Digg Del.icio.us Reddit Facebook Stumble Upon Twitter
 

[deprecated] oclHashcat-plus

Description

oclHashcat-plus is a GPGPU-based multi-hash cracker using a brute-force attack (implemented as mask attack), combinator attack, dictionary attack, hybrid attack, mask attack, and rule-based attack.

Note: Please use oclHashcat instead, plus is deprecated.

Current version

Current version is 0.15. oclhashcat-plus.png

Resources

Screenshot

Background

The main problem with the first GPGPU hashcat version oclHashcat was to do with it's architecture. It was designed for doing Combinator attack. That worked well with fast algorithms but in combination with slow (modern, highly iterated and salted) algorithms,that was an inefficient strategy.

As a consequence, people still used the CPU-based hashcat for serious hash-cracking. This is because it is possible to work with simple dictionary-based attacks. To be able to do dictionary-based attacks on a GPU, it was neccessary to deal with the architecture problem of oclHashcat first. The only solution was a complete new approach. This second oclHashcat version, which is designed for dictionary-based attacks, is called “oclHashcat-plus”.

Notes about simple dictionary attack on GPU:

  • Fast algorithms like MD4, MD5 or NTLM do work with simple dictionary attacks on a GPU, but this is not very efficient. It takes longer to transfer the wordlist data to GPU global memory rather than to just attack them on the CPU.
  • Slow algorithms like md5crypt (1000 iterations), phpass (up to 8k iterations) or WPA/WPA2 (16k iterations) can efficiently run on a GPU. The reason for this is that they are designed to slow down cracking performance itself. In this case, and unlike the fast algorithms, the time to copy the wordlist to GPU global memory is of no consequence.

An additional major feature of oclHashcat-plus is the GPU-based rule engine. With this it is possible to do Rule-based attack.

  • Fast algorithms make use of the GPU-based rule engine to increase GPU utilization. Using this strategy, simple dictionary-based attacks become efficient on the GPU again. The rule-engine on a GPU is very fast. Depending on the rule itself, you can reach nearly the same speed as with a combinator attack in oclHashcat. This is an absolutely unique feature against all other hash crackers.
  • Slow algorithms make use of the CPU-based rule engine to increase wordlist size. This way you can use even the very small dictionaries like “common4.txt” or “mil-dict.txt”. They are virtually expanded in memory by the CPU-based rule engine. This fits perfectly in the situation above in that the time to copy the wordlist to GPU global memory is of no consequence.

As a result, oclHashcat-plus is a lot more like the original CPU-based hashcat.

The first official release was v0.02, released on 30.01.2011.

Another important release was v0.06, released on 16.09.2011: It was the first version that supported the WPA/WPA2 algorithm.

With release of v0.07, oclHashcat-plus replaced regular oclHashcat when it ported Brute-Force Attack, Mask Attack, Combination Attack and Hybrid Attack.

Options

oclHashcat-plus, advanced password recovery

Usage: oclHashcat-plus [options]... hash|hashfile|hccapfile [dictionary|mask|directory]...

=======
Options
=======

* General:

  -m,  --hash-type=NUM               Hash-type, see references below
  -a,  --attack-mode=NUM             Attack-mode, see references below
  -V,  --version                     Print version
  -h,  --help                        Print help
       --eula                        Print EULA
       --quiet                       Suppress output

* Misc:

       --hex-salt                    Assume salt is given in hex
       --hex-charset                 Assume charset is given in hex
       --force                       Ignore warnings
       --status                      Enable automatic update of the status-screen
       --status-timer=NUM            Seconds between status-screen update

* Markov:

       --markov-hcstat               Specify hcstat file to use, default is hashcat.hcstat
       --markov-disable              Disables markov-chains, emulates classic brute-force
       --markov-classic              Enables classic markov-chains, no per-position enhancement
  -t,  --markov-threshold=NUM        Threshold when to stop accepting new markov-chains

* Session:

       --runtime=NUM                 Abort session after NUM seconds of runtime
       --session=STR                 Define specific session name
       --restore                     Restore session from --session
       --restore-timer=NUM           Save restore file each NUM seconds

* Files:

  -o,  --outfile=FILE                Define outfile for recovered hash
       --outfile-format=NUM          Define outfile-format for recovered hash, see references below
  -p,  --seperator=CHAR              Define seperator char for hashlists and outfile
       --show                        Show cracked passwords only
       --left                        Show un-cracked passwords only
       --username                    Enable ignoring of usernames in hashfile
       --remove                      Enable remove of hash once it is cracked
       --disable-potfile             Do not write potfile

* Resources:

  -c,  --segment-size=NUM            Size in MB to cache from the wordfile
       --cpu-affinity=STR            Locks to CPU devices, seperate with comma
       --gpu-async                   Use non-blocking async calls (NV only)
  -d,  --gpu-devices=STR             Devices to use, separate with comma
  -n,  --gpu-accel=NUM               Workload tuning: 1, 8, 40, 80, 160
  -u,  --gpu-loops=NUM               Workload fine-tuning: 8 - 1024
       --gpu-temp-disable            Disable temperature and fanspeed readings and triggers
       --gpu-temp-abort=NUM          Abort session if GPU temperature reaches NUM degrees celsius
       --gpu-temp-retain=NUM         Try to retain GPU temperature at NUM degrees celsius (AMD only)

* Rules:

  -j,  --rule-left=RULE              Single rule applied to each word from left dict
  -k,  --rule-right=RULE             Single rule applied to each word from right dict
  -r,  --rules-file=FILE             Rules-file, multi use: -r 1.rule -r 2.rule
  -g,  --generate-rules=NUM          Generate NUM random rules
       --generate-rules-func-min=NUM Force NUM functions per random rule min
       --generate-rules-func-max=NUM Force NUM functions per random rule max

* Custom charsets:

  -1,  --custom-charset1=CS          User-defined charsets
  -2,  --custom-charset2=CS          Example:
  -3,  --custom-charset3=CS          --custom-charset1=?dabcdef
  -4,  --custom-charset4=CS          Sets charset ?1 to 0123456789abcdef

* Increment:

  -i,  --increment                   Enable increment mode
       --increment-min=NUM           Start incrementing at NUM
       --increment-max=NUM           Stop incrementing at NUM

==========
References
==========

* Outfile Formats:

    1 = hash[:salt]
    2 = plain
    3 = hash[:salt]:plain
    4 = hex_plain
    5 = hash[:salt]:hex_plain
    6 = plain:hex_plain
    7 = hash[:salt]:plain:hex_plain

* Built-in charsets:

   ?l = abcdefghijklmnopqrstuvwxyz
   ?u = ABCDEFGHIJKLMNOPQRSTUVWXYZ
   ?d = 0123456789
   ?a = ?l?u?d?s
   ?s =  !"#$%&'()*+,-./:;<=>?@[\]^_`{|}~
   ?h = 8 bit characters from 0xc0 - 0xff
   ?D = 8 bit characters from german alphabet
   ?F = 8 bit characters from french alphabet
   ?R = 8 bit characters from russian alphabet

* Attack modes:

    0 = Straight
    1 = Combination
    3 = Brute-force
    6 = Hybrid dict + mask
    7 = Hybrid mask + dict

* Generic hash types:

    0 = MD5
   10 = md5($pass.$salt)
   20 = md5($salt.$pass)
   30 = md5(unicode($pass).$salt)
   40 = md5($salt.unicode($pass))
  100 = SHA1
  110 = sha1($pass.$salt)
  120 = sha1($salt.$pass)
  130 = sha1(unicode($pass).$salt)
  140 = sha1($salt.unicode($pass))
  300 = MySQL
  400 = phpass, MD5(Wordpress), MD5(phpBB3)
  500 = md5crypt, MD5(Unix), FreeBSD MD5, Cisco-IOS MD5
  900 = MD4
 1000 = NTLM
 1100 = Domain Cached Credentials, mscash
 1400 = SHA256
 1410 = sha256($pass.$salt)
 1420 = sha256($salt.$pass)
 1500 = descrypt, DES(Unix), Traditional DES
 1600 = md5apr1, MD5(APR), Apache MD5
 1700 = SHA512
 1710 = sha512($pass.$salt)
 1720 = sha512($salt.$pass)
 1800 = sha512crypt, SHA512(Unix)
 2100 = Domain Cached Credentials2, mscash2
 2400 = Cisco-PIX MD5
 2500 = WPA/WPA2
 2600 = Double MD5
 3000 = LM
 3100 = Oracle 7-10g, DES(Oracle)
 3200 = bcrypt, Blowfish(OpenBSD)
 5000 = SHA-3(Keccak)
 5100 = Half MD5
 5200 = Password Safe SHA-256
 5300 = IKE-PSK MD5
 5400 = IKE-PSK SHA1
 5500 = NetNTLMv1-VANILLA / NetNTLMv1+ESS
 5600 = NetNTLMv2
 5700 = Cisco-IOS SHA256

* Specific hash types:

   11 = Joomla
   21 = osCommerce, xt:Commerce
  101 = nsldap, SHA-1(Base64), Netscape LDAP SHA
  111 = nsldaps, SSHA-1(Base64), Netscape LDAP SSHA
  112 = Oracle 11g
  121 = SMF > v1.1
  122 = OSX v10.4, v10.5, v10.6
  131 = MSSQL(2000)
  132 = MSSQL(2005)
  141 = EPiServer 6.x
 1722 = OSX v10.7
 2611 = vBulletin < v3.8.5
 2711 = vBulletin > v3.8.5
 2811 = IPB2+, MyBB1.2+

Default Values

– section needs update –

Attribute Value Note
--version false
--help false
--eula false
--quiet false
--show false
--left false
--username false
--remove false
--force false
--outfile NULL
--outfile-format 3
--runtime 0
--hex-salt false
--hex-charset false
--segment-size 1
--gpu-async false
--gpu-devices NULL
--gpu-accel 0 *
--gpu-loops 0 *
--gpu-watchdog 90
--rules-file NULL
--generate-rules 0
--generate-rules-func-min 1
--generate-rules-func-max 4
--hash-type 0
--increment 0
--increment-min 1
--increment-max 15

* Indicates that the value is dependent on the algorithm and GPU platform vendor (see below)

Supported algorithms and GPU defaults

– section needs update –

Hash-Type --gpu-accel (NVidia) --gpu-loops (NVidia) --gpu-accel (AMD) --gpu-loops (AMD)
MD5 8 128 40 128
Joomla 8 128 40 128
osCommerce, xt:Commerce 8 128 40 128
SHA1 8 64 40 64
nsldap, SHA-1(Base64), Netscape LDAP SHA 8 64 40 64
nsldaps, SSHA-1(Base64), Netscape LDAP SSHA 8 64 40 64
Oracle 11g 8 64 40 64
SMF > v1.1 8 64 40 64
OSX v10.4, v10.5, v10.6 8 64 40 64
MSSQL(2000) 8 64 40 64
MSSQL(2005) 8 64 40 64
MySQL > v4.1 8 32 40 32
phpass, MD5(Wordpress), MD5(phpBB3) 1 64 16 64
md5crypt, MD5(Unix), FreeBSD MD5, Cisco-IOS MD5 1 64 16 64
MD4 8 128 40 128
NTLM 8 128 40 128
Domain Cached Credentials, mscash 8 64 40 64
SHA256 8 32 40 32
descrypt, DES(Unix), Traditional DES 1 8 8 8
md5apr1, MD5(APR), Apache MD5 1 64 16 64
SHA512 8 32 40 32
OSX v10.7 8 32 40 32
Domain Cached Credentials2, mscash2 1 64 16 64
Cisco-PIX MD5 8 128 40 128
WPA/WPA2 1 64 16 128
Double MD5 8 64 40 64
vBulletin < v3.8.5 8 64 40 64
vBulletin > v3.8.5 8 32 40 32
IPB2+, MyBB1.2+ 8 32 40 32
LM 1 8 8 8
Oracle 7-10g, DES(Oracle) 1 8 8 8

Supported attack modes

Dictionary loading

The reason behind the special loading of the dictionary is that some kernels require all plaintexts to be of the same length to process them efficiently.

Brute-force crackers usually do not have this problem because the length of the generated plaintext is always the same. But it's not so in wordlists. Usually the words in wordlists are not sorted by their length. So the idea was oclHashcat-plus would cache each of the loaded words once, and store them into specific buffers. Each word-length has one unique buffer. If a word has the length 8; it sorts it into buffer number 8. Then, if buffer 8's threshold is reached, it processes them and clears it afterwards. This is why it is so hard for oclHashcat-plus to have a restore / resume position.

Hint: You can optimize your wordlists for oclhashcat-plus usage. You just need to sort them by their length. It is recommended that you generate seperate wordlists sorted by their length. The hashcat-utils ship with a tool called: “splitlen”, which was written for this task.

Resume support

The following Informations are outdated. With version 0.12 oclHashcat-plus got real resume support added.

While it is not officially supported, one of our users, undeath , had a neat idea:

To gain the possibility of resuming wordlists with oclHashcat-plus, you can pipe the words into stdin using hashcat. It is then recommended that you sort your wordlists by length as described above prior to this.

hashcat --stdout wordlists/list.dict | oclhashcat-plus ... 

On aborting using CTRL+C, you will see the well known message: “To restore Session use Parameter -s xxx” so you can restore the cracking process later as with the cpu version. Also, you are able to use all word altering functions provided by hashcat (like Table Lookup attack or Permutation attack).

Custom HCCAP format

If you are interested in writing .hccap files, it's structure is explained here: HCCAP format description

Performance

Please refer to the homepage to get the latest benchmarks.

What does Real c/s and GPU c/s mean ?

Real c/s is derived from dividing all tested passwords from zero to present from the moment oclHashcat-plus started. This is often a lower figure as it takes into account copying wordlists into GPU memory and also the PCI-Express overhead.

GPU c/s is derived from dividing the time for the last 32 kernel launches by the number of finished passwords from the previous 32 kernel launches. This figure is usually higher than Real c/s as there is no time lost copying the wordlist or PCI-Express overhead.

In general GPU c/s is a more accurate representation of oclHashcat-plus's performance as wordlist loading is dependant on the I/O performance of the users computer.

Limitations

  • Password-length is set to a maximum of 55 on most algorithms, algorithms which use unicode, from plaintext view, are limited to a maximum length of 27 (for full details see >= 15 announcement and explanation here: https://hashcat.net/forum/thread-2543.html )

Future Plans

  • Add more algorithms
  • See the feature request page here