03-24-2024, 07:35 PM
I am using Windows 11, I know, I know.
I have a gpg file that is encrypted using:
I have used John to get a hash:
I have read that this hash is probably not in the correct format for hashcat to use, but I cannot figure out how to build the correct hash string for hashcat.
If I do try to run .\hashcat.exe -a3 -m17010 S:\scratch\foobar-gpg-hash.txt ?a?a?a?a?a?a, get:
Using hashcat --help, I only see this listed for gpg:
However from here https://hashcat.net/wiki/doku.php?id=example_hashes, I see:
Based on the gpg command used to encrypt the file, I was thinking I really need the 17030 mode.
When running .\hashcat.exe -m17010 --example-hashes --mach, it successfully returns the example.
When running .\hashcat.exe -m17030 --example-hashes --mach, I get:
So, assuming I am actually using the right mode, how do I get the correct module?
Thanks.
I have a gpg file that is encrypted using:
Code:
gpg -c --force-mdc --cipher-algo AES256
I have used John to get a hash:
Code:
.\gpg2john.exe S:\scratch\foobar.txt.gpg > S:\scratch\john-foobar-gpg-hash.txt
I have read that this hash is probably not in the correct format for hashcat to use, but I cannot figure out how to build the correct hash string for hashcat.
If I do try to run .\hashcat.exe -a3 -m17010 S:\scratch\foobar-gpg-hash.txt ?a?a?a?a?a?a, get:
Code:
hashcat (v6.2.6) starting
S:\scratch\hashcat-foobar-gpg-hash.txt: Byte Order Mark (BOM) was detected
CUDA API (CUDA 12.4)
====================
* Device #1: NVIDIA GeForce RTX 4080, 15048/16375 MB, 76MCU
OpenCL API (OpenCL 3.0 CUDA 12.4.99) - Platform #1 [NVIDIA Corporation]
=======================================================================
* Device #2: NVIDIA GeForce RTX 4080, skipped
OpenCL API (OpenCL 3.0 ) - Platform #2 [Intel(R) Corporation]
=============================================================
* Device #3: Intel(R) UHD Graphics 770, 6432/12967 MB (2047 MB allocatable), 32MCU
Minimum password length supported by kernel: 0
Maximum password length supported by kernel: 256
Hashfile 'S:\scratch\hashcat-foobar-gpg-hash.txt' on line 1 ($): Separator unmatched
No hashes loaded.
Started: Sun Mar 24 11:44:07 2024
Stopped: Sun Mar 24 11:44:09 2024
Using hashcat --help, I only see this listed for gpg:
Code:
17010 | GPG (AES-128/AES-256 (SHA-1($pass))) | Raw Hash
However from here https://hashcat.net/wiki/doku.php?id=example_hashes, I see:
Code:
17010 GPG (AES-128/AES-256 (SHA-1($pass))) * | $gpg$*1*348*1024*8833fa3812b5500aa9eb7e46febfa31a0584b7e4a5b13c198f5c9b0814243895cce45ac3714e79692fb5a130a1c943b9130315ce303cb7e6831be68ce427892858f313fc29f533434dbe0ef26573f2071bbcc1499dc49bda90648221ef3823757e2fba6099a18c0c83386b21d8c9b522ec935ecd540210dbf0f21c859429fd4d35fa056415d8087f27b3e66b16081ea18c544d8b2ea414484f17097bc83b773d92743f76eb2ccb4df8ba5f5ff84a5474a5e8a8e5179a5b0908503c55e428de04b40628325739874e1b4aa004c4cbdf09b0b620990a8479f1c9b4187e33e63fe48a565bc1264bbf4062559631bef9e346a7217f1cabe101a38ac4be9fa94f6dafe6b0301e67792ed51bca04140cddd5cb6e80ac6e95e9a09378c9651588fe360954b622c258a3897f11246c944a588822cc6daf1cb81ccc95098c3bea8432f1ee0c663b193a7c7f1cdfeb91eee0195296bf4783025655cbebd7c70236*3*254*2*7*16*a47ef38987beab0a0b9bfe74b72822e8*65536*1f5c90d9820997db
17020 GPG (AES-128/AES-256 (SHA-512($pass))) * | $gpg$*1*668*2048*57e1f19c69a86038e23d7e5af5d810f4f86d32e9aaaf04b54281cda2194dcca99ee1f23f4aa3a011d5d2dc9e47689c449f398d315f91a03f4765742d20a7046e986a9696f0e07380a73fdd61e7ab2caa463a049a5869e008e16bb30d22f93f9aa8b0fdd41d2b19e669d58ca462498905e79944bff578c24139a88ef44582aef93f94fe22406a3ae32dcc0f0602e2f4345db2bd9d775eaeb14a8d7aff963e1ca8c29bab2fc3d459941587f4242af6e100e2e668a6c9247c19969ba294f6f2ab60ef84d42aab2e3512153a283d321442840189733dc6024dab0ea5d10d2e07fee914fc2e7177b310e8835bf8a5ffe1bde5ce0a74d3dd570c1b2652672873d3c520364acc0af35f5f7d0e0e95df8c2db3855936e0a4a24cc463bf277b0c5ea37d4ac1ddae6ef9da18852620de15ab648306f3d7acbb918e79f3ab7a3eaf4f59416560c4d31d8a0220c3301c95db4b8fe6b69348657aed52d5e15aefb17fedd15a50630a4edbad362ba9b79a048b4966a70643d8fa31fb397a531db85e8ad5bb169f5188449dbcc1bbaf42440d1794a34296c2407092c76e59544133959309ce42a05899162c55a865018085a4c57068294a5389cf6fbf1c93b5ab7732625fb6a465bd7ec51a128c2f9b0cf3fd0367f92667098b3a8af40f9f434a2a727b09bddbad1762127cc785eda419ac3ff24c8724e04ea2d330b0b441f34623955efd383f20578cdc527f3076ee068b727cd399ce17ff9d5233409b2d16d55c5c80cb8ca01019cd068c6e803217d6f2b7124e354b89de0eb0dfd241384026a1cdca529b6fed37aa0ececb0d6c26de06407d75a6e3108b0d25621db418206291a67216306e1a18c992736e45ef7f87373c0a3f28ddc1b4543604cd154f6b79265a6d8c13550078c3bcf55063263e5bc5cae6b925c1dbb67f972e234006867849e653*3*254*10*9*16*d1547688c9cc944482d16dff17df0858*20971520*1fef4e57e302d34e
17030 GPG (AES-128/AES-256 (SHA-256($pass))) * | $gpg$*1*668*2048*e75985b4e7d0bce9e38925a5cf69494ae9a2ccfe2973f077d9423642fffec8bee0e327178a4a3431875ca1f377b9f89269e7c42b94150859d9e5bf5c4504d63076b270118183dda75d253492be8b680c0061e7f130010a00a09a0456710051f2483052ad209fcb9f194f78ecd04fd04953fa1cd6f7ce9babca8b2ee6432730de069648460b2822fe355ed19e0055c69251097681901d7183626019d938727399df47f5249f25b1c73e8654bf935014533845f278e6dd94b8c2964ad6a87c718967686f39a88b21a0e5a93321d4733c81d9310955db6990d8cd02bcf73159b1f48f5615def601aa3e12bf30384da41b558b1eef1111cfc85c8772c123a7b977e2ba399f65679c35b9a2abfde0230a5706fe99f5460c700b1498b1661353ec30eab25defb9af2e7e744fd050d2e7c87542d8bc49e728a7734accf2801dc5972192670858f2004308f3afdd94acd44e1161c44dd372296ca7fe40cbb541c21d640a10df34460c4f5c7cd1bf3b3282668d7edb53be4d843aef4b6f0357526d9c4432aa2a45e113a73e75bfec98cb4cc020ab6cca35336fd188140fd16183dbe288707421e698b6e4801508ae903de3e5d600bd613ea612af92780e53be37722897edb8a588193e7d28819c2f0cbb4e97c3e830113ce14ab05ddb82552fc5e82c386ec2fe9b2d86fc7ade39e341e3dd828502cc3dd038cb21cb0512e79dca9f5a9eae78b2e91aa0732ac77fbc3bc5575c210f519c178669ea99bef62eb6761dfa76407d0d501b07a696a0214dafde7b0bfb48e8ba445b6b42a859a63cb91c9d991ed030ef9e6c63f53b395e14821d7039e4455e0e3712f77f64b7abaa04467bd5b9be26c5e098430187676d0aa7206e2e4fa2e5b7bd486d18b0f3859e94319ccac587574a7bae6ccb3e9414cc769761cf6a0fa1b33cccd1a4b0b04c0d52cd*3*254*8*9*16*343d26cf2c10a8f8a161874fbb218c12*65536*666ae8d1c98404b0
Based on the gpg command used to encrypt the file, I was thinking I really need the 17030 mode.
When running .\hashcat.exe -m17010 --example-hashes --mach, it successfully returns the example.
When running .\hashcat.exe -m17030 --example-hashes --mach, I get:
Code:
hashcat (v6.2.6) starting in hash-info mode
Either the specified hash mode does not exist in the official repository,
or the file(s) could not be found. Please check that the hash mode number is
correct and that the files are in the correct place.
Cannot load module ./modules/module_17030.dll
So, assuming I am actually using the right mode, how do I get the correct module?
Thanks.