12x GPU Monster For SALE by HashKiller Owner

NOTE: Why not use our List Manager to crack your lists? Its easy and enables better management.

NOTE: When cracking WPA/WPA2 passwords, make sure you check gpuhash.me first incase it's already been processed.

Home - General Discussion - oclHashcat solution issue


7 Results - Page 1 of 1 -
1
Author Message
Avatar
Waffle

Status: Elite
Joined: Wed, 02 Jan 2013
Posts: 284
Team: CynoSure Prime
Reputation: 357 Reputation
Offline
Mon, 29 Jul 2013 @ 17:22:42

I've been trying to track down a problem with oclHashcat. I suspect it may be related to the NUL-in-password issue.

For the hash

121a25831df838a8507ee51ddd592216

I have the following solution in my archives:
121a25831df838a8507ee51ddd592216:æÿÿ

which is $HEX[c3a6c3bfc3bf]

This does not resolve in the forward direction, however.

echo -n æÿÿ | md5sum
0ceb804822fb0db7e708b31667fd2b58

Does anyone have a better solution for this, so I can report the bug?


Avatar
alotdv

Status: Trusted
Joined: Thu, 10 May 2012
Posts: 1420
Team:
Reputation: 1510 Reputation
Offline
Sat, 10 Aug 2013 @ 07:14:57

Waffle said:

I've been trying to track down a problem with oclHashcat. I suspect it may be related to the NUL-in-password issue.

For the hash

121a25831df838a8507ee51ddd592216

I have the following solution in my archives:
121a25831df838a8507ee51ddd592216:æÿÿ

which is $HEX[c3a6c3bfc3bf]

This does not resolve in the forward direction, however.

echo -n æÿÿ | md5sum
0ceb804822fb0db7e708b31667fd2b58

Does anyone have a better solution for this, so I can report the bug?


Hi Waffle,
I also have a situation like you. When I use the HC+ with generated.rule found some pwd (cut from original hashcat.pot) as follows:

df8576fc76b659a28164b61f3bb00c9f:a

f63e2bef62134cbb624d41f7d5279f24:anna

02b41ffe39d7e62360269c72638be828:anja

674d87fe561b329e94ce4a0ef315282a:1961

891321feeef49cf4cd27dc5a8317fc2d:2005

679359fe74d809a6564f60e75585ed3b:1632

48ccbaffbb0675f2a0d9e6ef8875a03c:cats

but i know md5(a)=0cc175b9c0f1b6a831c399e269772661
Do not know why such results. I have read somewhere on the hashcat.net forum you mentioned this problem. My question is as a result df8576fc76b659a28164b61f3bb00c9f:a in hashcat.pot file, how to know the real password or real pwd in HEX as your example: $HEX[c3a6c3bfc3bf]


Team Hashcat

BTC: 16s8xjDmAxvt2JtGKZbdrFdbZko8hjtw9D
bitcoincash: qrzu70gg2he89s6l2gd2v4ypjfw3gc24lgjuaqqxq3

XMPP: alotdv@xmpp.jp

Avatar
Waffle

Status: Elite
Joined: Wed, 02 Jan 2013
Posts: 284
Team: CynoSure Prime
Reputation: 357 Reputation
Offline
Sat, 10 Aug 2013 @ 07:26:33

alotdv said:

Hi Waffle,
I also have a situation like you. When I use the HC+ with generated.rule found some pwd (cut from original hashcat.pot) as follows:

df8576fc76b659a28164b61f3bb00c9f:a

f63e2bef62134cbb624d41f7d5279f24:anna

02b41ffe39d7e62360269c72638be828:anja

674d87fe561b329e94ce4a0ef315282a:1961

891321feeef49cf4cd27dc5a8317fc2d:2005

679359fe74d809a6564f60e75585ed3b:1632

48ccbaffbb0675f2a0d9e6ef8875a03c:cats

but i know md5(a)=0cc175b9c0f1b6a831c399e269772661
Do not know why such results. I have read somewhere on the hashcat.net forum you mentioned this problem. My question is as a result df8576fc76b659a28164b61f3bb00c9f:a in hashcat.pot file, how to know the real password or real pwd in HEX as your example: $HEX[c3a6c3bfc3bf]

There is no way to extract the actual solution from the .pot file, or from the output you made. This is a growing problem, as many hash types are adding control characters (CR/LF/NUL and many others) in the string to make it impossible to solve with Hashcat. All you can do is try adding various characters to the end (or the beginning) of the string, and hash it (using a C program, perl, or other language).

Using the CPU version of Hashcat can help, but often it will not solve the same as oclhashcat (because oclHashcat skips various length checks when applying rules).

The next release of oclHashcat is supposed to fix the NUL problem, but CR/LF and other characters will continue to be an issue for the future, until the $HEX[] mode is employed...


Avatar
alotdv

Status: Trusted
Joined: Thu, 10 May 2012
Posts: 1420
Team:
Reputation: 1510 Reputation
Offline
Sat, 10 Aug 2013 @ 07:44:56

I will going to solve the problem of adding special characters from 0 up to 32 in ASCII table by writing a hashcat rule for myself to test. An example hashcat rules as follows: $1 mean add 1 at the end of pwd, so insert a NULL/CR/LF char are written how? could you give me an example ?

BTW, sorry for my bad english.


Team Hashcat

BTC: 16s8xjDmAxvt2JtGKZbdrFdbZko8hjtw9D
bitcoincash: qrzu70gg2he89s6l2gd2v4ypjfw3gc24lgjuaqqxq3

XMPP: alotdv@xmpp.jp

Avatar
Waffle

Status: Elite
Joined: Wed, 02 Jan 2013
Posts: 284
Team: CynoSure Prime
Reputation: 357 Reputation
Offline
Sat, 10 Aug 2013 @ 15:26:37

alotdv said:

I will going to solve the problem of adding special characters from 0 up to 32 in ASCII table by writing a hashcat rule for myself to test. An example hashcat rules as follows: $1 mean add 1 at the end of pwd, so insert a NULL/CR/LF char are written how? could you give me an example ?

BTW, sorry for my bad english.

There is no 'direct' way of inserting special characters. You have to combine rules.

For example, to insert a LF at the end of the line, you can use:

^[tab]+0{

Of course [tab] means press the tab key. This inserts a tab at the beginning of the line, increments the 0x09 character to 0x0a (LF), then rotates the LF to the end of the line.

To insert a null:

^[CTRL-A]-0{

Note that this only works with the cpu-based hashcat, and not with oclHashcat, as oclHashcat will improperly display the solution without the NUL.

An example hash would be e2a3e68d23ce348b8f68b3079de3d4c9, which is &quottest&quot followed by a single null. The correct solution is:

MD5x01 e2a3e68d23ce348b8f68b3079de3d4c9:$HEX[7465737400]

Hashcat will output:

e2a3e68d23ce348b8f68b3079de3d4c9:test

The null is there, but not visible in most editors. The situation becomes more complex when passwords include CR, LF and other special characters.


Avatar
Waffle

Status: Elite
Joined: Wed, 02 Jan 2013
Posts: 284
Team: CynoSure Prime
Reputation: 357 Reputation
Offline
Sat, 10 Aug 2013 @ 16:54:59

For those that think the $HEX[] notation is a good idea, please add your comments to https://hashcat.net/forum/thread-2483.html


Avatar
alotdv

Status: Trusted
Joined: Thu, 10 May 2012
Posts: 1420
Team:
Reputation: 1510 Reputation
Offline
Sat, 10 Aug 2013 @ 17:30:36

wow, thank man.
Such is harder than I imagined it.


Team Hashcat

BTC: 16s8xjDmAxvt2JtGKZbdrFdbZko8hjtw9D
bitcoincash: qrzu70gg2he89s6l2gd2v4ypjfw3gc24lgjuaqqxq3

XMPP: alotdv@xmpp.jp


7 Results - Page 1 of 1 -
1

We have a total of 205286 messages in 25320 topics.
We have a total of 22505 registered users.
Our newest registered member is parpel.