Hashcat not actually cracking the hash
#1
Hello, 

I am in a course this semester about various hacking techniques and we are currently working with hashcat and some basic VMs our professor set up. I've run into an issue that has me stumped and my professor cannot recreate it. 

Version 4.2.1 running on The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali) Linux in a VM environment on my Windows 10 machine via Oracle VM
 
I am taking a hash file I have (hash.txt) and running it against the basic John the Ripper password list we have. At first I was getting HEX output, and when I translated it I got the first line in the password.lst file, a comment about who made the list. Then I went in and deleted the comments and added the string --outfile-autohex-disable to my command. Now I didn't get hex, but I get the first line again, now password 12345. I know for a fact from running another form of password cracking that this is not the password. 

My professor took my file and entered the same command line I did <hashcat -m 1000 --force --potfile-disable --outfile-autohex-disable hash.txt /usr/share/john/password.lst> and it worked fine for him. 

I did a little searching and found a few other questions threads around with this same question, but all of them were closed because this seems to be unrecreatable. If anyone has any suggestions as to why this isn't working I would gladly appreciate the help. I can provide screen shots if needed but the contain the hash and I didn't want to break the forum rules. 

Thank you.
Reply
#2
Well lets cover some basics.

1. You are using The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali). Don't do that. As you'll have hopefully noticed, even the forum will automatically replace it's name with a more proper name. It doesn't handle hashcat well because it's a cluster fuck of other tools and it does not play nice with the OpenCL runtimes we need. Don't use it for hashcat and your life will be better. Just run hashcat on your Windows, it doesn't care and runs just as well on Windows as Linux.

2. You are using --force. The requirement for usage of --force is often due to a hashcat breaking problem with your installation. If you ran without it you probably got the following message: "You can use --force to override this, but do not report related errors." Let's read that message carefully a few times and make sure we understand it properly.

3. Optional: Don't run hashcat in a VM, especially if you plan to use GPUs. VMs and GPUs are annoying to get to play nicely together so just skip it and save yourself some headaches.

If your professor is telling you to use --force and/or run hashcat on Ka-li, you may want to point him to some of us so we can update him on best practice with hashcat. We've been telling people what to and what not to do for a while and yet, for some reason, it doesn't really seem to stick.
Reply
#3
Don't forget about using an old version of hashcat. There's no reason to use old when new is free and easily accessible.
Reply