Partial recovery
#1
So I have been to Crackstation.net trying to crack a few hashes that I wasnt able to crack myself. I got a few partial match.

Can someone explain me how these partial match are obtained? is there a way to truncate a sha1 hash to get that partial result or is it something else? I have an example but I cant post it because its against the rule of this site.

But if anyone has any info on the matter Im all ears Big Grin


thank you in advance.
#2
Only way this would make sense is if you were cracking LM.
#3
The only hashes you can have partial matches are LM hashes because they are actually two hashes.
#4
well I have a SHA-1 hash here that if input in CRACKSTATION gives me a yellow bar and it mentions PARTIAL MATCH and the partial that is given to me is making a lot of sense considaring the source.
#5
holy lol
#6
ok heres the pic ive hidden the hash
http://postimg.org/image/4twlk165n
#7
I do have some understanding of how sha1 encryption works. That is exactly why I dont get how they come up with these partial results. Changing 1 character would theorically change the whole hash but somehow if I copy half the hash x2 and send it as a hash in CrackStation it still gives me the partial. So it is able to get partial results from half a sha1 hash somehow. I really want to understand how they do this Ive pm the author of the siite. This could be very useful in cracking those last hash. Smile
#8
ok I think I know what happened. After doing a few test with generated sha1 encrypted pass I figured out some of my hash were corrupted. Which explains the partial match. Ive made sha1 hash out of those partial match and they were really close to the perfect match.

If this is all true then would it be faster to compare against half a hash instead of the the whole string? Is this already implemented?
#9
It would be nice if hashcat had an option where you can only computer half the hash and compare it to half of target hash and maybe get a few lucky hit at a faster pace.

here is the answer from the guy at CrackStation

Taylor Hornby ‏@DefuseSec May 11
@aprizm The index is sorted on the first 64 bits of the hash, so if those match it'll return it as a partial match.
#10
(05-13-2015, 04:16 AM)aprizm Wrote: It would be nice if hashcat had an option where you can only computer half the hash and compare it to half of target hash and maybe get a few lucky hit at a faster pace.

I think you are very confused about how this works. You can't compute "half a hash", and that's not what Taylor's lookup tables are doing either. Lookup tables & lossy hash tables compute the full hash value, but then only store/index X number of bits. This only works for TMTO, this isn't anything hashcat could ever "take advantage of" since hashcat doesn't use lookup tables.