LabEx
Log InJoin Free

Troubleshoot Common Hashcat Errors

Kali LinuxBeginner
Practice Now

Introduction

Hashcat is a powerful and versatile password recovery tool, but like any complex software, users can encounter errors that may be confusing at first. Understanding these common issues is key to using Hashcat effectively.

In this lab, you will learn to diagnose and fix some of the most frequent errors that occur during Hashcat operations. We will cover problems related to hash format, file parsing, and hardware management. By the end of this lab, you will be better equipped to troubleshoot your own Hashcat sessions.

Investigate the 'Token length exception' Error

In this step, we will explore the Token length exception error. This error occurs when a hash in your input file does not have the correct length for the specified hash mode (-m). For example, a standard MD5 hash must be exactly 32 hexadecimal characters long. If Hashcat finds a line that is shorter or longer, it will report this error and stop.

First, let's attempt to run Hashcat on a file that contains a malformed hash. We have prepared a file named hashes_token_length.txt for this purpose. We will use hash mode 0, which corresponds to MD5.

Execute the following command in your terminal:

hashcat -m 0 -a 0 hashes_token_length.txt wordlist.txt

You will see an error message similar to this:

hashcat (v6.2.x) starting

...

* Token length exception: 1/2 hashes
  This error happens if the hashes you are trying to crack do not meet the length requirements of the selected hash-mode.
  Please make sure you have specified the correct hash-mode and that all of your hashes are valid.
  ...
* Startup failed: Invalid hash-length

The message clearly indicates a "Token length exception". To fix this, you need to identify and either correct or remove the invalid hash from your file. A simple way to find lines with incorrect lengths is by using tools like awk. For an MD5 hash (32 characters), we can check for any line that does not have a length of 32.

Run this command to inspect the file:

awk 'length != 32' hashes_token_length.txt

The output will show the problematic line:

5d41402abc4b2a76b9719d911017c59

Now that you've found the invalid hash, you can create a corrected file. Let's create a new file named hashes_corrected.txt containing only the valid hashes.

awk 'length == 32' hashes_token_length.txt > hashes_corrected.txt

You can now successfully run Hashcat with the corrected file:

hashcat -m 0 -a 0 hashes_corrected.txt wordlist.txt

This time, Hashcat will start without the error.

Resolve the 'No hashes loaded' Error

In this step, we'll address the No hashes loaded error. This is one of the most common issues and it typically means that Hashcat could not parse any of the lines in your hash file as valid hashes for the selected hash mode. This can be due to an incorrect hash mode, a corrupted file, or an incorrect file format.

We have a file named hashes_no_load.txt. Let's try to crack it using hash mode 10 (md5($pass.$salt)). This mode expects the hash and salt to be separated by a colon (:), but our file contains only raw MD5 hashes.

Run the following command:

hashcat -m 10 -a 0 hashes_no_load.txt wordlist.txt

Hashcat will start but immediately exit with a status message indicating no hashes were loaded:

...
Hashes: 2 digests; 2 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates
Rules: 1

Applicable optimizers:
* Zero-Byte
* Precompute-Init
* Precompute-Merkle-Demgard
* Meet-In-The-Middle
* Early-Skip
* Not-Iterated
* Not-Salted
* Raw-Hash

Minimum password length supported by kernel: 0
Maximum password length supported by kernel: 256

Watchdog: Hardware monitoring interface not found on your system.
Watchdog: Temperature monitoring is disabled.

No hashes loaded.

Started: ...
Stopped: ...

The key line is No hashes loaded. This tells you there's a mismatch between your hash file's content and the hash mode you specified. The file hashes_no_load.txt contains a raw MD5 hash, which corresponds to mode 0.

To fix this, you must provide the correct hash mode. Let's run the command again with -m 0.

hashcat -m 0 -a 0 hashes_no_load.txt wordlist.txt

This time, Hashcat will correctly load the valid hash from the file and start the cracking session. It will ignore the line "not_a_hash" because it doesn't look like a valid hash for mode 0.

...
Hashes: 1 digests; 1 unique digests, 1 unique salts
...
Session..........: hashcat
Status...........: Running
...

Address 'Device temperature abort' Warnings

In this step, we will discuss how to handle temperature-related issues. When running on powerful hardware like GPUs, Hashcat can generate a lot of heat. To protect your hardware from damage, Hashcat monitors device temperatures and will automatically pause or abort a session if they get too high.

In the LabEx virtual environment, we don't have access to a physical GPU, so we cannot trigger this error directly. However, it's a critical feature to understand for real-world use. The error message would look something like Device #1 temperature abort trigger reached.

Hashcat provides command-line options to manage this behavior:

  • --gpu-temp-abort=X: Abort the session when any GPU reaches temperature X in Celsius.
  • --gpu-temp-retain=Y: Pause the session when any GPU reaches temperature Y in Celsius, and resume when it cools down.

You can use these flags to set custom temperature limits that suit your hardware and cooling setup. For example, to tell Hashcat to stop if the temperature exceeds 90°C, you would add --gpu-temp-abort=90 to your command.

Let's run a command with this flag to see how it's used. We will use the valid_hash.txt file created during setup.

hashcat -m 0 -a 0 valid_hash.txt wordlist.txt --gpu-temp-abort=90

The command will run as usual, but Hashcat is now configured with your custom temperature limit.

In some cases, hardware monitoring might be faulty or unsupported, leading to incorrect temperature readings and unnecessary shutdowns. If you are certain your cooling is adequate and the temperature readings are wrong, you can disable the hardware monitoring feature entirely with the --hwmon-disable flag.

hashcat -m 0 -a 0 valid_hash.txt wordlist.txt --hwmon-disable

Use this option with caution, as it disables an important safety feature.

Fix 'Line-length exception' in Wordlists or Rules

In this step, we'll tackle the Line-length exception error. This error is similar to the token length exception from Step 1, but it applies to your input files, such as wordlists or rule files, instead of the hash file. Hashcat has an internal buffer for lines it reads from these files, and if a line exceeds this limit (typically 256 bytes), this error is triggered.

This can happen with corrupted wordlists or poorly generated rule files. We have a file named wordlist_long_line.txt that contains one extremely long line.

Let's try to use it in a cracking session against our valid_hash.txt:

hashcat -m 0 -a 0 valid_hash.txt wordlist_long_line.txt

You will receive an error message pointing to the wordlist file:

...
ATTENTION!
The wordlist 'wordlist_long_line.txt' contains a line that is larger than 256 bytes.
The line is ignored.
To fix this, remove the line from the wordlist.
...

While Hashcat may proceed after this warning, it's best practice to clean your input files. You can find and remove oversized lines using tools like awk. The following command will print any lines in the file that are longer than 256 characters:

awk 'length > 256' wordlist_long_line.txt

This will display the offending long line. To fix the issue, you can create a new, clean wordlist that excludes any lines longer than 256 characters.

awk 'length <= 256' wordlist_long_line.txt > wordlist_corrected.txt

Now, you can use your wordlist_corrected.txt file without encountering the error.

hashcat -m 0 -a 0 valid_hash.txt wordlist_corrected.txt

The session will now start cleanly without any warnings about line length.

Understand and Solve 'Separator not found' Errors

In this final step, we will address the Separator not found error. This error occurs when you use a hash mode that expects a specific format with a separator character (usually a colon :) but the lines in your hash file do not contain it. Many hash formats, like user:password or hash:salt, rely on this structure.

For this example, we will use hash mode 5500, which is for NetNTLMv1. This format typically looks like USER::DOMAIN:LM_HASH:NT_HASH:CHALLENGE. The colons are essential separators. We have a file named hashes_no_separator.txt that contains a hash string but is missing the required separators.

Let's try to run Hashcat with this file:

hashcat -m 5500 -a 0 hashes_no_separator.txt wordlist.txt

Hashcat will fail and display the Separator not found error. It will also show you an example of the correct format.

...
* Separator unmatched: 1/1 hashes
  This error happens if the hashes you are trying to crack are not in the correct format.
  Please read https://hashcat.net/wiki/doku.php?id=example_hashes to learn more about the correct format.
  ...
* Startup failed: Invalid hash-format

The error message indicates that the hash is missing the required separator. To fix this, you must edit the hash file to match the expected format. Let's assume the username is labex, the domain is corp, and the challenge is 1122334455667788. The correct format would be labex::corp:<the_hash>:1122334455667788.

Let's open the file with the nano editor and correct it.

nano hashes_no_separator.txt

Change the content of the file from: U4BE_AC149FD0318023832132BFB833521AAF8A631114317A4935

To the following, making sure to replace <the_hash> with the original hash string: labex::corp:U4BE_AC149FD0318023832132BFB833521AAF8A631114317A4935:1122334455667788

Press Ctrl+X, then Y, and Enter to save the file and exit nano.

Now, run the Hashcat command again:

hashcat -m 5500 -a 0 hashes_no_separator.txt wordlist.txt

With the corrected format, Hashcat will now accept the hash and start the cracking session properly. This demonstrates the importance of ensuring your hash files are correctly formatted for the specific hash mode you are using.

Summary

In this lab, you have learned how to diagnose and resolve five of the most common errors encountered when using Hashcat.

We covered:

  • Token length exception: Caused by hashes of incorrect length for the specified mode.
  • No hashes loaded: A result of a mismatch between the hash file format and the selected hash mode.
  • Device temperature abort: A hardware safety feature that can be managed with temperature control flags.
  • Line-length exception: Triggered by oversized lines in wordlists or rule files.
  • Separator not found: Occurs when a hash format requires a separator that is missing from the hash file.

By understanding the causes of these errors and knowing how to fix them, you can use Hashcat more efficiently and avoid common pitfalls. The key takeaway is to always validate your input files and ensure you are using the correct options for your specific task.

Related Kali Linux Courses
Kali Linux for Beginners

Kali Linux for Beginners

cybersecuritykalilinux
Kali Server Exploitation in Action

Kali Server Exploitation in Action

cybersecuritykalilinux