000000000000000000030000037DE47151778061BAA06DCDCE4F1ACAB2B85419749F92F70F4921AAA5677A3F80A0010000000000000000000000000000000000009001C0063006900660073002F0064006100750074006F0076002D00700063000000000000000000:te

Am I right that there is some issue with non latin symbols in netntlmv2 method in hashcat?

First time trying to "crack" something

Fri, 06 May 2016 08:36:20 +0000

Hi,
I'm trying to figure if what I'm trying to do is feasible with Hashcat(or the beta of oclHashcat for OS X). This is my first time using hashcat/oclhashcat.

I got the file where it's supposed to be the hash for my 1Password vault. But it's the last version of 1Password and the file is from a "container" called "1Password.opvault", it is not a ".filevault" extension one.

In this file I've found(among others) the file "profile.js" which seems to have my password. The fields in this file are(among less interesting ones) salt, masterKey, passwordHint(just text), iterations, uuid, overviewKey.

iteration is 25000
salt is 24 char long.
masterKey is 449 char long
overviewKey is 196 char long

The passwordHint one is not interesting for cracking but for making sure this is where the masterpassword is stored. I'm assuming masterKey is the hash and I have no idea what overviewKey is.

The problem is that I don't know what king of hash I have here, and thus I don't know what mode to use. If I try the -m 6600 I get the "Line-length exception" error. I've tried with padding(based on this question) so the hash is 2080 char long but I get the same error(the hash without padding is 449 char long).

With the mode 8200 I get the "Hash-length exception" with both padding and without padding.

Is it even possible to get this hash solved with either oclhashcat or hashcat on OS X? And if so, a little help, please?

BTW, this is from an old 1Password that I can't remember the password. I have a new one since some months ago, but this is just for fun/is interesting.

Prince

Fri, 06 May 2016 08:11:39 +0000

Hello

Prince explain about the attack?

bypass hashcat

Sat, 30 Apr 2016 18:37:16 +0000

Hello
Is it possible for me to explain to simply bypass your application
Bypass when running crack in hashcat?
TNQ