hashcat Forum Deprecated; Previous versions Old hashcat Support v
HMAC-SHA1 need help please!

Threaded Mode
HMAC-SHA1 need help please!
Grodon2001 Offline
Junior Member
**
Posts: 3
Threads: 1
Joined: Jun 2013
#1
Sad  06-28-2013, 07:20 PM (This post was last modified: 06-28-2013, 07:25 PM by radix.)
Hi folks,

I need a little help for recover a HMAC-SHA1 hash value.

I have the hashed value and the (pass)key.
My *.hash file content looks like this (hash:key):
<removed>
and my command line like this:
Code:
hashcat-cli64.exe" -a 0 -m 150 examples
/A0.M0.hash examples/A0.M0.word

But I get no result and no error. Sad

After a half second this comes out in the console:
Code:
Added hashes from file examples/A0.M0.hash: 1 (1 salts)
Activating quick-digest mode for single-hash with salt

NOTE: press enter for status-screen


Input.Mode: Dict (examples/A0.M0.word)
Index.....: 1/1 (segment), 0 (words), 0 (bytes)
Recovered.: 0/1 hashes, 0/1 salts
Speed/sec.: - plains, - words
Progress..: 0/0 (100%)
Running...: --:--:--:--
Estimated.: --:--:--:--

Started: Fri Jun 28 19:08:06 2013
Stopped: Fri Jun 28 19:08:06 2013

What I'm doing wrong?

Please help!

p.s. sorry for my bad english and greetings from germany
Find
Engineer Offline
Junior Member
**
Posts: 9
Threads: 2
Joined: Jun 2013
#2
06-29-2013, 08:19 AM
Are you using a dictionary attack? It seems like you do not have big .dic list and it finish the cracking fast.
Find
philsmd Offline
I'm phil
******
Posts: 2,267
Threads: 16
Joined: Feb 2013
#3
06-29-2013, 08:46 AM
Some details in this questions make no sense to me. It seems that you want to crack using mode 150 while you are using examples/A0.M0.word and examples/A0.M0.hash. Those files are for mode 0 (MD5) and I'm quite sure that at least hashes from examples/A0.M0.hash aren't accepted as input for -m 150.

Maybe you have sth. different in those files, but it is really confusing and you shouldn't modify those example files.

BTW: the *2* formats of HMAC-SHA1 (150, 160) are also documented here: http://hashcat.net/wiki/doku.php?id=example_hashes (among others)
Try those examples first and see if they are recovered. The password is "hashcat", put it in a file like hash_0150.hash and use either a mask (-a 3 hashca?l ) or a dict containing the word hashcat
Find
Grodon2001 Offline
Junior Member
**
Posts: 3
Threads: 1
Joined: Jun 2013
#4
06-29-2013, 10:38 AM (This post was last modified: 06-29-2013, 11:14 AM by Grodon2001.)
hi,

thanks for repsone.
Sorry for confusing with the file name. I change the content of the file to match "hashvalue:passkey" format.

I want to brute force the has key. so I now added "-a 3" to my commando. Looks now thie way:
Code:
hashcat-cli64.exe" -a 3 -m 150 data/my.hash data/my.word

But *.word file stays empty and the console output looks like this:
Code:
[...]

Input.Mode: Mask (data/my.w)
Index.....: 0/1 (segment), 1 (words), 0 (bytes)
Recovered.: 0/1 hashes, 0/1 salts
Speed/sec.: - plains, - words
Progress..: 1/1 (100.00%)
Running...: --:--:--:--
Estimated.: --:--:--:--


Input.Mode: Mask (data/my.wo)
Index.....: 0/1 (segment), 1 (words), 0 (bytes)
Recovered.: 0/1 hashes, 0/1 salts
Speed/sec.: - plains, - words
Progress..: 1/1 (100.00%)
Running...: --:--:--:--
Estimated.: --:--:--:--


Input.Mode: Mask (data/my.wor)
Index.....: 0/1 (segment), 1 (words), 0 (bytes)
Recovered.: 0/1 hashes, 0/1 salts
Speed/sec.: - plains, - words
Progress..: 1/1 (100.00%)
Running...: --:--:--:--
Estimated.: --:--:--:--


Input.Mode: Mask (data/my.word)
Index.....: 0/1 (segment), 1 (words), 0 (bytes)
Recovered.: 0/1 hashes, 0/1 salts
Speed/sec.: - plains, - words
Progress..: 1/1 (100.00%)
Running...: --:--:--:--
Estimated.: --:--:--:--

Started: Sat Jun 29 10:25:14 2013
Stopped: Sat Jun 29 10:25:14 2013

Why did hashcat brute force the file name??!?
Same with sample content (c898896f3f70f61bc3fb19bef222aa860e5ea717:1234)...
Find
philsmd Offline
I'm phil
******
Posts: 2,267
Threads: 16
Joined: Feb 2013
#5
06-29-2013, 11:41 AM (This post was last modified: 06-29-2013, 11:41 AM by philsmd.)
You really have to read the wiki (http://hashcat.net/wiki/ ), all of it. After that try to run this:
hashcat-cli64.exe --help

and read the output too (whole output).

Then, read this:
http://hashcat.net/wiki/doku.php?id=brute_force_attack
and
http://hashcat.net/wiki/doku.php?id=mask_attack
(again).

And all of your questions are answered.
I don't know what you want to do with data/my.word, but if you read the --help, it clearly says output files are specified by --outfile=FILE (if this was what you wanted to do with my.word).
Furthermore, you didn't understand how bruteforce is done in hashcat, threrefore you need to read the WIKI (hint: you missed the mask and I told you already in post above how to do it, BUT read the wiki please).
Find
Grodon2001 Offline
Junior Member
**
Posts: 3
Threads: 1
Joined: Jun 2013
#6
07-05-2013, 05:41 PM
I have a last question to this term.
The hash is build like this:
hash = HMAC-SHA1 (key, text)

My question:
Is it possible with hashcat to decrypt the key if I know the text and the result hash?

Regards
Find