Cracking Turkish/Foreign Hashes
#1
Howdo!

So i'm having a go at trying to crack some hashes created with the turkish characters: https://en.wikipedia.org/wiki/Wikipedia:...characters

Cracking a two character MD5 hash generated by the following python.

Code:
m = hashlib.md5()
m.update("ĞĞ")
print m.hexdigest()

I've taken the liberty of looking up the UTF8 unicode double byte values of the characters in question which in this case are:

Code:
Ğ - C4 9E
İ - C4 B0
Ş - C5 9E
ğ - C4 9F
ı - C4 B1
ş - C5 9F

resulting in a -1 and a -2 of:

Code:
-1 c4c5
-2 9e9fb0b1


So the command I'm now running is

/opt/hashcat-4.1.0/hashcat64 -O -m 0 -a 3 -1c4c5 -29e9fb0b1 --hex-charset hash ?1?2?1?2

According to all info i've read its been a case of find the UTF-8 value of the characters you want to crack, paste them into charsets 1 and 2 and go go magic hashcat it cracks. this obviously is not the case here as nothing drops out. If I only crack a single character MD5 (reducing the mask to ?1?2) it will crack however, but anything more than 1 it just fails.

NTLM hashes, don't crack even at 1 character length and while im experimenting with md5 and ntlm the actual target hash I need to crack are mode 13100 hashes (KRB-TGS) so I'm wondering the following:

1. what on earth is the proper way of approaching foreign characters in a password?
2. Does the technique vary based upon hashing algorithm, for example a single char md5 will crack successfully, but any more than a single char fails. A single char NTLM hash however does not crack successfully.
3. When using wordlists and dictionaries, is taking say a turkish wordlist sufficient for hashcat to crack passwords or do I have to be concerned with character encoding?

3a. Character Encoding - I can get the system default encoding from the target host, and I can determine the encoding of the input dictionary, do I specify both? one? or other? if it is required.

Thanks for any help folk can spare! Smile
#2
What MD5 is your Python producing? I get:

Code:
$ echo -n 'ĞĞ' | md5sum
411019a0840fad007398bcab6cc9188c  -

... which hashcat cracks, using your syntax:

Code:
$ hashcat --quiet -O -m 0 -a 3 -1c4c5 -29e9fb0b1 --hex-charset md5.gg.test ?1?2?1?2
411019a0840fad007398bcab6cc9188c:ĞĞ
~
#3
for the love of Cthulhu stop using python2

python3:
Code:
m = hashlib.md5()
m.update("ĞĞ".encode('utf-8'))
print(m.hexdigest())