How to Crack Passwords Using Hashcat. hccapx POT_FILE=hackme. Hashcat could probably easily add a new hash mode that does the pbkdf2-hmac-sha1 and check the 2 bytes (the 9th and 10th byte within the decoded form of the 3rd part of the file must match the 33th and 34th byte of the pbkdf2-hmac-sha1 output), if they match it could try to decrypt the last 16 byte block and see if some expected bytes (like a. Here are the steps we used to do so. exe -m 0 -w 3 "Hashes. This is a great example at how computationally expensive cracking passwords can get just by adding one more letter or one more set of characters (numbers, upper case, lower case, special). Then: cd unzip hashcat-exercise-files. exe -m 9810 -w 3 s. hashcat currently supports CPUs, GPUs, and other hardware accelerators on Linux, Windows, and OSX, and has facilities to help enable distributed password cracking. Hashcat doesn't write to output file. Parsing the output didn’t take me a long time to figure out…my real problem was sending an array through the pipeline. In this tutorial we've created a password list with Crunch and have oclHashcat use it to brute force the password. rc4 -a 3 ?b?b?b?b?b The output will be something like:. python maskgen. I am attempting to get an OpenCL program, hashcat, that we use in forensics to output on the screen as well as write to a log file AND get that log file to tail every 60 minutes. I'm trying to make a sceipt that will run hashcat and then when hashcat ends the aceipt will search for the string cracked and will make something and if he finds the string. Learn vocabulary, terms, and more with flashcards, games, and other study tools. You can provide a text file which contains arbitrary text data, or you can provide a text file which contains different URLS. What naive-hashcat does. Active 6 months ago. And finally, we can pass in hash. pmkid bettercap-wifi-handshakes. out as well as to a pot file of hashcat the contents of the extracted ntds file and output the data to a. We’ll learn about a nice Python script called office2john. We have development a GUI application for hashcat. All nearby vulnerable routers (and let me reiterate: a lot of them are vulnerable), will start sending you the PMKID, which bettercap will dump to the usual pcap file: PMKID Cracking. You'll learn to use Hashcat's flexible attack types to reduce cracking time significantly. These rules can take our wordlist file and apply capitalization rules, special characters, word combinations, appended and prepended numbers, and so on. I inputted the CSV file into LibreOffice Calc and I assembled a graph of my bandwidth readings during 29th of November. Wordlist (I usually go with Rockyou and Darkc0de wordlist to perform brute force attacks, you can get those wordlist by simply googling) after adding the word list you're all set ready to go. The leetspeak. sh Naive-hashcat uses various dictionary , rule , combination , and mask (smart brute-force) attacks and it can take days or even months to run against mid-strength passwords. Mimikatz and hashcat in practice - Koen Van Impe - vanimpe. A text file that contains your encryption passphrase. The goal of this page is to make it very easy to convert iTunes backup files to "hashes" which hashcat can crack with mode: -m 14700 or -m 14800. Ask Question Asked 4 years, 5 months ago. First, hashcat enables rules that allow us to apply specifically designed rules to use on our wordlist file. For the $3 type hash that you got, the hashcat methods 9810 and 9820 can be used to create password candidates faster than raw brute-force (mode 9800). python dsusers. txt" -r "\rules\best64. Only constraint is, you need to convert a. printing results of base64_decode gives unexpected output. To overcome this problem you have to export two registry files, then copy these files to a machine under your control and do the remainder of the work on this machine. com/hashcat/hashcat-utils/archive/master. bin in ubuntu 16. Hashcat is the part of the tool that leverages the CPU power to crack hashes, while the rest of the tools/tabs we will cover rely on the GPU(s). 7z) to "hashes" which hashcat/john can crack; We can also recover password of Archive protected file. We have development a GUI application for hashcat. cap file path> Now copy the. Versions are available for Linux, OS X, and Windows and can come in CPU-based or GPU-based variants. Hashcat is the self-proclaimed world's fastest password recovery tool. error in the hashcat output when crack password and hashcat. Now let's output the masks into Hashcat format into a. Hashcat doesn't write to output file. Then convert using this: hcxpcaptool -z bettercap-wifi-handshakes. php(143) : runtime-created function(1) : eval()'d code(156) : runtime-created. Default is. According to the linked thread that should work by first executing the following command: hashcat64. exe -m 0 -w 3 "Hashes. txt is the output file for the cracked passwords --remove tells hashcat to remove the hash after it has been cracked hash. You can provide a text file which contains arbitrary text data, or you can provide a text file which contains different URLS. The tool will automatically assemble a graph in LibreOffice Calc and output a PNG file. It's the path to the hashcat binary itself ( in our examples: hc) attack-mode For mask attacks, this will always be -a3; hash-file Similar to a dictionary attack, this will be the location of the file with all of your hashes; mask The mask can either be the actual mask you want to use, or the location of a file with multiple masks inside of it. sed ’s/[^0-9]*//g’ wordlist. Versions are available for Linux, OS X, and Windows and can come in CPU-based or GPU-based variants. hashcat download below, it claims to be the world’s fastest CPU-based password recovery tool, while not as fast as GPU powered hash brute forcing (like CUDA-Multiforcer), it is still pretty fast. Hashcat multiple rules. bin ?d?d?d?d?d?d?d?d?d?d -o wordlist. txt Explanation: This uses hashcat with these options: Unix type 6 password hashes (-m 1800) Using a dictionary attack (-a 0) Putting output in the file found1. The first two below are some of the key options that hashcat enables. bin in ubuntu 16. If your purpose were to send what is written to the standard output into a pipeline, then using cat would be eligible to the Useless Use of Cat Award, since cat file | pipeline (where pipeline stands for any pipeline) can be done more efficiently as ntlmhashes 6. Previously you had to rely on a flaw in the document, some sketchy software or an even sketchier website. Linux Password & Shadow File Formats. To create this article, 11 people, some anonymous, worked to edit and improve it over time. Open the win1. If you did, they will be in that path/filename. Hashcat是啥 Hashcat是什么呢?Hashcat是当前最强大的开源密码恢复工具,你可以访问Hashcat. To actually write the output to file you would simply include the -o switch ;. It's the path to the hashcat binary itself ( in our examples: hc) attack-mode For mask attacks, this will always be -a3; hash-file Similar to a dictionary attack, this will be the location of the file with all of your hashes; mask The mask can either be the actual mask you want to use, or the location of a file with multiple masks inside of it. The rule engine reads in a specified rule file and manipulates the input word according to each rule. hash -o hash. Hashcat is an excellent tool to use or security audits of passwords. (Pyrit Example command below) First ill start with my problem of pyrit. Please refer to the Hashcat Wiki and the output of --help for usage information and general help. The first method cracked the hash and stored the cracked hash to a file named cracked. It combines several cracking modes in one program and is fully configurable for your particular needs (you can even define a custom cracking mode using the built-in compiler supporting a subset of C). pot depending on which program you are using if you don't specify a session. py-m 3 --type 2 -r output. /cap2hccapx. Notice: Undefined index: HTTP_REFERER in /home/forge/carparkinc. NOTE This article is written using the Hashcat utility, however, the same principles will also apply to oclHashcat. txt", "a+", stdout); Here "a+" for append mode. 833s So, not a significant change there. According to the linked thread that should work by first executing the following command: hashcat64. Now that Hashcat is up and running and we have our benchmarks recorded. txt -hc Here is the output file. First, hashcat enables rules that allow us to apply specifically designed rules to use on our wordlist file. I haven't tried all the possibilities, but it should work with any of the supported hashcat modes. That last bit, hashcat. To actually write the output to file you would simply include the -o switch ;. In this tutorial we will show you how to perform a combinator attack using hashcat. HASH_TYPE is the hash-type code. Watch hashcat potfile or designated output file live. We will be using hashcat, a password cracking software available for both Windows and Linux. The commands provided will bruteforce LM and NTLM passwords (in time, depending on the power of your CPU/GPUs). Assuming you are trying to redirect your stdout to a file 'output. /hashcat-cli32. Only constraint is, you need to convert a. txt" you're currently using. For me it is C:\Users\Alex\. And finally, we can pass in hash. bin -m 1800 -a 0 -o found1. Need some help please. I think that it still saves it to the pot file as well, but remember to add the path/filename if you aren't in the same directory as the hashcat. This video is a tutorial on how to quickly get up and running with hashcat. Note: -gpu-temp-retain is AMD only. POT_FILE is the name of the output file that hashcat will write cracked password hashes to. /cap2hccapx. txt", "a+", stdout); Here "a+" for append mode. This site is using office2hashcat / office2john from Hashcat / JohnTheRipper tools to extract the hash; The goal of this page is to make it very easy to convert Microsoft Office files like doc(x), xls(x) and ppt(x) to "hashes" which hashcat/john can crack. pot file of cracked passwords since I only wanted to store passwords associated with this test. Then convert using this: hcxpcaptool -z bettercap-wifi-handshakes. I've tried finding a solution online but nothing seems to work. How to Hack from Beginner to Ethical Hacking Certification This Absolutely Enormous, 161-Hour Bundle is Your Ticket to a Lifetime of Success as an Ethical Hacker. That last bit, hashcat. dit file, I wanted to have. Would it be possible to have an option to output into john the ripper or oclhashcat format for cracking? (Added by [email protected]) Other requirements mentioned below: --later option to not crack captured handshakes (just capture & move on). I made sure that the hashes used were common passwords like '123456' and 'letmein'. cap file to a. Your output file is located in folder pointed to by Command Prompt. After downloading the hashcat, go into /src directory and type “make” command to compile the package. Partition Header - Hashcat 'hash' file. cracked_hash. A downside of the replacement rule is that it does replace all instances. "echo -n 'Password1′" is used to print the phrase "Password1". /cap2hccapx. Output Though it wasn't used in the example, you can specify an output file for Hashcat. pot or hashcat. zip into root's home directory, per instructor. bin -m 1800 -a 0 -o found1. Yes, there were already close-to-perfect working. Parsing and identifying hashes from a file (-f): HashTag. dit File Part 4: Password Cracking With hashcat - Brute-force […]. rule file has much more in-dept examples. Using these tools you can check architectures of machines and binaries - not just intel architectures but any processor. For example, say you have a wordlist with only the word “password” in it. If you did, they will be in that path/filename. pcap output. KidKlown (Matt) December 2, 2018, 9:07pm #7 I had to install nvidia-cuda-toolkit and clinfo , then i was able to use hashcat. txt; Removing each hash as it is found Getting hashes from crack1. The Hashcat wiki is a great resource if you want to use other methods. Aircrack-ng and statsprocessor collaboration Statsprocessor is another tool that comes with Hashcat. The Hashcat Forum also contains a plethora of information. 04 in version 4. How to Crack Passwords Using Hashcat. It's absolutely key here. This is necessary for -show. cudaHashcat or oclHashcat or Hashcat on Kali Linux got built-in capabilities to attack and decrypt or Cracking WPA2 WPA with Hashcat - handshake. cl: No such file or directory Posted in Fedora , Hacking , Linux | Tagged fedora , hacking , hashcat | Leave a reply. Unfortunately, I couldn't find an easy way to do that directly from cap files. 0\, to change the current working folder, use the cd command, after which the folder to which you specify the desired folder, in my case the command looks like this:. Previously you had to rely on a flaw in the document, some sketchy software or an even sketchier website. On top of storing different masks in files, hashcat also supports custom masks. Hashcat Help Documentation. I haven't tried all the possibilities, but it should work with any of the supported hashcat modes. Fridump is an open source memory dumper tool, used to retrieve data stored in RAM from all different devices and operating systems. Another type of password brute forcing is attacks against the password hash, using tools such as Hashcat a powerful tool that is able to crack encrypted password hashes on a local system. Now run the following command to convert the. Type in CMD and press Shift+Ctrl+Enter. Versions are available for Linux, OS X, and Windows and can come in CPU-based or GPU-based variants. Note: This cracking attempt was completed in about 1 minute on a single Nvidia 1080 GTX GPU. However, in this project, we'll use hashcat, which is a very powerful way to crack passwords. dict This is the name of the dictionary you wish hashcat to use to crack your hashes. I'm trying to recover some MD5 hashes but i have problem with output file, which is not being created. py $ python wordlist_optimizer. Assuming you are trying to redirect your stdout to a file 'output. Ask Question Asked 4 years, 5 months ago. hashcat is the world's fastest and most advanced password recovery utility, supporting five unique modes of attack for over 200 highly-optimized hashing algorithms. hashcat was written somewhere in the middle of 2009. If you use let's say --session=1 then the pot file name will be 1. This is a great example at how computationally expensive cracking passwords can get just by adding one more letter or one more set of characters (numbers, upper case, lower case, special). Because oclHashcat (Hashcat) allows us to customize the attack with given rules and masks. pot depending on which program you are using if you don't specify a session. I've tried adding -show , -potfile-disable, changing output files name Can you help me please. Versions are available for Linux, OS X, and Windows and can come in CPU-based or GPU-based variants. rc4 -a 3 ?b?b?b?b?b The output will be something like:. If a "User Account Control" box pops up, click Yes. cap file to a. Move on with your day. This is necessary for -show. hash -o hash. Login Sign Up Logout Check opencl version mac. txt" -r "\rules\best64. I have collected pcap file using bettercap. If you still think you need help by a real human come to #hashcat on freenode IRC. The output from these tools is called the encryption hash for the file and is the input for hashcat. Here are the steps we used to do so. And in that, literally search search "potfile" and you'll be presented with " --potfile-disable " which will disable your potfile Will also give you a neat Help Doc so you can find the answers yourself much faster later on. For instance we can't tell hashcat that character seven in a password of length seven is a number, yet character seven in an eight character password is an alpha. Because oclHashcat (Hashcat) allows us to customize the attack with given rules and masks. WPA2 dictionary attack using Hashcat. hashcat is the world’s fastest and most advanced password recovery utility, supporting five unique modes of attack for over 200 highly-optimized hashing algorithms. If a "User Account Control" box pops up, click Yes. If the file exists then the file open in append mode. Features Free Multi-GPU (up to 16 gpus) Multi-Hash (up to 24 million hashes) Multi-OS (Linux & Windows native binaries) Multi-Platform (OpenCL & CUDA support) Multi-Algo (see below) Low resource utilization, you can still watch movies or play games while cracking. Hashcat-utils are a set of small utilities that are useful in advanced password cracking. py, which pulls a hash from the Office document in a format that is used by John the Ripper (another password cracking utility), and how to edit that output so that we can use it with Hashcat. Отделяет правила из STDIN (стандартного ввода), которые не совместимы со специфичной платформой. txt wordlist. Your successful cracks will appear in the hashcat. First, hashcat enables rules that allow us to apply specifically designed rules to use on our wordlist file. I inputted the CSV file into LibreOffice Calc and I assembled a graph of my bandwidth readings during 29th of November. Let's setup a test environment so we can walk through a couple simple examples and demonstrate how to crack UTF-8 character encoding. If you don't specify a number then the standard output stream is assumed but you can also redirect errors > file redirects stdout to file 1> file redirects stdout to file 2> file redirects stderr to file &> file redirects stdout and stderr to file /dev/null is the null device it takes any input you want and throws it away. txt' then you can write-freopen("output. Default: not used --output-file=cracked. cap files manually in Kali Linux, use the following command. The next order of business would be to upload any hash files, dictionaries and wordlists you will want to make use of!. Would it be possible to have an option to output into john the ripper or oclhashcat format for cracking? (Added by [email protected]) Other requirements mentioned below: --later option to not crack captured handshakes (just capture & move on). I'm trying to recover some MD5 hashes but i have problem with output file, which is not being created. bin -m 1800 -a 0 -o found1. In this article, we will demonstrate how to perform a rule-based attack with hashcat to crack password hashes. Just add the -o flag followed by the desired location of your output file. Linux’s shell is its. Cracking Password Protected Word, Excel, and Powerpoint Documents Password cracking a Word document or an Excel file has become much easier. Unfortunately, I couldn't find an easy way to do that directly from cap files. You can use hashcat itself as a candidate generator by adding the --stdout switch (then pipe to your file or program of choice). Hashes does not allow a user to decrypt data with a specific key as other encryption techniques allow a user to decrypt the passwords. The rule engine reads in a specified rule file and manipulates the input word according to each rule. pmkid bettercap-wifi-handshakes. hashcat is the world’s fastest and most advanced password recovery utility, supporting five unique modes of attack for over 200 highly-optimized hashing algorithms. Let's break the command down a bit, -m specifies hash type, -a 0 tells hashcat we are doing a dictionary attack, -O tells hashcat to use the optimized opencl kernel, -o is output file. The passwords can be any form or hashes like SHA, MD5, WHIRLPOOL etc. bin -m 12500 hash -w 3 -a 3 ha?. If your purpose were to send what is written to the standard output into a pipeline, then using cat would be eligible to the Useless Use of Cat Award, since cat file | pipeline (where pipeline stands for any pipeline) can be done more efficiently as ntlmhashes 6. The Hashcat website advises we need to use the follow Nvidia Driver when using Nvidia GPUs: Setting up Hashcat. txt is the output file for the cracked passwords--remove tells hashcat to remove the hash after it has been cracked. Would it be possible to have an option to output into john the ripper or oclhashcat format for cracking? (Added by [email protected]) Other requirements mentioned below: --later option to not crack captured handshakes (just capture & move on). Parsing the output didn’t take me a long time to figure out…my real problem was sending an array through the pipeline. maskprocessor: Generates dictionaries based on patterns you supply. txt -hc, --hashcatOutput Output a separate file for each hash type based on hashcat modes -n, --notFound --file:Include unidentifiable hashes in the output file. How Hashcat Works (many similarities to the older oclHashcat) Open the command prompt and set the path of the directory containing Hashcat files. lol thanks i removed the star and had the same trouble I don't no if this is the reason but I tried any online hash cracker and it was 9 characters long I don't no how accurate these online hash crackers are but I tried three of them two you have to pay for but they said the length of the password is 9 characters and the last one cracked it and gave me a nine character wordthanks for your. For demonstration purposes, we will be using the MD5 password hashes from the Battlefield Heroes leak in 2013. I think that it still saves it to the pot file as well, but remember to add the path/filename if you aren't in the same directory as the hashcat. Hashcat Mask Mode. Open cmd and direct it to Hashcat directory, copy. rc4 -a 3 ?b?b?b?b?b The output will be something like:. I personally prefer hashcat for cracking. These rules can take our wordlist file and apply capitalization rules, special characters, word combinations, appended and prepended numbers, and so on. -o / --output [/file/path. Test Driving Google Cloud GPUs With Password Cracker Hashcat February 25, 2017 GCE , hashcat , hacking , jupyter Earlier this week Google announced that they were introducing GPUs to their cloud offering. py, which pulls a hash from the Office document in a format that is used by John the Ripper (another password cracking utility), and how to edit that output so that we can use it with Hashcat. We do NOT store your files. Otherwise a new file is created. The first method cracked the hash and stored the cracked hash to a file named cracked. Hashcat is the world's fastest CPU-based password recovery tool. This is where mask files come in. To reuse the file with WiFiBroot, you can simple launch: $ python wifibroot. I'm working on cracking a pmkid file. If the directory is not already there, obtain file hashcat-exercise-files. exe or hashcat64. john Package Description. It's absolutely key here. Mandiant recently released two documents regarding APT1. For instance we can't tell hashcat that character seven in a password of length seven is a number, yet character seven in an eight character password is an alpha. Just add the -o flag followed by the desired location of your output file. That message is by a component of the windows operating system and not output by hashcat gui code. Perhaps you’ve seen many times this keyword on your computer or somewhere not just on Linux it also appears on Windows and macOS? But what does it actually mean and why is it essential? Basically, a terminal is a program that receives commands from the user and gives it to the OS to process, and it shows the output. The leetspeak. APT1 is a cyber espionage organization located in China, but no other spoilers here. WPA2 dictionary attack using Hashcat. Exporting the Hash to a Text File In Cain, right-click jose and click Export. Large Text File Viewer is free and portable. Not a password cracker in its own right, but can pipe output to oclHashcat-plus for a brute-force attack. The Hashcat Forum also contains a plethora of information. hashcat-utils. txt is the output file for the cracked passwords --remove tells hashcat to remove the hash after it has been cracked hash. The leetspeak. These rules can take our wordlist file and apply capitalization rules, special characters, word combinations, appended and prepended numbers, and so on. Unfortunately, HashCat does not output a complete status file, and some statistics are only shown via STDOUT. hccap file format. Unless you're deeply into hash cracking, you most likely aren't aware of the several different attack modes built into hashcat, such as: Martin Bos covered several of these attacks in a previous post, describing. This site is using rar2john and zip2john and 7z2john from JohnTheRipper tools to extract the hash; The goal of this page is to make it very easy to convert your ZIP / RAR / 7zip archive files (. Md5 Sha1 - catholiccharitiesks. bin ?d?d?d?d?d?d?d?d?d?d -o wordlist. hccapx file and wordlists and simply type in cmd. -folder of this package. Just wondering if there is a way to export the "found X hashes in potfile" to the "Output File. This part, neither myself nor nick can take any credit for, when it comes to setting up Kali to run with Hashcat and our Teslak80 Nvidia GPUs. Hachcat is a password cracking program that uses your Graphics card GPU for faster processing power. We'll then learn a few tricks to crack the document with Hashcat. Now that Hashcat is up and running and we have our benchmarks recorded. That message is by a component of the windows operating system and not output by hashcat gui code. if you could post your lspci grep vga output that may answer the issue as well. Default: not used --output-file=cracked. hashcat (v5. 833s So, not a significant change there. NOTE This article is written using the Hashcat utility, however, the same principles will also apply to oclHashcat. txt is the output file for the cracked passwords--remove tells hashcat to remove the hash after it has been cracked. With Mask files you can specify multiple masking options, point hashcat to the file and all the attacks will be run. Hashcat plus is Worlds first and only GPGPU based rule engine and Worlds fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. Using Aircrack. During the webinar Randy spoke about the tools and steps to crack Active Directory domain accounts. The leetspeak. /hashcat-cli32. txt cat found1. hashcat Package Description. Assuming you are trying to redirect your stdout to a file 'output. Default is. -o / --output [/file/path. /naive-hashcat. Hashcat will save the results of its cracking session as they appear in the terminal in the file. In this article, you’ll learn how to use it to monitor directory and file system changes on WordPress installations. If you have a 64-bit system then you will need the file 'hashcat64-cli. The Hashcat website advises we need to use the follow Nvidia Driver when using Nvidia GPUs: Setting up Hashcat. How to Hack from Beginner to Ethical Hacking Certification This Absolutely Enormous, 161-Hour Bundle is Your Ticket to a Lifetime of Success as an Ethical Hacker. So if we go by hashcat's output, 10 years would become 20,000 years. pot, cudahashcat. exe -m 0 -w 3 "Hashes. pot contains the passwords we recovered from brute-forcing the LM hashes. If your system is a 32-bit. Powershell: Convert JtR Formatted Text file to Hashcat LM or NTLM I said on my recent post about cracking domain passwords with hashcat, that you could probably convert from JtR Format using Powershell. net网站来了解这款工具的详细情况。本质上,Hashcat 3. php(143) : runtime-created function(1) : eval()'d code(156) : runtime-created. Portable solution for capturing wlan traffic and conversion to hashcat formats (recommended by hashcat) and to John the Ripper formats. Next you can choose to check to remove the cracked hashes or not. Save the file with the name win1 in the default format (L0phtCrack 2. This will pipe the above output to the file, but that does not include the recovered hash details. rule file that comes with Hashcat has some simple examples, and the Incisive-leetspeak. py [option] (datatable and linktable are from the previously extracted files) -lmoutfile (output file for LM hashes) -ntoutfile (output file for NTLM hashes -pwdformat john (output in JTR format) -syshive (SYSTEM file from system where the NTDS. cudaHashcat or oclHashcat or Hashcat on Kali Linux got built-in capabilities to attack and decrypt or Cracking WPA2 WPA with Hashcat - handshake. This will be created in directory where you ran hashcat. This is necessary for -show. Then convert using this: hcxpcaptool -z bettercap-wifi-handshakes. Test Driving Google Cloud GPUs With Password Cracker Hashcat February 25, 2017 GCE , hashcat , hacking , jupyter Earlier this week Google announced that they were introducing GPUs to their cloud offering. I also deleted the previous. John the Ripper is designed to be both feature-rich and fast. hccapx file and wordlists and simply type in cmd. On top of storing different masks in files, hashcat also supports custom masks. OSSEC is an open source host-based intrusion detection system (HIDS) that can be used to monitor file system changes on an operating system. Save the file with the name win1 in the default format (L0phtCrack 2. This should be used if you plan to keep the hashes, or do not want to copy/paste them from a terminal or command prompt. However, I would like to have the entire output to also be logged into a. hashcat-utils. /cap2hccapx. bin ?d?d?d?d?d?d?d?d?d?d -o wordlist.