Please note, this is a STATIC archive of website hashcat.net from October 2020, cach3.com does not collect or store any user information, there is no "phishing" involved.

hashcat Forum

Full Version: bug in v1.31 to v1.35 on brutforce ?
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Hi I use this line in oclhashcat v1.01 SHA1($pass.$salt) and work correct on r9 290x(gpu card drivers 13.xx) and I try run this on new oclhashcat that are on page from v1.31 to v1.35(gpu card drivers 14.9) and all workspace calc and nothing finded, I get know code algo to know where is password , but again all workspace gone and nothing fineded , on all this new version this is bug or something changed that I not find on wiki ??


here are command line that I use:
oclHashcat64 -1 ?d -m 110 -a 3 ?1?1?1?1?1?1?1?1?1?1?1?1?1?1?1 -n 400 -i --hex-charset --hex-salt --status --status-timer=60 --outfile-format=3 --outfile=password1.txt

next I mod it but should work too but still nothing:

oclHashcat64 -a 3 -m 110 ?d?d?d?d?d?d?d?d?d?d?d?d?d?d?d -w3 --hex-charset --hex-salt --status --status-timer=60 -i --outfile-format=5 --outfile=password1.txt
pause


Hash and salt are 100% ok like I write I use too know pass hash and salt and too not calc nothing.

Password is from 8 to 15 digits max.
Maybe there is something that I don't understand but why do you use --hex-charset?
Becouse salt and hash are in hex

--hex-charset Assume charset is given in hex
--hex-salt Assume salt is given in hex
(04-14-2015, 09:13 AM)wgmmmx Wrote: [ -> ]Becouse salt and hash are in hex

--hex-charset Assume charset is given in hex
--hex-salt Assume salt is given in hex

--hex-charset is not for the hash, it's for the charset you use in the bruteforce. So it will convert each pair of digits to it's hex character and you won't find your password.
And that is ok becosue hash got in hex but salt got in dex(0-9 digits) and this need convert to hex to find pass. Pass is in plain_hex mean 0digit0digit.

First command line that I give work in oclhashcat v1.01 without problem becosue this I ask that something not work or something change in new oclhashcat ?? ??

I use this from time to time 1-3 month 1 brutforce but like to know what wrong ?
If not possible will use oclhashcat v1.01 just someone give me link and will back clock in computer but not think for this is this forum.
I am not sure that I understand everything but I have a couple of suggestions:

1)
Quote:Pass is in plain_hex mean 0digit0digit
Why don't you set up a mask like that instead (without using --hex-charset) like 0?d0?d0?d...

2)
Quote:hash got in hex but salt got in dex(0-9 digits) and this need convert to hex to find pass
Why don't you simply convert the salt first, it would be much easier. Again if your salts are in dec and you use the --hex-salt, it won't work as expected.

3) I might be wrong but if you use --hex-char, you might need to use -1 01020304... or put it in an .hccr file so that it's used properly.

There are many things that changed since v1.01 and it's definitely not a good idea to go back to this version.
(04-22-2015, 11:49 AM)mastercracker Wrote: [ -> ]1)
Quote:Pass is in plain_hex mean 0digit0digit
Why don't you set up a mask like that instead (without using --hex-charset) like 0?d0?d0?d...

Not know exacly how use mask but will read and will try do this like you write.

2)
Quote:hash got in hex but salt got in dex(0-9 digits) and this need convert to hex to find pass
Why don't you simply convert the salt first, it would be much easier. Again if your salts are in dec and you use the --hex-salt, it won't work as expected.[/quote]

I will try this and give know results soon.



Quote:3) I might be wrong but if you use --hex-char, you might need to use -1 01020304... or put it in an .hccr file so that it's used properly.

I use -1 ?d where ?d are digits 0123456789 I see this on wiki this is not correct ?
Quote:I use -1 ?d where ?d are digits 0123456789 I see this on wiki this is not correct ?
Let's say that you want to crack the password "pass1234" and you only know that the password starts by "pa", you can use the following mask: pa?l?l?d?d?d?d which is "pa" followed by 2 lowercase letters and 4 digits. Using -1 ?d allows you to use ?1 instead of ?d in your mask but since you can use ?d directly, it's useless. The goal of using custom charset is to use something that does not exist yet like ?l?d (lowercase or digit), aeiou (a vowel), etc.