0.07(1?) MSSQL 2000/5 dictionary attack failure (even with A0.M1300.* examples)?
#1
With a given file of sample hashes, and a small dictionary which should find at least one password without rules, and at least one password with a given rule, I'm getting 0 results in Straight mode, though hashcat (CPU) does provide results.

Windows 7 64-bit
ATI 6450, 512MB RAM
ATI Catalyst 12.3 (?) reported by Catalyst Control Center, though I'd installed Catalyst 12.2.


I'm using Hashcat-gui 0.5.1 as the installation base, though I verified with a separate oclHashcat-plus-0.07 download (from some time ago).
Hashcat-GUI0.5.1's install of oclhashcat-plus reports a version of 0.07

Hash example (length may be important?):
0x0100xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Hashcat A0.M1300.* examples also fail to find any results at all in oclhashcat-plus:
oclHashcat-plus64.exe --hash-type 131 ..\hashcat\examples\A0.M1300.hash ..\hashcat\examples\A0.M1300.word
oclHashcat-plus64.exe --hash-type 132 ..\hashcat\examples\A0.M1300.hash ..\hashcat\examples\A0.M1300.word


No results from:
oclHashcat-plus64.exe --hash-type 132 --rules-file X:\path\rule.rule X:\path\hashes x:\path\wordlist

or from:
oclHashcat-plus64.exe --hash-type 132 X:\path\hashes x:\path\wordlist


Correct results from exactly the same hash and wordlist file:
hashcat-cli64.exe --hash-mode 1300 --rules-file X:\path\rule.rule X:\path\hashes x:\path\wordlist

and from:
hashcat-cli64.exe --hash-mode 1300 X:\path\hashes x:\path\wordlist
#2
works for me:

Code:
root@sf:~/oclHashcat-plus-0.08# ./oclHashcat-plus64.bin -m 132 /root/hashcat-0.40/examples/A0.M1300.hash /root/hashcat-0.40/examples/A0.M1300.word  
oclHashcat-plus v0.08 by atom starting...

Hashes: 2
Unique salts: 2
Unique digests: 2
Bitmaps: 8 bits, 256 entries, 0x000000ff mask, 1024 bytes
Rules: 1
GPU-Loops: 64
GPU-Accel: 40
Password lengths range: 1 - 15
Platform: AMD compatible platform found
Watchdog: Temperature limit set to 90c
Device #1: Tahiti, 2803MB, 0Mhz, 32MCU
Device #1: Allocating 192MB host-memory
Device #1: Kernel ./kernels/4098/m0130_a0.Tahiti.64.kernel (918120 bytes)

Scanned dictionary /root/hashcat-0.40/examples/A0.M1300.word: 86 bytes, 10 words, 10 keyspace, starting attack...

0x0100ed562e634029bcffe2082f2a6d17f9b8a07aa4ba3ee21ff3:sql2005
0x0100ce2a113071d50e10e2d2409418538c704c4d35298a22d066:coldfusion
                                    
Status.......: Cracked
Input.Mode...: File (/root/hashcat-0.40/examples/A0.M1300.word)
Hash.Target..: File (/root/hashcat-0.40/examples/A0.M1300.hash)
Hash.Type....: MSSQL(2005)
Time.Running.: 1 sec
Time.Util....: 1000.4ms/0.0ms Real/CPU, 0.0% idle
Speed........:       16 c/s Real,        0 c/s GPU
Recovered....: 2/2 Digests, 2/2 Salts
Progress.....: 19/20 (95.00%)
Rejected.....: 3/19 (15.79%)
HW.Monitor.#1: 89% GPU, 83c Temp

Started: Wed Mar 28 20:34:59 2012
Stopped: Wed Mar 28 20:35:13 2012
#3
oh, the -m 131 works too, but you have to reformat the hashes a bit:

Code:
root@sf:~/oclHashcat-plus-0.08# cat hash
0x0100e16bed510000000000000000000000000000000000000000a72befac3e58eb24d559d9fe0045cfdf090782e2
0x01002d42c262000000000000000000000000000000000000000006ae0aa711acd61419b22cdee42ab466d9549fe4
0x01000344bd000000000000000000000000000000000000000000eb1ef6c83632faeb31f04c8ee5ad7fca7d99148f
0x0100464395050000000000000000000000000000000000000000291e0b6da39261e356bf68a949b182bff8598432
0x010097798a490000000000000000000000000000000000000000abcd7717ff0f9074ad2feecbead6e58d955cbbad
0x0100133433ed0000000000000000000000000000000000000000c1aa75d321cea7c6b87c188710b1ff76ed856c1e
0x0100091a561100000000000000000000000000000000000000005675b355767d007dceefde17e3d7ea51c0b521f2
0x01005d4591120000000000000000000000000000000000000000d6c77cc4ae16b149e88698d2d8305a5f93dfeae8
root@sf:~/oclHashcat-plus-0.08# ./oclHashcat-plus64.bin -m 131 hash /root/hashcat-0.40/examples/A0.M1300.word

oclHashcat-plus v0.08 by atom starting...

Hashes: 8
Unique salts: 8
Unique digests: 8
Bitmaps: 8 bits, 256 entries, 0x000000ff mask, 1024 bytes
Rules: 1
GPU-Loops: 64
GPU-Accel: 40
Password lengths range: 1 - 15
Platform: AMD compatible platform found
Watchdog: Temperature limit set to 90c
Device #1: Tahiti, 2932MB, 0Mhz, 32MCU
Device #1: Allocating 192MB host-memory
Device #1: Kernel ./kernels/4098/m0130_a0.Tahiti.64.kernel (918120 bytes)

Scanned dictionary /root/hashcat-0.40/examples/A0.M1300.word: 86 bytes, 10 words, 10 keyspace, starting attack...

0x010097798a490000000000000000000000000000000000000000abcd7717ff0f9074ad2feecbead6e58d955cbbad:Paul
0x01002d42c262000000000000000000000000000000000000000006ae0aa711acd61419b22cdee42ab466d9549fe4:test
0x01000344bd000000000000000000000000000000000000000000eb1ef6c83632faeb31f04c8ee5ad7fca7d99148f:test1
0x0100464395050000000000000000000000000000000000000000291e0b6da39261e356bf68a949b182bff8598432:test2
0x0100e16bed510000000000000000000000000000000000000000a72befac3e58eb24d559d9fe0045cfdf090782e2:carlos
0x0100091a561100000000000000000000000000000000000000005675b355767d007dceefde17e3d7ea51c0b521f2:database
0x01005d4591120000000000000000000000000000000000000000d6c77cc4ae16b149e88698d2d8305a5f93dfeae8:jhl9mqe5
0x0100133433ed0000000000000000000000000000000000000000c1aa75d321cea7c6b87c188710b1ff76ed856c1e:DBAmaster
                                    
Status.......: Cracked
Input.Mode...: File (/root/hashcat-0.40/examples/A0.M1300.word)
Hash.Target..: File (hash)
Hash.Type....: MSSQL(2000)
Time.Running.: 1 sec
Time.Util....: 1000.5ms/0.0ms Real/CPU, 0.0% idle
Speed........:       42 c/s Real,        0 c/s GPU
Recovered....: 8/8 Digests, 8/8 Salts
Progress.....: 72/80 (90.00%)
Rejected.....: 30/72 (41.67%)
HW.Monitor.#1:  0% GPU, 57c Temp

Started: Wed Mar 28 20:44:28 2012
Stopped: Wed Mar 28 20:44:30 2012
#4
I just pulled out 0.06, dropped it into the hashcat-gui-0.5.1 directory, and that doesn't work for me either.

Could it be the AMD 6450 512MB card, and/or Catalyst 12.2 (I reinstalled Catalyst with Express install; no difference) not handling dictionary attacks properly?

oclHashcat-plus64.exe --hash-type 2300 ..\hashcat\examples\A0.M1300.hash ..\hashcat\examples\A0.M1300.word
ERROR: hash: xxxx, line length exception: 94
ERROR: hash: xxxx, line length exception: 94
ERROR: hash: xxxx, line length exception: 94
ERROR: hash: xxxx, line length exception: 94
ERROR: hash: xxxx, line length exception: 94
ERROR: hash: xxxx, line length exception: 94
ERROR: hash: xxxx, line length exception: 94
ERROR: hash: xxxx, line length exception: 94
oclHashcat-plus v0.06 by atom starting...

Hashes: 2
Unique salts: 2
Unique digests: 2
Bitmaps: 8 bits, 256 entries, 0x000000ff mask, 1024 bytes
Rules: 1
GPU-Loops: 64
GPU-Accel: 40
Password lengths range: 1 - 15
Platform: AMD compatible platform found
Watchdog: Temperature limit set to 90c
Device #1: Caicos, 512MB, 0Mhz, 2MCU
Device #1: Allocating 12MB host-memory
Device #1: Kernel ./kernels/4098/m1300_a0.Caicos.64.kernel (1244196 bytes)

Scanned dictionary ..\hashcat\examples\A0.M1300.word: 86 bytes, 10 words, starting attack...


Status.......: Exhausted
Input.Mode...: File (..\hashcat\examples\A0.M1300.word)
Hash.Type....: MSSQL(2005)
Time.Running.: 1 sec
Time.Left....: 0 secs
Time.Util....: 1009.8ms/0.0ms Real/CPU, 0.0% idle
Speed........: 20 c/s Real, 0 c/s GPU
Recovered....: 0/2 Digests, 0/2 Salts
Progress.....: 20/20 (100.00%)
Rejected.....: 0/20 (0.00%)
HW.Monitor.#1: 0% GPU, 40c Temp

Started: Tue Nov 01 14:43:58 2011
Stopped: Tue Nov 01 14:43:59 2011

oclHashcat-plus64.exe --hash-type 1300 ..\hashcat\examples\A0.M1300.hash ..\hashcat\examples\A0.M1300.word

ERROR: hash: xxxx, line length exception: 54
ERROR: hash: xxxx, line length exception: 54
oclHashcat-plus v0.06 by atom starting...

Hashes: 8
Unique salts: 8
Unique digests: 8
Bitmaps: 8 bits, 256 entries, 0x000000ff mask, 1024 bytes
Rules: 1
GPU-Loops: 64
GPU-Accel: 40
Password lengths range: 1 - 15
Platform: AMD compatible platform found
Watchdog: Temperature limit set to 90c
Device #1: Caicos, 512MB, 0Mhz, 2MCU
Device #1: Allocating 12MB host-memory
Device #1: Kernel ./kernels/4098/m1300_a0.Caicos.64.kernel (1244196 bytes)

Scanned dictionary ..\hashcat\examples\A0.M1300.word: 86 bytes, 10 words, starting attack...


Status.......: Exhausted
Input.Mode...: File (..\hashcat\examples\A0.M1300.word)
Hash.Type....: MSSQL(2000)
Time.Running.: 1 sec
Time.Left....: 0 secs
Time.Util....: 1005.0ms/0.0ms Real/CPU, 0.0% idle
Speed........: 80 c/s Real, 0 c/s GPU
Recovered....: 0/8 Digests, 0/8 Salts
Progress.....: 80/80 (100.00%)
Rejected.....: 0/80 (0.00%)
HW.Monitor.#1: 0% GPU, 40c Temp

Started: Tue Nov 01 14:44:10 2011
Stopped: Tue Nov 01 14:44:11 2011

>oclHashcat-plus64.exe -V
0.06
#5
you have to reformat the hashes, see my example above
#6
(03-29-2012, 10:03 AM)atom Wrote: you have to reformat the hashes, see my example above

Given that there are several SQL 2000 hashes, and two SQL 2005 hashes, and you can see the line length warnings clearly in each run, I'd have expected that SQL 2000 mode would have cracked most of them and ignored the short ones, and SQL 2005 mode would have cracked two of them and ignored the long ones.

Am I incorrect in this assumption? I'm not trying to show that it cracks all of the hashes, I'm trying to show that it's failing to crack any of them in either mode.
#7
I think so, yes. In my example above you can see I cracked all 10 of 10 hashes with the 10 words from the dictionary.
#8
I just tested 0.08 with the hashcat 0.39 examples, and got fully correct results on a 6950; I'll test the 6450 out soon and report back.