Proper Dictionary Usage
#1
Sorry I am new to hashcat but I love playing with GPUs. I am trying to get the password for an encrypted LTC wallet that I forgot the password too. I got the password hash and it's SHA-256 and I have one computer dedicated to brute forcing it which may take years so I am using my other machine to use a dictionary attack. Here is the command I am using but it isn't working 
Code:
hashcat64 -m 1400 -a 3 Hash.txt  realuniq.lst -o Done.txt

realuniq.lst is the wordlist, Hash.txt is where the hash is stored and it's outputting it to Done.txt. Also are my arguements correct to fully utilize a GTX1080? Thanks for the info.
Reply
#2
Litecoin wallets (wallet.dat) use a very specific algorithm which hashcat covers with hash mode:
-m 11300 = Bitcoin/Litecoin wallet.dat

use bitcoin2john.py to extract the "hash" (remove all file names and the separating colons from the output, see: https://hashcat.net/wiki/example_hashes)
Reply
#3
(01-02-2018, 11:59 PM)philsmd Wrote: Litecoin wallets (wallet.dat) use a very specific algorithm which hashcat covers with hash mode:
-m 11300 = Bitcoin/Litecoin wallet.dat

use bitcoin2john.py to extract the "hash" (remove all file names and the separating colons from the output, see: https://hashcat.net/wiki/example_hashes)

Thanks but I guess I should have been a bit more specific. The wallet is encrypted in 7zip so I used hashcat 7zip to take the 7zip hash of the file used that to get the password hash. Now I am trying to crack that password to decrypt it.
Reply
#4
why are you trying -m 1400 in your first post then?
Reply
#5
(01-03-2018, 01:38 AM)undeath Wrote: why are you trying -m 1400 in your first post then?

Like I said I am new. Isn't 1400 for SHA-256?
Reply
#6
7-zip has its own implementation. It's -m 11600, also a very slow hash. So if you're needing to guess two separate passwords for both the 7zip portion and wallet data while using a large wordlist you're most likely not going to get anywhere. Unless you have some heavy duty equipment (queue hashcat's sales team for Brutalis) and any knowledge of possible parts or locations of the password you're just going to wasting power.
Reply
#7
(01-03-2018, 02:54 AM)slyexe Wrote: 7-zip has its own implementation. It's -m 11600, also a very slow hash. So if you're needing to guess two separate passwords for both the 7zip portion and wallet data while using a large wordlist you're most likely not going to get anywhere. Unless you have some heavy duty equipment (queue hashcat's sales team for Brutalis) and any knowledge of possible parts or locations of the password you're just going to wasting power.

I used 11600 and it gave me a SHA-256 hash. Then I started on that because I assumed that was the password hash.
Reply
#8
(01-02-2018, 11:59 PM)philsmd Wrote: Litecoin wallets (wallet.dat) use a very specific algorithm which hashcat covers with hash mode:
-m 11300 = Bitcoin/Litecoin wallet.dat

use bitcoin2john.py to extract the "hash" (remove all file names and the separating colons from the output, see: https://hashcat.net/wiki/example_hashes)

I'll go through the whole process in case anyone is confused. I used 7z2hashcat to get the hash for the 7zip file which is encrypted. I then used what I got from that in hashcat with 11600 and it output the same thing except at the end of the hash there was now :Anfug2 (changed the info for security if it matters at all). So it looked like $7z$0$19$0$........91:Anfug2. I run this with 11600 in hashcat and it gives salt exception error. So what is that thing it added and I forgot how I ended up with a SHA-256 hash.
Reply
#9
After comparing hash examples my 7zip hash is missing the salt
$7z$0$19$0$salt$8$f6
$7z$0$19$0$___$8$5
Mine is on the bottom and I included a space where salt should be. Does it need the actual word salt or a value/phrase?
Reply
#10
Updated to 4.0.1 and now it accepts the original 7zip hash without instantly dumping the same one with the extra jazz on the end. I have a feeling I'm going to end up with the same SHA-256 hash but that's fine.
Reply