Cryptohaze.com

Hi everyone...

I've "built" a server to host a --serveronly cryptohaze process to try to crack an hash that has a quite long password...

The password has a part that is known and another part that is unknown.

The know part is like a salt. The unkown part is actually the password we are looking for...

My question is:

Is there any patch to make New-Multiforcer to help cracking this (top max 15 chars) password with ATI power?

I have a Sapphire HD6870 Vapor-X and i can't help because looks like New-Multiforcer is unable to handle passwords over 10 chars max...

Is it hash($pass.$salt) or hash($salt.$pass)?

The 10 character limit has been pushed up in in SVN. Should be 31 for MD5.

And you can definitely use a salt kernel, but right now I only have $pass.$salt - I can get the other written if you need it.

A few more details & an example hash would be very useful.

Bitweasil wrote:Is it hash($pass.$salt) or hash($salt.$pass)?
The 10 character limit has been pushed up in in SVN. Should be 31 for MD5.
And you can definitely use a salt kernel, but right now I only have $pass.$salt - I can get the other written if you need it.
A few more details & an example hash would be very useful.

The thing is that we're trying to use a salt with -h MD5 mode, and using the -u option with a charset containing the salt and the charset for the password. The salt is known for us, the password is unknown, and for testing purposes we're trying to crack it. the plain text salt+password is something like "$user:$realm:$password".

The charset file we're using with the -u option is something like this:

Code: Select all

u
s
e
r
:
r
e
a
l
m
:
abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789
abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789
abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789
abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789


But only the salt is 26chars in lenght, and the password chosen is 15 chars, so we can't use any AMD graphic cards available to us, only NVidia cards.

Whoof, good luck on 15 chars.

That's best handled by a salt:pass kernel. I will see what I can do.

Bitweasil wrote:Whoof, good luck on 15 chars.

That's best handled by a salt:pass kernel. I will see what I can do.

We really appreciate your effort.

We have been commited to crack our hash for some weks and now that we've found a pretty user-friendly app we are struggling because most of us are ATI cards owners...

So it would be very encouraging have you helping us on coding a patch or a new version so that we can use our ATI power, though we know it could take months to crack a (top max) 15 chars password...

Many thanks

HelloShitty wrote:We have been commited to crack our hash for some weks and now that we've found a pretty user-friendly app we are struggling because most of us are ATI cards owners...

The New-Multiforcer does support ATI cards.

So it would be very encouraging have you helping us on coding a patch or a new version so that we can use our ATI power, though we know it could take months to crack a (top max) 15 chars password...

Well, 15 full charset is hopelessly complex. but I will see what I can to at least let you attempt it.

I probably will not have time to code it up until after Defcon.

Bitweasil wrote:

HelloShitty wrote:We have been commited to crack our hash for some weks and now that we've found a pretty user-friendly app we are struggling because most of us are ATI cards owners...

The New-Multiforcer does support ATI cards.

So it would be very encouraging have you helping us on coding a patch or a new version so that we can use our ATI power, though we know it could take months to crack a (top max) 15 chars password...

Well, 15 full charset is hopelessly complex. but I will see what I can to at least let you attempt it.

I probably will not have time to code it up until after Defcon.

It would be greatly appreciated...


I have another question about New-Multiforcer.

With this command

Code: Select all

./New-Multiforcer -h MD5 -u charset.chst -f hash.hsh -o passwd.pw --nocpu

i don't get the passwd with this charset and the app terminates after a few minutes saying this:

Code: Select all

Terminating due to error: Charset does not extend to password length 9!

Code: Select all

0123456789abcdefghijklmnopqrstuvwxyz
0123456789abcdefghijklmnopqrstuvwxyzABCDEFGH
0123456789abcdefghijklmnopqrstuvwxyz
0123456789abcdefghijklmnopqrstuvwxyz
0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ
/*-+,.;:!$
/*-+,.;:!$
0123456789abcdefghijklmnopqrstuvwxyz

and the passwd in test is bGtxQ!$8

There's apparently a bug in the current per position charset stuff. I will take a look. Thanks for pointing that out.

It works through length 7, just not length 8 (if I generate the steps from 1-8 as hashes). Weird. I'll definitely check this out.

Bitweasil wrote:There's apparently a bug in the current per position charset stuff. I will take a look. Thanks for pointing that out.

Won't it has anything to do with \new line char?


After starting a new job with no --resumefile there's no chance of resuming a job, right?

HelloShitty wrote:Won't it has anything to do with \new line char?

After starting a new job with no --resumefile there's no chance of resuming a job, right?

I don't know what the problem is.

And the resume support is flat out not working right now.

It's still not even really a beta...