Nice tip to use old versions for stone age hardware.
#1
While messing about with cracking some LM hashes using rainbow tables I wanted a way to crack the case of the letters. Hashcat was the obvious choice since I knew it had the toggle case rules.

But my server which I use for the rainbow table cracking is a really old Sony laptop nailed to the wall. So it has a big problem:
cat /proc/cpuinfo | fgrep model\ name
model name : Intel(R) Pentium(R) CPU P6100 @ 2.00GHz

So no chance of openCL which means no chance of the nice shiny wonderful new merged Hashcat since it needs it.

I could use an older version but old versions were time bombed to force people to update. Which I think sucks. But it is true. Most people really do need a kick to get them to update.

Its possible to change the clocks back but that's just not good IMO.

Enter: libfaketime - spoof whatever time you want at runtime for only the program you're running!

So I chose Hashcat 0.49.

Simply install libfaketime:
sudo apt install libfaketime

and then use it with LD_PRELOAD like so:
LD_PRELOAD=/usr/lib/x86_64-linux-gnu/faketime/libfaketime.so.1 FAKETIME="@$(stat -c %y hashcat-cli64.bin)" ./hashcat-cli64.bin -m 1000 -a 2 <(printf "NTLM_HASH") <(printf "CRACKED_LM_PLAINTEXT")

No need to guess when it was usable. Just toss in the modify date of the binary.

That will toggle the case of all the letters and voila, the corresponding NTLM hash from LM on old hardware from the stone age!

The faketime tool is another option:
sudo apt install faketime

and then:
faketime -f "@$(stat -c %y hashcat-cli64.bin)" ./hashcat-cli64.bin -m 1000 -a 2 <(printf "NTLM_HASH") <(printf "CRACKED_LM_PLAINTEXT")

Not sure who in their right mind would be using LM hashes these days but I was bored and wanted to use my old rainbow tables to go from LM to NTLM.
Reply
#2
Two things:

1. If you had just gone to our Github page and downloaded hashcat-legacy v2.00 or built it from source, you wouldn't have had to jump through all the hoops to bypass the timebomb in an ancient version.

2. If you spent a couple hundred dollars you could easily build a modest cracking rig that would be much faster than using long-deprecated rainbow tables.
Reply
#3
(06-24-2017, 04:56 AM)epixoip Wrote: 1. If you had just gone to our Github page and downloaded hashcat-legacy v2.00 or built it from source, you wouldn't have had to jump through all the hoops to bypass the timebomb in an ancient version.

I'm not sure 2.0 would work on this thing. It's pretty ancient. And to compile I would need to get all the dependencies and install them. Which also probably wouldn't work.

(06-24-2017, 04:56 AM)epixoip Wrote: 2. If you spent a couple hundred dollars

Nope. I absolutely positively cannot throw anywhere near hundreds of dollars around. Can't even spend that on upgrading my hanging to bits ancient broken laptop nailed to the wall server.

(06-24-2017, 04:56 AM)epixoip Wrote: long-deprecated rainbow tables.

Depreciated? Even for LM? I've noticed that new and shiny hashcat says it will take about 51 minutes bruteforcing 7 characters long LM with a mixalphanumeric-all character set. This is on two HD 7970 M on my beefier laptop which is the most powerful I can manage. To do the same from RTI2 rainbow tables takes less than half the time and probably less than quarter the power and the server alone can do it so I don't have to SSH jump from server to my beefier main laptop.

So for me at least they are totally ideal.
I might try 2.0 though if I can make the time.
Reply