06-08-2012, 12:36 AM
So I've been doing some experimentation and I've found a strange situation. Here it is:
So I create 10 SHA-512 hashes that are all made from 'zyx' and throw them into a file called 'hashes'. Then I execute hashcat brute-force with very specific character sets, and it only gets about half of them. I then try it with the character set reversed, and it gets only half of them, but not the same ones. I've tried this with a single word wordlist of 'zyx' and it still only gets half of them. I've tried this with the 32 bit binary and it doesn't get any of them.
I've tried this a bunch of times with a bunch of different hashes, more than the 10 seen here, and it only is able to solve it about 50% of the time.
I'm running this on a Debian Sid installation, 3.2.0-2-amd64
This seems like a pretty bad bug or am I doing something wrong?
Code:
$ for i in $(seq 1 10); do mkpasswd -m sha-512 zyx >> hashes; done
$ cat hashes
$6$WIvMbM2fDEfU141$XSFynW7bphfEJRIMXDobIbpkTWhVu8N7tQM1odLEMoXd9C8FQZKypjNinGbDhzUvVXOLre/.DBjvpPn1xRq610
$6$avx1aGgP$Pgx3rj2/HQjxATcqiABgmTQIUE7bLT5ZSaqSclAMDAf9oDvN3Pxtljr8QRvvrn7lyG5UsNi83NANqMaY7191j.
$6$wJi7qqoUs9PrHUP$1ECzm460txKK3zv6j7ziirtZj1MkQli/FfRzZRFyNXo6otd4fLHhruKHi2PIkGwZ5eVt.Z2gWYxvVtFT09pPR.
$6$IxvaYgMFRt8bG$SVH.Y9Xam7wxZtwSb1SUz8jiV/os7yfh01LSOR9mgN8FjVxSwqzsR05UyLJln8YylRNDVDvDtpyki/YqaHex30
$6$s8e3gsgB2D$v5RyhSh8szRn5wxpqoBCoiU5QBT.q38XwIPkYJm2zX2nBX6VVOk8wZY.FKGfx7nZSDey1mYw9XPmqHSHI/uum/
$6$qzzOIzdCqrEvCM$wzoHAMz7GSu3Pht7v47v6WvhEE7ycOpPXeODrFOgIoTHks.QcLA3fldIpjQghOU6XEFwslzVHBe1jgzDhm7Ge0
$6$F3c1u1wMf.UAS$.e3UfjeCmsLzO.nPazvMGtK3OEjDXoYmWpsLxtBE5wvnB25bqIsanwSDU1Neh6adqtVyIczxXou/qraCv/c1/.
$6$BG/w9vMqdeQ$qXA3mDRXgMOU7LfHfoyOsJxpR2Vv9jodDCYHn9wTxg6IeKT/PFuc2G2HT/32Hedqc2O/79DRx5HDUVNvnuFEz.
$6$nNFJzK.v70Ixxh$IGQeSIYRZHtKGLD21V31p6Pn60KI6ZNEihJheullr1TNu1biXH4mAr.aGbm2Ot8G.sekyXeS3kkWbfXJw3mRl/
$6$yVqIQn/DH$xbUlRKiIKrCUB9X6Rd4u7X2mFjpNq2tTkNbGDtkljAFvLjqJEmjPQ4TZIGiU55Xn00cDsrD4xyzsO8hdTv8ts/
$ ./hashcat-cli64.bin -a 3 -m 1800 --pw-min=3 -1 xyz hashes ?1?1?1
Initializing hashcat v0.39 by atom with 8 threads and 32mb segment-size...
NOTE: press enter for status-screen
Added hashes from file hashes: 10 (10 salts)
$6$WIvMbM2fDEfU141$XSFynW7bphfEJRIMXDobIbpkTWhVu8N7tQM1odLEMoXd9C8FQZKypjNinGbDhzUvVXOLre/.DBjvpPn1xRq610:zyx
$6$avx1aGgP$Pgx3rj2/HQjxATcqiABgmTQIUE7bLT5ZSaqSclAMDAf9oDvN3Pxtljr8QRvvrn7lyG5UsNi83NANqMaY7191j.:zyx
$6$s8e3gsgB2D$v5RyhSh8szRn5wxpqoBCoiU5QBT.q38XwIPkYJm2zX2nBX6VVOk8wZY.FKGfx7nZSDey1mYw9XPmqHSHI/uum/:zyx
$6$nNFJzK.v70Ixxh$IGQeSIYRZHtKGLD21V31p6Pn60KI6ZNEihJheullr1TNu1biXH4mAr.aGbm2Ot8G.sekyXeS3kkWbfXJw3mRl/:zyx
$6$yVqIQn/DH$xbUlRKiIKrCUB9X6Rd4u7X2mFjpNq2tTkNbGDtkljAFvLjqJEmjPQ4TZIGiU55Xn00cDsrD4xyzsO8hdTv8ts/:zyx
Input.Mode: Mask (?1?1?1)
Index.....: 0/1 (segment), 27 (words), 0 (bytes)
Recovered.: 5/10 hashes, 5/10 salts
Speed/sec.: 374 plains, - words
Progress..: 27/27 (100.00%)
Running...: --:--:--:--
Estimated.: --:--:--:--
Started: Thu Jun 7 15:08:15 2012
Stopped: Thu Jun 7 15:08:15 2012
$ ./hashcat-cli64.bin -a 3 -m 1800 --pw-min=3 -1 zyx hashes ?1?1?1
Initializing hashcat v0.39 by atom with 8 threads and 32mb segment-size...
NOTE: press enter for status-screen
Added hashes from file hashes: 10 (10 salts)
$6$avx1aGgP$Pgx3rj2/HQjxATcqiABgmTQIUE7bLT5ZSaqSclAMDAf9oDvN3Pxtljr8QRvvrn7lyG5UsNi83NANqMaY7191j.:zyx
$6$s8e3gsgB2D$v5RyhSh8szRn5wxpqoBCoiU5QBT.q38XwIPkYJm2zX2nBX6VVOk8wZY.FKGfx7nZSDey1mYw9XPmqHSHI/uum/:zyx
$6$F3c1u1wMf.UAS$.e3UfjeCmsLzO.nPazvMGtK3OEjDXoYmWpsLxtBE5wvnB25bqIsanwSDU1Neh6adqtVyIczxXou/qraCv/c1/.:zyx
$6$nNFJzK.v70Ixxh$IGQeSIYRZHtKGLD21V31p6Pn60KI6ZNEihJheullr1TNu1biXH4mAr.aGbm2Ot8G.sekyXeS3kkWbfXJw3mRl/:zyx
$6$yVqIQn/DH$xbUlRKiIKrCUB9X6Rd4u7X2mFjpNq2tTkNbGDtkljAFvLjqJEmjPQ4TZIGiU55Xn00cDsrD4xyzsO8hdTv8ts/:zyx
Input.Mode: Mask (?1?1?1)
Index.....: 0/1 (segment), 27 (words), 0 (bytes)
Recovered.: 5/10 hashes, 5/10 salts
Speed/sec.: 344 plains, - words
Progress..: 27/27 (100.00%)
Running...: --:--:--:--
Estimated.: --:--:--:--
Started: Thu Jun 7 15:08:25 2012
Stopped: Thu Jun 7 15:08:25 2012
So I create 10 SHA-512 hashes that are all made from 'zyx' and throw them into a file called 'hashes'. Then I execute hashcat brute-force with very specific character sets, and it only gets about half of them. I then try it with the character set reversed, and it gets only half of them, but not the same ones. I've tried this with a single word wordlist of 'zyx' and it still only gets half of them. I've tried this with the 32 bit binary and it doesn't get any of them.
I've tried this a bunch of times with a bunch of different hashes, more than the 10 seen here, and it only is able to solve it about 50% of the time.
I'm running this on a Debian Sid installation, 3.2.0-2-amd64
This seems like a pretty bad bug or am I doing something wrong?