Cant crack simple russian password
#1
Hello!
I can't crack simple russian password/

password: хер
hash: c2767da21725edccced3fd251e4d8619
hash grabbed from server 2008r2.
I read the article http://www.netmux.com/blog/ultimate-guid...-using-has
and try crack with following command line:

hashcat64.exe -a 3 -1000 hash.txt --hex-charset -1 d0d1d2d3d4 -2 808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebf -i ?1?2?1?2?1?2?1?2

But the process ends without result. What's my mistake?
#2
Something is wrong with the hash, see here:

Quote:root@ht:~/hashcat# echo -n xep | tools/test.pl passthrough 1000
923016c8fde48818706a6d93bf883234
#3
As you can see by looking into the charsets folder of hashcat, russian chars can be represented with different encodings (cp1251, ISO-8859-5, KOI8-R.hcchr etc).

So one problem is that all these input types (input encodings) need to be tested, not just one of them.

Second problem is that NTML is kind of special since it uses utf16 characters within the hashing algorithm. One limitation of hashcat is that it is cheating a little bit and doesn't do the utf16 conversion completely/correctly, it just sets the second byte to zero, since that is almost always the case (with 0x00-0xff input bytes)... but as we get some input characters that are represented by bytes > 0xff, this approach fails and hashcat can't crack them.

Here is the test, how to crack this particular example anyway (hashes masked):
Code:
./hashcat -m 900 -a 3 -i --hex-charset -1 04354045 c27xxxa2172xxxcced3fdxxxxd8x19 ?1?1?1?1?1?1?1?1
c27xxxa2172xxxcced3fdxxxxd8x19:$HEX[450435044004]

I converted it like this:
Code:
echo d185d0b5d180 | xxd -r -p | iconv -f utf-8 -t utf-16le | xxd -p
450435044004