Posts: 3
Threads: 1
Joined: Aug 2013
Hi guys,
I'm using oclHashcat-Plus 0.14 hand having trouble when cracking some MSCACHEv1 hashes.
All usernames are converted to lowercase and in the following format:
hash:username(in lowercase)
All hashes with usernames that are 12 characters or less crack fine, using both dictionary and mask attack.
However, I get a Line-Length exception when a hash has a username that is more than 12 characters. For example, I have a file with 3 MSCAHCEv1 hashes. When loading the file into Hashcat, it accepts the 12 character username and cracks it, but rejects the usernames that are 16 and 18 characters long.
Is this a bug or is there something I have not accounted for? I have done a lot of Googling and can't find why this is happening....Unless it is something to do with the salting process, where Hashcat can't handle long usernames.
Any help would be much appreciated.
Posts: 2,267
Threads: 16
Joined: Feb 2013
We need more info about your setup.
Are you using windows?
Maybe you have this problem, that was fixed in new beta (not released yet):
https://hashcat.net/trac/ticket/178
What is the error you see? Especially interesting would be, if you see Line-Length exceptions in line 2, if you try w/ only 1 hash in the hashfile (similar to trac 178).
Furthermore, yes there are some limitation in password + username length for ntlm hashes, (some) limits will be increased w/ next release, though (e.g. w/ > 15 support etc)
But again, this sounds like a windows specific problem (and you could make a double-check w/ linux meanwhile).
Posts: 3
Threads: 1
Joined: Aug 2013
08-06-2013, 12:46 PM
(This post was last modified: 08-06-2013, 12:50 PM by grubbychicken.)
Hi philsmd, Thanks for your reply.
I'm using Linux (Ubuntu 11.10 64bit with 4 GPU's).
I'm cracking MSCAHCEv1 not NTLM, but I assume you mean the same problem might be present when cracking MSCACHE?
The command I am using is:
oclHashcat-plus64.bin --hash-type=1100 --attack-mode=3 --outfile=mscache.cracked --outfile-format=3 --increment --increment-min=1 --increment-max=8 -1 ?d?l?u??'!#@*' mscache.txt ?1?1?1?1?1?1?1?1?1
An example of the file I am using is:
*9******235A89063********4D09E*F:lowercase.username.one <<< the real username is 16 chars
*2******3149862BA********EC36B*5:username <<< the real username is 12 chars
*E******C9A5C8BEC********A266D*F:lowercase.username.two <<< the real username is 18 chars
All Tabs, spaces and extra carriage returns have been removed (as i know they have previously caused problems).
This is the error I receive:
WARNING: Hashfile 'mscache.txt' in line 1 (*9******235A89063********4D09E*F:lowercase.username.one): Line-length exception
WARNING: Hashfile 'mscache.txt' in line 3 (*E******C9A5C8BEC********A266D*F:lowercase.username.two): Line-length exception
oclHashcat-plus v0.14 by atom starting...
Hashcat then continues to crack the MSCACHE hash that is 12 characters long, but ignores the hashes with longer usernames.
Hashes: 1 total, 1 unique salts, 1 unique digests
Bitmaps: 8 bits, 256 entries, 0x000000ff mask, 1024 bytes
Workload: 128 loops, 80 accel
Watchdog: Temperature abort trigger set to 90c
Watchdog: Temperature retain trigger set to 80c
Device #1: Cayman, 1024MB, 880Mhz, 24MCU
Device #2: Cayman, 1024MB, 880Mhz, 24MCU
Device #3: Cayman, 1024MB, 880Mhz, 24MCU
Device #4: Cayman, 1024MB, 880Mhz, 24MCU
Session.Name...: oclHashcat-plus
Status.........: Cracked
Input.Mode.....: Mask (?1?1?1?1?1?1?1)
Hash.Target....: *2******3149862BA********EC36B*5:username
Hash.Type......: DCC, mscash
Time.Started...: Tue Aug 6 09:10:38 2013 (4 secs)
Speed.GPU.#1...: 2707.1M/s
Speed.GPU.#2...: 2701.2M/s
Speed.GPU.#3...: 2715.4M/s
Speed.GPU.#4...: 2711.0M/s
Speed.GPU.#*...: 10834.7M/s
Recovered......: 1/1 (100.00%) Digests, 1/1 (100.00%) Salts
Progress.......: 31994461529/6060711605323 (0.53%)
Rejected.......: 0/31994461529 (0.00%)
HWMon.GPU.#1...: 81% Util, 45c Temp, 47% Fan
HWMon.GPU.#2...: 80% Util, 51c Temp, 74% Fan
HWMon.GPU.#3...: 77% Util, 52c Temp, 100% Fan
HWMon.GPU.#4...: 81% Util, 51c Temp, 77% Fan
Let me know if any more info is needed. Thanks for your help.
Posts: 2,267
Threads: 16
Joined: Feb 2013
Yes, sorry I made a little bit confusion w/ ntlm.
So the problem really is > length 15 support. Atom is already heavily working on that (this limitation is well known and also documented in the wiki).
So in theory also mscache hashes (-m 1100) should benefit from upcoming release.
Posts: 3
Threads: 1
Joined: Aug 2013
08-06-2013, 01:02 PM
(This post was last modified: 08-06-2013, 01:10 PM by grubbychicken.)
(08-06-2013, 12:54 PM)philsmd Wrote: Yes, sorry I made a little bit confusion w/ ntlm.
So the problem really is > length 15 support. Atom is already heavily working on that (this limitation is well known and also documented in the wiki).
So in theory also mscache hashes (-m 1100) should benefit from upcoming release.
I'll keep an eye out for it. I can only find documented limitations with regards
Password length exceeding 15 characters, not
Username length exceeding 15 characters.
Thanks,