Questions tagged [hashcat]

Hashcat is a program designed to brute force hashes, and is commonly used to crack passwords.

136 questions
63
votes
1 answer

I found a password with hashcat, but it doesn't work

My assignment required me to find the password for a PowerPoint file (97 - 2003, v. 8.0 - v. 11.0). I used office2john.py to retrieve the hash, and I removed the file name. The hash…
Fabius
  • 681
  • 1
  • 5
  • 9
9
votes
1 answer

Mitigating the new attack on WPA2 involving PMKID

A new attack was discovered which allows cracking a WPA2 passphrase without needing to capture the 4-way handshake. While this doesn't weaken the password itself, it does mean that an attacker can begin their cracking attempts without needing to…
forest
  • 64,616
  • 20
  • 206
  • 257
9
votes
1 answer

Bruteforce with hashcat, how to set the mask properly?

Let's say I've an hash of this type: test::::4e45c7bab093d7011e9b3a5df7d9fa88212beac5ac9c8c47:d6ff3373aa353f3b:123456 I would like to bruteforce it using hashcat, but I'm failing to set the correct mask. Here's what I'm executing: hashcat -m 5500…
MeaMelone
  • 93
  • 1
  • 1
  • 3
9
votes
4 answers

Hashcat with Kali 2 in a VM

How can I run hashcat using only the cpu in a virtual machine? When I try to run hashcat in my Kali 2 VM I receive the following error: root@kali: hashcat -m 400 -a 0 hash.txt rockyou.txt hashcat (v3.10) starting... OpenCL Platform #1: Mesa,…
Shrout1
  • 365
  • 1
  • 5
  • 11
8
votes
1 answer

Bruteforce part of password in TrueCrypt

I own a TrueCrypt container and I can't open it. I remember part of its password. So I want to bruteforce attack on it. I tried many parameters in oclHashCat but none worked (parameter problem). Can someone tell me please; how to pass correct…
7
votes
2 answers

Can you use an FPGA with hashcat?

Hashcat list FPGAs as OpenCL device type in its help. - [ OpenCL Device Types ] - # | Device Type ===+============= 1 | CPU 2 | GPU 3 | FPGA, DSP, Co-Processor So can you really somehow connect and use an FPGA with hashcat?
UndercoverDog
  • 612
  • 2
  • 17
7
votes
1 answer

With password cracking, what is the fastest known password cracking rig in hashes per second?

To properly assess password strength, I have been trying to research what the fastest known password cracking rig is in hashes per second. HashCat claims that their software is the world's fastest, and the current version is v6.2.5. I also found a…
Chris Rogers
  • 275
  • 3
  • 10
7
votes
1 answer

Why won't pdf2john extract the password hash of this encrypted pdf? Getting blank results

New to the community, and to JtR and Hashcat as a whole, but after searching for a few days I couldn't find a solution to this specific problem. I have a password protected PDF file that I'm trying to crack to prove to a friend of mine that it can…
7
votes
1 answer

Attack WPA password with hashcat - Settings and resources for "german" passwords?

I'd like to prove to a friend of mine that his wifi is insecure and learn something about password cracking on the way. The guy I am talking about does not believe in strong passwords but in SSID hiding and mac address filtering. As you know this is…
wedi
  • 173
  • 1
  • 5
5
votes
1 answer

How does hashcat figure out the SHA CRYPT ROUNDS on a Linux password

A part of my /etc/login.defs file looks like this: ENCRYPT_METHOD SHA512 # Define the number of SHA rounds. # If not specified, the libc will choose the default number of rounds (5000). # The values must be inside the 1000-999999999 range. # If…
user1720897
  • 603
  • 2
  • 10
  • 18
5
votes
1 answer

For bcrypt why is JTR so much faster than hashcat?

To keep it short I've recently been learning about hashing and password hash cracking on TryHackMe. I was tasked to crack the following hash: $2y$10$0veO/JSFh4389Lluc4Xya.dfy2MF.bZhz0jVMw.V.d3p12kBtZutm When trying to crack with hashcat I used the…
JuniorPen
  • 51
  • 1
  • 2
5
votes
3 answers

How can I find a SHA-256 hash with a given suffix using hashcat?

Recently we competed in the X-MAS 2019 CTF and many of the challenges included a proof of work (PoW) check to avoid Denial of Service (DoS) attacks against their servers. The most common was we were given a 6 character suffix and asked to find…
Kristopher Ives
  • 161
  • 1
  • 5
5
votes
3 answers

Is it possible to crack any SHA1 hashed password

I'm trying to understand how easy it is to crack a SHA1 hashed password. I have a training database giving hundreds of password hashed. I have tried to use some online tools to crack them and I have realized that I can only crack relatively simple…
KB303
  • 423
  • 2
  • 5
  • 15
5
votes
4 answers

Does aircrack-ng use GPU/CUDA capabilities?

As stated, does aircrack-ng when brute forcing a WPA2 handshake capture use GPU/CUDA resources such as a program like Hashcat does?
Norr
  • 199
  • 1
  • 2
  • 8
4
votes
1 answer

new format of keepass (2) database file and hashcat

I created test DB file (.kdbx) using KeePassX, after that used keepass2john Python port from this site, but changed line 88: index += 2 to index += 4 because the size of this field is 4 bytes instead of 2 (program will show wrong results without…
MrSetplus
  • 41
  • 1
  • 3
1
2 3
9 10