Jump to content
hKr

Program to recover/crack SHA1, MD5 & MD4 hashes.

By hKr, in Programe utile

Recommended Posts

hKr Newbie

hKr

Posted
Posted

IGHASHGPU

Program to recover/crack SHA1, MD5 & MD4 hashes.

Fastest SHA1/MD5 hash cracker on ATI and NVIDIA GPUs.

World first multihash MD5 cracker for ATI.

Recovery speed on ATI HD 5970 peaks at 5600M/s MD5 hashes and 2300M/s SHA1 hashes.

ighashgpu_q6600_5970.png

Description

This software using ATI RV 7X0/8X0 and nVidia "CUDA" video cards to brute-force MD4, MD5 & SHA1 hashes. Speed depends on GPU,

ATI HD5870:

~3650M/s single MD5

~1360M/s single SHA1

ATI HD4770:

~1075M/s single MD5

~350M/s single SHA1

nVidia GTS250:

~570M single MD5

~175M single SHA1

As ighashgpu supports salted hashes it's possible to use it for:

  • Plain MD4, MD5, SHA1.
  • NTLM
  • Domain Cached Credentials
  • Oracle 11g
  • MySQL5
  • MSSQL
  • vBulletin
  • Invision Power Board
  • and more ...

Supported GPUs

Only supported ATI cards are: HD RV7X0 and RV830/870. Which means -- 4550, 4670, 4830, 4730, 4770, 4850, 4870, 4890, 5750, 5770, 5850, 5870, 5970.

Catalyst 9.9+ must be installed. Catalyst 10.2/10.3 recommended.

Catalysts 10.4-10.6 and 5970 are incompatible.

Catalyst 10.7 not heavily tested but looks like working.

Only supported nVidia cards are: the ones with CUDA support, i.e. G80+.

Systems with multiple GPUs supported.

Current status

No major updates are planned till 2011. Specifically there won't be any ($salt.$pass) schemes implemented in nearest future.

Usage

It is console application, so should be run from command line.

ighashgpu.exe [switch:param] [hashfile.txt]

hashfile.txt only used with unsalted MD5 and NTLM hashes. This file must contains plain MD4/MD5 hashes (32 HEX digits) in form username:hash or simply hash at each line. For example:

aaaa:74b87337454200d4d33f80c4663dc5e5
aaab:4c189b020ceb022e0ecc42482802e2b8
aaac:3963a2ba65ac8eb1c6e2140460031925
aaad:aa836f154f3bf01eed8df286a1fbb388

Switches

-c:csdepa Charset definition (caps, smalls (default), digits, special, space, all)

-u:[chars] User-defined characters

-uh:[HEX] User-defined characters in HEX (2 chars each)

-uhh:[HEX] User-defined characters in Unicode HEX (4 chars each)

-uf:[filename] Load characters from file. Not used with Unicode.

By default charset processed as ANSI one. (i.e. WideCharToMultiByte(CP_ACP, ...)) You can change this with:

-unicode Use unicode

-oem Use oem encoding

-codepage:

Convert charset to specific codepage (need to have it at system of course)

-sf:[password] Password to start attack from

-m:[mask] Password mask

-ms:[symbol] Mask symbol

-salt:[hex] Append salt after password

-asalt:[string] Append salt in ascii after password

-usalt:[string] Append salt in unicode after password

-ulsalt:[string] Same as above but unicode string firstly transformed to lower case

-min:[value] Minimum length (default == 4), must be >= 4

-max:[value] Maximum length (default == 6), must be <= 31 (not counting salt length)

-h:[hash] Hash to attack (16 or 20 bytes in HEX)

-t:[type] Type of hash to attack

  • md4 (Single byte/Unicode)
  • sha1 (Single byte/Unicode)
  • md5
  • md5x2 md5(md5($pass).ascii) No idea how to call it, some forum's type
  • md5x2s md5(md5($pass).$salt) Same as above except salt added after first md5 (without salt md5x2 and md5x2s are the same).
  • Can be used for vBulletin hashes especially with asalt switch
  • mysql5 sha1(sha1($password))
  • ipb md5(md5($salt).$md5($pass))
  • dcc md4(md4($password).lowercase($username))

-devicemask:[N] Bit mask for GPUs usage, bit 0 == first GPU (default 0xFF, i.e. all GPUs).

Special parameters (like " or /) can be passed by using single or double quotes:

-asalt:"h/X"

-asalt:'-"-'

-sf:"aa//bb"

-cpudontcare From v0.60 ighashgpu trying to use cpu as low as possible, however it can cause reduced GPU performance. This switch tells ighashgpu that we want maximum from GPU and so don't care about CPU usage at all (and it means one CPU core at 100% per one GPU).

-hm:[N] Set threshold temperature for hardware monitoring, default is 90C. You can disable monitoring by setting this value to zero.

-blocksize:[N] Set block size, by default N = 23 which means 2^23 = 8388608 passwords offloaded to GPU in a single batch. As GPU job cannot be interrupted the video system will freeze until all passwords processed. So, for example, with rate of 980M and block size = 23 it means that screen updates will freeze for about 8-9ms which is generally normal. While if speed is only around 100M it'll takes ~83ms and so screen cannot be updated more than 12 times per second and thus you'll notice video lags. If you want smooth video response you can lower block size (values 16..23 are supported) but of course it'll reduce performance of the program as well.

Most special switch is:

-fun which in fact is +fun! It's really important to have fun even if it costs two additional lines.

Brute-force attack examples


ighashgpu.exe /h:a2b7caddbc353bd7d7ace2067b8c4e34db2097a3 /t:sha1 /max:6
ighashgpu.exe /h:cbe1d6d5800ec1e03a5f2a64882a0d41 /t:md5 /c:sd /max:7
ighashgpu.exe /c:d /max:10 /h:e807f1fcf82d132f9bb018ca6738a19f /t:md5
ighashgpu.exe -h:47c8fb7775aec7a11e1d141bc26a5a33726e5d6e -t:mysql5 -c:sd -max:6
ighashgpu.exe -h:239361613fe5281d8efb90e7f8e0ceb0 -t:md5 -c:sd -m:????assw???1234

MSSQL can be processed as:

ighashgpu.exe -h:a72befac3e58eb24d559d9fe0045cfdf090782e2 -t:sha1 -unicode -max:6 -salt:e16bed51

NTLM hashes:


ighashgpu.exe /h:252bb1fe4ecb040ebc8c78d2a1b89218 /t:md4 /c:sd /m:????00pa?? /unicode
ighashgpu.exe -h:9D4518F84296B9CE26D02F229870D2D4 -t:md4 -c:a -unicode

vBulletin:

ighashgpu.exe -h:a4e5e1fd2cb7ae7d2961470ce50b966c -t:md5x2s -asalt:_~Y /max:7

Multihashing:


ighashgpu.exe /t:md4 /c:a /max:6 /unicode test.txt
ighashgpu.exe /t:md5 /c:csd /max:6 test.md5

Oracle 11g


ighashgpu.exe -c:a -salt:02B03D5D74B6841CEA2E -h:D39F4CC16573323279E5E4E16D359D6C55DCC092 -t:sha1
ighashgpu.exe -c:sd -salt:01234567890123456789 -h:bedfe061a33474a9d403c809dd93a8cc79b46f74 -t:sha1

IPB

ighashgpu.exe /t:ipb /h:a8b35664407b264c6de709705f0b1dd4 /asalt:"]#/R_" /c:s

Domain Cached Credentials, note the -ulsalt switch usage, not just -usalt.

ighashgpu.exe -t:dcc -ulsalt:DelPotro -h:89af0c6c397bc879d7206ea8a41a11bb -c:sc

Limitations

  • Passwords (plus optional salt) must be >= 4 && <= 31 symbols.
  • First 4 symbols cannot be masked.
  • Probably some more limitations I've forgotten to mention.

Known problems

  • When running on 4870x2 it's possible that only first GPU core will go full speed while second core will stay in 2D mode, so speed looks like 1145+775 = 1920M instead of expected ~2300M for single MD5. Second core can be forced to run in full speed by executing some 3D application in background.

Future plans

  • Commercial version of this program.
  • Multi-Hash support for other hash types.
  • More algos support.
  • GUI.
  • CPU support including multicores.
  • Distributed version.

Acknowledgements

This software includes parts of LZMA SDK written by Igor Pavlov.

Thanks to Dalibor from hashcat forums for MD5's 3rd round optimization idea.

Descarcare:

Site Oficial: Ivan Golubev's Lair

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...