hashcat Forum Deprecated; Previous versions Old oclHashcat Support v
How to recover Joomla 1.5 password?

Threaded Mode
How to recover Joomla 1.5 password?
reils Offline
Junior Member
**
Posts: 13
Threads: 4
Joined: Aug 2014
#1
04-17-2015, 06:21 PM (This post was last modified: 04-17-2015, 06:46 PM by reils.)
Hi,

I have Joomla hashes, and cracking with my laptop gpu - NVIDIA GeForce GT750M

the script I have come up with is this

cudaHashcat64 -a 3 -m 11 --increment --increment-min=4 --increment-max=10 -o crack/cracked.txt hashes.txt -1 ?l?d ?1?1?1?1?1?1?1?1?1?1

I believe this should attempt to bruteforce any password containing either letters or digits with length of 4 - 10

Is that correct?



Output looks like this


Session.Name...: cudaHashcat
Status.........: Running
Input.Mode.....: Mask (?1?1?1?1?1?1?1) [7]
Hash.Target....: File (hashes.txt)
Hash.Type......: Joomla < 2.5.18
Time.Started...: Fri Apr 17 11:09:35 2015 (15 mins, 37 secs)
Time.Estimated.: Fri Apr 17 11:39:31 2015 (13 mins, 27 secs)
Speed.GPU.#1...: 44694.3 kH/s
Recovered......: 0/13 (0.00%) Digests, 0/13 (0.00%) Salts
Progress.......: 547352477696/1018734133248 (53.73%)
Skipped........: 0/547352477696 (0.00%)
Rejected.......: 0/547352477696 (0.00%)
Restore.Point..: 851968/1679616 (50.72%)
HWMon.GPU.#1...: 97% Util, 84c Temp, N/A Fan

[s]tatus [p]ause [r]esume [b]ypass [q]uit =>

I double checked my syntax so im pretty sure im doing it right, its just the "[7]" after mask that makes me wonder if its only bruteforcing a length of 7 ...

and also because I havent cracked anything yet idk if its working

EDIT the mask changed to 8 now so im guessing it is working correctly. If i dont crack anything then I guess I can try adding specials to the bruteforce. So is Joomla is a very weak hash? Seems easy if 10 character passwords can be bruteforced with a little laptop GPU
Find
undeath Offline
Sneaky Bastard
******
Posts: 2,301
Threads: 11
Joined: Jul 2010
#2
04-17-2015, 09:11 PM
Joomla is fast and weak but you won't see your laptop finishing that attack with 10 chars.
Find
reils Offline
Junior Member
**
Posts: 13
Threads: 4
Joined: Aug 2014
#3
04-17-2015, 09:32 PM (This post was last modified: 04-17-2015, 09:33 PM by reils.)
(04-17-2015, 09:11 PM)undeath Wrote: Joomla is fast and weak but you won't see your laptop finishing that attack with 10 chars.

Thanks,

i'll have to wait until I get my AMD R9 290 GPU server back up and throw it on there. Don't want to fry my laptop GPU

it said ETA 17hours when it got to 8chars

I thought the ETA of 13minutes was for ALL 10 chars!!! Nope, that was just for the 7
Find
undeath Offline
Sneaky Bastard
******
Posts: 2,301
Threads: 11
Joined: Jul 2010
#4
04-17-2015, 11:49 PM (This post was last modified: 04-17-2015, 11:49 PM by undeath.)
more than 8 chars brute force is not feasible for almost any system.
Find
reils Offline
Junior Member
**
Posts: 13
Threads: 4
Joined: Aug 2014
#5
04-18-2015, 12:18 AM (This post was last modified: 04-18-2015, 12:20 AM by reils.)
interesting

Instead of bruteforcing, i just ran rockyou.lst against it and cracked 4 Super Admins so no biggie

Shouldve tried that the first time

But it makes me wonder - why didnt the brute force work. One of the passwords was a 5 lowercase letter word
Find
epixoip Offline
Legend
******
Posts: 2,936
Threads: 12
Joined: May 2012
#6
04-18-2015, 01:37 AM
Joomla uses MD5, and MD5 is broken in the current version of cudaHashcat.
Find
reils Offline
Junior Member
**
Posts: 13
Threads: 4
Joined: Aug 2014
#7
04-18-2015, 04:24 AM
(04-18-2015, 01:37 AM)epixoip Wrote: Joomla uses MD5, and MD5 is broken in the current version of cudaHashcat.

Thanks epixoip, will keep that in mind. So is current version not able to do any attack on md5? Is it able to wordlist against md5? I might have ran the wordlist using cpu hashcat which would explain why it worked
Find