hashcat Forum Support hashcat v
What is my password?

Threaded Mode
What is my password?
rodrigo.Brasil Offline
Junior Member
**
Posts: 28
Threads: 8
Joined: Dec 2022
#1
08-11-2023, 05:12 PM (This post was last modified: 08-11-2023, 05:19 PM by rodrigo.Brasil.)
Run this:
Code:
hashcat.exe -m 1000  --potfile-disable 5e486282398373e0b4bedf01db16b795 -a 3 P?b?bsztorZs201 --quiet

It will show:

5e486282398373e0b4bedf01db16b795:PásztorZs201

If I open the potfile in a hex editor, I have
Code:
50 C3 A1 73 7A 74 6F 72 5A 73 32 30 31
P  à ¡  s  z  t  o  r  Z  s  2  0  1  

But, if I try to replicate it in python with this code:
Code:
import hashlib, binascii
val = bytearray.fromhex("50c3a1737a746f725a73323031")
hashcalc = binascii.hexlify(hashlib.new('md4', val).digest()).decode()
print(f"{hashcalc} != 5e486282398373e0b4bedf01db16b795")
# d65e9927549a762507bae550ba54969a != 5e486282398373e0b4bedf01db16b795

It will not work, but the same code worked for all other password without non-english character! 

How to force hashcat to print the $HEX[] format? What encoding mistake I am doing?
Find
Reply
Snoopy Offline
Posting Freak
*****
Posts: 826
Threads: 15
Joined: Sep 2017
#2
08-11-2023, 06:35 PM
welcome to the hell of character encodings

your hexeditor opened your file using utf-8 resulting in your shown hex BUT take a look at this, NTLM uses UTF16le for characterencoding and here we go

Code:
val = 'PásztorZs201'
hash = hashlib.new('md4', val.encode('utf-8')).digest()
hash = binascii.hexlify(hash)
print(f"{hash}")
hash = hashlib.new('md4', val.encode('utf-16le')).digest()
hash = binascii.hexlify(hash)
print(f"{hash}")
hash = hashlib.new('md4', val.encode('iso-8859-15')).digest()
hash = binascii.hexlify(hash)
print(f"{hash}")
hash = hashlib.new('md4', val.encode('UTF-8').decode('iso-8859-15').encode('utf-16le')).digest()
hash = binascii.hexlify(hash)
print(f"{hash}")

b'd65e9927549a762507bae550ba54969a'
b'e3fcd123f5bdadf2a0e61472fd13869c'
b'594fd6650f079efc9b8bfb0a1627ba70'
b'5e486282398373e0b4bedf01db16b795'

last line is the desired hash but but you see the needed conversation to get there?
Find
Reply
rodrigo.Brasil Offline
Junior Member
**
Posts: 28
Threads: 8
Joined: Dec 2022
#3
08-11-2023, 08:49 PM (This post was last modified: 08-11-2023, 08:53 PM by rodrigo.Brasil.)
(08-11-2023, 06:35 PM)Snoopy Wrote: welcome to the hell of character encodings

your hexeditor opened your file using utf-8 resulting in your shown hex BUT take a look at this, NTLM uses UTF16le for characterencoding and here we go

Soo... The correct input was:

Code:
val = bytearray.fromhex("5000c300a10073007a0074006f0072005a007300320030003100")

Now I really don't understand. I know NTLM uses UTF16le. And yes, I was doing it (but didn't realize in my first post). I put the core hash just because all this problems.
  • From a utf-8 input, the hashcat convert to utf16le, hash it and check. 
  • If it find, it convert back to utf-8 and save in pot file? 
  • Did the hexeditor change something? Does it show EXCACTLY what I have in the file?

What do I need to know about encoding to not make mistakes? 

Because the same code doesn't worked for this case:
Code:
        val = 'vascão.321'
        hash = hashlib.new('md4', val.encode('utf-16le')).digest()
        print("db4f8d140ddc16d9b77578d07f1e9782") # value I want

So this use another encoding. What am I missing?
Find
Reply
rodrigo.Brasil Offline
Junior Member
**
Posts: 28
Threads: 8
Joined: Dec 2022
#4
08-11-2023, 09:14 PM
Like this case, I really can't find the correct encoding to try in python:

Code:
hashcat.exe -m 1000  --potfile-disable eab5b5c892e0748ecd8977611385356d -a 3 ?b?bm?b?br.83F --quiet

eab5b5c892e0748ecd8977611385356d:ömür.83F

The good thing is that hashcat does all this encoding hell for us!
Find
Reply
Snoopy Offline
Posting Freak
*****
Posts: 826
Threads: 15
Joined: Sep 2017
#5
08-14-2023, 12:40 PM (This post was last modified: 08-14-2023, 12:43 PM by Snoopy.)
mom wrong
Find
Reply
Snoopy Offline
Posting Freak
*****
Posts: 826
Threads: 15
Joined: Sep 2017
#6
08-14-2023, 01:10 PM
take a look at this (i switched to windows codepage because, yeah windows)

Code:
strings = ['PásztorZs201', 'ömür.83F', 'vascão.321']
for val in strings:

    hash = hashlib.new('md4', val.encode().decode('windows-1252').encode('utf-16le')).digest()
    hash = binascii.hexlify(hash)
    print(f"{hash} : {val}")

hexstrings = ['50C3A1737A746F725A73323031', 'c3b66dc3bc722e383346', '76617363C3A36F2E333231']
for hexes in hexstrings:

    val =  bytes.fromhex(hexes).decode('windows-1252')
    hash = hashlib.new('md4', val.encode('utf-16le')).digest()
    hash = binascii.hexlify(hash)
    print(f"{hash} : {val} : {hexes}")

b'5e486282398373e0b4bedf01db16b795' : PásztorZs201
b'eab5b5c892e0748ecd8977611385356d' : ömür.83F
b'0e9e45ceb1bf4b13740482ecef3a6f15' : vascão.321
b'5e486282398373e0b4bedf01db16b795' : PásztorZs201 : 50C3A1737A746F725A73323031
b'eab5b5c892e0748ecd8977611385356d' : ömür.83F : c3b66dc3bc722e383346
b'0e9e45ceb1bf4b13740482ecef3a6f15' : vascão.321 : 76617363C3A36F2E333231

the diff in stringoutput, yeah next cool thing (terminal)

as you can see it works for pastor and ömür, regarding vascao is your hash wrong (try to crack it and you will see you hash is wrong)
Find
Reply