[phpBB Debug] PHP Warning: in file [ROOT]/phpbb/session.php on line 580: sizeof(): Parameter must be an array or an object that implements Countable
[phpBB Debug] PHP Warning: in file [ROOT]/phpbb/session.php on line 636: sizeof(): Parameter must be an array or an object that implements Countable
3.14.by forum • hashcat
Page 1 of 1

hashcat

Posted: Thu Dec 24, 2009 10:19 pm
by K.9
This is the first public release of hashcat, a new password recovery software.

Download it here md5sum: ebe8f712e79c5bad1f6da3e8a770a1e3

hashcat is tested on XP, Win7, Gentoo, Debian

The main features of hashcat are:

* It is free.
* Native binaries for Linux and Windows.
* Multi-threaded.
* Supports the following hashes:
  • MD5
    md5($pass.$salt)
    md5($salt.$pass)
    md5(md5($pass))
    md5(md5(md5($pass)))
    md5(md5($pass).$salt)
    md5(md5($salt).$pass)
    md5($salt.md5($pass))
    md5($salt.$pass.$salt)
    md5(md5($salt).md5($pass))
    md5(md5($pass).md5($salt))
    md5($salt.md5($salt.$pass))
    md5($salt.md5($pass.$salt))
    md5($username.0.$pass)
    md5(strtoupper(md5($pass)))
    SHA1
    sha1($pass.$salt)
    sha1($salt.$pass)
    sha1(sha1($pass))
    sha1(sha1(sha1($pass)))
    MySQL
    MySQL4.1/MySQL5
    MD5(Wordpress)
    MD5(phpBB3)
    MD5(Unix)
    SHA-1(Base64)
    SSHA-1(Base64)
* Supports the following attacks:
  • Straight-Words Attack
    Combination-Words Attack
    Toggle-Case Attack
    Brute-Force Attack
* All Attack-Modes except Brute-Force can be extended by Hybrid-Attack rules.
* Hybrid-Attack engine is mostly compatible with JTR / PasswordsPro.
* Possible to resume or limit session.

It also has some special features:

* Automatically recognizes already recovered hashes from outfile at startup.
* Automatically generate random rules for Hybrid-Attack.
* Load hashlist that include more than 3 million hashes of any supported type at once.
* Load saltlist from external file and then use them in a Brute-Force Attack variant.
* Able to work in an distributed environment.

There are some more things you should know:

* You can specify multiple wordlists and also multiple directories of wordlists.
* Number of threads can be configured.
* Threads run on lowest priority.

I want to thank the following people for supporting me with testing and giving me ideas:

hakre, legion, d3ad0ne, ErrorNeo, K9, skmpz

If you want to get in contact join #hashcat on IRC: irc.rizon.net:6667 ssl (+9999)


http://hashkiller.com/index.php?topic=2511.0

Re: hashcat

Posted: Thu Dec 24, 2009 11:04 pm
by protter
Very slow beta version. Only 30M passwords per second for MD5.
Feel the difference:
Image

Re: hashcat

Posted: Thu Dec 24, 2009 11:56 pm
by LordMike
Could you give example commandline for bruteforce?...
Simply can't make it work...

Tried all combinations I can think of with following, a=3.. And then some bruteforce specific commands...

PS:
protter wrote:Very slow beta version. Only 30M passwords per second for MD5.
Feel the difference:
Image
That image is for barse, sure you've got the right one?

Re: hashcat

Posted: Thu Dec 24, 2009 11:59 pm
by Xtothec
protter wrote:Very slow beta version. Only 30M passwords per second for MD5.
Dude it is a tool for multiple hashes (like >1k) not for any single hash !

Re: hashcat

Posted: Fri Dec 25, 2009 12:07 am
by Rolf
I dont think it uses CUDA.

Re: hashcat

Posted: Fri Dec 25, 2009 12:28 am
by K.9
LordMike wrote:Could you give example commandline for bruteforce?...
Simply can't make it work...

Tried all combinations I can think of with following, a=3.. And then some bruteforce specific commands...
Heres the example:
hashcat-cli.exe -n 4 -a 3 --bf-cs-buf=0123456789abcdef list.txt -o output.txt


-n 4: 4 threads
-a 3: bruteforce attack
--bf-cs-buf=CHARS: charset for attack
list.txt: hashfile
-o output.txt: output-file = output.txt



protter you are confusing me :shock: this tool is hashcat not barswf.


I dont think it uses CUDA.
That's true.
Dude it is a tool for multiple hashes (like >1k) not for any single hash !
Moer than 1k :D I tested it with more than 2,000,000 md5 hashes and it was still fast. See here.



-----



This is the first public release of hashcat-gui. As the name suggests, it is working together with hashcat.

Download hashcat-gui (md5sum: c6dbad5adcd01662384337eefa464087)

hashcat-gui is tested on XP, Win7 and Wine (Ubuntu).

The main features of the GUI are:

It is free.
Ships as setup.exe, easy to use graphical installer.
Contains hashcat binaries, so no need to make a manual install.
Supports all hashcat options (feature complete).
Easier to learn compared to the CLI.
Hash Browser
Wordlist Manager
Outfile Viewer (with visual and acoustical notifications)

http://hashkiller.com/index.php?topic=2525.0

Re: hashcat

Posted: Sun Dec 27, 2009 1:56 am
by D3ad0ne
For those that haven't checked this out yet, this program is like John the ripper and passwordspro combined but so much more! I have been using it for the past couple months and once you get a feel for some of the options and how it works, the versatility of it is simply amazing! Granted it is not GPU based, and it never started off that way. Originally this was a dictionary tool(that can't easily be done on GPU) only with the bruteforce function added later. From the very start it was meant to be a mulit-CPU supported tool, something that passpro, and JTR isn't. JTR does have multi-cpu compile add-on but that is only for linux, and only certain functions can utilize it. This also has the option of being used in a distributed network (note the -l, --words-limit=NUM option). Both the sha1 and md5 functions are written in assembly, this really helps the speed. It also is supported in linux and windows.

Consider this, hashcat currently supports 26(more are being added soon) different popular hash types. You can do straight, combination, toggle, or brute-force attack. Passwordspro supports this but it is all single core. That means if you have an i7 your wasting 7 cores on nothing using Passwordspro. Oh plus it's completely free!

It also supports an insane number of hashes. I've tested it with over 2.1 million hashes, something passwordspro can't do. This really is a great tool, and it's only going to get better with user feed back. The author is actively supporting it and he does consider feed back, DES, LM, NTLM are on the way.

Re: hashcat

Posted: Mon Jan 04, 2010 7:40 pm
by K.9
New version released: hashcat v0.31

http://hashkiller.com/index.php?topic=2605