IKE file testcase for oclHashcat
#1
Hi

Could someone post a IKE hash file testcase and working command line arguments. Getting some strange file parsing errors on my first try with a IKE-SHA1 hash from ike-scan.

Running oclHashcat-plus v0.13 on Windows 7.

-- bugch3ck
#2
My guess is you have some carriage returns or something in the psk file.
Working command:
/oclHashcat-plus-0.13# ./hc.bin -m 5300 ../md5-vpn.psk -a 3 ?a?a?a?a?a
../md5-vpn.psk:cisco1

Session.Name...: oclHashcat-plus
Status.........: Cracked

valid hash:
Code:
fc7937b5be19a9f4ecbb1ea76d6a9570942cf6ab8afbe88252d44d489163e308f551430f0f02da43fa9ac2afb8f482035151966b94d633c055dfd1bc3d0bad84ceaacff5038c2747040e20b82e6a8ea348e12875a202f27c471bf1a51ad9ff7dd0abb093f5922ce5a99b62326a3f4d6cdd339a183c59b686c6674a3ea5a3249d:bf4206491c43aa8db0efae23128ae0008dbedd56618a27fec4373e39d0b9373c95ad17893500612f6c253155111824961c57928948ad80cce61180b87de1da91acc2084f515d39c3e2d57433087ab6b8fb42a558e3df2de6310f023ebbeb9b9a6df37617773b9d48b7888662d8de169193824622b6e83de172d03900b7100908:f2b7e792fe64745d:ff1fe2ea459947ec:00000001000000010000009801010004030000240101000080010005800200028003000180040002800b0001000c000400007080030000240201000080010005800200018003000180040002800b0001000c000400007080030000240301000080010001800200028003000180040002800b0001000c000400007080000000240401000080010001800200018003000180040002800b0001000c000400007080:011101f4c0a83b65:6601a9581a7d881904e49ee44572252e032ceed5:5ce19b02926b3241f90a5cdb3c74987264b3aadc:3ddfa512c6141650cadac257c3aa014c


Try using a better OS Big Grin
#3
(02-11-2013, 04:07 PM)f0cker Wrote: My guess is you have some carriage returns or something in the psk file.
Working command:
/oclHashcat-plus-0.13# ./hc.bin -m 5300 ../md5-vpn.psk -a 3 ?a?a?a?a?a
../md5-vpn.psk:cisco1

Session.Name...: oclHashcat-plus
Status.........: Cracked

I get the same error with your test case. Verified that there were no stray carriage returns or other binary characters in the file. Seems like it thinks it's on line 2, but the file only contains one.

Code:
WARNING: Hashfile 'md5-vpn.psk' in line 1 (fc7937b5be19a9f4ecbb1ea76d6a9570942cf6ab8afbe88252d44d489163e308f551430f0f02da43fa9ac2afb8f482035151966b94d633c055dfd1bc3d0bad84ceaacff5038c2747040e20b82e6a8ea348e12875a202f27c471bf1a51ad9ff7dd0abb093f5922ce5a99b62326a3f4d6cdd339a183c59b686c6674a3ea5a3249d): Seperator unmatched
WARNING: Hashfile 'md5-vpn.psk' in line 2 (08): Seperator unmatched
ERROR: No hashes loaded

Quote:Try using a better OS Big Grin

Well, this is what I have to work with right now...

-- bugch3ck
#4
you are improperly saving the file then.
#5
(02-14-2013, 04:21 PM)undeath Wrote: you are improperly saving the file then.

I hope not, copy-paste-save.. "What could possibly go wrong". Getting the same error on other Windows 7-computers.

Is it no one testing this stuff on Windows? Would love to see someone else try. I'm not too keen on troubleshooting stuff that might never have worked, closed source and all... Undecided

-- bugch3ck
#6
If I copy and paste the code from f0cker in a text file and do the attack, I get the same error message has bugch3ck (in Windows Vista 32 bit). If I replace the hashfile name by the code with quotes around in the command line, it runs but does not crack the hash. It says "null" has the hash target. Hope these info helps.
#7
(02-18-2013, 04:45 PM)mastercracker Wrote: If I replace the hashfile name by the code with quotes around in the command line, it runs but does not crack the hash. It says "null" has the hash target. Hope these info helps.

Thank you mastercracker, that did help. It runs fine when adding the hash as a command line argument. I have no problem cracking md5-vpn.psk test case now. For my own hashes, it worked for two out of three. The third one were over 1K in size, so there is probably another issues with that one.

Would be great with a bugfix for these Windows-issues in the next release. =)

-- bugch3ck
#8
(02-18-2013, 07:34 PM)bugch3ck Wrote:
(02-18-2013, 04:45 PM)mastercracker Wrote: If I replace the hashfile name by the code with quotes around in the command line, it runs but does not crack the hash. It says "null" has the hash target. Hope these info helps.

Thank you mastercracker, that did help. It runs fine when adding the hash as a command line argument. I have no problem cracking md5-vpn.psk test case now. For my own hashes, it worked for two out of three. The third one were over 1K in size, so there is probably another issues with that one.

Would be great with a bugfix for these Windows-issues in the next release. =)

-- bugch3ck
Atom, for the reference, I was using v0.13RC1. I will download the official 0.13 and check if I still can't crack it. If it's the case, there might be an issue with the 32 bit.
#9
Thanks for your attention to this issue so far guys, I appreciate it. bugch3ck, could you please post the command line you're using to crack the "cisco1" test hash listed above? Either with or without quotes on the command line I still get Hash.Target values of "null". Thanks!
#10
First of all, I am sure you've noticed that the forum adds newlines etc characters... So also the "show page source" feature of your browser includes some special characters (newline etc) in the string above...
You must get rid of all of that stuff, i.e. compare your pasted text and keep attention especially at the mark of new line (e.g after "da43" there should be *nothing* except "fa9a"... and so on).

That may be the first problem.
Second, it seems to be that the Windows version has a MAX line length of *around* (not totally sure, if my quick test was totally correct) 512 characters (@atom, maybe this is a max buffer size etc?)

If you have more than (around) 512 characters you will see in the output the error "... in line 2 ...". Also if there is no such line, e.g there is only *one* line (tested with cygwin wc).

So @atom, maybe you need to increase a buffer or similar to parse this input hashes on *windows*???

I now tried the *exactly* same hash input file hash.txt w/ ubuntu/linux and there it was cracked immediately w/o any error (scp from windows to linux s.t. I don't introduce errors).