Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
OSX with AMD GPU fails to crack NTLM hashes #1348
I recently ran into an issue with hashcat installed on OSX when attempting to crack NTLM (-m 1000).
The current build is unable to crack NTLM hashes. I attempted to replicate this issue by using the example hash for "hashcat" b4b9b02e6f09a9bd760f388b67351e2b and still was unable to get hashcat to crack the hash.
Openssl version 1.0.2l installed with homebrew
What's the version of hashcat that you use?
BTW: some users make the mistake to use something like "./hashcat -m 1000 hash -a 3 hashcat"
Furthermore, newest versions of hashcat (beta, see https://hashcat.net/beta/) have self-tests enabled and therefore you will see a warning whenever there is a problem with the kernels (false negatives) etc
Hashcat Version: v3.6.0-456-g6d112aeb
Built following instructions for OSX on https://github.com/hashcat/hashcat/blob/master/BUILD.md
Device #3: AMD Radeon R9 M370X Compute Engine, 512/2048 MB allocatable, 10MCU
hashcat/hashcat -a 0 -m 1000 -r hashcat/rules/best64.rule testNtlmHash.txt hashcatTestPass.txt --potfile-path testNtlmHash.pot -d 3
I know that I can crack the password with JohnTheRipper, and that in order to properly compile JTR on OSX, I need to point to homebrew's version of openssl as you can see in the bottom of the info section.
$brew info openssl
This formula is keg-only, which means it was not symlinked into /usr/local,
If you need to have this software first in your PATH run:
For compilers to find this software you may need to set:
Could it be an issue with OSX's native installed libraries, and if so, how could I point the hashcat compiler at the homebrew installed libraries?
referenced this issue
Sep 5, 2017
The configuration is entirely
Code recompiled on 10.13.3 with the same hardware and up to date homebrew. Hashcat version is 4.1.0. Issue seems to be resolved.
I am unsure which configurations changed, but the update to the new version of OSX seems to have resolved the issue.
Awesome update in that version by the way!