Missing partial password chunk in LM cracking
#11
OK! check out the new oclHashcat-plus beta in /beta. I have implented it that way. It is writing the cracked halfes to outfile/screen AND to hashcat.pot and you can run at any time:

Quote:oclHashcat-plus64 -m 3000 hashes.txt --show

and get the assembled results.
#12
Excellent! I'll attempt to try this before you wake up.
#13
(02-09-2012, 06:59 PM)atom Wrote: OK! check out the new oclHashcat-plus beta in /beta. I have implented it that way. It is writing the cracked halfes to outfile/screen AND to hashcat.pot and you can run at any time:

Quote:oclHashcat-plus64 -m 3000 hashes.txt --show

and get the assembled results.
It works as described but there are a couple of points that could be better:

1) When you do the --show, having the ability to do also --remove for the fully cracked hash would be great.

2) Right now, the output with --show is on screen and can be redirected to a file using ">" but it would be more natural with the -o switch. I tried it, it does not bug -plus but does not do anything.

3) The uncracked part is shown as ******* right now. It does the job but does not discriminate with an actual ******* value since it's also 7 characters long. That's why, I was suggesting something like <not found> because you cannot mistaken it with an actual value since it's in lowercase and it's more than 7 characters long. While at it, a special code could be useful for space characters (since you don't see it especially if it is at the end of the password. I currently don't have a solution for this but we need to think about it.

4) It would be great to have a routine that checks the .pot file at the beginning so that there is no time wasted recracking the same hash (halves) over and over. For example let's say that for 50 full LM hash (100 halves unique or not), 99 were already cracked in the past, only 1 hash would be left to searched. So as soon as it is cracked, the attack finishes and you don't have to go through the rest of the attacks keyspace.
#14
(02-10-2012, 03:35 PM)mastercracker Wrote: 1) When you do the --show, having the ability to do also --remove for the fully cracked hash would be great.

already implemented! opposite of --show is --left

(02-10-2012, 03:35 PM)mastercracker Wrote: 2) Right now, the output with --show is on screen and can be redirected to a file using ">" but it would be more natural with the -o switch. I tried it, it does not bug -plus but does not do anything.

OK, please add to wiki

(02-10-2012, 03:35 PM)mastercracker Wrote: 3) The uncracked part is shown as ******* right now. It does the job but does not discriminate with an actual ******* value since it's also 7 characters long. That's why, I was suggesting something like <not found> because you cannot mistaken it with an actual value since it's in lowercase and it's more than 7 characters long. While at it, a special code could be useful for space characters (since you don't see it especially if it is at the end of the password. I currently don't have a solution for this but we need to think about it.

OK, please add to wiki

Quote:4) It would be great to have a routine that checks the .pot file at the beginning so that there is no time wasted recracking the same hash (halves) over and over. For example let's say that for 50 full LM hash (100 halves unique or not), 99 were already cracked in the past, only 1 hash would be left to searched. So as soon as it is cracked, the attack finishes and you don't have to go through the rest of the attacks keyspace.

no, i dont like that idea. imagine your hashcat.pot becomes 8gb big with time, hashcat would need to load and sort it each time. instead of this you could run hashcat with --left (from section 1) and overwrite the hashfile and then start with usual work

#15
Ok. I have added the 2 ideas in the Awaiting implementation section of the Wiki.
#16
Hello,

Where can I get the beta version from I really need this functionality? I'm in the middle of a pen-test and I can only get half the LM hash with rainbow tables.

Cheers
#17
the beta versions are not publicly available.
#18
(02-23-2012, 12:51 PM)undeath Wrote: the beta versions are not publicly available.

Damn I thought as much, thanks for the quick reply. Any chance I can get hold of it and help with testing?

Edit:
I've cracked it. A £ symbol in the second half of the hash was causing all the problems, that character also doesn't display properly on hashcat stdout or outputting to file. I know what it is because I added it to my mask, any ideas on the best way around this? Tried outputting as hex and converting it but it outputs as a3 when it should be c2a3 I think, should I raise a bug for this or should it be expected?
#19
@f0cker thats the correct behaivior. if its not correct displayed in your shell its more likely its a terminal emulation problem.
#20
@mastercracker latest beta supports LM chunks, try out pls