hashcat Forum - General Help

AIX {ssha256} and {ssha512} hash algo ?

Wed, 29 Jun 2016 07:41:01 +0000

Hello,

I'm trying to learn how the AIX implementation for ssha256 / ssha512 differs from the standard algo described in ftp://ftp.arlut.utexas.edu/pub/java_hash...-crypt.txt (my goal is to be able to generate valid hash from a java app).

I saw that you discussed the subject a lot 3 years ago (https://hashcat.net/forum/thread-2247.html). So I was wondering if you would help about the details of the algo.

Any help or pointer to resources on the subject would be much appreciated.

Thanks,

Auto login performance benefits

Sun, 26 Jun 2016 00:01:28 +0000

Is there any particular reason that the Auto Login section was removed from the Linux Server how to?

https://hashcat.net/wiki/doku.php?id=linux_server_howto

I am still running Ubuntu 14.04 and recently upgraded the driver from 14.09 to 15.12

I had my /etc/lightdm/lightdm.conf file set up like this (per the former instructions).

Code:
greeter-session=unity-greeter

user-session=openbox

autologin-user=YOUR_USERNAME

autologin-user-timeout=0

As an experiment, I took the above lines out of /etc/lightdm/lightdm.conf to make my display available again on my monitor. Taking these lines out resulted in a noticeable performance drop in passwords per second when testing with WPA2 (probably due to having to drive a monitor).

I am running a 295X2 on Ubuntu 14.04 and was getting around 330,000 passwords per second with the 14.9 Catalyst Driver when connected to my machine over ssh. I decided to upgrade the driver to 15.12 and had auto login disabled when I ran my next performance benchmark. It was topping out at around 275,000 keys/passwords per second, a noticeable drop.

Next, I re-enabled auto login and retested the benchmark with WPA2 over ssh. Now, I get around 383,000 passwords per second.

It seems that running a monitor while benchmarking/cracking has quite a performance impact. Is this universally true for both Nvidia and AMD?

Should setting up auto login and running oclHashcat be considered best practice given the noticeable performance benefits?

Will the wiki be updated at some point so that auto login instructions will be provided for the newer versions of Ubuntu and other Linux distributions?

Cracking Help

Fri, 24 Jun 2016 23:49:51 +0000

Need some help with some training examples that I'm doing.

I have a list of hashes and was given the beginning of each password (ex. My-Password-) and told that each one ends with 4 digits. They can be cracked by using the mask My-Password-?d?d?d?d. I understand the ?d represents an unknown digit and I'm assuming I need to create a password list containing the password with all possible digit combinations and run it against the hashes but not sure where to go from there. Is there an easy way to create the password list or is there a command that will take My-Password-?d?d?d?d and automatically run it against the list of hashes?

Thanks in advance!

MD5 know the password but not salt

Fri, 24 Jun 2016 16:41:30 +0000

Hey there,

I've been given a problem I'm trying to figure out. I've been given two hash's that have the same password but both are different as each has a unique 'salt'. Said hash is an MD5 string. I was wondering the best way to configure the input to account that the salt would be prepended or appended to the actual password to potentially speed up the hash checks. Right now I start it at an increment of 6 for char length as I know the password is five characters (all lowercase alphabetical). The rest of it is what is unknown.

Any thoughts on how to optimize the hashcat mask attack for this?

Clustering Still Possible ??

Fri, 24 Jun 2016 15:54:34 +0000

Hey Hashcat users and Supporters, thanks for the great work,
I am using oclHashcat on a daily basis for cracking Domain Passwords on our network.
As well as checking the security.

Now i have some Questions left, and yes i googled a lot :-)

Is it Still Possible to use Clustering for Hashact or oclHashcat ??? , the background:

In our Environment there are hundreds (minimum running at same time 265) of Workstations linked together over an real fast cisco network Infrastructure, they have not the best Graphic cards on board but each of them has min i7 Cpu.(intel) (yes i know GPU is much better, but thats not the point)

They are all running windows, but if needed i could change that.
I´m the Domain Admin.
So my question is , would it be possible to install on each of them some software for clustering them all together (CPU and maybe GPU) to crack DCC2 and other Hashes??

Sure i know clustering but not in combination with hashcat or jon or ocl.

I already read some things about hashstack and Hashtopus as well crackloard but i can´t get the information wich would be the best option and how to setup.

I think hashstack would be the best ??

It would be much faster in my opinion to use all network computers to compute the passwords than using my Server.
So i would set him up as Broker and the rest as nodes.

But how ? , which clustering is supported ??

I would be really happy if u could help me to get more power to these Projekt.
Also i would pay some money to solve the problem for sure.

maybe u can help me, would be a real great thing.
Running all these computers for one instance must be powerful, its a bit also a dream so please help me :-)

Help with cracking

Fri, 24 Jun 2016 00:31:54 +0000

I’m taking a class where we generated passwords and salts with python using the following code:

Code:
#!/usr/bin/python

from hashlib import *

import binascii

salt = '3d10c0082e0a2f7d'

pw = 'cat'

salt = binascii.unhexlify(salt)

m = md5(salt)

m.update(pw)

s = sha1(salt)

s.update(m.digest())

s.update(pw)

print s.hexdigest()

print pw

print "----\n"

In my file, I have

user::

I’ve attempted to crack these but I’m running into problems with them. What I tried to do is take a dictionary list, run the list into the pw variable and compare the outputted hash with the hash in the password file. This worked for like 2 passwords and then that’s all.

I was wondering if HashCat would be able to crack something like these…

Thanks!

SHA1 - Unable to use MD5 as a password

Thu, 23 Jun 2016 08:28:53 +0000

Is it correct functionality of hashcat that a password of 32 characters (MD5) cannot be used for SHA1 in hashcat?

I was trying to use md5's as potential passwords but found this limitation. Passwords of 31 characters are OK.

Is there any way around this?

Help Please

Wed, 22 Jun 2016 13:38:52 +0000

HI. Im very very new to this so please forgive the very basic request. Ive been "learning" this for around 2 days with no real background in hacking/cracking etc.

Ive made a word document and password protected it - the password is "mike" (nice and simple)

Now I want to learn hop to get hashcat to find the password. I have got the latest version installed and have put the DOC file through QuickHash to generate a hash of the file

I then used youtube (sorry but I needed to start somewhere) to come up with the following - it uses wordlists which appear to be doing the job but my GPU is not being utitlised enough (reported from HASHCAT)

This is the command Im using

cudahashcat64.exe -m 100 -a 3 -o --output-file=cracked.txt --remove hash.txt wordlists/HASHKILLER.TXT

I dont know if its correct or not but Id love to get it running a bruteforce without worldists and using the charactersets

Sorry if this is totally basic but Im struggling a little

Windows PC - 960GTX GPU

Installing an additional GPU

Wed, 22 Jun 2016 13:31:25 +0000

Hey I'm having a problem with regards to adding an additional GPU to my system.

It is usually a matter of..

aticonfig --initial -f --adapter=all

reboot

Win!

Although after I reboot the xorg.conf gets overwritten and I cannot set clocks, fan etc with aticonfig/od6config.

hashcat recognises the GPU, uh OK.. but I would rather have manual control over the fans and setting the core clocks is impossible.

I've switch GPU's around, tried different slots to no avail and even disabled gpu-manager.

All done on a fresh install of ubuntu 14.04 + latest stable crimson drivers. 15.30

I have a linked the output of a few commands below and I’d appreciate any assistance..

http://pastebin.com/JHVGXnrU

Troubleshooting overheating issues with my cracking rig

Sat, 18 Jun 2016 16:12:02 +0000

Hello everyone,

I've recently invested in a dedicated password cracking machine, but I'm having trouble getting the most out of it because of heating issues. Here's a picture of how it looks inside.
Basically, that's 32 GBs of RAM, a Core i7 and 4 AMD GPUs (SAPPHIRE R9 290 4G GDD5 TRI-X).

Now as soon as I tried cracking some passwords with it, the overheating problems showed up. No matter what I tried, it would never run for more than 5 minutes. I figured that the GPUs were too close to each other and were blowing out their heat on each other.
What I did next (while being quite unhappy about it) was remove two of the four GPUs; this way, there's some space between them for the air to circulate. I still had major overheating issues, so my last ditch effort was to place the machine in front of an opened window and add a big general purpose fan in front of it:

Now, it works a bit better. I still get interruptions due to overheating every 1-6 hours, but at least I can get some work done.
It feels quite bad to have 2 GPUs that I cannot use, though, so I was wondering if anyone would be so kind as to give me some advice on this problem. Thanks a lot in advance for your time!

How to optimize attacking very large hashes

Tue, 14 Jun 2016 06:08:03 +0000

Hi,

I'm trying to attack a very large hashes, few GB in size and manage to get it down now to a few hundreds MB. The problem is that it takes a long time to:

remove recovered hashes from the hash file (i'm using --remove)

Example:
doing -a 3 ?a?a?a?a?a?a attack completed fast on my 2 x GTX 1080, but to get back to command prompt will take a while

when loading, it takes a long time to compare hashes with pot file

Code:
Comparing hashes with potfile entries...

How can I optimize this and make it a lot faster.

Thank you.

Best regards,
Azren

how i can find used algorithm

Sat, 11 Jun 2016 12:50:12 +0000

Hi,
I have a problem and did not know how to resolve it.
I have the encryption tool, so i can generate a file containing for example "secret".
I do not know the encryption algorithm.

How knowing the word "secret" and being sure of its existence in the file, find the algorithm (one of the standard one)

Maciek

any tools to generate masks?

Fri, 10 Jun 2016 17:12:54 +0000

hi every1,
i was wondering if any 1 knows if their is a tool that allow u to generate mask files? (or know how to make)

lets say i want to make a mask with 8 characters 2 ?l 4 ?d 2 ?u

?l?l?d?d?d?d?u?u
?u?l?l?d?d?d?d?u
?u?u?l?l?d?d?d?d
?d?u?u?l?l?d?d?d
etc..
u get the point..
writing every singel combination manual take alot of time!

netgear router

Sun, 05 Jun 2016 10:25:22 +0000

I'm trying to automate a script to automate creating cfg file for net gear routers but am unsure what algo is used to create the password hash

so i used the password password as a test and get the following hash

Code:
password 

LKtlQrlOphbQArYXL0tj6fxTNSHxLtcFEsJGTxxx746A7S/ABxx51XFF6xAm9N0F5xxx43kqhM7UF8cqSLxxxNNyDy1QL5kxYxZkFF58LXlBi2xx6Pk5VfUxxNhLKR6G

can any one point me in the right direction so i can generate these.

Apologies if i have posted in the wrong forum or an incorrect section if so can a mod please remove and any help would be grateful

Dunryc

Generating random strings

Sun, 29 May 2016 11:40:41 +0000

I was wondering if it is following possible in oclHashcat to let it generate random 64 characters long strings (which consists of 0-9 and a-z), hash it with SHA-256 and compare the given hash to the hash I want to crack.