|
Search Results
|
| Post |
Author |
Forum |
Replies
[desc]
|
Views |
Posted |
| |
|
Thread: Slow/no status response in Windows 10
Post: RE: Slow/no status response in Windows 10
| Well, normally one should prefer small targeted word lists with a lot of rules (not just massive word lists with no rules).
The GPUs need to have some work to do (i.e. with the help of some amplifica... |
|
philsmd |
hashcat
|
13 |
11,068 |
06-02-2017, 09:41 AM |
| |
|
Thread: Proper Dictionary Usage
Post: RE: Proper Dictionary Usage
| Litecoin wallets (wallet.dat) use a very specific algorithm which hashcat covers with hash mode:
-m 11300 = Bitcoin/Litecoin wallet.dat
use bitcoin2john.py to extract the "hash" (remove all file n... |
|
philsmd |
hashcat
|
13 |
9,891 |
01-02-2018, 11:59 PM |
| |
|
Thread: Proper Dictionary Usage
Post: RE: Proper Dictionary Usage
| no. the command should look something like this:
Code:
--
hashcat64 -m 11600 -a 0 -w 3 -o Done.txt Hash.txt realuniq.lst
--
-a 0 is for wordlist attack mode (see --help) |
|
philsmd |
hashcat
|
13 |
9,891 |
01-03-2018, 03:31 PM |
| |
|
Thread: help with LUKS data recovery
Post: RE: help with LUKS data recovery
| Did you try to crack the example files from https://hashcat.net/wiki/doku.php?id=example_hashes ?
(search for 14600 or LUKS) |
|
philsmd |
hashcat
|
13 |
9,832 |
01-04-2018, 08:06 PM |
| |
|
Thread: Proper Dictionary Usage
Post: RE: Proper Dictionary Usage
| If hashcat says
Status...........: Cracked
and the hash is outputted together with an appended number of chars/digits, it means that this appended string is the password.
I think that when you ... |
|
philsmd |
hashcat
|
13 |
9,891 |
01-03-2018, 09:12 AM |
| |
|
Thread: help with LUKS data recovery
Post: RE: help with LUKS data recovery
| Did you try to crack the volume that you created as an example on your vm ?
Can you perform the same test (creating a new luks "file") on the actual machine.
I'm not sure if the raid setup reall... |
|
philsmd |
hashcat
|
13 |
9,832 |
01-05-2018, 01:49 PM |
| |
|
Thread: help with LUKS data recovery
Post: RE: help with LUKS data recovery
| This payload data should be (look like) random data.
In your case it doesn't seem to be random data.
Is this also the case for your other examples? |
|
philsmd |
hashcat
|
13 |
9,832 |
01-05-2018, 02:31 PM |
| |
|
Thread: help with LUKS data recovery
Post: RE: help with LUKS data recovery
| I would suggest that you create a test with exactly the same settings (same hashing and encryption algorithm etc) and try to extract the data from it and crack it.
If the test works successfully, t... |
|
philsmd |
hashcat
|
13 |
9,832 |
01-06-2018, 05:19 PM |
| |
|
Thread: help with LUKS data recovery
Post: RE: help with LUKS data recovery
| I'm not sure if this observation you made about 90% NUL characters reveals some problems. Instead, I think that also the examples have several NUL chars within the "header". I would not conclude that ... |
|
philsmd |
hashcat
|
13 |
9,832 |
01-05-2018, 10:56 AM |
| |
|
Thread: Old Office and KDF
Post: RE: Old Office and KDF
| I just had a glance at how easy it is to decrypt office document with the old RC4 encryption (and therefore get access to the whole file content) with the correct RC4 key and it turned out to be even ... |
|
philsmd |
hashcat
|
13 |
10,132 |
02-27-2018, 07:16 PM |
| |
|
Thread: Ransomware
Post: RE: Ransomware
| First of all, this is of course not the usual use case for hashcat.
Furthermore, Diskcryptor is probably a legit software just misused by the malware, it's not malware but can be used to encrypt file... |
|
philsmd |
hashcat
|
13 |
7,573 |
12-13-2018, 08:06 PM |
| |
|
Thread: Ransomware
Post: RE: Ransomware
| I had a glance at this page: https://diskcryptor.net/wiki/Volume
and the source here https://github.com/smartinm/diskcryptor
it seems that the algo for key derivation from the password is PBKDF2-H... |
|
philsmd |
hashcat
|
13 |
7,573 |
12-13-2018, 09:12 PM |
| |
|
Thread: Ransomware
Post: RE: Ransomware
| Well, if it wasn't really clear yet, this specific algorithm is not supported yet by hashcat since you can't really extract a hash, but need to generate the AES-XTS keys on-the-fly and verify the decr... |
|
philsmd |
hashcat
|
13 |
7,573 |
12-14-2018, 11:06 AM |
| |
|
Thread: VeraCrypt with PIM/keyfile seems to be ignored
Post: RE: VeraCrypt with PIM/keyfile seems to be ignored
| please test also with the beta version from https://hashcat.net/beta
btw: there are also example hashes from https://hashcat.net/wiki/example_hashes (including tests with PIM) |
|
philsmd |
hashcat
|
13 |
5,712 |
03-11-2019, 11:35 PM |
| |
|
Thread: VeraCrypt with PIM/keyfile seems to be ignored
Post: RE: VeraCrypt with PIM/keyfile seems to be ignored
| thanks guys for confirming.
I did some commit history tests and found out that this (admittedly very huge) commit has fixed the PIM feature:
https://github.com/hashcat/hashcat/commit/c9e796fcf061... |
|
philsmd |
hashcat
|
13 |
5,712 |
03-14-2019, 12:09 PM |
| |
|
Thread: how can i fix Gpu reaching the abort temp after a while ?
Post: RE: how can i fix Gpu reaching the abort temp afte...
| -w 1
or
-u 1 -n 1 --force
but you should use --force only if you know what you are doing and do not report any problems when using --force (you can change the -u and -n values slightly if you... |
|
philsmd |
hashcat
|
13 |
4,679 |
06-06-2019, 01:08 PM |
| |
|
Thread: how can i fix Gpu reaching the abort temp after a while ?
Post: RE: how can i fix Gpu reaching the abort temp afte...
| most of the time the best thing to do is to fix the main problem instead of trying really hard (and failing horrendously in doing so) to bypass/avoid it.
Fan/cooling/throttling issues are serious p... |
|
philsmd |
hashcat
|
13 |
4,679 |
06-06-2019, 12:05 PM |
| |
|
Thread: Using hashcat with maskprocessor - here: veracrypt
Post: RE: Using hashcat with maskprocessor - here: verac...
| you need to add --increment too
the --increment command line switch enables the increment feature (and min/max options are further restrictions/limits) |
|
philsmd |
hashcat-utils, maskprocessor, statsprocessor, md5stress, wikistrip
|
13 |
5,771 |
08-19-2019, 01:35 PM |
| |
|
Thread: Using hashcat with maskprocessor - here: veracrypt
Post: RE: Using hashcat with maskprocessor - here: verac...
| ?1 is not the same as ?l
and ?! is completely wrong
you need to be more careful about what you see and what you type.
?1 is dollar ONE and ?l is dollar lower-case ELL
maskprocessor is not ... |
|
philsmd |
hashcat-utils, maskprocessor, statsprocessor, md5stress, wikistrip
|
13 |
5,771 |
08-19-2019, 07:50 PM |
| |
|
Thread: Hashcat won't start ''insufficient memory available''
Post: RE: Hashcat won't start ''insufficient memory avai...
| hashcat: "All hashes found already, won't crack them again"
Vidramon: "it will work for Nvidia, but not for Amd, resulting not find a pass"
this makes absoultely no sense to me.
Did you even re... |
|
philsmd |
hashcat
|
13 |
4,419 |
09-21-2019, 05:19 PM |
