Can’t open hash with John or Hashcat

I’m trying to open a hash with John and HashCat, but both don’t work?

NTLMv2 Response Captured from DOMAIN: DEV29-APP01 USER: testuser LMHASH:Disabled LM_CLIENT_CHALLENGE:Disabled NTHASH:3045e74dac0653865d353e93e8c5ca8c  NT_CLIENT_CHALLENGE:0101000000000000c2af33072879d60195da2f228ded77b7000000000200120041004e004f004e0059004d004f00550053000100120041004e004f004e0059004d004f00550053000400120061006e006f006e0079006d006f00750073000300120061006e006f006e0079006d006f00750073000800300030000000000000000000000000200000feb33cee8c0f22d8b27a15278ee7fdfbb47b23655ada87d2da7b3a3b1db5450e0a00100000000000000000000000000000000000090038004d005300530051004c005300760063002f003100360038002e00360033002e003100310031002e003100300036003a0031003400330033000000000000000000 

Manually rewritten to:

testuser::DEV29-APP01:3045e74dac0653865d353e93e8c5ca8c:0101000000000000c2af33072879d60195da2f228ded77b7000000000200120041004e004f004e0059004d004f00550053000100120041004e004f004e0059004d004f00550053000400120061006e006f006e0079006d006f00750073000300120061006e006f006e0079006d006f00750073000800300030000000000000000000000000200000feb33cee8c0f22d8b27a15278ee7fdfbb47b23655ada87d2da7b3a3b1db5450e0a00100000000000000000000000000000000000090038004d005300530051004c005300760063002f003100360038002e00360033002e003100310031002e003100300036003a0031003400330033000000000000000000  me>hashcat -m 5600 -a 3 testuser.txt --force Hashfile 'testuser.txt' on line 1 (testus...31003400330033000000000000000000): Separator unmatched No hashes loaded.  me>john --format=netntlmv2 testuser.txt Using default input encoding: UTF-8 No password hashes loaded (see FAQ) me>john --show --format=netntlmv2 testuser.txt 0 password hashes cracked, 0 left 

What am I missing?

Breaking Wifi password knowing its length of 8 [A-Z] alpha (upper-case) characters using Hashcat

I got the WPA handshake, now it’s turn to crack the password using Hashcat. First, I wanted to make a wordlist of passwords [A-Z] the length of 8, but Crunch (the tool in Kali Linux) said it will take 1TB of storage that I don’t have available, so I gave up that way. Is there any way to generate passwords (example: ABCDEFGH) and delete them after its use one by one, during the cracking process?

How long does it take to crack the password with i5-3320M CPU using Hashcat? Is there any other way you recommend?

hashcat: No hashes loaded

I’ve been trying Kioptrix: Level 1.1 (#2) and managed to get root access.,23/

wolf@linux:~$   nc -vklp 8080 listening on [any] 8080 ... inverse host lookup failed: Unknown host connect to [] from (UNKNOWN) [] 32795  id uid=48(apache) gid=48(apache) groups=48(apache)  cd /tmp wget ls privesc.c gcc privesc.c -o privesc ./privesc  id uid=0(root) gid=0(root) groups=48(apache)  cat /etc/passwd cat /etc/shadow 

unshadow file = md5.txt

wolf@linux:~$   cat md5.txt  root:$  1$  FTpMLT88$  VdzDQTTcksukSKMLRSVlc.:0:0:root:/root:/bin/bash john:$  1$  wk7kHI5I$  2kNTw6ncQQCecJ.5b8xTL1:500:500::/home/john:/bin/bash harold:$  1$  7d.sVxgm$  3MYWsHDv0F/LP.mjL9lp/1:501:501::/home/harold:/bin/bash wolf@linux:~$    

However, I’m having a problem sending the unshadow file md5.txt to hashcat.

Any idea what’s wrong with this?

wolf@linux:~$   hashcat -m 0 -a 0 md5.txt rockyou.txt hashcat (v4.0.1) starting...  * Device #1: WARNING! Kernel exec timeout is not disabled.              This may cause "CL_OUT_OF_RESOURCES" or related errors.              To disable the timeout, see: nvmlDeviceGetFanSpeed(): Not Supported  OpenCL Platform #1: NVIDIA Corporation ======================================  Hashfile 'md5.txt' on line 1 (root:$  1$  FTpMLT88$  VdzDQTTcksukSKMLRSVlc.:0:0:root:/root:/bin/bash): Line-length exception Hashfile 'md5.txt' on line 2 (john:$  1$  wk7kHI5I$  2kNTw6ncQQCecJ.5b8xTL1:500:500::/home/john:/bin/bash): Line-length exception Hashfile 'md5.txt' on line 3 (harold:$  1$  7d.sVxgm$  3MYWsHDv0F/LP.mjL9lp/1:501:501::/home/harold:/bin/bash): Line-length exception Parsing Hashes: 0/3 (0.00%)...No hashes loaded.  Started: Mon May 25 01:17:21 2020 Stopped: Mon May 25 01:17:21 2020 wolf@linux:~$    

John the Ripper / Hashcat rule, reject candidate if char at position X is the same as character at position Y

I’m using John to generate some word lists and I’m trying to figure out the most optimized way to do the next step. What I want to do is add ever possible 3 digit number to a set where the first digit of the number is not the same as the first digit in the set

Set example 123ABC

to add

+ 213 = 123ABC213 OK

+ 131 = 123ABC131 REJECT

I see rules that reject unless a string includes, but not a comparison function like this.

I could make the whole list and prune it after with a python script, but it would be way bigger than needed.

Thank you!

Hashcat and naive-hashcat Kali Linux CPU/GPU driver issue

I am trying to run hashcat and naive-hashcat in Kali linux, but I am having problems with cpu/gpu divers. If I run hashcat i get this error:

Device #1: Not a native Intel OpenCL runtime. Expect massive speed loss.              You can use --force to override, but do not report related errors. 

while if I run naive-hashcat I get this error:

* Device #1: Not a native Intel OpenCL runtime. Expect massive speed loss.              You can use --force to override, but do not report related errors. * Device #2: Outdated or broken Intel OpenCL runtime detected! 

I am running Kali in a virtual machine. I have an intel 7500U CPU, its integrated GPU (HD 620) and an AMD R7-M445 dedicated GPU. Looking in the hashcat wiki “I may have the wrong driver installed, what should I do?” makes me confused about which are the correct packages to install (Intel OpenC from apt or from intel’s site, amd driver from apt or from ROCm’s, and so on…).

Can’t solve format for Salted SHA1 hashes with Hashcat?

I am attempting to understand the format for this Salted SHA1 hash for an assignment. The line of text I was given was:,nameExample,,nameExample,,,aadefeff82b5c1a2272079151dc489822aeaa6ca,7391178a855af48e59ced36447c6bc2b9ade2536,f0c06e699ca51d75d97225fdabf1f04e8d1cffe7,a52e60313972af51e0787d8c3eb20abaa33eb7e1,,,,2012-06-01 12:29:15,2014-11-08 20:38:14,1,0,38526305,6,,,,BAh7BzoSYWNjZXB0ZWRfZXVsYXsGbCsHgF37U2wrBzB/XlQ6G2dhbWVfY2VudGVyX2FjY291bnRfaWRpA2C0Lw==,33481266665,

I got numerous errors (Separator unmatched, Token length exception) when I tried running Hashcat on the string of text with the following arguments:

hashcat64.exe -a 0 -m 110 hashExample.txt dictionaryExample.txt -r rules/best64.rule

hashcat64.exe -a 0 -m 120 hashExample.txt dictionaryExample.txt -r rules/best64.rule

hashcat64.exe -a 0 -m 130 hashExample.txt dictionaryExample.txt -r rules/best64.rule

hashcat64.exe -a 0 -m 140 hashExample.txt dictionaryExample.txt -r rules/best64.rule

Any tips on how to sift through the jargon and find the format for the Salted SHA1 hash?

Hashcat syntax correction

I’ve been cracking a box and I came across a password list and another file with the pass configuration. $ hash= md5($ salt . pass . salt) I have both salts and the password hash.

I tried with this syntax : hashcat -m 3800 -a 0 '/path/to/pass/list' '/path/to/dictionary/list' No devices found/left

It gives me nothing on return but an error saying there’s not devices or anything. Im trying to get hashcat to crack these passwords. I’ve made a copy of my list and edited the list to have “User:salt:pass:salt”. run it against rockyou.txt. What is my hashcat syntax missing specifically?

How can I find a SHA-256 hash with a given suffix using hashcat?

Recently we competed in the X-MAS 2019 CTF and many of the challenges included a proof of work (PoW) check to avoid Denial of Service (DoS) attacks against their servers. The most common was we were given a 6 character suffix and asked to find anything where the hash ended in that suffix:

Provide a hex string X such that sha256(X)[-6:] = abcdef 

The suffix abcdef would change every time you connected to the server. An example of a correct response:

hash = e38450c7008711d86a4d6c2039c8633a1ed637281b96888d7d9ff257aaabcdef x = 4cbab1bbb03b4a10aef586b6 

Can this be done using hashcat?

new format of keepass (2) database file and hashcat

I created test DB file (.kdbx) using KeePassX, after that used keepass2john code from this site, but changed line 88:

index += 2 


index += 4 

cause size of this field is 4 bytes instead of 2 (program will show wrong results without this change). Well, after that i use hashcat, v. 5.1.0 with such command:

hashcat -a 0 -m 13400 test.hash example.dict

where test.hash is:

$ keepass$ *2*0*253*e73cfb2502b6e543902ec7db45c751195c3dd8b8531b744537cbeebd8c641ecd**59ac17e7e0a201e1fae906371d65f6c6**8753d87e52c88988d168c9a4c75e76febecc74fd6ba40c7254d1c47f672d5bbf

In output i see an error, which is connected with Token length exception.

What’s wrong? Keepass changed format of DB file and hashcat can’t correctly crack it?