11-07-2019, 11:30 PM

I'm right now attempting to derive the NTLM hash from an NTLMv1-ESS hash.

I've managed to crack the 2nd part of the NTLM hash, used ct3 to calc the last 4 chars of the hash, but need to crack one final remaining bit of DES.

Configuring my rig as follows:

Works fine, but will take about 7 days to complete.

So deciding to throw some money into the mix i'm renting a few p3.16XL instances from amazon and intend to break up the keyspace.

I try the argument as advertised in the usage statement in order to determine the keyspace values to use...

and get a short version of the hashcat usage statement back at me.

moving the --keyspace statement around doesn't resolve anything.

*googles* - Finds: https://hashcat.net/forum/thread-5818.html

and wings it assuming: 34359738368 is an accurate number to use.

But now with split and limit my commands start looking like:

which returns a decent estimate of approximately 9hours or so to crack.

So I move to number 2...

and now I get an estimate of 18 hours.

... number 3... and so on.

Am I right in thinking that the limit is being ignored for some reason in calculation of the estimated time? Is it performing as intended/expected? The way it almost exactly increases by a similar proportion each time is confusing me somewhat.

Then there are the percentages complete.

The first rig, after 1.5 hrs sits as 15% ish complete.

The second rig, after 1hr and 10 minutes, sits at 37.5% complete (which I think is nearer 7.5% because i'm pretty sure it started at near 30% already progressed)

The third rig after 1 hour and 10 minutes... 42.5% (which I think is nearer 2.5% because i'm pretty sure it started at near 40%).

and so on.

All rigs are identical and are cracking at practically the same 345GH/s rate.

I just need to confirm i'm actually progressing through the keyspace as expected, and anyone able to confirm the actual figure I should use for the keyspace given --keyspace doesn't appear to work for DES at least it would be much appreciated. Thanks.

I've managed to crack the 2nd part of the NTLM hash, used ct3 to calc the last 4 chars of the hash, but need to crack one final remaining bit of DES.

Configuring my rig as follows:

Code:

`# /opt/hashcat-5.1.0/hashcat64.bin -m 14000 -w4 -a 3 -1 /opt/hashcat-5.1.0/charsets/DES_full.charset --hex-charset deshash ?1?1?1?1?1?1?1?1`

Works fine, but will take about 7 days to complete.

So deciding to throw some money into the mix i'm renting a few p3.16XL instances from amazon and intend to break up the keyspace.

I try the argument as advertised in the usage statement in order to determine the keyspace values to use...

Code:

`# /opt/hashcat-5.1.0/hashcat64.bin -m 14000 -w4 -a 3 -1 /opt/hashcat-5.1.0/charsets/DES_full.charset --hex-charset deshash ?1?1?1?1?1?1?1?1 --keyspace`

and get a short version of the hashcat usage statement back at me.

Code:

`Usage: /opt/hashcat-5.1.0/hashcat64.bin [options]... hash|hashfile|hccapxfile [dictionary|mask|directory]...`

Try --help for more help.

moving the --keyspace statement around doesn't resolve anything.

*googles* - Finds: https://hashcat.net/forum/thread-5818.html

and wings it assuming: 34359738368 is an accurate number to use.

But now with split and limit my commands start looking like:

Code:

`# /opt/hashcat-5.1.0/hashcat64.bin -m 14000 -w4 -a 3 -1 /opt/hashcat-5.1.0/charsets/DES_full.charset --hex-charset deshash ?1?1?1?1?1?1?1?1 -s 0 -l 5726623061`

which returns a decent estimate of approximately 9hours or so to crack.

So I move to number 2...

Code:

`# /opt/hashcat-5.1.0/hashcat64.bin -m 14000 -w4 -a 3 -1 /opt/hashcat-5.1.0/charsets/DES_full.charset --hex-charset deshash ?1?1?1?1?1?1?1?1 -s 5726623061 -l 11453246122`

and now I get an estimate of 18 hours.

... number 3... and so on.

Am I right in thinking that the limit is being ignored for some reason in calculation of the estimated time? Is it performing as intended/expected? The way it almost exactly increases by a similar proportion each time is confusing me somewhat.

Then there are the percentages complete.

The first rig, after 1.5 hrs sits as 15% ish complete.

The second rig, after 1hr and 10 minutes, sits at 37.5% complete (which I think is nearer 7.5% because i'm pretty sure it started at near 30% already progressed)

The third rig after 1 hour and 10 minutes... 42.5% (which I think is nearer 2.5% because i'm pretty sure it started at near 40%).

and so on.

All rigs are identical and are cracking at practically the same 345GH/s rate.

I just need to confirm i'm actually progressing through the keyspace as expected, and anyone able to confirm the actual figure I should use for the keyspace given --keyspace doesn't appear to work for DES at least it would be much appreciated. Thanks.