NOTE: Why not use our List Manager to crack your lists? Its easy and enables better management.

NOTE: When cracking WPA/WPA2 passwords, make sure you check gpuhash.me first incase it's already been processed.

Home - General Discussion - Hashcat cracking partial hashes


5 Results - Page 1 of 1 -
1
Author Message
Avatar
blandyuk
Admin / Owner
Status: Trusted
Joined: Tue, 05 Jul 2011
Posts: 3198
Team: HashKiller
Reputation: 4152 Reputation
Offline
Sat, 12 Jan 2019 @ 19:28:54

Noticed Hashcat cracks hashes which are not exact but nearly so. What's the threshold for this? It's great but I want to know as I can also do this for HK.

SHA1

4c9012b4a77a9524d675dad27c3276ab5705e5e8:123321
4d9012b4a77a9524d675dad27c3276ab5705e5e8 <- Correct

45eeca8d64b0e216796e834f52d61fd0b70332fc:1234567
20eabe5d64b0e216796e834f52d61fd0b70332fc <- Correct

5550eda4d09e062aa5e4a390b0a572ac0d2c0220:1234
7110eda4d09e062aa5e4a390b0a572ac0d2c0220 <- Correct


MySQL5

6ba4837eb74329105ee4568dda7dc67ed2ca2ad9:123456
6bb4837eb74329105ee4568dda7dc67ed2ca2ad9 <- Correct

Largest I've seen is a 4 bytes as shown above. I need to check HK code as I "might" have done this already thinking about it. Simple function:

// Assumes byte arrays are equal.
public static byte ByteDiff(byte[] b1, byte[] b2)
{
byte c = 0;
for (var i = 0; i < b1.Length; i++) if (b1[i] != b2[i]) c++;
return c;
}


Please read the forum rules | Please read the paid section rules
I accept private hash lists, with forum donations only.
BTC: 15qF9WUeFUD63ishxyAMiEgGqTcYzk4j9b
GPU Power: 9x GTX 1070 + 4x GTX 1080

Avatar
gpuhash_me

Status: Trusted
Joined: Sun, 08 Nov 2015
Posts: 804
Team: gpuhash team
Reputation: 1595 Reputation
Offline
Sat, 12 Jan 2019 @ 20:08:06

It smells like openCL bug, unstable GPU setup, or bitmap table overflow.
First check the size of bitmap table (you can set its range using --bitmap-min and --bitmap-max switches)
If the bitmap is fine, send an issue to github.com/hashcat?


Head of cheap publicity department
Support, discounts, free offers for HK members
BTC: 1GPUHASHckzcL2fDXyGSc2WNqpFjJZbFaN

Avatar
pasnger57

Status: n/a
Joined: Tue, 11 Sep 2018
Posts: 327
Team:
Reputation: 173 Reputation
Offline
Sat, 12 Jan 2019 @ 20:20:56

well hashes that are unique to each outer but have a long string in similarity are not necessary an abcuarity of the same password but some times are i think sha1 fall under this a lot
and a few so if you have one hash close it my be just the same pw whit a different suffix or prefix


Avatar
dipeperon

Status: n/a
Joined: Tue, 03 Apr 2018
Posts: 359
Team:
Reputation: 406 Reputation
Offline
Sat, 12 Jan 2019 @ 21:39:31

pasnger57 said:

so if you have one hash close it my be just the same pw whit a different suffix or prefix

That's totally false information.


My haschat stuff (rules, scripts): https://github.com/theherp/Hashcat-stuff

Avatar
hops

Status: Elite
Joined: Sun, 01 May 2016
Posts: 9
Team: CynoSure Prime
Reputation: 10 Reputation
Offline
Sun, 13 Jan 2019 @ 13:26:51

There's a simple explanation for this behavior. Hashcat only checks if 128 bits of a hash match (there are some exceptions).
In the case of SHA1 the first 32 bits are ignored. Which 128 bits differs from algorithm to algorithm. See hashconfig->dgst_pos0 (through dgst_pos3) in src/interface.c
The SHA1 hash of "test" is a94a8fe5ccb19ba61c4c0873d391e987982fbbd3 but you can change the first 32 bits to anything you want (e.g. deadbeefccb19ba61c4c0873d391e987982fbbd3) and hashcat will still crack it.



5 Results - Page 1 of 1 -
1

156 users online in the last hour
Username900, capric0rnu$, mem, Dabunka, superbobo, shad0, N|IGHT5, kykyky, xaddo, chemjj, InfiniteAttack,

We have a total of 188798 messages in 23413 topics.
We have a total of 21212 registered users.
Our newest registered member is DragonZZ.