hashcat Forum

Full Version: hashcat-3.00 - potfile behavior / ignored ?
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Looks like previous to 3.00 the potfile was written in the current working dir.  In 3.00 I'm finding it written in the 3.00 directory (i.e. where hashcat64.bin is).  However - hashcat-3.00 doesn't seem to read this and skip already cracked hashes.  I can use --show - and I get the expected result (i.e. it IS writing out to the potfile).  Taking --show off - 3.00 wants to crack the hash again.  2.01 would give:

Code:
INFO: removed 1 hash found in pot file

I cannot seem to get 3.00 to read the potfile and skip the run if it's already cracked.

I did read the announcement and searched a bit before I posted this - nevertheless apologies if there's something I missed that explains this new behavior.  Thanks.
If you run the same command twice and unless you use --potfile-disable or something that disables the use of the potfile, the second command will not crack the same hashes again. That didn't change.

I'm not sure if I understood your question correctly, are you asking how you can copy the 2.01 potfile over to your 3.00 so that you can use it over there?
Yes, after I re-read my post it seemed a bit unclear.

Here is a run on a previously cracked hash (WPA).  I am in a different directory from where the hashcat binaries (and potfile) are.

Code:
vom@ocl:~/cracking$ cat ../hashcat/hashcat.pot
XXXX:yyyyyyyyyyyy:zzzzzzzzzzzz:AAAAAAAA

vom@ocl:~/cracking$ ../hashcat/hashcat64.bin -a 3 -m 2500 XXXX_yyyyyyyyyyyy.cap.hccap 19?d?d?d?d?d?d
hashcat (v3.00-1-g67a8d97) starting...

OpenCL Platform #1: Advanced Micro Devices, Inc.
================================================
- Device #1: Capeverde, 361/659 MB allocatable, 10MCU
- Device #2: Capeverde, 570/992 MB allocatable, 10MCU
- Device #3: AMD FX(tm)-4100 Quad-Core Processor, skipped

Hashes: 1 hashes; 1 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates
Applicable Optimizers:
* Zero-Byte
* Single-Hash
* Single-Salt
* Brute-Force
* Slow-Hash-SIMD
Watchdog: Temperature abort trigger set to 90c
Watchdog: Temperature retain trigger set to 75c

XXXX:yyyyyyyyyyyy:zzzzzzzzzzzz:AAAAAAAA

Session.Name...: hashcat
Status.........: Cracked
Input.Mode.....: Mask (19?d?d?d?d?d?d) [8]
Hash.Target....: XXXX (yy:yy:yy:yy:yy:yy <-> zz:zz:zz:zz:zz:zz)
Hash.Type......: WPA/WPA2
Time.Started...: Tue Jul  5 08:55:32 2016 (7 secs)
Speed.Dev.#1...:    43394 H/s (11.80ms)
Speed.Dev.#2...:    45059 H/s (11.81ms)
Speed.Dev.#*...:    88453 H/s
Recovered......: 1/1 (100.00%) Digests, 1/1 (100.00%) Salts
Progress.......: 601600/1000000 (60.16%)
Rejected.......: 0/601600 (0.00%)
Restore.Point..: 430080/1000000 (43.01%)

Started: Tue Jul  5 08:55:32 2016
Stopped: Tue Jul  5 08:55:42 2016

vom@ocl:~/cracking$ cat ../hashcat/hashcat.pot
XXXX:yyyyyyyyyyyy:zzzzzzzzzzzz:AAAAAAAA
XXXX:yyyyyyyyyyyy:zzzzzzzzzzzz:AAAAAAAA

So it didn't exit out even though the recovered hash was already in the pot.  Furthermore - it wrote the output again (it's now in the pot twice).  In a nutshell - 3.00 doesn't seem to read the potfile, yet it writes to it.
Indeed looks like a bug in potfile handling. WPA has a special subsection for it. Need to look into that. Please post a GitHub issue for it.
Well, guess it is already too late to create an issue. But good news, it seems we already fixed the problem: see https://github.com/hashcat/hashcat/pull/419

Thanks for reporting (and please test to make sure that the fix also worked for you)

Note: if you do not want to compile it from source yourself, just use newest beta from https://hashcat.net/beta/ (beta 30 or above)
(07-06-2016, 10:11 AM)philsmd Wrote: [ -> ]Well, guess it is already too late to create an issue. But good news, it seems we already fixed the problem: see https://github.com/hashcat/hashcat/pull/419

Thanks for reporting (and please test to make sure that the fix also worked for you)

Note: if you do not want to compile it from source yourself, just use newest beta from https://hashcat.net/beta/ (beta 30 or above)

Looks good.  I pulled down v3.00-30-g450b779 and it skips previously cracked WPA as expected.  Thanks much everyone.
(07-06-2016, 09:08 PM)vom Wrote: [ -> ]Looks good.  I pulled down v3.00-30-g450b779 and it skips previously cracked WPA as expected.  Thanks much everyone.

Well shoot - I think I spoke too soon.  Behavior is a bit erratic.  Sometimes it skips cracking and detects it in the pot file  - other times it writes what appears to be the same line / result multiple times.

It seems like it works as expected when the potfile is a single line.  I.e. delete potfile, crack a WPA, crack again (skipped).

When I have multiple entries in the potfile - it reverts to the behavior of re-cracking, and writing the line again.
I'm not able to reproduce this new problem, regardless of what I try (potfile full of hashes, crap etc).

Seems that we now really need a github issue with full steps and examples that guide us to reproduce this behaviour. Please go here: https://github.com/hashcat/hashcat/issues and post all the info that are needed to reproduce this.

Thanks
Just opened new issue.  File attached shows actual command sequence being ran as well (sanitized).

https://github.com/hashcat/hashcat/issues/424