Posts: 4
Threads: 1
Joined: Dec 2015
12-01-2015, 04:43 PM
(This post was last modified: 12-01-2015, 04:44 PM by Autrui.)
Hi,
I'm using hashcat for dictionnary attack and charset attack. No problem at all when I'm using --remove for charset attack. But for dictionnary attack... It doesn't remove any hash at all. There is only one instance for each hash.
For example, I'm using, for dictionnary attack :
Code:
hashcat-cli64.bin -m 0 md5_0.hash dictionary.txt -o md5outfile --remove
But it doesn't remove any hash at all from md5_0.hash file.
If I use
Code:
hashcat-cli64.bin -a 3 -1 ?d --increment hash_file.hash ?1?1?1?1?1 --remove --outfile=md5outfile
then there is no problem, all found hashes are removed from the hash_file.hash file.
Am I doing something wrong ?
Thanks for your help.
Posts: 2,267
Threads: 16
Joined: Feb 2013
First, please make sure that you use the newest release version of cpu hashcat (0.50).
It is important that your md5_0.hash file is uniqued, so no duplicate hashes (use sort -u md5_0.hash | sponge md5_0.hash for instance to unique it).
Please also try with the included examle hashes/words.
cd [download_folder_of_cpu_hashcat]
cp examples/A0.M0.hash .
./hashcat-cli64.bin --remove -m 0 -o md5outfile A0.M0.hash examples/A0.M0.word
Does this produce an empty A0.M0.hash file ? (check with ls -l A0.M0.hash)
P.S. also make sure you did understand the topics covered by the faq (about --remove etc) for instance
https://hashcat.net/wiki/frequently_aske...as_cracked
Posts: 4
Threads: 1
Joined: Dec 2015
I'm using the latest release of cpu hashcat : hashcat-0.50.
I'm certain that my md5_0.hash file is uniqued (can't find what sponge is ?) :
Code:
root:~/hashcat-0.50# cat md5_0.hash
098f6bcd4621d373cade4e832627b4f6
3ed7dceaf266cafef032b9d5db224717
900150983cd24fb0d6963f7d28e17f72
092e974799a5b3b8771f3a2549e9e7b6
21232f297a57a5a743894a0e4a801fc3
Code:
root:~/hashcat-0.50# sort -u md5_0.hash
092e974799a5b3b8771f3a2549e9e7b6
098f6bcd4621d373cade4e832627b4f6
21232f297a57a5a743894a0e4a801fc3
3ed7dceaf266cafef032b9d5db224717
900150983cd24fb0d6963f7d28e17f72
I tried with the included example :
Code:
root:~/hashcat-0.50# ./hashcat-cli64.bin --remove -m 0 -o md5outfile A0.M0.hash examples/A0.M0.word
This copy of hashcat will expire on 01.01.2016. Please upgrade to continue using hashcat.
Initializing hashcat v0.50 with 1 threads and 32mb segment-size...
Added hashes from file A0.M0.hash: 102 (1 salts)
All hashes have been recovered
Input.Mode: Dict (examples/A0.M0.word)
Index.....: 1/1 (segment), 102 (words), 2769 (bytes)
Recovered.: 102/102 hashes, 1/1 salts
Speed/sec.: - plains, 96 words
Progress..: 102/102 (100.00%)
Running...: 00:00:00:01
Estimated.: --:--:--:--
Started: Tue Dec 1 16:56:17 2015
Stopped: Tue Dec 1 16:56:18 2015
root:~/hashcat-0.50# ./hashcat-cli64.bin --remove -m 0 -o md5outfile A0.M0.hash examples/A0.M0.word
This copy of hashcat will expire on 01.01.2016. Please upgrade to continue using hashcat.
Initializing hashcat v0.50 with 1 threads and 32mb segment-size...
No hashes loaded
I don't really understand what's going on... Am I really missing something this huge ?
Thanks for your help.
Posts: 2,267
Threads: 16
Joined: Feb 2013
(12-01-2015, 06:01 PM)Autrui Wrote:
It seems that it worked for you too: If it says "No hashes loaded" the file "md5_0.hash" is probably empty (and therefore the --remove
did work)
You can also just open the file "md5_0.hash" and check if it is empty (for this particular example or if it has less hashes for the general case, i.e. if at least one hash cracked).
So everything seems good. I don't really understand what you think is not working correctly.
It even works with your example hash file.
Posts: 4
Threads: 1
Joined: Dec 2015
It worked, but for the A0.M0.hash file. If I do it for my md5_0.hash file I have this :
Code:
root:~/hashcat-0.50# ./hashcat-cli64.bin --remove -m 0 -o md5outfile md5_0.hash dictionary.txt
This copy of hashcat will expire on 01.01.2016. Please upgrade to continue using hashcat.
Initializing hashcat v0.50 with 1 threads and 32mb segment-size...
Added hashes from file md5_0.hash: 5 (1 salts)
[s]tatus [p]ause [r]esume [b]ypass [q]uit =>
Input.Mode: Dict (dictionary.txt)
Index.....: 1/1 (segment), 14 (words), 97 (bytes)
Recovered.: 4/5 hashes, 0/1 salts
Speed/sec.: - plains, - words
Progress..: 14/14 (100.00%)
Running...: --:--:--:--
Estimated.: --:--:--:--
Started: Tue Dec 1 17:15:22 2015
Stopped: Tue Dec 1 17:15:22 2015
root:~/hashcat-0.50# ./hashcat-cli64.bin --remove -m 0 -o md5outfile md5_0.hash dictionary.txt
This copy of hashcat will expire on 01.01.2016. Please upgrade to continue using hashcat.
Initializing hashcat v0.50 with 1 threads and 32mb segment-size...
Added hashes from file md5_0.hash: 5 (1 salts)
[s]tatus [p]ause [r]esume [b]ypass [q]uit =>
Input.Mode: Dict (dictionary.txt)
Index.....: 1/1 (segment), 14 (words), 97 (bytes)
Recovered.: 4/5 hashes, 0/1 salts
Speed/sec.: - plains, - words
Progress..: 14/14 (100.00%)
Running...: --:--:--:--
Estimated.: --:--:--:--
Started: Tue Dec 1 17:15:24 2015
Stopped: Tue Dec 1 17:15:24 2015
Which is not really what I expect... Nothing is removed from the md5_0.hash file :/
And I really don't understand why it works for the example file, but not for my file...
Posts: 30
Threads: 1
Joined: May 2015
Have you actually checked the hash file? Hashcat saves your progress (in a .pot file, generally in C:\Users\username\) and I'm pretty sure it'll give that kind of output, even when the hashes themselves have been removed from the file.
Posts: 4
Threads: 1
Joined: Dec 2015
Yup, I've checked the file, after the dictionary attack and the charset attack. I've also deleted the pot file, to see if it has something to do with it, but no change... The content of the md5_0.hash file is the same with 10 dictionary attack, but changes after the first charset attack :/
Posts: 2,267
Threads: 16
Joined: Feb 2013
12-02-2015, 11:01 AM
(This post was last modified: 12-02-2015, 11:01 AM by philsmd.)
I can't reproduce the problem here; no matter what I try.
Maybe you have some special setup: for instance a remote drive (not a local disk), the file/directory does not have write permissions etc.
A useful test would be to download a fresh copy of hashcat from
https://hashcat.net/hashcat and create fresh copies of the files (hash file, dictionary file etc) without cp'ing them and test it again.
Maybe you can also test with a different computer (again without copying everything, prefer fresh copies of the files) such that we can exclude that the problem lies on that particular setup.
Posts: 347
Threads: 3
Joined: May 2010
Reproduced, gonna investigate.