Posts: 9
Threads: 2
Joined: Dec 2012
Hi guys,
I'm quite new at this so normally I wouldn't be asking for help so early on but I'm lacking time to recover this password.
Could someone please give me an example command line of which command I'd have to issue to add a dictionary (like rockyou) to crack a phpass string?
I managed to get a simple brute force command working with some help from the Wiki but the status displayed it'd take > 10 years! I'm not sure if that's normal but surely it wouldn't decrease enough compared with the few days I have left to recover this password.
Help would be much appreciated!
Posts: 313
Threads: 44
Joined: Aug 2011
if you use the gui version it'll show you the commands.
Posts: 22
Threads: 4
Joined: Dec 2012
Most basic commands:
cd /path/to/binary/
./oclHashcat-plus64.bin -m 0 -a 0 /path/to/hashlist.txt /path/to/dictionary.txt
for multiple dicts in one folder:
./oclHashcat-plus64.bin -m 0 -a 0 /path/to/hashlist.txt /path/to/dictionaryfolder
for combinationattack:
./oclHashcat-plus64.bin -m 0 -a 1 /path/to/hashlist.txt /path/to/dictionary1.txt /path/to/dictionary2.txt
Posts: 9
Threads: 2
Joined: Dec 2012
Hi guys,
Thanks for your replies. I got a dictionary attack working, unfortunately it has been running for 3 hours now and the time left display is 13 years.
Am I just unlucky with the password I need to crack or are my settings wrong?
Posts: 22
Threads: 4
Joined: Dec 2012
What hashtype?
Hashcat should run through a 5gb dictionary in a few minutes if hashtype is MD5 and mode is normal.
Posts: 9
Threads: 2
Joined: Dec 2012
12-21-2012, 04:22 PM
(This post was last modified: 12-21-2012, 04:29 PM by Kandeen.)
Ah I must've done something wrong then. I used the GUI to select "NVIDIA (CUDA)" and selected phpass in cudahashcat-plus.
I did this cause I didn't see phpass in the normal Hashcat with "CPU only".
Should I pick MD5(phpBB3) in normal hashcat?
Thanks for your quick replies!
Posts: 22
Threads: 4
Joined: Dec 2012
12-21-2012, 04:33 PM
(This post was last modified: 12-21-2012, 04:39 PM by U_nix.)
I think no.
I don` t know much about phpass() but this is the description:
- Hash algorithm (blowfish, DES, or MD5 in that order if available)
- Salt (random unique salt generated for each password)
- Iterations or password stretching (a specified number of iterations or rounds set as desired)
Source:
http://resources.infosecinstitute.com/wo...rd-hashes/
I read something about several thousand iterations but that seems to be defined by it` s user. In this case yes. Cracking takes much time. Unique salts, xxxxk iterations etc. is much computing.
So much you can see it as attackvector.
http://stackoverflow.com/questions/58416...algorithms
Posts: 9
Threads: 2
Joined: Dec 2012
This is...quite complicated!
I did manage to use the GUI to make a command that includes the Rockyou dictionary, best64rule and MD5(phpBB3) and it actually started decrypting, it's giving me an estimated time of 60 minutes before completion.
But does this mean that what it's doing now is pretty much pointless?
Posts: 22
Threads: 4
Joined: Dec 2012
Where is the hash from? There could be many variables.
https://www.phpbb.com/kb/article/differe...d-hashing/
Posts: 9
Threads: 2
Joined: Dec 2012
12-21-2012, 05:29 PM
(This post was last modified: 12-21-2012, 05:44 PM by Kandeen.)
It's from a Wordpress website (if that's what you mean!)
As far as I know they use a custom form of phpass (whatever that means, I read it somewhere)
edit: seems Wordpress is actually associated with -m 400 that being MD5(phpBB3)
Still, the progress is incredibly slow, it went from an hour to an estimated of 9 hours.
hashcat-cli64.exe --hash-mode 400 --rules-file C:\hashcat-gui-0.5.1\hashcat\rules\best64.rule C:\Users\Admin\Desktop\hash.txt C:\Hashcat\rockyou.txt
That's my command that started the decryption. Do you notice anything funky that could slow down the decryption? I know it takes longer the more complex the password is, but I've also seen examples that took only a few minutes so I find 9 hours quite hard to believe.
