[phpBB Debug] PHP Warning: in file [ROOT]/phpbb/session.php on line 580: sizeof(): Parameter must be an array or an object that implements Countable
[phpBB Debug] PHP Warning: in file [ROOT]/phpbb/session.php on line 636: sizeof(): Parameter must be an array or an object that implements Countable
3.14.by forum • BarsWF feature wishlist
Page 1 of 3

BarsWF feature wishlist

Posted: Thu Oct 02, 2008 7:36 am
by kiando
Great thing to know the author is willing to hear our wishes and improve the program :crazy:

Here are some features that have good effect and cracking speed:
- BarsWF non-distributed stand alone
- enable/disable/limit CPU - usage
- switch between CPU/GPU - usage
- mask attack (define charset for each position)
- JTR mutation rules
- multi hash support (attack a large list of hashes)

Re: BarsWF feature wishlist

Posted: Thu Oct 02, 2008 7:38 am
by the_drag0n
not to forget a BarsWFWPA ;)

Re: BarsWF feature wishlist

Posted: Thu Oct 02, 2008 7:40 am
by kiando
yes, but perhaps we should create an extra thread for algorithm requests because the features above concern the program itself and not the modules :ugeek:

Re: BarsWF feature wishlist

Posted: Thu Oct 02, 2008 7:58 am
by BarsMonster
kiando wrote:Great thing to know the author is willing to hear our wishes and improve the program :crazy:

Here are some features that have good effect and cracking speed:
- mask attack (define charset for each position)
- multi hash support (attack a large list of hashes)
#2 ofcourse for unsalted hashes, right?
For #1, what do you think about JTR rules? :-)

Re: BarsWF feature wishlist

Posted: Thu Oct 02, 2008 8:37 am
by kiando
#1 JTR Rules would be awesome.
#2 unsalted will suffice. :)

Re: BarsWF feature wishlist

Posted: Mon Oct 06, 2008 6:27 pm
by c4p0ne
1. Salted hashes including: md5(md5($salt).md5($pass)) - md5(md5($pass).md5($salt)) - md5(md5($pass).salt) - md5(phpBB3)
2. EAPOL WPA & WPA2 support.
3. Support for utilization of ATI Type GPU(s) for accelerated computation, specifically 4870x2 massively paralleled types.
4. GPU acceleration for hybrid type attack on hashes (not sure if this is possible).


It always amazes me how free tools more often then not, outshine their commercial counterparts by leaps and bounds. Great work being done here! :ugeek:

Re: BarsWF feature wishlist

Posted: Wed Oct 08, 2008 1:00 pm
by BarsMonster
1. Salted hashes including: md5(md5($salt).md5($pass)) - md5(md5($pass).md5($salt)) - md5(md5($pass).salt) - md5(phpBB3)
what is md5(phpBB3), where these types of hashes are used?
3. Support for utilization of ATI Type GPU(s) for accelerated computation, specifically 4870x2 massively paralleled types.
Work in progress
4. GPU acceleration for hybrid type attack on hashes (not sure if this is possible).
What is that?

Re: BarsWF feature wishlist

Posted: Wed Oct 08, 2008 1:53 pm
by kiando
BarsMonster wrote:
1. Salted hashes including: md5(md5($salt).md5($pass)) - md5(md5($pass).md5($salt)) - md5(md5($pass).salt) - md5(phpBB3)
what is md5(phpBB3), where these types of hashes are used?
See overview: http://up.cih.ms/ettee/sql/

BarsMonster wrote:
4. GPU acceleration for hybrid type attack on hashes (not sure if this is possible).
What is that?
hybrid attack is the PasswordsPro (-> insidepro.com) version of JTR Rules/Dict attack.

Re: BarsWF feature wishlist

Posted: Thu Oct 09, 2008 4:58 pm
by reiluke
i say thank you for an amazing software, its really the fastest

request
1. crack simultaneous from a list
2. rainbow table generator / hybrid mode

ill even buy version 1.0

good luck and keep up the good work

Re: BarsWF feature wishlist

Posted: Thu Oct 09, 2008 5:44 pm
by BarsMonster
reiluke wrote:i say thank you for an amazing software, its really the fastest

request
1. crack simultaneous from a list
2. rainbow table generator / hybrid mode

ill even buy version 1.0

good luck and keep up the good work
#1 would be in supercomputer mode :-)
#2 is not going to be implemented (this year). See freerainbowtables.com, that did quite a good progress here.

Re: BarsWF feature wishlist

Posted: Thu Oct 09, 2008 11:07 pm
by c4p0ne
Oh I almost forgot, can we pleaseee get a -max_len option to limit the attack? Unless thats already in there as some hidden feature(??)

Re: BarsWF feature wishlist

Posted: Fri Oct 10, 2008 2:34 am
by reiluke
BarsMonster wrote:
reiluke wrote:i say thank you for an amazing software, its really the fastest

request
1. crack simultaneous from a list
2. rainbow table generator / hybrid mode

ill even buy version 1.0

good luck and keep up the good work
#1 would be in supercomputer mode :-)
#2 is not going to be implemented (this year). See freerainbowtables.com, that did quite a good progress here.
#1 egb does crack from a list, will it really run slower if you compare gen hash = hash lists?
#2 but its going to be implement :joy: http://passcracking.com/hybrid.html please do hybrid mode

thanks mate! hope you implement salts in .09

Re: BarsWF feature wishlist

Posted: Fri Oct 10, 2008 5:20 am
by BarsMonster
reiluke wrote: #1 egb does crack from a list, will it really run slower if you compare gen hash = hash lists?
#2 but its going to be implement :joy: http://passcracking.com/hybrid.html please do hybrid mode

thanks mate! hope you implement salts in .09
#1 - didn't understood
#2 - well, rainbow table things have very limited usage cause they cannot support salts. Unsalted hashes would be cracked very efficiently on distributed supercomputer because of multihash feature.

Most likely there would be no 0.9 version, just 1.0 distributed one.

Re: BarsWF feature wishlist

Posted: Fri Oct 10, 2008 7:26 am
by the_drag0n
reiluke wrote: #1 egb does crack from a list, will it really run slower if you compare gen hash = hash lists?
yes it will. cracking a list of hashes is always slower than a single one simply as the newly generated one has to be compared with the number of hashes that are in your list.

Re: BarsWF feature wishlist

Posted: Sat Oct 25, 2008 1:52 pm
by DarkPrince
-max_up # (max amount of uppercase chars in pass)
-max_low # (max amount of lowercase chars in pass)
-max_spe # (max amount of special chars in pass)
-max_num # (max amount of numeric chars in pass)

-min_up # (minimum amount of uppercase chars in pass)
-min_low # (minimum amount of lowercase chars in pass)
-min_spe # (minimum amount of special chars in pass)
-min_num # (minimum amount of numeric chars in pass)


This would be great if you where cracking a database where you know ppl have to use atleast one of each.

Like "your password has to include uppecase, lowercase and numeric"


And on some pages you have to start or end with a special char

-first_is "0aA~" (first char is a numeric, lower, upper, special)
-last_is "0aA~" (last char is a numeric, lower, upper, special)
-first_not "0aA~" (first char is NOT a numeric, lower, upper, special)
-last_not "0aA~" (last char is NOT a numeric, lower, upper, special)

Re: BarsWF feature wishlist

Posted: Sat Oct 25, 2008 3:28 pm
by B0ff
The UDC http://the-udc.com/ is really slow compared to BarsWF but it is very flexible, for example the bruteforce search lets you either specify the charset for each character or the same custom charset for each. Also it has a hybrid search that allows you to insert a dictionary into one or more places and you can specify chars to fit in around it..
So a hybrid search could look like:

aa@aa
or
@b@
or ab@
and so on.

Where 'a' and 'b' are defined charsets, for example 'a' might be abcfghtrsyABCDEFG0123456789 and 'b' could just be &, and '@' is a dictionary/wordlist. These options give you the ability to run very targeted searches and would be extremely powerful combined with the speed of BarsWF.

Re: BarsWF feature wishlist

Posted: Sat Oct 25, 2008 4:46 pm
by the_drag0n
dont forget that those rules will slow the process down.
still i think that JTR will fit all the suggestions.

Re: BarsWF feature wishlist

Posted: Sat Oct 25, 2008 4:51 pm
by DarkPrince
the_drag0n wrote:dont forget that those rules will slow the process down.
still i think that JTR will fit all the suggestions.
Well how much would it slow it down? coz you would have alot of work that you know cant be right

Re: BarsWF feature wishlist

Posted: Mon Oct 27, 2008 8:59 am
by Sc00bz
You more than likely would not be able to reverse the last round of MD5 which will make it go from just doing 69% of an MD5 to doing 92% of an MD5. That's 33% slower. Also the generation of the password to check will take longer making it even slower.

Re: BarsWF feature wishlist

Posted: Mon Oct 27, 2008 9:52 am
by BarsMonster
Yeah, working with generated passwords on GPU is kinda slow cause it is very costy to transfer every generated password to GPU, as well as generate it on GPU.
Probably it might be limited to CPU-only attack, which should not be that terrible as number of variants here is much smaller.

Re: BarsWF feature wishlist

Posted: Mon Oct 27, 2008 10:16 am
by DarkPrince
BarsMonster wrote:Yeah, working with generated passwords on GPU is kinda slow cause it is very costy to transfer every generated password to GPU, as well as generate it on GPU.
Probably it might be limited to CPU-only attack, which should not be that terrible as number of variants here is much smaller.
Yeah cuz just by using the rule about the last being a "0aA~" you would make the list of possible variants ~50-85% less then it would be if you just let it try all variants (if I didn't calculate it all wrong)

Re: BarsWF feature wishlist

Posted: Mon Oct 27, 2008 2:09 pm
by the_drag0n
ahh just noticed sth:
it should be possible to add space to a charset manualy so you could do alpha space and dont have to select alpha symbol 14...
just a small update i guess so id be happy if you could add that in a quick&dirty update ;)

edit: and a .txt output file option would also be great!

Re: BarsWF feature wishlist

Posted: Mon Oct 27, 2008 2:49 pm
by BarsMonster
If I understood you correctly, it is possible now - -c a -C " "

Re: BarsWF feature wishlist

Posted: Mon Oct 27, 2008 2:50 pm
by the_drag0n
ahh *hits his head* well that was that ;)
still a txt output would be nice ;)

Re: BarsWF feature wishlist

Posted: Mon Oct 27, 2008 3:23 pm
by BarsMonster
when bruteforce is done, password is saved to barswf.save in plaintext in second line, if that is what you needed :-)