Posts: 803
Threads: 135
Joined: Feb 2011
06-20-2012, 09:40 PM
(This post was last modified: 06-21-2012, 08:00 AM by Mem5.)
Hi,
The LM hash 438f69d673cb07cd gives FOXCONN with bruteforce or dictionnary. But when I add a rule file, it give FOXCONN
0 (8 chars)
Command line with dic but without rules (or bruteforce) it works :
Quote:oclHashcat-plus64.exe -m 3000 438f69d673cb07cd438f69d673cb07cd total.dic
438f69d673cb07cd:FOXCONN
Status.......: Cracked
Hash.Target..: 438f69d673cb07cd
Hash.Type....: LM
Command line with dic + the rule file (notice the added '0') :
Quote:oclHashcat-plus64.exe -m 3000 438f69d673cb07cd438f69d673cb07cd total.dic -r 100.rule
438f69d673cb07cd:FOXCONN0
Status.......: Cracked
Hash.Target..: 438f69d673cb07cd
Hash.Type....: LM
total.dic contains "FOXCONN".
Rules file :
http://pastebin.com/yspXKz4D (sorry I don't know which rule is the bad one)
A bug ?
Thank you.
Posts: 5,185
Threads: 230
Joined: Apr 2010
Damn LM, the fact that this is the only known two-in-one hash generates lots of problems. This actually looks like a bug, but i am pretty busy with markov stuff right now. I will take a look at this later. Please bump this thread from time to time so that I dont lost sight on it.
Posts: 621
Threads: 57
Joined: May 2010
(06-21-2012, 10:11 AM)atom Wrote: Damn LM, the fact that this is the only known two-in-one hash generates lots of problems. This actually looks like a bug, but i am pretty busy with markov stuff right now. I will take a look at this later. Please bump this thread from time to time so that I dont lost sight on it.
Just switch the format to support only halves of the LM hash and you will remove lots of headaches for nothing. To prevent the people to complain, You can add 2 small little programs in the Hashcat-utils: 1) One that takes a full LM hash list and split it into unique halves that are stored in a file for the oclhashcat program to process. 2) The second program take a full LM uncracked list and a cracked halves list as input to finally output the full LM cracked format.
By copying the 2 utils in the oclhashcat folder, they can easily automate the process with a .bat file:
Code:
SplitLM.exe lmhash.txt > halfLM.txt
oclhashcat-plus64.exe -m 3000 -o crackedhalf.txt halfLM.txt
CrackLM.exe -c crackedhalf.txt -o found.txt lmhash.txt
I obviously removed some switches to illustrate the essential and a create the -c to represent the crackedhalf file for input but the idea is very simple.
Posts: 414
Threads: 14
Joined: Mar 2012
Posts: 5,185
Threads: 230
Joined: Apr 2010
Sounds good yeah, I think I will do that. Thanks.
Posts: 803
Threads: 135
Joined: Feb 2011
(06-21-2012, 10:11 AM)atom Wrote: Please bump this thread from time to time so that I dont lost sight on it.
Up !
Posts: 803
Threads: 135
Joined: Feb 2011
Hi,
I noticed in the new version (0.09) that LM now takes only 16-chars hash.
Is there an easy way to split 32-chars into 16 et un-split them back ? (the mastercracker idea)
Is the bug corrected ?
Thanks
Posts: 414
Threads: 14
Joined: Mar 2012
Lots of LM bugs were fixed, but few are still (I can only remember one).
I thinking of perl script for splitting\joining.
Posts: 5,185
Threads: 230
Joined: Apr 2010
You could call it a missing feature, since 32-char LMs actually are 2 hashes not 1 hash. But calling it a bug would be wrong. Plus you have the possibility to manually workaround.
Posts: 803
Threads: 135
Joined: Feb 2011
09-21-2012, 11:31 PM
(This post was last modified: 09-21-2012, 11:32 PM by Mem5.)
Mem5 Wrote:Is the bug corrected ?
I was asking about the '0' appended at the end of some plain text, the first question of this thread.