MSCACHEv1 Line-Length Exception when username exceeds 12 Characters
#1
Hi guys,

I'm using oclHashcat-Plus 0.14 hand having trouble when cracking some MSCACHEv1 hashes.

All usernames are converted to lowercase and in the following format:

hash:username(in lowercase)

All hashes with usernames that are 12 characters or less crack fine, using both dictionary and mask attack.

However, I get a Line-Length exception when a hash has a username that is more than 12 characters. For example, I have a file with 3 MSCAHCEv1 hashes. When loading the file into Hashcat, it accepts the 12 character username and cracks it, but rejects the usernames that are 16 and 18 characters long.

Is this a bug or is there something I have not accounted for? I have done a lot of Googling and can't find why this is happening....Unless it is something to do with the salting process, where Hashcat can't handle long usernames.

Any help would be much appreciated.
#2
We need more info about your setup.
Are you using windows?
Maybe you have this problem, that was fixed in new beta (not released yet): https://hashcat.net/trac/ticket/178

What is the error you see? Especially interesting would be, if you see Line-Length exceptions in line 2, if you try w/ only 1 hash in the hashfile (similar to trac 178).

Furthermore, yes there are some limitation in password + username length for ntlm hashes, (some) limits will be increased w/ next release, though (e.g. w/ > 15 support etc)

But again, this sounds like a windows specific problem (and you could make a double-check w/ linux meanwhile).
#3
Hi philsmd, Thanks for your reply.

I'm using Linux (Ubuntu 11.10 64bit with 4 GPU's).

I'm cracking MSCAHCEv1 not NTLM, but I assume you mean the same problem might be present when cracking MSCACHE?

The command I am using is:

oclHashcat-plus64.bin --hash-type=1100 --attack-mode=3 --outfile=mscache.cracked --outfile-format=3 --increment --increment-min=1 --increment-max=8 -1 ?d?l?u??'!#@*' mscache.txt ?1?1?1?1?1?1?1?1?1

An example of the file I am using is:

*9******235A89063********4D09E*F:lowercase.username.one <<< the real username is 16 chars
*2******3149862BA********EC36B*5:username <<< the real username is 12 chars
*E******C9A5C8BEC********A266D*F:lowercase.username.two <<< the real username is 18 chars

All Tabs, spaces and extra carriage returns have been removed (as i know they have previously caused problems).

This is the error I receive:

WARNING: Hashfile 'mscache.txt' in line 1 (*9******235A89063********4D09E*F:lowercase.username.one): Line-length exception
WARNING: Hashfile 'mscache.txt' in line 3 (*E******C9A5C8BEC********A266D*F:lowercase.username.two): Line-length exception
oclHashcat-plus v0.14 by atom starting...


Hashcat then continues to crack the MSCACHE hash that is 12 characters long, but ignores the hashes with longer usernames.

Hashes: 1 total, 1 unique salts, 1 unique digests
Bitmaps: 8 bits, 256 entries, 0x000000ff mask, 1024 bytes
Workload: 128 loops, 80 accel
Watchdog: Temperature abort trigger set to 90c
Watchdog: Temperature retain trigger set to 80c
Device #1: Cayman, 1024MB, 880Mhz, 24MCU
Device #2: Cayman, 1024MB, 880Mhz, 24MCU
Device #3: Cayman, 1024MB, 880Mhz, 24MCU
Device #4: Cayman, 1024MB, 880Mhz, 24MCU

Session.Name...: oclHashcat-plus
Status.........: Cracked
Input.Mode.....: Mask (?1?1?1?1?1?1?1)
Hash.Target....: *2******3149862BA********EC36B*5:username
Hash.Type......: DCC, mscash
Time.Started...: Tue Aug 6 09:10:38 2013 (4 secs)
Speed.GPU.#1...: 2707.1M/s
Speed.GPU.#2...: 2701.2M/s
Speed.GPU.#3...: 2715.4M/s
Speed.GPU.#4...: 2711.0M/s
Speed.GPU.#*...: 10834.7M/s
Recovered......: 1/1 (100.00%) Digests, 1/1 (100.00%) Salts
Progress.......: 31994461529/6060711605323 (0.53%)
Rejected.......: 0/31994461529 (0.00%)
HWMon.GPU.#1...: 81% Util, 45c Temp, 47% Fan
HWMon.GPU.#2...: 80% Util, 51c Temp, 74% Fan
HWMon.GPU.#3...: 77% Util, 52c Temp, 100% Fan
HWMon.GPU.#4...: 81% Util, 51c Temp, 77% Fan




Let me know if any more info is needed. Thanks for your help.
#4
Yes, sorry I made a little bit confusion w/ ntlm.
So the problem really is > length 15 support. Atom is already heavily working on that (this limitation is well known and also documented in the wiki).
So in theory also mscache hashes (-m 1100) should benefit from upcoming release.
#5
(08-06-2013, 12:54 PM)philsmd Wrote: Yes, sorry I made a little bit confusion w/ ntlm.
So the problem really is > length 15 support. Atom is already heavily working on that (this limitation is well known and also documented in the wiki).
So in theory also mscache hashes (-m 1100) should benefit from upcoming release.

I'll keep an eye out for it. I can only find documented limitations with regards Password length exceeding 15 characters, not Username length exceeding 15 characters.

Thanks,