Posts: 621
Threads: 57
Joined: May 2010
Hi Atom, I have possibly found a bug. I was using Hashcat in a simple dictionary attack with a list of a bit more than 2 million hashes, the Vbulletin external salts and the md5(md5($pass).$salt) algorithm. I was also using the --remove hash function. While the attack was going on (several hours), finding lots of passwords, the temporary hash file got bigger and bigger up to 260 Gb. I have noticed it because my hard drive was almost empty and now, it was almost full.
Posts: 5,185
Threads: 230
Joined: Apr 2010
hi mastercracker, thanks for report. i can confirm this is a bug. as a workaround, do not use -e and --remove in combination :-)
Posts: 621
Threads: 57
Joined: May 2010
Now that I know this, what I do as a workaround is that after a couple of hours, I manually stop Hashcat, take note of the -s value, delete the hash temp file and then continue the cracking at the -s value.
Posts: 187
Threads: 40
Joined: Sep 2010
On a related not to cracking VB hashes, when I specify the salt file which contains 857375 salts, oclHashcat come back as says:
ERROR: too much salts
??
Posts: 601
Threads: 18
Joined: Apr 2010
Posts: 621
Threads: 57
Joined: May 2010
(01-19-2011, 02:08 PM)blandyuk Wrote: On a related not to cracking VB hashes, when I specify the salt file which contains 857375 salts, oclHashcat come back as says:
ERROR: too much salts
??
You have to split the salt file at least in two. And do the attack with each salt file.
Posts: 187
Threads: 40
Joined: Sep 2010
Tnx mastercracker, simple enough solution
Another issue I have is I only want to use my wordlist files on their own, no right-dict. I need oclHashcat to do this based on the amount of salts but currently I have to use hashcat instead which is slow because of CPU speed
Posts: 621
Threads: 57
Joined: May 2010
(01-21-2011, 05:51 PM)blandyuk Wrote: Tnx mastercracker, simple enough solution Another issue I have is I only want to use my wordlist files on their own, no right-dict. I need oclHashcat to do this based on the amount of salts but currently I have to use hashcat instead which is slow because of CPU speed
It's not the best but it's the only solution. Use this in your command line:
In your command line: ?1 ?s?d?u?l
left: Your dictionary
right: ?1
I put this at the end but I guess it can be anywhere: --rule-left="]"
Basically the rule deletes the last character and then you bruteforce every possible character at the end of your word.
Posts: 187
Threads: 40
Joined: Sep 2010
Thanks for that but it's still slow and with the size of wordlists, it's still no good.
Posts: 5,185
Threads: 230
Joined: Apr 2010
add the salts to a file and use it either on the left or the right side. of course this depends on the algo.
