oldoffice hash, pure kernel not found
#1
Code:
C:\Users\XXX\Desktop\hashcat>hashcat.exe -m 9700 hash.txt pwlist.txt
hashcat (v6.2.5) starting

* Device #1: WARNING! Kernel exec timeout is not disabled.
            This may cause "CL_OUT_OF_RESOURCES" or related errors.
            To disable the timeout, see: https://hashcat.net/q/timeoutpatch
* Device #2: WARNING! Kernel exec timeout is not disabled.
            This may cause "CL_OUT_OF_RESOURCES" or related errors.
            To disable the timeout, see: https://hashcat.net/q/timeoutpatch
CUDA API (CUDA 11.6)
====================
* Device #1: NVIDIA GeForce GTX 1080, 7213/8191 MB, 20MCU

OpenCL API (OpenCL 3.0 CUDA 11.6.58) - Platform #1 [NVIDIA Corporation]
=======================================================================
* Device #2: NVIDIA GeForce GTX 1080, skipped

./OpenCL/m09700_a0-optimized.cl: Pure kernel not found, falling back to optimized kernel
Minimum password length supported by kernel: 0
Maximum password length supported by kernel: 15

Hashes: 1 digests; 1 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates
Rules: 1

Optimizers applied:
* Optimized-Kernel
* Zero-Byte
* Precompute-Init
* Not-Iterated
* Single-Hash
* Single-Salt

Watchdog: Temperature abort trigger set to 90c

Host memory required for this attack: 175 MB

Dictionary cache built:
* Filename..: pwlist.txt
* Passwords.: 100000
* Bytes.....: 851085
* Keyspace..: 99990
* Runtime...: 0 secs

The wordlist or mask that you are using is too small.
This means that hashcat cannot use the full parallel power of your device(s).
Unless you supply more work, your cracking speed will drop.
For tips on supplying more work, see: https://hashcat.net/faq/morework

Approaching final keyspace - workload adjusted.

Session..........: hashcat
Status...........: Exhausted
Hash.Mode........: 9700 (MS Office <= 2003 $0/$1, MD5 + RC4)
Hash.Target......: $oldoffice$0*cecb1e54d9XXXXXXXXXX*70a00...fd33c0
Time.Started.....: Thu Jan 20 17:41:07 2022 (0 secs)
Time.Estimated...: Thu Jan 20 17:41:07 2022 (0 secs)
Kernel.Feature...: Optimized Kernel
Guess.Base.......: File (pwlist.txt)
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........: 27166.6 kH/s (0.81ms) @ Accel:1024 Loops:1 Thr:32 Vec:1
Recovered........: 0/1 (0.00%) Digests
Progress.........: 99990/99990 (100.00%)
Rejected.........: 449/99990 (0.45%)
Restore.Point....: 99990/99990 (100.00%)
Restore.Sub.#1...: Salt:0 Amplifier:0-1 Iteration:0-1
Candidate.Engine.: Device Generator
Candidates.#1....: 123456 -> crossroad
Hardware.Mon.#1..: Temp: 38c Fan:  0% Util: 19% Core: 756MHz Mem:4911MHz Bus:16

Started: Thu Jan 20 17:41:05 2022
Stopped: Thu Jan 20 17:41:09 2022


Sorry, Im new to this, did I do something wrong? How can I crack the oldoffice hash?
Nvidia driver 511.23
Reply
#2
well everything worked fine, your wordlist contains 99990 passwords and all where tested, but the right pass wasnt inside your list, you can try combine this list with some rules (see faq rules) or you try another bigger wordlist, or try bruteforce
Reply
#3
Thanks, I have no idea of the possible rules for the password. If I try bruteforce, that would meaning using the "-a 3" flag? How about the kernel thing, should I worry about that?
Reply
#4
hashcat comes with some rulesets like best64 etc., see folder rules, there are some other rules you can find online like oneruletorulethemall but for a fast try, try best64 and dive with your wordlist

yeah bruteforce means -a 3 and you have to provide a guessing mask

you can start with option -i and a mask of ?a?a?a?a

to try 1-4 positions with all possible ascii chars and see how long it would take, longer passwords i would modify the mask otherwise it will take to much time, given your speed it should take 2800 DAYS to test a mask with 6 times ?a because this hash is a little bit slow
Reply
#5
Thanks again. Fortunately, I have got it cracked by using -1 ?u -2 ?l?u?d and ?1?2?2?2?2?2?2?2. (length 8)
However the keyword I found is just a word that matches the hash but not the original password.
How can I make hashcat continue the search for all possible matches?
Reply
#6
(01-20-2022, 06:29 PM)new01b Wrote: Thanks again. Fortunately, I have got it cracked by using -1 ?u -2 ?l?u?d and ?1?2?2?2?2?2?2?2. (length 8)
However the keyword I found is just a word that matches the hash but not the original password.
How can I make hashcat continue the search for all possible matches?

add option

--keep-guessing
Reply