Posts: 3
Threads: 1
Joined: Feb 2018
I am tying to decrypt a Hash which is bcrypt blowfish (Unix). The hash is like this $2a$04$xxxxxxxxxx.
I already know the hash is a 6 digit numerical code.
As I know its going to be a 6-digit numerical code so I used a brute force with mask and it tried all the possible combinations in aorund 10 minutes and the hash could not be cracked.
Here is the command line I am using:
./hashcat -m 3200 -a 3 -1 ?d hash ?1?1?1?1?1?1
Note: I am using it on Mac OS and I tried another md5 hash which was also a 6-digit numerical code and was cracked with the same attack in less than a second
Now the question is why I am unable to crack the bcrypt hash with brute force mask attack? Am I missing something? Or I need to use some other way?
Posts: 930
Threads: 4
Joined: Jan 2015
This all looks like you're doing it right (may want to post commandline just in case, with hash masked if you're using it on the command line).
~
Posts: 3
Threads: 1
Joined: Feb 2018
Thanks royce, I think everything working good but wondering why its impossible to crack a 6-digit numerical code? Here what I get:
I used this command:
./hashcat -m 3200 -a 3 -1 ?d /Users/gumshoe/Documents/Hash.lst ?1?1?1?1?1?1
I got this:
hashcat (v4.1.0) starting...
OpenCL Platform #1: Apple
=========================
* Device #1: Intel(R) Core(TM) i5-5350U CPU @ 1.80GHz, skipped.
* Device #2: Intel(R) Iris(TM) Graphics 6100, 384/1536 MB allocatable, 48MCU
Hashes: 1 digests; 1 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates
Applicable optimizers:
* Zero-Byte
* Single-Hash
* Single-Salt
* Brute-Force
Minimum password length supported by kernel: 0
Maximum password length supported by kernel: 72
Watchdog: Temperature abort trigger disabled.
* Device #2: Skipping unstable hash-mode 3200 for this device.
You can use --force to override, but do not report related errors.
Session..........: hashcat
Status...........: Exhausted
Hash.Type........: bcrypt $2*$, Blowfish (Unix)
Hash.Target......: $2a$04$37xD.RGtAtsQBEuvE.8gv.XQwqH4Of1gNkNg/BWuoysn...oLpu6C
Time.Started.....: Tue Feb 27 10:53:05 2018 (0 secs)
Time.Estimated...: Tue Feb 27 10:53:05 2018 (0 secs)
Guess.Mask.......: ?1?1?1?1?1?1 [6]
Guess.Charset....: -1 ?d, -2 Undefined, -3 Undefined, -4 Undefined
Guess.Queue......: 1/1 (100.00%)
Recovered........: 0/1 (0.00%) Digests, 0/1 (0.00%) Salts
Progress.........: 0/1000000 (0.00%)
Rejected.........: 0/0 (0.00%)
Restore.Point....: 0/100000 (0.00%)
Started: Tue Feb 27 10:53:04 2018
Stopped: Tue Feb 27 10:53:06 2018
Then I used --force command for device 2
./hashcat -m 3200 --force -a 3 -1 ?d /Users/gumshoe/Documents/Hash.lst ?1?1?1?1?1?1
It worked and got this:
hashcat (v4.1.0) starting...
OpenCL Platform #1: Apple
=========================
* Device #1: Intel(R) Core(TM) i5-5350U CPU @ 1.80GHz, skipped.
* Device #2: Intel(R) Iris(TM) Graphics 6100, 384/1536 MB allocatable, 48MCU
Hashes: 1 digests; 1 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates
Applicable optimizers:
* Zero-Byte
* Single-Hash
* Single-Salt
* Brute-Force
Minimum password length supported by kernel: 0
Maximum password length supported by kernel: 72
Watchdog: Temperature abort trigger disabled.
[s]tatus [p]ause [b]ypass [c]heckpoint [q]uit => s
Session..........: hashcat
Status...........: Running
Hash.Type........: bcrypt $2*$, Blowfish (Unix)
Hash.Target......: $2a$04$37xD.RGtAtsQBEuvE.8gv.XQwqH4Of1gNkNg/BWuoysn...oLpu6C
Time.Started.....: Tue Feb 27 10:55:20 2018 (23 secs)
Time.Estimated...: Tue Feb 27 11:04:43 2018 (9 mins, 0 secs)
Guess.Mask.......: ?1?1?1?1?1?1 [6]
Guess.Charset....: -1 ?d, -2 Undefined, -3 Undefined, -4 Undefined
Guess.Queue......: 1/1 (100.00%)
Speed.Dev.#2.....: 1772 H/s (12.39ms) @ Accel:1 Loops:1 Thr:8 Vec:1
Recovered........: 0/1 (0.00%) Digests, 0/1 (0.00%) Salts
Progress.........: 42240/1000000 (4.22%)
Rejected.........: 0/42240 (0.00%)
Restore.Point....: 4224/100000 (4.22%)
Candidates.#2....: 102090 -> 130488
Finally it completed the attack in 10 minutes but nothing recovered. How strange?
Posts: 2,301
Threads: 11
Joined: Jul 2010
02-27-2018, 06:36 PM
(This post was last modified: 02-27-2018, 06:36 PM by undeath.)
is anything unclear about this warning?
Code:
* Device #2: Skipping unstable hash-mode 3200 for this device.
You can use --force to override, but do not report related errors.
Posts: 3
Threads: 1
Joined: Feb 2018
I think you did not see the complete message, In the 2nd one I used force and attack worked, But my question is still unable to decrypt.
Posts: 2,301
Threads: 11
Joined: Jul 2010
ok, I'll translate the message for you:
Quote:hash mode 3200 is known to be broken on this device. I'm refusing to run it. If you still want to run this hash mode on your broken device you can do so by using --force but do not expect this to work at all or do what you think or want it does and do not whine about it.
