07-05-2025, 08:48 PM
I'm working my way through a module on HTB. One of the questions is a crack a MD5 hash. I was using hashcat on Windows instead of my linux VM so I'd have the benefit of the GPU (I'm impatient). The hash would not crack though. Even once I viewed the solution and tried the exact command. I then tried running in the linux VM using CPU and the hash cracked. What did I do wrong?
Output running from windows:
Output running from linux VM:
Output running from windows:
Code:
C:\hashcat-6.2.6>hashcat -a 3 -m 0 1e293d6X12d074X0fdXX844XX03X00dd '?u?l?l?l?l?d?s'
hashcat (v6.2.6) starting
* Device #1: WARNING! Kernel exec timeout is not disabled.
This may cause "CL_OUT_OF_RESOURCES" or related errors.
To disable the timeout, see: https://hashcat.net/q/timeoutpatch
* Device #2: WARNING! Kernel exec timeout is not disabled.
This may cause "CL_OUT_OF_RESOURCES" or related errors.
To disable the timeout, see: https://hashcat.net/q/timeoutpatch
CUDA API (CUDA 12.9)
====================
* Device #1: NVIDIA GeForce RTX 4060, 7099/8187 MB, 24MCU
OpenCL API (OpenCL 3.0 CUDA 12.9.90) - Platform #1 [NVIDIA Corporation]
=======================================================================
* Device #2: NVIDIA GeForce RTX 4060, skipped
Minimum password length supported by kernel: 0
Maximum password length supported by kernel: 256
Hashes: 1 digests; 1 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates
Optimizers applied:
* Zero-Byte
* Early-Skip
* Not-Salted
* Not-Iterated
* Single-Hash
* Single-Salt
* Brute-Force
* Raw-Hash
ATTENTION! Pure (unoptimized) backend kernels selected.
Pure kernels can crack longer passwords, but drastically reduce performance.
If you want to switch to optimized kernels, append -O to your commandline.
See the above message to find out about the exact limits.
Watchdog: Temperature abort trigger set to 90c
Host memory required for this attack: 1475 MB
Approaching final keyspace - workload adjusted.
Session..........: hashcat
Status...........: Exhausted
Hash.Mode........: 0 (MD5)
Hash.Target......: 1e293d6X12d074X0fdXX844XX03X00dd
Time.Started.....: Sat Jul 05 14:08:17 2025 (0 secs)
Time.Estimated...: Sat Jul 05 14:08:17 2025 (0 secs)
Kernel.Feature...: Pure Kernel
Guess.Mask.......: '?u?l?l?l?l?d?s' [9]
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........: 10853.3 MH/s (5.25ms) @ Accel:256 Loops:338 Thr:64 Vec:1
Recovered........: 0/1 (0.00%) Digests (total), 0/1 (0.00%) Digests (new)
Progress.........: 3920854080/3920854080 (100.00%)
Rejected.........: 0/3920854080 (0.00%)
Restore.Point....: 5800080/5800080 (100.00%)
Restore.Sub.#1...: Salt:0 Amplifier:338-676 Iteration:0-338
Candidate.Engine.: Device Generator
Candidates.#1....: 'Exuzq4 ' -> 'Zvqxq6{'
Hardware.Mon.#1..: Temp: 75c Fan: 31% Util: 98% Core:2745MHz Mem:8251MHz Bus:8
Started: Sat Jul 05 14:08:15 2025
Stopped: Sat Jul 05 14:08:19 2025Output running from linux VM:
Code:
# hashcat -a 3 -m 0 1e293d6X12d074X0fdXX844XX03X00dd '?u?l?l?l?l?d?s'
hashcat (v6.2.6) starting
OpenCL API (OpenCL 3.0 PoCL 6.0+debian Linux, None+Asserts, RELOC, LLVM 18.1.8, SLEEF, DISTRO, POCL_DEBUG) - Platform #1 [The pocl project]
============================================================================================================================================
* Device #1: cpu-penryn-Intel(R) Core(TM) i7-10700 CPU @ 2.90GHz, 6943/13950 MB (2048 MB allocatable), 6MCU
Minimum password length supported by kernel: 0
Maximum password length supported by kernel: 256
Hashes: 1 digests; 1 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates
Optimizers applied:
* Zero-Byte
* Early-Skip
* Not-Salted
* Not-Iterated
* Single-Hash
* Single-Salt
* Brute-Force
* Raw-Hash
ATTENTION! Pure (unoptimized) backend kernels selected.
Pure kernels can crack longer passwords, but drastically reduce performance.
If you want to switch to optimized kernels, append -O to your commandline.
See the above message to find out about the exact limits.
Watchdog: Temperature abort trigger set to 90c
Host memory required for this attack: 1 MB
Cracking performance lower than expected?
* Append -O to the commandline.
This lowers the maximum supported password/salt length (usually down to 32).
* Append -w 3 to the commandline.
This can cause your screen to lag.
* Append -S to the commandline.
This has a drastic speed impact but can be better for specific attacks.
Typical scenarios are a small wordlist but a large ruleset.
* Update your backend API runtime / driver the right way:
https://hashcat.net/faq/wrongdriver
* Create more work items to make use of your parallelization power:
https://hashcat.net/faq/morework
1e293d6X12d074X0fdXX844XX03X00dd:MXXXX5!
Session..........: hashcat
Status...........: Cracked
Hash.Mode........: 0 (MD5)
Hash.Target......: 1e293d6X12d074X0fdXX844XX03X00dd
Time.Started.....: Sat Jul 5 13:29:28 2025 (8 secs)
Time.Estimated...: Sat Jul 5 13:29:36 2025 (0 secs)
Kernel.Feature...: Pure Kernel
Guess.Mask.......: ?u?l?l?l?l?d?s [7]
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........: 62513.3 kH/s (1.29ms) @ Accel:1024 Loops:32 Thr:1 Vec:4
Recovered........: 1/1 (100.00%) Digests (total), 1/1 (100.00%) Digests (new)
Progress.........: 469696512/3920854080 (11.98%)
Rejected.........: 0/469696512 (0.00%)
Restore.Point....: 24576/223080 (11.02%)
Restore.Sub.#1...: Salt:0 Amplifier:6112-6144 Iteration:0-32
Candidate.Engine.: Device Generator
Candidates.#1....: Brlrg9! -> Dikyt8_
Hardware.Mon.#1..: Util: 36%
Started: Sat Jul 5 13:29:15 2025
Stopped: Sat Jul 5 13:29:37 2025