Please note, this is a STATIC archive of website hashcat.net from 08 Oct 2020, cach3.com does not collect or store any user information, there is no "phishing" involved.

hashcat Forum

Full Version: DES(Unix): Terrible Bug
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
This is a bug report related to descrypt (-m1500) on CPU's hashcat only.
Whenever the flag\s --remove OR\AND -o is\are set while attacking descrypt list, hashcat messes the original hashfile OR\AND the outfile up... very badly.

It increases the last character value in the hash by two:
Code:
hashfile: // eight valid descrypt hashes, four only have an actual password
mf2O1EWzvQqiw
p0qRHLIZPdm7I
yXN6rr862a5MU
LkxEVth80uebc
.............
2222222222222
6666666666666
AAAAAAAAAAAAA

hc64 -m1500 -a3 --pw-min=2 --remove -o outfile hashfile ?d?d
...
Recovered.: 4/8 hashes, 4/8 salts
...

Now hashfile: // notice the last chars
.............
2222222222224
6666666666668
AAAAAAAAAAAAC

outfile: // notice the last char in the last hash
yXN6rr862a5MU:72
mf2O1EWzvQqiw:30
p0qRHLIZPdm7I:75
LkxEVth80uebe:10
> LkxEVth80uebe

Note that some hashes remain intact, don't ask me why.
But all the other hashes undergo an awful alteration causing them to be invalid and un-crackable.

This bug seems to have complicated results, but I'm not discussing it any further cause I'm pretty sure it's all about one flaw.
CPU hashcat does not support DEScrypt
Moved the thread to beta section
Haha, this just got worse.
hashcat-cli64.exe from https://hashcat.net/files/hashcat-0.41.7z is happy to crack any des hash using -m1500.

Folks, please welcome the new hidden algos...

NOTE: All my tests were done on hashcat-0.41. hashcat-0.42b1 has the bug too, but with different results.
I tested it with these 2, obviously minus the passwords:

neCYnaUa.vV4c:dragon
neS7QCdrq4MGM:cookie

Found them both, (obviously), and did not mess the hashes up. Does this only happen with lots of DES hashes?
As I mentioned:
M@LIK Wrote: [ -> ]Note that some hashes remain intact, don't ask me why.

Mostly the outfile is the victim. And, yes, I also noticed nothing happens with two hashes. Try with, say, 20 hashes, make sure that 10 at least remain uncracked and use --remove and -o.
Its correct I did not disable the module so that it stays hidden. Thats why I moved this thread into beta so that the public does not see it since its not working as it should. That why I take no bug reports on it, sorry.
That sounds a bit awkward. It explains a lot though.

Anyways, sorry, I did not mean to spoil this.
Waiting for this getting officially supported.