hashcat Forum Deprecated; Ancient Versions Very old oclHashcat-plus Support v
Mask error?

Threaded Mode
Mask error?
logistix Offline
Junior Member
**
Posts: 5
Threads: 1
Joined: Jan 2012
#1
01-25-2012, 05:13 PM
I created a .txt file as my dictionary with the word panthers in it and then use the ?d?d mask to crack the known WPA password of panthers77 successfully. However, when I try the .txt file with the word panthe in it with a mask of ?l?l?d?d it get exhausted. What am I doing wrong?
Find
atom Offline
Administrator
*******
Posts: 5,185
Threads: 230
Joined: Apr 2010
#2
01-25-2012, 11:27 PM
hey ho.. i cant reproduce this locally, see my tests:

Quote:root@sf:~/oclHashcat-plus-0.08# mkpasswd -m md5 panthers77 > hash
root@sf:~/oclHashcat-plus-0.08# echo -n panthers77 | ./oclHashcat-plus64.bin -m 500 hash
oclHashcat-plus v0.08 by atom starting...

Hashes: 1
Unique salts: 1
Unique digests: 1
Bitmaps: 8 bits, 256 entries, 0x000000ff mask, 1024 bytes
Rules: 1
GPU-Loops: 64
GPU-Accel: 16
Password lengths range: 1 - 15
Platform: AMD compatible platform found
Watchdog: Temperature limit set to 90c
Device #1: Cypress, 1024MB, 0Mhz, 20MCU
Device #2: Cypress, 1024MB, 0Mhz, 20MCU
Device #1: Allocating 48MB host-memory
Device #1: Kernel ./kernels/4098/m0500.Cypress.64.kernel (785000 bytes)
Device #2: Allocating 48MB host-memory
Device #2: Kernel ./kernels/4098/m0500.Cypress.64.kernel (785000 bytes)

Starting attack in wordlist stdin mode...

$1$6Bz7LThf$AgZUH9K.dUIP8vEXF8KjX/:panthers77

Status.......: Cracked
Input.Mode...: Pipe
Hash.Target..: $1$6Bz7LThf$AgZUH9K.dUIP8vEXF8KjX/
Hash.Type....: md5crypt, MD5(Unix), FreeBSD MD5, Cisco-IOS MD5
Time.Running.: 1 sec
Time.Util....: 1000.7ms/0.0ms Real/CPU, 0.0% idle
Speed........: 1 c/s Real, 0 c/s GPU
Recovered....: 1/1 Digests, 1/1 Salts
Progress.....: 1
Rejected.....: 0
HW.Monitor.#1: 0% GPU, 44c Temp
HW.Monitor.#2: 0% GPU, 38c Temp

Started: Wed Jan 25 22:05:55 2012
Stopped: Wed Jan 25 22:05:56 2012

root@sf:~/oclHashcat-plus-0.08# echo -n panthers > dict
root@sf:~/oclHashcat-plus-0.08# ./oclHashcat-plus64.bin -m 500 hash -a 6 dict ?d?d
oclHashcat-plus v0.08 by atom starting...

Hashes: 1
Unique salts: 1
Unique digests: 1
Bitmaps: 8 bits, 256 entries, 0x000000ff mask, 1024 bytes
GPU-Loops: 64
GPU-Accel: 16
Password lengths range: 1 - 15
Platform: AMD compatible platform found
Watchdog: Temperature limit set to 90c
Device #1: Cypress, 1024MB, 0Mhz, 20MCU
Device #2: Cypress, 1024MB, 0Mhz, 20MCU
Device #1: Allocating 48MB host-memory
Device #1: Kernel ./kernels/4098/m0500.Cypress.64.kernel (785000 bytes)
Device #2: Allocating 48MB host-memory
Device #2: Kernel ./kernels/4098/m0500.Cypress.64.kernel (785000 bytes)

Scanned dictionary dict: 9 bytes, 1 words, 100 keyspace, starting attack...

$1$6Bz7LThf$AgZUH9K.dUIP8vEXF8KjX/:panthers77

Status.......: Cracked
Input.Base...: File (dict)
Input.Mod....: Mask (?d?d)
Hash.Target..: $1$6Bz7LThf$AgZUH9K.dUIP8vEXF8KjX/
Hash.Type....: md5crypt, MD5(Unix), FreeBSD MD5, Cisco-IOS MD5
Time.Running.: 1 sec
Time.Util....: 1000.7ms/0.0ms Real/CPU, 0.0% idle
Speed........: 100 c/s Real, 1297 c/s GPU
Recovered....: 1/1 Digests, 1/1 Salts
Progress.....: 100/100 (100.00%)
Rejected.....: 0/100 (0.00%)
HW.Monitor.#1: 0% GPU, 42c Temp
HW.Monitor.#2: 0% GPU, 40c Temp

Started: Wed Jan 25 22:06:24 2012
Stopped: Wed Jan 25 22:06:26 2012

root@sf:~/oclHashcat-plus-0.08# echo -n panthe > dict
root@sf:~/oclHashcat-plus-0.08# ./oclHashcat-plus64.bin -m 500 hash -a 6 dict ?l?l?d?d
oclHashcat-plus v0.08 by atom starting...

Hashes: 1
Unique salts: 1
Unique digests: 1
Bitmaps: 8 bits, 256 entries, 0x000000ff mask, 1024 bytes
GPU-Loops: 64
GPU-Accel: 16
Password lengths range: 1 - 15
Platform: AMD compatible platform found
Watchdog: Temperature limit set to 90c
Device #1: Cypress, 1024MB, 0Mhz, 20MCU
Device #2: Cypress, 1024MB, 0Mhz, 20MCU
Device #1: Allocating 48MB host-memory
Device #1: Kernel ./kernels/4098/m0500.Cypress.64.kernel (785000 bytes)
Device #2: Allocating 48MB host-memory
Device #2: Kernel ./kernels/4098/m0500.Cypress.64.kernel (785000 bytes)

Scanned dictionary dict: 7 bytes, 1 words, 67600 keyspace, starting attack...

$1$6Bz7LThf$AgZUH9K.dUIP8vEXF8KjX/:panthers77

Status.......: Cracked
Input.Base...: File (dict)
Input.Mod....: Mask (?l?l?d?d)
Hash.Target..: $1$6Bz7LThf$AgZUH9K.dUIP8vEXF8KjX/
Hash.Type....: md5crypt, MD5(Unix), FreeBSD MD5, Cisco-IOS MD5
Time.Running.: 1 sec
Time.Util....: 1000.8ms/0.0ms Real/CPU, 0.0% idle
Speed........: 67549 c/s Real, 910.3k c/s GPU
Recovered....: 1/1 Digests, 1/1 Salts
Progress.....: 67600/67600 (100.00%)
Rejected.....: 0/67600 (0.00%)
HW.Monitor.#1: 0% GPU, 44c Temp
HW.Monitor.#2: 0% GPU, 40c Temp

Started: Wed Jan 25 22:07:00 2012

but maybe its related to wpa kernel. you can give me the .hccap so that i can reproduce it with wpa? please also tell me driver version you are using
Website Find
logistix Offline
Junior Member
**
Posts: 5
Threads: 1
Joined: Jan 2012
#3
01-25-2012, 11:40 PM
I emailed you the .hccap file. I am using 11.12 drivers on a 5870 but sometimes use 2 6770's. I used the GUI 0.5.0 and then chose the oclHashcat-plus tab. Thank you for looking into this!
Find
logistix Offline
Junior Member
**
Posts: 5
Threads: 1
Joined: Jan 2012
#4
01-26-2012, 04:48 AM
I am also getting the same exhausted behavior with the command line:

c:\hashcat\oclHashcat-plus-0.07>oclHashcat-plus64.exe --hash-type 2500 --attack-mode 6 --outfile c:\hashcat\oclHashcat-p
lus-0.07\12345678.FOUND.txt --gpu-devices 2,3 c:\hashcat\oclHashcat-plus-0.07\12345678.hccap C:\hashcat\oclHashcat-plus-
0.07\12345.txt ?d?d?d

The dictionary .txt file has only 12345 in it and the ?d?d?d mask should try appending the rest of the numbers. The known password is 12345678 and it works successfully with bruteforce and dictionary attacks. The .cap file can be found in the aircrack-ng folder and converted to .hccap to do testing.
Find
atom Offline
Administrator
*******
Posts: 5,185
Threads: 230
Joined: Apr 2010
#5
01-26-2012, 07:10 AM
excellent find. i can confirm its a bug. i was able to reproduce this locally and i have already fixed it.

it occours in -a 6 when the base word side is < length 8, because oclhashcat-plus rejects them since in WPA the plain must be at least of length 8. Of course this is a bug, because it has to add the length of the modifier side. you can see this here:

Quote:Progress.....: 67600/67600 (100.00%)
Rejected.....: 67600/67600 (100.00%)

Thanks again for reporting!

here is a quote of the fixed version:

Quote:root@sf:~/oclHashcat-plus-0.08# ./oclHashcat-plus64.bin -m 2500 Snohomish.hccap dict -a 6 ?l?l?d?d
oclHashcat-plus v0.08 by atom starting...

Hashes: 1
Unique salts: 1
Unique digests: 1
Bitmaps: 8 bits, 256 entries, 0x000000ff mask, 1024 bytes
GPU-Loops: 128
GPU-Accel: 16
Password lengths range: 8 - 15
Platform: AMD compatible platform found
Watchdog: Temperature limit set to 90c
Device #1: Cypress, 1024MB, 0Mhz, 20MCU
Device #2: Cypress, 1024MB, 0Mhz, 20MCU
Device #1: Allocating 24MB host-memory
Device #1: Kernel ./kernels/4098/m2500.Cypress.64.kernel (1655748 bytes)
Device #2: Allocating 24MB host-memory
Device #2: Kernel ./kernels/4098/m2500.Cypress.64.kernel (1655748 bytes)

Scanned dictionary dict: 7 bytes, 1 words, 67600 keyspace, starting attack...

Snohomish:panthers77

Status.......: Cracked
Input.Base...: File (dict)
Input.Mod....: Mask (?l?l?d?d)
Hash.Target..: Snohomish (00:1e:e5:55:3c:98 <-> 90:4c:e5:25:81:36)
Hash.Type....: WPA/WPA2
Time.Running.: 1 sec
Time.Util....: 1000.7ms/0.0ms Real/CPU, 0.0% idle
Speed........: 67550 c/s Real, 139.5k c/s GPU
Recovered....: 1/1 Digests, 1/1 Salts
Progress.....: 67600/67600 (100.00%)
Rejected.....: 0/67600 (0.00%)
HW.Monitor.#1: 0% GPU, 44c Temp
HW.Monitor.#2: 0% GPU, 40c Temp

Started: Thu Jan 26 06:08:40 2012
Stopped: Thu Jan 26 06:08:41 2012
Website Find
logistix Offline
Junior Member
**
Posts: 5
Threads: 1
Joined: Jan 2012
#6
01-26-2012, 10:55 PM
Glad to hear this bug has been fixed. When can I download the new version 8?
Find