NOTE: When cracking WPA/WPA2 passwords, make sure you check gpuhash.me first incase it's already been processed.

Home - General Discussion - Hashcat cracking partial hashes

WARNING!
Due to the number of SCAMS going on in the PAID forum, PLEASE ask an ADMIN or MODERATOR to verify ALL found passwords to ensure you are not being SCAMMED.
DO NOT PAY until an ADMIN or MOD has verified them for you!


5 Results - Page 1 of 1 -
1
Author Message
Avatar
blandyuk
Admin / Owner
Status: Trusted
Joined: Tue, 05 Jul 2011
Posts: 3059
Team: HashKiller
Reputation: 4081 Reputation
Offline
7 days ago

Noticed Hashcat cracks hashes which are not exact but nearly so. What's the threshold for this? It's great but I want to know as I can also do this for HK.

SHA1

4c9012b4a77a9524d675dad27c3276ab5705e5e8:123321
4d9012b4a77a9524d675dad27c3276ab5705e5e8 <- Correct

45eeca8d64b0e216796e834f52d61fd0b70332fc:1234567
20eabe5d64b0e216796e834f52d61fd0b70332fc <- Correct

5550eda4d09e062aa5e4a390b0a572ac0d2c0220:1234
7110eda4d09e062aa5e4a390b0a572ac0d2c0220 <- Correct


MySQL5

6ba4837eb74329105ee4568dda7dc67ed2ca2ad9:123456
6bb4837eb74329105ee4568dda7dc67ed2ca2ad9 <- Correct

Largest I've seen is a 4 bytes as shown above. I need to check HK code as I "might" have done this already thinking about it. Simple function:

// Assumes byte arrays are equal.
public static byte ByteDiff(byte[] b1, byte[] b2)
{
byte c = 0;
for (var i = 0; i < b1.Length; i++) if (b1[i] != b2[i]) c++;
return c;
}


Please read the forum rules | Please read the paid section rules
I accept private hash lists, with forum donations only.
BTC: 15qF9WUeFUD63ishxyAMiEgGqTcYzk4j9b
GPU Power: 9x GTX 1070 + 4x GTX 1080

Avatar
gpuhash_me

Status: Cracker
Joined: Sun, 08 Nov 2015
Posts: 543
Team: gpuhash team
Reputation: 1230 Reputation
Offline
7 days ago

It smells like openCL bug, unstable GPU setup, or bitmap table overflow.
First check the size of bitmap table (you can set its range using --bitmap-min and --bitmap-max switches)
If the bitmap is fine, send an issue to github.com/hashcat?


GPUHASH.me team official representative
Support, discounts, free offers for forum members

Avatar
pasnger57

Status: n/a
Joined: Tue, 11 Sep 2018
Posts: 111
Team:
Reputation: 67 Reputation
Offline
7 days ago

well hashes that are unique to each outer but have a long string in similarity are not necessary an abcuarity of the same password but some times are i think sha1 fall under this a lot
and a few so if you have one hash close it my be just the same pw whit a different suffix or prefix


Avatar
dipeperon

Status: n/a
Joined: Tue, 03 Apr 2018
Posts: 223
Team:
Reputation: 308 Reputation
Offline
7 days ago

pasnger57 said:

so if you have one hash close it my be just the same pw whit a different suffix or prefix

That's totally false information.


My haschat stuff (rules, scripts): https://github.com/theherp/Hashcat-stuff

Avatar
hops

Status: Elite
Joined: Sun, 01 May 2016
Posts: 6
Team: CynoSure Prime
Reputation: 10 Reputation
Offline
7 days ago

There's a simple explanation for this behavior. Hashcat only checks if 128 bits of a hash match (there are some exceptions).
In the case of SHA1 the first 32 bits are ignored. Which 128 bits differs from algorithm to algorithm. See hashconfig->dgst_pos0 (through dgst_pos3) in src/interface.c
The SHA1 hash of "test" is a94a8fe5ccb19ba61c4c0873d391e987982fbbd3 but you can change the first 32 bits to anything you want (e.g. deadbeefccb19ba61c4c0873d391e987982fbbd3) and hashcat will still crack it.



5 Results - Page 1 of 1 -
1

We have a total of 167137 messages in 20917 topics.
We have a total of 18773 registered users.
Our newest registered member is csmordor.