Posts: 414
Threads: 14
Joined: Mar 2012
Hi everyone,
I've noticed some very weird behaviors while playing with LM hashes.
So I generated some LM hashes:
Code: 0182BD0BD4444BF836077A718CCDF409:12345678
8C6F5D02DEB21501:ABC
1C3A2B6D939A1021:AAA
When trying to bruteforce these (In 16 bytes form or 32) I get either wrong cracked passwords or "Exhausted". Always, with some certain hashes.
Let's say this hash:
Code: 0182BD0BD4444BF836077A718CCDF409:12345678
Here we go:
Code: hc64p -m3000 -a3 ..\M\LM.hash ?d?d?d?d?d?d?d?d
** Valid keyfile for beta usage: malik (expires 18.05.2013)
cudaHashcat-plus v0.09 by atom starting...
Hashes: 2
Unique digests: 2
Bitmaps: 8 bits, 256 entries, 0x000000ff mask, 1024 bytes
GPU-Loops: 32
GPU-Accel: 8
Password lengths range: 1 - 7
...
Device #1: Kernel ./kernels/4318/m3000_a3.sm_21.ptx
36077a718ccdf409:8
0182bd0bd4444bf8:1234467
Status.......: Cracked
Input.Mode...: Mask (?d?d?d?d?d?d?d)
Hash.Target..: 0182bd0bd4444bf836077a718ccdf409
Hash.Type....: LM
Time.Running.: 0 secs
Time.Util....: 964.5ms/1.5ms Real/CPU, 0.2% idle
Speed........: 4512.0k c/s Real, 35682.4k c/s GPU
Recovered....: 2/2 Digests, 1/1 Salts
Progress.....: 4352000/10000000 (43.52%)
Rejected.....: 0/4352000 (0.00%)
HWMon.GPU.#1.: 0% Util, 45c Temp, -1rpm Fan
Started: Mon May 28 18:36:43 2012
Stopped: Mon May 28 18:36:45 2012
Notice the second hash.
Another one:
Code: 8C6F5D02DEB21501:ABC
Code: hc64p -m3000 -a3 -1 ?u?d ..\M\LM.hash ?1?1?1
** Valid keyfile for beta usage: malik (expires 18.05.2013)
cudaHashcat-plus v0.09 by atom starting...
Hashes: 2
Unique digests: 2
Bitmaps: 8 bits, 256 entries, 0x000000ff mask, 1024 bytes
GPU-Loops: 32
GPU-Accel: 8
Password lengths range: 1 - 7
...
Device #1: Kernel ./kernels/4318/m3000_a3.sm_21.ptx
8c6f5d02deb21501:AAC
Status.......: Exhausted
Input.Mode...: Mask (?1?1?1)
Hash.Target..: 00000000000000008c6f5d02deb21501
Hash.Type....: LM
Time.Running.: 0 secs
Time.Left....: 0 secs
Time.Util....: 998.0ms/1.6ms Real/CPU, 0.2% idle
Speed........: 46747 c/s Real, 10930.8k c/s GPU
Recovered....: 1/2 Digests, 0/1 Salts
Progress.....: 46656/46656 (100.00%)
Rejected.....: 0/46656 (0.00%)
HWMon.GPU.#1.: 0% Util, 45c Temp, -1rpm Fan
Started: Mon May 28 18:39:42 2012
Stopped: Mon May 28 18:39:44 2012
One more?
Code: 1C3A2B6D939A1021:AAA
Code: hc64p -m3000 -a3 -1 ?u?d ..\M\LM.hash ?1?1?1
** Valid keyfile for beta usage: malik (expires 18.05.2013)
cudaHashcat-plus v0.09 by atom starting...
Hashes: 2
Unique digests: 2
Bitmaps: 8 bits, 256 entries, 0x000000ff mask, 1024 bytes
GPU-Loops: 32
GPU-Accel: 8
Password lengths range: 1 - 7
...
Device #1: Kernel ./kernels/4318/m3000_a3.sm_21.ptx
Status.......: Exhausted
Input.Mode...: Mask (?1?1?1)
Hash.Target..: 00000000000000001c3a2b6d939a1021
Hash.Type....: LM
Time.Running.: 0 secs
Time.Left....: 0 secs
Time.Util....: 997.8ms/1.6ms Real/CPU, 0.2% idle
Speed........: 46757 c/s Real, 38278.6k c/s GPU
Recovered....: 0/2 Digests, 0/1 Salts
Progress.....: 46656/46656 (100.00%)
Rejected.....: 0/46656 (0.00%)
HWMon.GPU.#1.: 0% Util, 44c Temp, -1rpm Fan
Started: Mon May 28 18:42:36 2012
Stopped: Mon May 28 18:42:37 2012
Not found!
At first I thought it's my generator which is the problem, I used EGB to make sure of that but, EGB cracked them all correctly!
Code: LM bfLM.ini %hash%
Maximum password length: 7 characters
Number of GPU to be used: 1
Configuration file: "bfLM.ini"
36077a718ccdf409:8
0182bd0bd4444bf8:1234567
1c3a2b6d939a1021:AAA
8c6f5d02deb21501:ABC
All passwords found! Time elapsed: 0d:0h:0m:1s.
Most if not all of these problems disappear when doing a dictiory attack:
Code: hc64p -m3000 ..\M\LM.hash ..\M\Odic.dic
** Valid keyfile for beta usage: malik (expires 18.05.2013)
cudaHashcat-plus v0.09 by atom starting...
Hashes: 6
Unique digests: 5
Bitmaps: 8 bits, 256 entries, 0x000000ff mask, 1024 bytes
Rules: 1
GPU-Loops: 32
GPU-Accel: 8
Password lengths range: 1 - 7
...
Device #1: Kernel ./kernels/4318/m3000_a0.sm_21.ptx
Scanned dictionary ..\M\Odic.dic: 20 bytes, 4 words, 4 keyspace, starting attack
...
36077a718ccdf409:8
aad3b435b51404ee:
8c6f5d02deb21501:ABC
1c3a2b6d939a1021:AAA
0182bd0bd4444bf8:1234567
Status.......: Cracked
Input.Mode...: File (..\M\Odic.dic)
Hash.Target..: File (..\M\LM.hash)
Hash.Type....: LM
Time.Running.: 0 secs
Time.Util....: 994.9ms/0.0ms Real/CPU, 0.0% idle
Speed........: 4 c/s Real, 0 c/s GPU
Recovered....: 5/5 Digests, 1/1 Salts
Progress.....: 4/4 (100.00%)
Rejected.....: 0/4 (0.00%)
HWMon.GPU.#1.: 0% Util, 38c Temp, -1rpm Fan
Started: Mon May 28 19:16:21 2012
Stopped: Mon May 28 19:16:23 2012
Tried:
oclHashcat-plus-0.09b15
oclHashcat-plus-0.08
Similar results with oclHashcat-lite-0.10b49.
Am I doing something wrong? I don't think so.
I'm also amazed that nobody noticed this before. Or it's just me?
Posts: 2,301
Threads: 11
Joined: Jul 2010
05-28-2012, 06:24 PM
(This post was last modified: 05-28-2012, 06:26 PM by undeath.)
what driver do you have installed?
might be connected to this? https://hashcat.net/forum/thread-1173.html
Posts: 723
Threads: 85
Joined: Apr 2011
@M@LIK
Quote:0182BD0BD4444BF836077A718CCDF409
Exhausted for me also. 
Posts: 414
Threads: 14
Joined: Mar 2012
05-28-2012, 06:35 PM
(This post was last modified: 05-28-2012, 06:47 PM by M@LIK.)
@ undeath:: Not sure what you really mean...
It's Nvidia, I download the drivers from here: http://www.nvidia.com/drivers
The current version on my machine is: 296.10
@ Hash-IT:: Thanks for the try!
EDiT:
undeath Wrote: might be connected to this? https://hashcat.net/forum/thread-1173.html I don't think so, since this is LM, bf, Nvidia. And that's salted MD5s, dictionaries, AMD.
Did you give a try? See if you have the same problem.
Posts: 5,185
Threads: 230
Joined: Apr 2010
works fine for my cayman gpu:
Code: root@sf:~/oclHashcat-plus-0.09# ./oclHashcat-plus64.bin -m 3000 0182BD0BD4444BF836077A718CCDF409 ?d?d?d?d?d?d?d?d -a 3
** Valid keyfile for beta usage: atom (expires 04.05.2013)
oclHashcat-plus v0.09 by atom starting...
Hashes: 2
Unique digests: 2
Bitmaps: 8 bits, 256 entries, 0x000000ff mask, 1024 bytes
GPU-Loops: 32
GPU-Accel: 40
Password lengths range: 1 - 7
Platform: AMD compatible platform found
Watchdog: Temperature abort trigger set to 90c
Watchdog: Temperature retain trigger set to 70c
Device #1: Cayman, 1024MB, 830Mhz, 24MCU
Device #2: Cayman, 1024MB, 830Mhz, 24MCU
Device #1: Allocating 72MB host-memory
Device #1: Kernel ./kernels/4098/m3000_a3.Cayman_923.1_1.4.1720.kernel (931776 bytes)
Device #2: Allocating 72MB host-memory
Device #2: Kernel ./kernels/4098/m3000_a3.Cayman_923.1_1.4.1720.kernel (931776 bytes)
36077a718ccdf409:8
0182bd0bd4444bf8:1234567
Status.......: Cracked
Input.Mode...: Mask (?d?d?d?d?d?d?d)
Hash.Target..: 0182bd0bd4444bf836077a718ccdf409
Hash.Type....: LM
Time.Running.: 0 secs
Time.Util....: 961.2ms/1.3ms Real/CPU, 0.1% idle
Speed........: 4527.6k c/s Real, 23501.3k c/s GPU
Recovered....: 2/2 Digests, 1/1 Salts
Progress.....: 4352000/10000000 (43.52%)
Rejected.....: 0/4352000 (0.00%)
HWMon.GPU.#1.: 0% Util, 42c Temp, 56% Fan
HWMon.GPU.#2.: 0% Util, 42c Temp, 30% Fan
Started: Tue May 29 14:39:38 2012
Stopped: Tue May 29 14:39:42 2012
As well as for my sm_21 GPU:
Code: root@ht:~/oclHashcat-plus-0.09# ./cudaHashcat-plus64.bin -m 3000 0182BD0BD4444BF836077A718CCDF409 ?d?d?d?d?d?d?d?d -a 3
** Valid keyfile for beta usage: atom (expires 04.05.2013)
cudaHashcat-plus v0.09 by atom starting...
Hashes: 2
Unique digests: 2
Bitmaps: 8 bits, 256 entries, 0x000000ff mask, 1024 bytes
GPU-Loops: 32
GPU-Accel: 8
Password lengths range: 1 - 7
Platform: NVidia compatible platform found
Watchdog: Temperature abort trigger set to 90c
Watchdog: Temperature retain trigger set to 70c
Device #1: GeForce GTX 560 Ti, 1023MB, 1660000Mhz, 8MCU
Device #1: Allocating 19MB host-memory
Device #1: Kernel ./kernels/4318/m3000_a3.sm_21.ptx
36077a718ccdf409:8
0182bd0bd4444bf8:1234467
Status.......: Cracked
Input.Mode...: Mask (?d?d?d?d?d?d?d)
Hash.Target..: 0182bd0bd4444bf836077a718ccdf409
Hash.Type....: LM
Time.Running.: 0 secs
Time.Util....: 990.7ms/0.2ms Real/CPU, 0.0% idle
Speed........: 4392.6k c/s Real, 45653.1k c/s GPU
Recovered....: 2/2 Digests, 1/1 Salts
Progress.....: 4352000/10000000 (43.52%)
Rejected.....: 0/4352000 (0.00%)
HWMon.GPU.#1.: -1% Util, 30c Temp, 15% Fan
Started: Tue May 29 14:41:49 2012
Stopped: Tue May 29 14:41:51 2012
Posts: 414
Threads: 14
Joined: Mar 2012
05-29-2012, 03:00 PM
(This post was last modified: 05-29-2012, 03:06 PM by M@LIK.)
@ atom:: You should have looked closer...
atom Wrote: As well as for my sm_21 GPU:
Code: ...
36077a718ccdf409:8
0182bd0bd4444bf8:1234467
...
0182bd0bd4444bf8:1234 467
It should be:
0182bd0bd4444bf8:1234 567
Have you tried:
Code: 1C3A2B6D939A1021:AAA
OR
1C3A2B6D939A1021AAD3B435B51404EE:AAA
EF20F1AFA8178582AAD3B435B51404EE:AAB
20606B82A2C18CEAAAD3B435B51404EE:AAC
Pretty sure you won't be able to crack them using ( Nvidia's GPU + BF + oclHashcat-plus ).
Posts: 19
Threads: 1
Joined: May 2012
Hi M@LIK,
could you try and post result with last -lite beta version ?
(05-28-2012, 06:17 PM)M@LIK Wrote: Hi everyone,
I've noticed some very weird behaviors while playing with LM hashes.
So I generated some LM hashes:
Code: 0182BD0BD4444BF836077A718CCDF409:12345678
8C6F5D02DEB21501:ABC
1C3A2B6D939A1021:AAA
When trying to bruteforce these (In 16 bytes form or 32) I get either wrong cracked passwords or "Exhausted". Always, with some certain hashes.
Let's say this hash:
Code: 0182BD0BD4444BF836077A718CCDF409:12345678
Here we go:
Code: hc64p -m3000 -a3 ..\M\LM.hash ?d?d?d?d?d?d?d?d
** Valid keyfile for beta usage: malik (expires 18.05.2013)
cudaHashcat-plus v0.09 by atom starting...
Hashes: 2
Unique digests: 2
Bitmaps: 8 bits, 256 entries, 0x000000ff mask, 1024 bytes
GPU-Loops: 32
GPU-Accel: 8
Password lengths range: 1 - 7
...
Device #1: Kernel ./kernels/4318/m3000_a3.sm_21.ptx
36077a718ccdf409:8
0182bd0bd4444bf8:1234467
Status.......: Cracked
Input.Mode...: Mask (?d?d?d?d?d?d?d)
Hash.Target..: 0182bd0bd4444bf836077a718ccdf409
Hash.Type....: LM
Time.Running.: 0 secs
Time.Util....: 964.5ms/1.5ms Real/CPU, 0.2% idle
Speed........: 4512.0k c/s Real, 35682.4k c/s GPU
Recovered....: 2/2 Digests, 1/1 Salts
Progress.....: 4352000/10000000 (43.52%)
Rejected.....: 0/4352000 (0.00%)
HWMon.GPU.#1.: 0% Util, 45c Temp, -1rpm Fan
Started: Mon May 28 18:36:43 2012
Stopped: Mon May 28 18:36:45 2012
Another one:
Code: 8C6F5D02DEB21501:ABC
Code: hc64p -m3000 -a3 -1 ?u?d ..\M\LM.hash ?1?1?1
** Valid keyfile for beta usage: malik (expires 18.05.2013)
cudaHashcat-plus v0.09 by atom starting...
Hashes: 2
Unique digests: 2
Bitmaps: 8 bits, 256 entries, 0x000000ff mask, 1024 bytes
GPU-Loops: 32
GPU-Accel: 8
Password lengths range: 1 - 7
...
Device #1: Kernel ./kernels/4318/m3000_a3.sm_21.ptx
8c6f5d02deb21501:AAC
Status.......: Exhausted
Input.Mode...: Mask (?1?1?1)
Hash.Target..: 00000000000000008c6f5d02deb21501
Hash.Type....: LM
Time.Running.: 0 secs
Time.Left....: 0 secs
Time.Util....: 998.0ms/1.6ms Real/CPU, 0.2% idle
Speed........: 46747 c/s Real, 10930.8k c/s GPU
Recovered....: 1/2 Digests, 0/1 Salts
Progress.....: 46656/46656 (100.00%)
Rejected.....: 0/46656 (0.00%)
HWMon.GPU.#1.: 0% Util, 45c Temp, -1rpm Fan
Started: Mon May 28 18:39:42 2012
Stopped: Mon May 28 18:39:44 2012
One more?
Code: 1C3A2B6D939A1021:AAA
Code: hc64p -m3000 -a3 -1 ?u?d ..\M\LM.hash ?1?1?1
** Valid keyfile for beta usage: malik (expires 18.05.2013)
cudaHashcat-plus v0.09 by atom starting...
Hashes: 2
Unique digests: 2
Bitmaps: 8 bits, 256 entries, 0x000000ff mask, 1024 bytes
GPU-Loops: 32
GPU-Accel: 8
Password lengths range: 1 - 7
...
Device #1: Kernel ./kernels/4318/m3000_a3.sm_21.ptx
Status.......: Exhausted
Input.Mode...: Mask (?1?1?1)
Hash.Target..: 00000000000000001c3a2b6d939a1021
Hash.Type....: LM
Time.Running.: 0 secs
Time.Left....: 0 secs
Time.Util....: 997.8ms/1.6ms Real/CPU, 0.2% idle
Speed........: 46757 c/s Real, 38278.6k c/s GPU
Recovered....: 0/2 Digests, 0/1 Salts
Progress.....: 46656/46656 (100.00%)
Rejected.....: 0/46656 (0.00%)
HWMon.GPU.#1.: 0% Util, 44c Temp, -1rpm Fan
Started: Mon May 28 18:42:36 2012
Stopped: Mon May 28 18:42:37 2012
At first I thought it's my generator which is the problem, I used EGB to make sure of that but, EGB cracked them all correctly!
Code: LM bfLM.ini %hash%
Maximum password length: 7 characters
Number of GPU to be used: 1
Configuration file: "bfLM.ini"
36077a718ccdf409:8
0182bd0bd4444bf8:1234567
1c3a2b6d939a1021:AAA
8c6f5d02deb21501:ABC
All passwords found! Time elapsed: 0d:0h:0m:1s.
Most if not all of these problems disappear when doing a dictiory attack:
Code: hc64p -m3000 ..\M\LM.hash ..\M\Odic.dic
** Valid keyfile for beta usage: malik (expires 18.05.2013)
cudaHashcat-plus v0.09 by atom starting...
Hashes: 6
Unique digests: 5
Bitmaps: 8 bits, 256 entries, 0x000000ff mask, 1024 bytes
Rules: 1
GPU-Loops: 32
GPU-Accel: 8
Password lengths range: 1 - 7
...
Device #1: Kernel ./kernels/4318/m3000_a0.sm_21.ptx
Scanned dictionary ..\M\Odic.dic: 20 bytes, 4 words, 4 keyspace, starting attack
...
36077a718ccdf409:8
aad3b435b51404ee:
8c6f5d02deb21501:ABC
1c3a2b6d939a1021:AAA
0182bd0bd4444bf8:1234567
Status.......: Cracked
Input.Mode...: File (..\M\Odic.dic)
Hash.Target..: File (..\M\LM.hash)
Hash.Type....: LM
Time.Running.: 0 secs
Time.Util....: 994.9ms/0.0ms Real/CPU, 0.0% idle
Speed........: 4 c/s Real, 0 c/s GPU
Recovered....: 5/5 Digests, 1/1 Salts
Progress.....: 4/4 (100.00%)
Rejected.....: 0/4 (0.00%)
HWMon.GPU.#1.: 0% Util, 38c Temp, -1rpm Fan
Started: Mon May 28 19:16:21 2012
Stopped: Mon May 28 19:16:23 2012
Tried:
oclHashcat-plus-0.09b15
oclHashcat-plus-0.08
Similar results with oclHashcat-lite-0.10b49.
Am I doing something wrong? I don't think so.
I'm also amazed that nobody noticed this before. Or it's just me?
Posts: 414
Threads: 14
Joined: Mar 2012
If I'm not mistaken, this is a serious problem!
Posts: 5,185
Threads: 230
Joined: Apr 2010
Well, this LM, so it cant be that serious 
|
