Posts: 3
Threads: 1
Joined: Feb 2018
02-01-2018, 11:42 PM
(This post was last modified: 02-01-2018, 11:44 PM by frepie.)
As a newbie that registered in a network security class, I was asked to hash (MD5) a password and to crack it with hashcat.
My password is "trumpette". John the ripper craked it within a few minutes but hashcat never managed to crack it.
The command I used is
Code:
hashcat -a 0 -m 0 -O hash_string /usr/lib/rockyou.txt
Is there anything in this command line that would explain why hashcat fails?
Thank you
Posts: 930
Threads: 4
Joined: Jan 2015
02-01-2018, 11:50 PM
(This post was last modified: 02-02-2018, 12:13 AM by royce.)
Since this is a demo hash with a known plaintext, OK to post it here.
Works for me:
Code:
$ echo -n 'trumpette' | md5sum
6d980c97874860347312769e9854dab6 -
$ echo 'trumpette' | hashcat --quiet -a 0 -m 0 -O 6d980c97874860347312769e9854dab6
6d980c97874860347312769e9854dab6:trumpette
Also, 'trumpette' doesn't appear in rockyou:
Code:
$ fgrep trumpette /home/royce/crack/rockyou.txt
trumpettennis
Perhaps your John the Ripper attack mode is doing something other than just a straight wordlist?
Also make sure that you're not trying to crack this hash, which includes the newline (and is therefore a different hash):
Code:
$ echo 'trumpette' | md5sum
b3956910c1b26bc98b19ef80944a08cf -
~
Posts: 3
Threads: 1
Joined: Feb 2018
[
There is definitely something I am doing wrong. While John cracked this hash in around 8 minutes on a slow virtualbox The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali) machine, the same hash couldn't be cracked by hashcat on a physical machine after more than 11 hours.
the command:
Code:
hashcat --quiet -a 0 -m 0 -O 6d980c97874860347312769e9854dab6
The last update status:
Code:
Session..........: hashcat
Status...........: Running
Hash.Type........: MD5
Hash.Target......: 6d980c97874860347312769e9854dab6
Time.Started.....: Thu Feb 1 22:47:36 2018 (11 hours, 17 mins)
Time.Estimated...: Fri Feb 2 10:05:04 2018 (0 secs)
Guess.Base.......: Pipe
Speed.Dev.#1.....: 0 H/s (0.00ms)
Recovered........: 0/1 (0.00%) Digests, 0/1 (0.00%) Salts
Progress.........: 0
Rejected.........: 0
Restore.Point....: 0
Candidates.#1....: [Copying]
HWMon.Dev.#1.....: Temp: 28c Fan: 33% Util: 0% Core: 135MHz Mem: 405MHz Bus:16
Posts: 2,267
Threads: 16
Joined: Feb 2013
if you use -a 0 you should specify at least one word list (dictionary file).
Otherwise, hashcat will assume that you sent the password candidates via standard input (stdin) and therefore use a pipe.
It's actually also mentioned within your output
Code:
Guess.Base.......: Pipe
futhermore, you will see this within your output
Code:
Starting attack in stdin mode...
I guess you better do not use --quiet and try to learn how to use the different attack types supported by hashcat by reading the wiki/faq/hashcat forum posts etc.
Posts: 3
Threads: 1
Joined: Feb 2018
(02-02-2018, 05:22 PM)philsmd Wrote: if you use -a 0 you should specify at least one word list (dictionary file).
Otherwise, hashcat will assume that you sent the password candidates via standard input (stdin) and therefore use a pipe.
It's actually also mentioned within your output
Code:
Guess.Base.......: Pipe
futhermore, you will see this within your output
Code:
Starting attack in stdin mode...
I guess you better do not use --quiet and try to learn how to use the different attack types supported by hashcat by reading the wiki/faq/hashcat forum posts etc.
I am a total newbie so the doc I found in the wiki is almost incomprehensible.
