NTLM bug in hashcatplus Maybe
#1
I have been using .07 for a while and just switched to .08. Cracking NTLM via dictionary responds completely different. .07 cracks about 5400 passess from a 14000 hash list whereas .08 only cracks 1. Am i missing something. however maybe its me.

C:\hashcat-gui-0.5.1\oclHashcat-plus>cudaHashcat-plus32.exe -m 1000 hashes.txt huge.txt -o newout.txt
cudaHashcat-plus v0.07 by atom starting...

Hashes: 14320
Unique digests: 14318
Bitmaps: 17 bits, 131072 entries, 0x0001ffff mask, 524288 bytes
Rules: 1
GPU-Loops: 128
GPU-Accel: 8
Password lengths range: 1 - 15
Platform: NVidia compatible platform found
Watchdog: Temperature limit set to 90c
Device #1: GeForce 8600 GTS, 256MB, 1450Mhz, 4MCU
Device #1: Allocating 4MB host-memory
Device #1: Kernel ./kernels/4318/m1000_a0.sm_11.32.cubin

Scanned dictionary huge.txt: 497742834 bytes, 40532676 words, 40532676 keyspace, starting attack...


Status.......: Exhausted
Input.Mode...: File (huge.txt)
Hash.Type....: NTLM
Time.Running.: 22 secs
Time.Left....: 0 secs
Time.Util....: 22537.8ms/10259.9ms Real/CPU, 83.6% idle
Speed........: 1702.3k c/s Real, 4794.9k c/s GPU
Recovered....: 5425/14318 Digests, 0/1 Salts
Progress.....: 40532676/40532676 (100.00%)
Rejected.....: 2166154/40532676 (5.34%)
HW.Monitor.#1: 9% GPU, 57c Temp

Started: Tue May 29 00:22:11 2012
Stopped: Tue May 29 00:22:37 2012

-------------------------------------------------------------------
.08 below

C:\oclHashcat-plus-0.08>cudaHashcat-plus32.exe -m 1000 hashes.txt huge.txt -o newout2.txt
cudaHashcat-plus v0.08 by atom starting...

Hashes: 14320
Unique digests: 14318
Bitmaps: 17 bits, 131072 entries, 0x0001ffff mask, 524288 bytes
Rules: 1
GPU-Loops: 128
GPU-Accel: 8
Password lengths range: 1 - 15
Platform: NVidia compatible platform found
Watchdog: Temperature limit set to 90c
Device #1: GeForce 8600 GTS, 256MB, 1450Mhz, 4MCU
Device #1: Allocating 4MB host-memory
Device #1: Kernel ./kernels/4318/m1000_a0.sm_11.32.cubin

Scanned dictionary huge.txt: 497742834 bytes, 40532676 words, 40532676 keyspace, starting attack...


Status.......: Exhausted
Input.Mode...: File (huge.txt)
Hash.Target..: File (hashes.txt)
Hash.Type....: NTLM
Time.Running.: 17 secs
Time.Left....: 0 secs
Time.Util....: 17219.2ms/12927.1ms Real/CPU, 301.2% idle
Speed........: 2228.1k c/s Real, 7160.6k c/s GPU
Recovered....: 1/14318 Digests, 0/1 Salts
Progress.....: 40532676/40532676 (100.00%)
Rejected.....: 2166154/40532676 (5.34%)
HW.Monitor.#1: 7% GPU, 57c Temp

Started: Tue May 29 00:24:24 2012
Stopped: Tue May 29 00:24:45 2012

C:\oclHashcat-plus-0.08>
#2
can you please provide all the files we need to reproduce
#3
the dictionary is openwalls mangled list. As far as the hashes go I cannot provide those due to privacy agreements.
#4
(05-29-2012, 02:51 PM)f8lerror Wrote: the dictionary is openwalls mangled list. As far as the hashes go I cannot provide those due to privacy agreements.

Hi f8lerror

Unfortunately you are unlikely to receive much help if you cannot provide hashes to demonstrate the problem.

If the hashes are simply passwords I don't see how it is a security issue as we don't know what they are for or any account details.

If you are still reluctant to help atom to help you then you might be best trying to find a less sensitive hash that displays the same problem.