-m 11600 7z
#1
Hello all,

Today i tried hashcat, and it shredded my VC container very nicely Smile

But when trying a .7z i struck an issue, i cannot crack it even though i know the password.

tools
win x 64b
cmd|color C
7z2hashcat (7z2hashcat64-1.1.exe)
hashcat (hashcat-3.6.0+274.7z)
7z v 9.20

Extract hash with 
"7z2hashcat.exe myarch.7z >>hash"

Create dictionary with the password insde dic.k (i use letters as .revisions)

"hashcat64.exe -m 11600 hash dic.k"

Code:
Session..........: hashcat
Status...........: Exhausted
Hash.Type........: 7-Zip
Hash.Target......: $7z$0$19$0$$8...1734e0
Time.Started.....: Mon Jul 31 20:50:58 2017 (1 min, 10 secs)
Time.Estimated...: Mon Jul 31 20:52:08 2017 (0 secs)
Guess.Base.......: File (dic.k)
Guess.Queue......: 1/1 (100.00%)
Speed.Dev.#1.....:        0 H/s (1.81ms)
Recovered........: 0/1 (0.00%) Digests, 0/1 (0.00%) Salts
Progress.........: 92/92 (100.00%)
Rejected.........: 0/92 (0.00%)
Restore.Point....: 92/92 (100.00%)
Candidates.#1....: dog -> cat
HWMon.Dev.#1.....: Fan:  0% Util:  0% Core:1000MHz Mem:1250MHz Bus:16


no success.
myarch.7z is then manually extracted with the same password successfully.



sometimes i crack myself up...
#2
Difficult to say without having the .7z and the extracted hash (but you are right, it is not allowed to post hashes here according to the forum's rules).

I would say that it makes sense in this case to test if the example hash cracks (https://hashcat.net/wiki/example_hashes).

Furthermore, it is not always recommended to use the beta versions to report problems. Maybe you could try the latest release version of hashcat too (https://hashcat.net/hashcat) ?
#3
Hello!

I googled around and found a post stating i should try the beta, when cracking 7z. Anyways, new test today, with a much smaler passphrase. And it worked. Is there perhaps a max length on passphrases?
#4
Yeah, you are right it sometimes depends on how "experimental" the beta currently is. Sometimes (actually very often) betas contain fixes for known problems/bugs and therefore at that very moment we recommend to use betas such that the user doesn't experience the problem (and the user can confirm that the beta version fixed the problem).
Other times, the betas are (very) experimental (like it is currently the case, since there were a lot of changes involving changes of max supported pass and salt length etc, see the github commit history for details).

There are some maximal values for passwords (also mentioned here: https://hashcat.net/wiki/doku.php?id=fre...ord_length).
In general, you should see within the status display if the password candidate was too long (have a look at the line labeled "Rejected").

You didn't really answer the question about if older and/or the current release version was able to crack your hash. You also didn't mention if the example hash works for you.