Posts: 5
Threads: 1
Joined: Sep 2021
09-06-2021, 08:01 PM
(This post was last modified: 09-06-2021, 10:12 PM by alexxx.
Edit Reason: removed actual hash values
)
Hi,
my brain got stuck, even after reading wiki (or is it just "that day")
so ...
i have some sha256 hash to crack ... an example (random example) :
sha256 hash
dbb12ceaf87ceaf87ceaf87ceaf87ceaf8751e29a0257751e29751e29751e291
pasword
21 90 12 12 12 12 4A 21 00 00 00 00 00 00 00 00 - last 8 bytes is always 00
so ...the question is ... how to combine mask attack on this (which range from 0x00 to 0xFF),
since password result have last 8 bytes always 0x00 ? (characters = 0-9, A-F , last 8 bytes can be truncated)
(yeah, you will say - it's simple ... i just cant figure it out at the moment)
and the second question is ...
how to maximise performance of this cracking on AMD RX580 GPU,
Windows7, latest Adrenalin 21.5.2 installed.
Do i need some additional parameters ?
Do i need some other (by Hashcat recommended) drivers ?
Thanks for reading this (and hopefully helping),
and sorry for (maybe for you) trivial questions.
b.r.
Alex
Posts: 866
Threads: 15
Joined: Sep 2017
first
read forum rules, it is prohibited to post hashes and or passes as long as not asked by the devs/mods
second
your hash and or pass is not matching
even when trying to convert hex to ascii and/or deleting your spaces, nothing will result in what you have posted as sha 256
third
hex 90, 91, 92 reminds me of typical double misconversion between utf-8 and windows charpages so your password canbe / should be malformed
Posts: 5
Threads: 1
Joined: Sep 2021
09-06-2021, 10:02 PM
(This post was last modified: 09-06-2021, 11:59 PM by alexxx.)
(09-06-2021, 08:43 PM)Snoopy Wrote: first
read forum rules, it is prohibited to post hashes and or passes as long as not asked by the devs/mods
second
your hash and or pass is not matching
even when trying to convert hex to ascii and/or deleting your spaces, nothing will result in what you have posted as sha 256
third
hex 90, 91, 92 reminds me of typical double misconversion between utf-8 and windows charpages so your password canbe / should be malformed
Hashes/password randomized/faked now ....
***EDIT:
i've come up to something ... but is this correct ... ?
hashcat -m 1400 <HASH> -O -S -w 3 -a 3 -1 0123456789abcdef -2 0 ?1?1?1?1?1?1?1?1?2?2?2?2?2?2?2?2 -o
main problem with this i've come up is that it needs lot of RAM (9.1Gb) ?! is that normal ?
password should be array of 16 times 00-FF strings, but - am I masking it correctly ?
Posts: 866
Threads: 15
Joined: Sep 2017
do we "really" talking about hex like strings?
so in your example:
sha256('ffffffffffffffff0000000000000000') = 9d16bfa811f70a01d13ecbe0bb081c80f89e37b72383566740ef849617e80ab2
sha256('FFFFFFFFFFFFFFFF0000000000000000') = 5219f4e314c19218f9eb9393c077c8858caff6b546e142c8cfc4c936bec769d6
upper / lower case letters possible in such strings? or do we talk about a hex representation of the found password?
even when just appending the 8 times 00 per rule, the first half, 8 times 00 to ff or FF or mixed (as string) is quite a huge keyspace, it is 16^16 and should be result in an overflow by hashcat
Posts: 5
Threads: 1
Joined: Sep 2021
(09-07-2021, 11:34 AM)Snoopy Wrote: do we "really" talking about hex like strings?
so in your example:
sha256('ffffffffffffffff0000000000000000') = 9d16bfa811f70a01d13ecbe0bb081c80f89e37b72383566740ef849617e80ab2
sha256('FFFFFFFFFFFFFFFF0000000000000000') = 5219f4e314c19218f9eb9393c077c8858caff6b546e142c8cfc4c936bec769d6
upper / lower case letters possible in such strings? or do we talk about a hex representation of the found password?
even when just appending the 8 times 00 per rule, the first half, 8 times 00 to ff or FF or mixed (as string) is quite a huge keyspace, it is 16^16 and should be result in an overflow by hashcat
it's just lowercase letters/chars 0123456789abcdef, first 8 bytes of output "array", as in example,
last 8 bytes of array is always 00 00 00 00 00 00 00 00
mask that i put in example, goes pretty quick on hashcat, but results in "exhausted" ...
i'm gonna find some known hash/result and put it in ...
just on thing i'm not sure - is my mask good ?
-a 3 -1 0123456789abcdef -2 0 ?1?1?1?1?1?1?1?1?2?2?2?2?2?2?2?2
or
-a 3 -1 0 ?h?h?h?h?h?h?h?h?1?1?1?1?1?1?1?1
should be basically the same, as "h" = 01234567890abcdef
Posts: 866
Threads: 15
Joined: Sep 2017
(09-07-2021, 06:30 PM)alexxx Wrote: -a 3 -1 0123456789abcdef -2 0 ?1?1?1?1?1?1?1?1?2?2?2?2?2?2?2?2
or
-a 3 -1 0 ?h?h?h?h?h?h?h?h?1?1?1?1?1?1?1?1
should be basically the same, as "h" = 01234567890abcdef
sry but i still dont really get what you try to achieve
your given example (edit: the second example is the same)
-a 3 -1 0123456789abcdef -2 0 ?1?1?1?1?1?1?1?1?2?2?2?2?2?2?2?2
will result in passes like
afafafaf00000000
b1b2b3b400000000
(16 chars total, 8 zeros at the end, no spaces between)
but you said passes always end with 00 00 00 00 00 00 00 00 (these are 16 zeros, so your mask dont fit) the next thing, do these "spaces" belong to the password or not?
shortened example
sha256('ff 00 00') is something complete different than
sha256('ff0000')
Posts: 5
Threads: 1
Joined: Sep 2021
09-10-2021, 08:46 PM
(This post was last modified: 09-10-2021, 09:05 PM by alexxx.)
it was mis-interpreted wrongly .... (from my side)
so, here is correct "what-i-want-to-crack" :
- given sha256 hash
- result is actually byte-array ie: 30303930343139323063306134613231
([009041920c0a4a21 = each digit + 30] ,0+30 0+30 9+30 0+30 4+30 1+30 9+30 2+30 0+30 c+30 0+30 a+30 4+30 a+30 2+30 1+30)
via this site (after choosing HEX), correct hash is received (from this example).
so ... how to get correct (cracked) result with hashcat ? is it mask-attack ?
i'm stuck here .... i dunno what to put in hashcat for this
thanks
Posts: 866
Threads: 15
Joined: Sep 2017
09-13-2021, 06:47 PM
(This post was last modified: 09-13-2021, 06:49 PM by Snoopy.)
i hope i get it right (from your last example), you have data like this
sha256hash:30303930343139323063306134613231
30303930343139323063306134613231 -> hex to ascii = 009041920c0a4a21
009041920c0a4a21 -> interpreted as hex and given as input to sha256-> your searched sha256hash =
eb263129803e19314d6644961[masked]
?
if yes, first prepare a charset-file like this
1. hashcat -a 3 --stdout ?h?h > charset.txt
2. open this file with a good texteditor and remove all newlines, linebreaks, so that there is only one line with all chars
from 00 to ff (512, dont be afraid when your file looks messed up, hashcat randomized the output by default )
3. feed hashcat like this
hashcat.exe -m 1400 -a3 -O --hex-charset -1 charset.txt sha256.txt ?1?1?1?1?1?1?1?1
specify an output-file on your own or leave it, see hashcat.potfile for results, the results will look like this
eb263129803e19314d6644961[masked]:$HEX[009041920c0a4a21]
to get your 30303930343139323063306134613231 you have to interpret 009041920c0a4a21 as ascii to hex
https://www.rapidtables.com/convert/numb...o-hex.html or use another tool
these "double-conversation" or misinterpreting is not related to sha256 so it must be have to to something with the source of your data
Posts: 5
Threads: 1
Joined: Sep 2021
(09-13-2021, 06:47 PM)Snoopy Wrote: i hope i get it right (from your last example), you have data like this
sha256hash:30303930343139323063306134613231
30303930343139323063306134613231 -> hex to ascii = 009041920c0a4a21
009041920c0a4a21 -> interpreted as hex and given as input to sha256-> your searched sha256hash =
eb263129803e19314d6644961[masked]
?
if yes, first prepare a charset-file like this
1. hashcat -a 3 --stdout ?h?h > charset.txt
2. open this file with a good texteditor and remove all newlines, linebreaks, so that there is only one line with all chars
from 00 to ff (512, dont be afraid when your file looks messed up, hashcat randomized the output by default )
3. feed hashcat like this
hashcat.exe -m 1400 -a3 -O --hex-charset -1 charset.txt sha256.txt ?1?1?1?1?1?1?1?1
specify an output-file on your own or leave it, see hashcat.potfile for results, the results will look like this
eb263129803e19314d6644961[masked]:$HEX[009041920c0a4a21]
to get your 30303930343139323063306134613231 you have to interpret 009041920c0a4a21 as ascii to hex
https://www.rapidtables.com/convert/numb...o-hex.html or use another tool
these "double-conversation" or misinterpreting is not related to sha256 so it must be have to to something with the source of your data
Yes, thats it, like in my last example.
hashed result : 30303930343139323063306134613231 - gives correct hash (from example)
Now, i am still stuck - i tried what you suggested
charset.txt is single-line with 000102030405060708090A....FF
and what i got is - "Integer overflow detected in keyspace of mask: ?1?1?1?1?1?1?1?1"
(with space between 00 01 ... FF - "Invalid hex character detected in mask 00 01....FF")
this is some "hard nut" ...
Posts: 866
Threads: 15
Joined: Sep 2017
warg...
yeah sry tried this just with a/your shortened charset of [009041920c0a4a21]
tried something with rules but no success, i think the problem is you have to feed hashcat per pipe and not quite sure wheter these "control chars" are transmitted correctly through pipe (output given by hashcat shows pw candidates with less than 8/16 and i dont know why)
i tried a run with half of the keyspace and it showed me a runtime aof 34 years (so yeah IT IS a huge keyspace)
if you still want to give it a shot, you have to use maskprocessor
https://github.com/hashcat/maskprocessor/releases/
and feed hashcat like this (you can do some "gambling" with how do order -1 and -2)
with this hahscat will start with something like ffffffff00000000
left side will " slowly decrease" to 00... right side will "slowly increase" to ff...
mp64.exe -1 0123456789abcdef -2 fedcba9876543210 ?2?2?2?2?2?2?2?2?1?1?1?1?1?1?1?1 | hashcat.exe --hex-charset -a 0 -O -m 1400 sha256.txt
|