Author Topic: Hashcat String Help  (Read 1928 times)

0 Members and 6 Guests are viewing this topic.

Offline scooterprint

  • NULL
  • Posts: 4
  • Cookies: -1
    • View Profile
Hashcat String Help
« on: October 28, 2015, 03:57:07 pm »
Hello,
I've been working with Hashcat V0.49 in Kali linux, and I've been working on cracking a few MD5 hashes, and I can't seem to get my string correct.
Code: [Select]
hashcat -m 0 -a 1 /root/Desktop/hashes.txt -1 ?a?a?a /root/Desktop/realhuman_phill.txt
I'm not even sure if I'm using the proper attack method TBH. I've tried Straight, combo and brute force attacks.
any Ideas?

Thanks,
scooter

(admin move if in wrong section please!)
My Epeen Machine
  • I7 4790k
  • 16 GB Hyperx Fury 1866MHz RAM
  • Asus Z87-Pro Motherboard
  • x2 MSI 4G Gaming Edition GTX 970s (in SLI)
  • EVGA 850W Nova Power Supply
  • WD Blue 1TB Drive
  • Samsung 850 EVO 256 GB SSD
  • x2 Hitachi 320 GB HDD (In Raid 0 CFG)
  • NZXT Sentry 2 Fan Controller
  • Cooler Master Silencio 652S
  • Windows 10 Enterprise/Kali Linux
  • Logitech G430, Logitech G710, Logitech G502 Proteus Core (Headset, Keyboard, Mouse)

Offline white-knight

  • Knight
  • **
  • Posts: 190
  • Cookies: 26
    • View Profile
Re: Hashcat String Help
« Reply #1 on: October 28, 2015, 04:34:29 pm »
Why not use cudahashcat it will be way faster ,but take ur GPUs out of SLI ..

Code: [Select]
hashcat -m 0 -a 1 /root/Desktop/hashes.txt -1 ?a?a?a /root/Desktop/realhuman_phill.txt


Why do you have the second -1 ?

Try :  hashcat -m 0  /root/Desktop/hashes.txt   -a 0   /root/Desktop/realhuman_phill.txt   

OR

to brute:  hashcat -m 0  /root/Desktop/hashes.txt   -a 3  ?a?a?a   

But is the password only 3 characters long ?   ..

Offline scooterprint

  • NULL
  • Posts: 4
  • Cookies: -1
    • View Profile
Re: Hashcat String Help
« Reply #2 on: October 28, 2015, 04:44:05 pm »
Why not use cudahashcat it will be way faster ,but take ur GPUs out of SLI ..

Why do you have the second -1 ?

Try :  hashcat -m 0  /root/Desktop/hashes.txt   -a 0   /root/Desktop/realhuman_phill.txt   

OR

to brute:  hashcat -m 0  /root/Desktop/hashes.txt   -a 3  ?a?a?a   

But is the password only 3 characters long ?   ..
The Password isn't three characters long. The first string worked better than the second, (the second recreating what I had done previously). I need a more in depth type of attack. I don't want to brute force it, but I don't want to use a dictionary.
Edit: I couldn't figure out how to use the CUDA hashcat ;-;
« Last Edit: October 28, 2015, 04:45:55 pm by scooterprint »
My Epeen Machine
  • I7 4790k
  • 16 GB Hyperx Fury 1866MHz RAM
  • Asus Z87-Pro Motherboard
  • x2 MSI 4G Gaming Edition GTX 970s (in SLI)
  • EVGA 850W Nova Power Supply
  • WD Blue 1TB Drive
  • Samsung 850 EVO 256 GB SSD
  • x2 Hitachi 320 GB HDD (In Raid 0 CFG)
  • NZXT Sentry 2 Fan Controller
  • Cooler Master Silencio 652S
  • Windows 10 Enterprise/Kali Linux
  • Logitech G430, Logitech G710, Logitech G502 Proteus Core (Headset, Keyboard, Mouse)

Offline white-knight

  • Knight
  • **
  • Posts: 190
  • Cookies: 26
    • View Profile
Re: Hashcat String Help
« Reply #3 on: October 28, 2015, 04:48:32 pm »
The Password isn't three characters long. The first string worked better than the second, (the second recreating what I had done previously). I need a more in depth type of attack. I don't want to brute force it, but I don't want to use a dictionary.

what are you trying to do then ? You have 3 more options besides Brute and dictionary attack .

Offline scooterprint

  • NULL
  • Posts: 4
  • Cookies: -1
    • View Profile
Re: Hashcat String Help
« Reply #4 on: October 28, 2015, 04:55:56 pm »
what are you trying to do then ? You have 3 more options besides Brute and dictionary attack .

I'm trying to get Hashcat to use alphanumeric for 6-15 keyspaces to crack /root/Desktop/hashes.txt, maybe the way I'm thinking is actually brute forcing. I was trying to use the mask attack guide on the FAQ, but couldn't properly follow it... http://hashcat.net/wiki/doku.php?id=mask_attack#hashcat_mask_files
My Epeen Machine
  • I7 4790k
  • 16 GB Hyperx Fury 1866MHz RAM
  • Asus Z87-Pro Motherboard
  • x2 MSI 4G Gaming Edition GTX 970s (in SLI)
  • EVGA 850W Nova Power Supply
  • WD Blue 1TB Drive
  • Samsung 850 EVO 256 GB SSD
  • x2 Hitachi 320 GB HDD (In Raid 0 CFG)
  • NZXT Sentry 2 Fan Controller
  • Cooler Master Silencio 652S
  • Windows 10 Enterprise/Kali Linux
  • Logitech G430, Logitech G710, Logitech G502 Proteus Core (Headset, Keyboard, Mouse)

Offline white-knight

  • Knight
  • **
  • Posts: 190
  • Cookies: 26
    • View Profile
Re: Hashcat String Help
« Reply #5 on: October 28, 2015, 05:03:36 pm »
Ive never used the mask attack , but this might help you 
http://www.unix-ninja.com/p/Exploiting_masks_in_Hashcat_for_fun_and_profit/

Offline nrael

  • Peasant
  • *
  • Posts: 66
  • Cookies: -7
    • View Profile
Re: Hashcat String Help
« Reply #6 on: October 28, 2015, 05:37:42 pm »
maybe I can help:

the different attack modes -a
Code: [Select]
  0 = Straight
  1 = Combination
  2 = Toggle-Case
  3 = Brute-force
  4 = Permutation
  5 = Table-Lookup

then you can "describe" the patterns with -1
Code: [Select]
   ?l = abcdefghijklmnopqrstuvwxyz
   ?u = ABCDEFGHIJKLMNOPQRSTUVWXYZ
   ?d = 0123456789
   ?s =  !"#$%&'()*+,-./:;<=>?@[\]^_`{|}~
   ?a = ?l?u?d?s

or more specific
   -1 ?l?l?l?l?l?l?l?l – 8char lowercase password
   -1 ?l?u? ?1?1?1?1?1?1?1?1 – 8char upper or lowercase password
   -1 ?l?u?d?s ?1?1?1?1?1?1?1?1 – 8char upper,lower,digits,special password

maybe you want something like this:
Code: [Select]
hashcat -m 0 -a 3 hashfile -1 ?l ?1?1?1?1?1?1?1?1?1?1?1?1?1?1?1 --increment  --increment-min 8

which means it uses maximum length of 15 but it increments, starting at 8 then 9, 10 ... 15 and ?l means:
Code: [Select]
?l = abcdefghijklmnopqrstuvwxyz

if it helps someone, please give me a cookie ;)
« Last Edit: October 28, 2015, 05:43:46 pm by nrael »

Offline scooterprint

  • NULL
  • Posts: 4
  • Cookies: -1
    • View Profile
Re: Hashcat String Help
« Reply #7 on: October 28, 2015, 05:45:02 pm »
Ive never used the mask attack , but this might help you 
http://www.unix-ninja.com/p/Exploiting_masks_in_Hashcat_for_fun_and_profit/
Awesome! That article Helped a lot!
The string I ended up using is
Code: [Select]
hashcat -m 0 -a 3 /root/Desktop/hashes.txt ?a?a?a?a?a?a
My Epeen Machine
  • I7 4790k
  • 16 GB Hyperx Fury 1866MHz RAM
  • Asus Z87-Pro Motherboard
  • x2 MSI 4G Gaming Edition GTX 970s (in SLI)
  • EVGA 850W Nova Power Supply
  • WD Blue 1TB Drive
  • Samsung 850 EVO 256 GB SSD
  • x2 Hitachi 320 GB HDD (In Raid 0 CFG)
  • NZXT Sentry 2 Fan Controller
  • Cooler Master Silencio 652S
  • Windows 10 Enterprise/Kali Linux
  • Logitech G430, Logitech G710, Logitech G502 Proteus Core (Headset, Keyboard, Mouse)

Offline Mordred

  • Knight
  • **
  • Posts: 360
  • Cookies: 135
  • Nvllivs in Verba
    • View Profile
Re: Hashcat String Help
« Reply #8 on: October 29, 2015, 11:04:36 am »
It's great that you solved it!

However just for clarity I would like to also suggest (and strengthen) white-knight's suggestion of using oclHashCat (cudaHashCat in your case) as GPU's can crack hashes orders of magnitude faster than CPU's.
Do note however that the syntax of cudaHashCat, although very very similar, is not exactly identical to the one of the standard HashCat, so certain changes will have to be made.

For instance, 3c439fe413fee66d50d46846b56c022c is the md5 hash of "AString".

Cracking this with cudaHashCat (this is from Windows, but the syntax is the same), assuming certain knowledge (such as that the original string is 7 characters long), would look like this:
Code: [Select]
cudaHashcat64.exe -m 0 -w 3 -a 3 680635dee5365c3a0aa55c6dc7bc86db -1 ?l?u?d ?1?1?1?1?1?1?1
-m 0
A value of 0 means the hash is MD5. A table of the values for each type of hash can be found here.

-w 3
Maximum performance out of the GPU. With this value my desktop PC starts framing hard in Windows (mouse movements) while cracking. 99% resource usage goes to cudaHashCat.

-a 3
Use a mask-attack.

680635dee5365c3a0aa55c6dc7bc86db
Self explanatory.

-1 ?l?u?d
You can set up to 4 custom charsets. Each charset can occupy one or more positions in the mask. In the above link you can see that ?l stands for lowercase letters, ?u stands for uppercase letters and ?d stands for digits. How this is used is explained below.

?1?1?1?1?1?1?1
7 times the "1" charset. This means that the original string had 7 characters, and that each of those characters can be either a lowercase letter (?l), uppercase letter (?u) or a digit (?d).

On my laptop (which is way, way, way weaker than my desktop) cracking the MD5 hash from above, with the mask I mention (i.e. we don't iterate from 2 chars to 7 chars, we just do a mask attack on the 7 char space) had the following results:

Code: [Select]
Session.Name...: cudaHashcat
Status.........: Cracked
Input.Mode.....: Mask (?1?1?1?1?1?1?1) [7]
Hash.Target....: 680635dee5365c3a0aa55c6dc7bc86db
Hash.Type......: MD5
Time.Started...: Thu Oct 29 11:55:36 2015 (36 secs)
Speed.GPU.#1...:   799.7 MH/s
Recovered......: 1/1 (100.00%) Digests, 1/1 (100.00%) Salts
Progress.......: 28991029248/3938980639167 (0.74%)
Rejected.......: 0/28991029248 (0.00%)
Restore.Point..: 0/15752961 (0.00%)
HWMon.GPU.#1...:  0% Util, 51c Temp, N/A Fan

Started: Thu Oct 29 11:55:36 2015
Stopped: Thu Oct 29 11:56:13 2015

For reference, the video card is an NVIDIA Quadro K2100M, so nothing too special.
If you want to do a more serious benchmark, crack an MD5 hash with exactly the same settings, only let it iterate char spaces (don't set it fixed, let it bruteforce it) and you'll see MAJOR differences in performance. What takes minutes with the GPU can take hours with the CPU.
The command in oclHashCat, as nrael mentioned above is basically identical with one extra parameter:
Code: [Select]
cudaHashcat64.exe -m 0 -w 3 -a 3 680635dee5365c3a0aa55c6dc7bc86db -1 ?l?u?d ?1?1?1?1?1?1?1 --increment

So as you can see the syntax between HashCat and oclHashCat is almost identical, with small differences. Just be a bit watchful and you'll have it in no time!
Good luck!
« Last Edit: October 29, 2015, 11:23:21 am by Mordred »
\x57\x68\x79\x20\x64\x69\x64\x20\x79\x6f\x75\x20\x65\x76\x65\x6e\x20\x66\x75\x63\x6b\x69\x6e\x67\x20\x73\x70\x65\x6e\x64\x20\x74\x68\x65\x20\x74\x69\x6d\x65\x20\x74\x6f\x20\x64\x65\x63\x6f\x64\x65\x20\x74\x68\x69\x73\x20\x6e\x69\x67\x67\x72\x3f\x20\x44\x61\x66\x75\x71\x20\x69\x73\x20\x77\x72\x6f\x6e\x67\x20\x77\x69\x74\x68\x20\x79\x6f\x75\x2e