Special character problem ű,ő
#1
Hello everybody!


I made a custom user in mssql2005 with this password: űúőóüáéí
I copy the password hash: 0x010091XXXXXXXXXXXXXXXXXXXXXXXXXX13B088570E2796F1235BEE8E2

Firstly, I tried to crack mask attack:
Code:
./oclHashcat-plus64.bin -a 3 -m 132 hash.txt -1 űúőóüáéí ?1?1?1?1?1?1?1?1
Secondly, I put the custom charset to the file:
Code:
./oclHashcat-plus64.bin -a 3 -m 132 hash.txt -1 mask.txt ?1?1?1?1?1?1?1?1
I tried to convert utf-8, ansi, ucs coding but the problem is still here.

When I make new password without accent, I can easily crack.


Thanks the reply!
#2
You are *not* allowed to post hashes here (see https://hashcat.net/forum/announcement-2.html ) even if this is a self generated hash etc... hide it or you get banned

The question was addressed several times (you just need to use the wiki or forum search): http://hashcat.net/wiki/doku.php?id=mask...rset_files , http://hashcat.net/forum/thread-2764-pos...l#pid16391
#3
If I use this password: úóüáéí
0x0100DEE07632B6B1XXXXXXXXXXXXXXXXXXXX44D71F038
OclHashcat easily crack.

So, I think the problem with ő,ű character.

Will Hashcat support Hungarian language?
aábcdeéfghiíjklmnoóöőpqrstuúüüűvwxyzAÁBCCDEÉFGHIÍJKLLMNOÓÖŐPQRSTUÚÜŰVWXYZ0123456789
#4
I made md5 hash with "ő" and "ű" character and it works, I can crack it.
But:
If I would like to crack mssql2005 password: őű --> it isn't working.

Could you help me?
#5
Immy, let me ask one question: WHY? if we tell you that you are *not* allowed to post hashes (http://hashcat.net/forum/announcement-2.html , you are breaking the most important rule in this forum), why are you still continuing to do so?
Do you really expect people to help you if you don't follow the rules? Please remove every hash in the posts above, edit the posts and mask/remove the hashes.

hmmm...
I will answer your question anyway...

./oclHashcat-plus64.bin --quiet -a 3 -m 132 hash.txt -o cracked.txt --hex-charset -1 faf3fce1e9ed ?1?1?1?1?1?1

As you can see, it all depends on the encoding... you cannot try to crack w/ utf8 encoding if the hash was generated w/ nativ encoding... that is exactly the reason why I told you to use the correct encoding... but you *didn't* follow my advice!

The output is (MASKED as we always should do here, remember?):
0x0100xxx07632b6b1xxxx128668xxxxx852cbdxxxx2xxdxxf038:úóüáéí

The same works w/o --hex-charset and w/ hcchr files (mask.txt is a missleading name BTW, you should call it chars.hcchr but it doesn't really matter) instead:
./oclHashcat-plus64.bin --quiet -a 3 -m 132 hash.txt -o cracked.txt -1 mask.txt ?1?1?1?1?1?1

where the mask.txt file must have the following properties:
xxd -p1 mask.txt
faf3fce1e9ed0a

file mask.txt
mask.txt: ISO-8859 text

So everything works, you are just *not* following my advices nor searching how to do these things e.g. in the documentation/wiki, for instance here: http://hashcat.net/wiki/doku.php?id=mask_attack

oh, forgot 1 thing... if you for instance wanted to crack űő you need to have following cmd line:
./oclHashcat-plus64.bin --quiet -a 3 -m 132 hash.txt -o cracked.txt --hex-charset -1 017151 ?1?1?1?1

note: we need to have a mask of length 4 for these 2 "chars" ( 2 x 2 ) since they are defined (e.g. see here http://en.wikipedia.org/wiki/ISO/IEC_8859-2 ) as to have 2 codepoints each, i.e.
see link:
ű "\x01\x71"
Å‘ "\x01\x51"

as you can see, we need two "positions" for those chars, therefore if you want to crack a hash that include those you must expand your charset to also include \x01 (and possibly also \x02 as you can see in the IEC_8859-2 documentation)... you can use --increment to accomplish this in a bruteforce attack...
the main problem is that in theory each "char" of the original password could use 2 code-points, therefore you need to have --increment-min is the real length of the password string (or the length you think the password is), but --increment-max should be the double of that (e.g. --increment-min 4 --increment-max 8) since each "char" can be of form "\x.." "\x01\x.." or even "\x02\x.."
#6
First I generate md5 hash with these website: http://www.md5hashgenerator.com/

If I use wordlist, I can decrypt "őű".
Code:
oclHashcat-plus64.bin -m 0 md5-őű.hash wordlist.txt

I use your advice and I try to hex-charset but unfortunately it doesn't work.

If I use "éáúóüö" md5 hash, I can easily decrypt. But if I use "ő" or "ű" character I can't reverse.
8f5b1XXXXedd5XXXX5595aXXXXe4315d:Å‘
I try these commands:
Code:
oclHashcat-plus64.bin -m 0 -a 3 md5-Å‘.hash -1 Å‘ ?1?1?
oclHashcat-plus64.bin -m 0 -a 3 md5-Å‘.hash --hex-charset -1 151 ?1?1?
I put into txt. I tried UTF8, UTF8 without BOM, ISO8859, ISO8859-2, ISO8859-15 encoding, but still doesn't work.

I found "Å‘" charachter in charsets\combined\Portuguese.hcchr
Code:
oclHashcat-plus64.bin  -m 0 -a 3 Å‘.hash -1 charsets/combined/Russian.hcchr ?1?1?
Hard to believe, but it does not work.
#7
1. you don't need http://www.md5hashgenerator.com/ to generate hashes. We know we find the ISO code of that particular char here: http://en.wikipedia.org/wiki/ISO/IEC_8859-2 and we use linux OS, therefore run:
$ echo -en "\x01\x51"|md5sum
e8XXX09320XXXX08fXX5bXXX98XXX9f1

I even listed the codes you need s.t you are able to double-check, in above post: Å‘ "\x01\x51" ...

2. ?1?1? should be what? I see three question mark there... this doesn't make sense
3. --hex-charset -1 151 is what? hex needs 2 digits per "symbol" (0-ff , is 0 - 255) right? I gave you the examples... why are you doing it completely different...?
4. the hash you get from md5hashgenerator.com is wrong... (as said may be different encoding etc...)
5. just read carefully my post above and you should understand what you are doing wrongly...

the masked hash you posted (8f5b1XXXXedd5XXXX5595aXXXXe4315d) seems to correspond to the html entity string (urldecoded from %26%23337%3B to & # 3 3 7 ; - w/o spaces) ... basically the string "& #337;" (w/o space) was hashed by that site AS-IS.
Try
$ echo -en "& # 3 3 7 ;" | md5sum # remove the spaces to reproduce
Well, this sounds like a bad joke. I know this is not (just) your problem (if the site tries to hash html entities) but at least you should double-check w/ md5sum!

Therefore, again... the problems (and this in particular) seem to *not* lie on hashcat's site but between keyboard and computer ... and/or the service for md5 generation that you use Wink Just kidding
#8
Hi!

Really sorry, but the problem still here...
I generate md5, which you told me:
Code:
$ echo -en "\x01\x51"|md5sum
e8XXX09320XXXX08fXX5bXXX98XXX9f1

I can easily crack (you told me), when I set
Code:
--hex-charset -1 017151 ?1?1?

BUT, when I try to use Hungarian charset, or try to use another language charset which contains the "Å‘" char, oclhashcat can't reverse.

If my password is "Å‘12345", how can it be cracked? Because if I use --hex-charset and set the 017151 for the "Å‘" char, I have to use hex charset for this numbers: "12345" also. (this not simple)

Can I set --hex-charset only for one letter? For example:
-1 hexformat 017151
-2 124567890
Mask format: ?1?2?2?2?2

Interesting: When I use wordlist I try all encoding (ansi, utf8, iso8859, iso8859-2...), but can't reverse the hash.
#9
afaik I already told you how to do that *in detail*

Again, we start w/ (some) list of chars, let's stay with those defined here: http://en.wikipedia.org/wiki/ISO/IEC_8859-2

now we have a list that include also 12345 etc... we need to *either* use --hex-char or the .hcchr feature (http://hashcat.net/wiki/doku.php?id=mask...rset_files )...
Remember you can put kind of every character into that hcchr file (only *first* row counts).

So what we need to do is.... copy-paste the hex-codes (2.line of each cell from http://en.wikipedia.org/wiki/ISO/IEC_8859-2 ) and generate a hcchr file...
I.e. you can just copy-the numbers (hex-codes - middle-line) and but those "numbers" into a temp file.
then you have a list like this:
0020
0021
0023
...
00FD
0163
02D9

As we can immediately notice... at the first 2 "digits" of that list of 4 digits per line there is only 01 and 02 at the beginning....
therefore convert the list to (2 digit lines as below):
01
02
20
21
23
...
fd
63
d9

now I normally double-check if the lines are unique (since we "removed" the first 2 digits there may be some lines that are not uniq)..
sort -u mylist.txt > mylist_unique.txt

At this point you already have a list of all you hex-codes...
I usually convert this at the next step to 1 line (attention this is now sorted too! so a little bit rearranged from above)
0102....fd
Important: each "char" has exactly 2 digits... therefore the first line must be a multiple of 2
Say you have now this list w/ 1 line only and the length is multiple of 2, you should now be able to convert it to "chars" e.g. a simple run of xxd -r should work (it does convert hex codes to "chars"/binary):
Code:
xxd -p -r mylist_unique.txt > 8859-2.hcchr

This is your final hcchr file, that includes all chars from 8859-2 (if you need more you can add them of course but ... the more chars you have the longer bruteforce will take)...
Here is the mylist_unique.txt list that I have compiled from the wiki page (just for reference):
Code:
$ cat mylist_unique.txt
010203040506070C0D0E0F101118191A1B202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7EA0A4A7A8ADB0B4B8C1C2C4C7C9CBCDCED3D4D6D7D8D9DADBDCDDDFE1E2E4E7E9EBEDEEF3F4F6F7FAFCFD

(you need to run xxd -p -r mylist_unique.txt > 8859-2.hcchr # to get the hcchr file)

now to bruteforce the hash in question:
Code:
$ echo -en "\x01\x5112345"|md5sum
af2XaXXXX19XX0cXXX3XddXXXX5XX969
(I add this to m0000.txt , my hash file) and run:
Code:
$ ./oclHashcat -m 0 m0000.txt -a 3 -1 8859-2.hcchr --increment --increment-min 6 --increment-max 12 ?1?1?1?1?1?1?1?1?1?1?1?1

I already told you why we need the increment and why we need to have increment-min x and increment-max x*2 ... attention: the mask must ofc be long enough... at least 12 times ?1

This cracks the hash in question w/ a mask length of 7 (we already saw why? remeber? because the special letter - not the numbers - takes 2 code-points)...

Dictionary attack:
Code:
$ echo -en "\x01\x5112345" | md5sum | sed 's/ .*//' > m0000.txt
$ echo -en "\x01\x5112345" > dict.txt
$ ./oclHashcat -m 0 m0000.txt -a 0 -m m0000.txt dict.txt
Also this dictionary attack works as expected and "finds" the plain and cracks the hash.

Again, the only problem is that you need to understand how encoding works and need to prepare:
1. a hcchr file that includes every single character you want to bruteforce (including 01 and 02 hex-codes as defined in http://en.wikipedia.org/wiki/ISO/IEC_8859-2 )
2. the hash file must be generated correctly and the dict must contain *exactly* the "string"/line you want to crack (and we already saw the special char \x01\x51 need to be in the dict of course)....

So, you see it is very simple Wink