New-Multiforcer question

Problems with the hash cracking system? Suggestions?
  • Ads

New-Multiforcer question

Postby HelloShitty » Thu Jul 26, 2012 2:57 pm

Hi everyone...

I've "built" a server to host a --serveronly cryptohaze process to try to crack an hash that has a quite long password...

The password has a part that is known and another part that is unknown.

The know part is like a salt. The unkown part is actually the password we are looking for...

My question is:

Is there any patch to make New-Multiforcer to help cracking this (top max 15 chars) password with ATI power?

I have a Sapphire HD6870 Vapor-X and i can't help because looks like New-Multiforcer is unable to handle passwords over 10 chars max... :| :geek:
HelloShitty
 
Posts: 6
Joined: Thu Jul 26, 2012 2:50 pm

Re: New-Multiforcer question

Postby Bitweasil » Thu Jul 26, 2012 6:18 pm

Is it hash($pass.$salt) or hash($salt.$pass)?

The 10 character limit has been pushed up in in SVN. Should be 31 for MD5.

And you can definitely use a salt kernel, but right now I only have $pass.$salt - I can get the other written if you need it.

A few more details & an example hash would be very useful.
Bitweasil
Site Admin
 
Posts: 912
Joined: Tue Jan 20, 2009 4:26 pm

Re: New-Multiforcer question

Postby schnaps » Thu Jul 26, 2012 6:51 pm

Bitweasil wrote:Is it hash($pass.$salt) or hash($salt.$pass)?
The 10 character limit has been pushed up in in SVN. Should be 31 for MD5.
And you can definitely use a salt kernel, but right now I only have $pass.$salt - I can get the other written if you need it.
A few more details & an example hash would be very useful.

The thing is that we're trying to use a salt with -h MD5 mode, and using the -u option with a charset containing the salt and the charset for the password. The salt is known for us, the password is unknown, and for testing purposes we're trying to crack it. the plain text salt+password is something like "$user:$realm:$password".

The charset file we're using with the -u option is something like this:

Code: Select all
u
s
e
r
:
r
e
a
l
m
:
abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789
abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789
abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789
abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789


But only the salt is 26chars in lenght, and the password chosen is 15 chars, so we can't use any AMD graphic cards available to us, only NVidia cards.
schnaps
 
Posts: 7
Joined: Tue Jul 24, 2012 9:13 pm

Re: New-Multiforcer question

Postby Bitweasil » Thu Jul 26, 2012 8:34 pm

Whoof, good luck on 15 chars.

That's best handled by a salt:pass kernel. I will see what I can do.
Bitweasil
Site Admin
 
Posts: 912
Joined: Tue Jan 20, 2009 4:26 pm

Re: New-Multiforcer question

Postby HelloShitty » Fri Jul 27, 2012 6:52 am

Bitweasil wrote:Whoof, good luck on 15 chars.

That's best handled by a salt:pass kernel. I will see what I can do.


We really appreciate your effort.

We have been commited to crack our hash for some weks and now that we've found a pretty user-friendly app we are struggling because most of us are ATI cards owners...

So it would be very encouraging have you helping us on coding a patch or a new version so that we can use our ATI power, though we know it could take months to crack a (top max) 15 chars password...

Many thanks
HelloShitty
 
Posts: 6
Joined: Thu Jul 26, 2012 2:50 pm

Re: New-Multiforcer question

Postby Bitweasil » Fri Jul 27, 2012 6:00 pm

HelloShitty wrote:We have been commited to crack our hash for some weks and now that we've found a pretty user-friendly app we are struggling because most of us are ATI cards owners...


The New-Multiforcer does support ATI cards. :)

So it would be very encouraging have you helping us on coding a patch or a new version so that we can use our ATI power, though we know it could take months to crack a (top max) 15 chars password...


Well, 15 full charset is hopelessly complex. :) but I will see what I can to at least let you attempt it.

I probably will not have time to code it up until after Defcon.
Bitweasil
Site Admin
 
Posts: 912
Joined: Tue Jan 20, 2009 4:26 pm

Re: New-Multiforcer question

Postby HelloShitty » Fri Jul 27, 2012 7:41 pm

Bitweasil wrote:
HelloShitty wrote:We have been commited to crack our hash for some weks and now that we've found a pretty user-friendly app we are struggling because most of us are ATI cards owners...


The New-Multiforcer does support ATI cards. :)

So it would be very encouraging have you helping us on coding a patch or a new version so that we can use our ATI power, though we know it could take months to crack a (top max) 15 chars password...


Well, 15 full charset is hopelessly complex. :) but I will see what I can to at least let you attempt it.

I probably will not have time to code it up until after Defcon.


It would be greatly appreciated...


I have another question about New-Multiforcer.

With this command

Code: Select all
./New-Multiforcer -h MD5 -u charset.chst -f hash.hsh -o passwd.pw --nocpu


i don't get the passwd with this charset and the app terminates after a few minutes saying this:

Code: Select all
Terminating due to error: Charset does not extend to password length 9!


Code: Select all
0123456789abcdefghijklmnopqrstuvwxyz
0123456789abcdefghijklmnopqrstuvwxyzABCDEFGH
0123456789abcdefghijklmnopqrstuvwxyz
0123456789abcdefghijklmnopqrstuvwxyz
0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ
/*-+,.;:!$
/*-+,.;:!$
0123456789abcdefghijklmnopqrstuvwxyz


and the passwd in test is bGtxQ!$8
HelloShitty
 
Posts: 6
Joined: Thu Jul 26, 2012 2:50 pm

Re: New-Multiforcer question

Postby Bitweasil » Fri Jul 27, 2012 11:44 pm

There's apparently a bug in the current per position charset stuff. I will take a look. Thanks for pointing that out.

It works through length 7, just not length 8 (if I generate the steps from 1-8 as hashes). Weird. I'll definitely check this out.
Bitweasil
Site Admin
 
Posts: 912
Joined: Tue Jan 20, 2009 4:26 pm

Re: New-Multiforcer question

Postby HelloShitty » Fri Jul 27, 2012 11:52 pm

Bitweasil wrote:There's apparently a bug in the current per position charset stuff. I will take a look. Thanks for pointing that out.


Won't it has anything to do with \new line char?


After starting a new job with no --resumefile there's no chance of resuming a job, right?
HelloShitty
 
Posts: 6
Joined: Thu Jul 26, 2012 2:50 pm

Re: New-Multiforcer question

Postby Bitweasil » Sat Jul 28, 2012 12:10 am

HelloShitty wrote:Won't it has anything to do with \new line char?

After starting a new job with no --resumefile there's no chance of resuming a job, right?


I don't know what the problem is.

And the resume support is flat out not working right now.

It's still not even really a beta...
Bitweasil
Site Admin
 
Posts: 912
Joined: Tue Jan 20, 2009 4:26 pm

Next

Return to Hash cracking

Who is online

Users browsing this forum: No registered users and 1 guest

cron