Looks like previous to 3.00 the potfile was written in the current working dir. In 3.00 I'm finding it written in the 3.00 directory (i.e. where hashcat64.bin is). However - hashcat-3.00 doesn't seem to read this and skip already cracked hashes. I can use --show - and I get the expected result (i.e. it IS writing out to the potfile). Taking --show off - 3.00 wants to crack the hash again. 2.01 would give:
Code:
INFO: removed 1 hash found in pot file
I cannot seem to get 3.00 to read the potfile and skip the run if it's already cracked.
I did read the announcement and searched a bit before I posted this - nevertheless apologies if there's something I missed that explains this new behavior. Thanks.
If you run the same command twice and unless you use --potfile-disable or something that disables the use of the potfile, the second command will not crack the same hashes again. That didn't change.
I'm not sure if I understood your question correctly, are you asking how you can copy the 2.01 potfile over to your 3.00 so that you can use it over there?
Yes, after I re-read my post it seemed a bit unclear.
Here is a run on a previously cracked hash (WPA). I am in a different directory from where the hashcat binaries (and potfile) are.
Code:
vom@ocl:~/cracking$ cat ../hashcat/hashcat.pot
XXXX:yyyyyyyyyyyy:zzzzzzzzzzzz:AAAAAAAA
vom@ocl:~/cracking$ ../hashcat/hashcat64.bin -a 3 -m 2500 XXXX_yyyyyyyyyyyy.cap.hccap 19?d?d?d?d?d?d
hashcat (v3.00-1-g67a8d97) starting...
OpenCL Platform #1: Advanced Micro Devices, Inc.
================================================
- Device #1: Capeverde, 361/659 MB allocatable, 10MCU
- Device #2: Capeverde, 570/992 MB allocatable, 10MCU
- Device #3: AMD FX(tm)-4100 Quad-Core Processor, skipped
Hashes: 1 hashes; 1 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates
Applicable Optimizers:
* Zero-Byte
* Single-Hash
* Single-Salt
* Brute-Force
* Slow-Hash-SIMD
Watchdog: Temperature abort trigger set to 90c
Watchdog: Temperature retain trigger set to 75c
XXXX:yyyyyyyyyyyy:zzzzzzzzzzzz:AAAAAAAA
Session.Name...: hashcat
Status.........: Cracked
Input.Mode.....: Mask (19?d?d?d?d?d?d) [8]
Hash.Target....: XXXX (yy:yy:yy:yy:yy:yy <-> zz:zz:zz:zz:zz:zz)
Hash.Type......: WPA/WPA2
Time.Started...: Tue Jul 5 08:55:32 2016 (7 secs)
Speed.Dev.#1...: 43394 H/s (11.80ms)
Speed.Dev.#2...: 45059 H/s (11.81ms)
Speed.Dev.#*...: 88453 H/s
Recovered......: 1/1 (100.00%) Digests, 1/1 (100.00%) Salts
Progress.......: 601600/1000000 (60.16%)
Rejected.......: 0/601600 (0.00%)
Restore.Point..: 430080/1000000 (43.01%)
Started: Tue Jul 5 08:55:32 2016
Stopped: Tue Jul 5 08:55:42 2016
vom@ocl:~/cracking$ cat ../hashcat/hashcat.pot
XXXX:yyyyyyyyyyyy:zzzzzzzzzzzz:AAAAAAAA
XXXX:yyyyyyyyyyyy:zzzzzzzzzzzz:AAAAAAAA
So it didn't exit out even though the recovered hash was already in the pot. Furthermore - it wrote the output again (it's now in the pot twice). In a nutshell - 3.00 doesn't seem to read the potfile, yet it writes to it.
Indeed looks like a bug in potfile handling. WPA has a special subsection for it. Need to look into that. Please post a GitHub issue for it.
Well, guess it is already too late to create an issue. But good news, it seems we already fixed the problem: see
https://github.com/hashcat/hashcat/pull/419
Thanks for reporting (and please test to make sure that the fix also worked for you)
Note: if you do not want to compile it from source yourself, just use newest beta from
https://hashcat.net/beta/ (beta 30 or above)
(07-06-2016, 10:11 AM)philsmd Wrote: [ -> ]Well, guess it is already too late to create an issue. But good news, it seems we already fixed the problem: see https://github.com/hashcat/hashcat/pull/419
Thanks for reporting (and please test to make sure that the fix also worked for you)
Note: if you do not want to compile it from source yourself, just use newest beta from https://hashcat.net/beta/ (beta 30 or above)
Looks good. I pulled down v3.00-30-g450b779 and it skips previously cracked WPA as expected. Thanks much everyone.
(07-06-2016, 09:08 PM)vom Wrote: [ -> ]Looks good. I pulled down v3.00-30-g450b779 and it skips previously cracked WPA as expected. Thanks much everyone.
Well shoot - I think I spoke too soon. Behavior is a bit erratic. Sometimes it skips cracking and detects it in the pot file - other times it writes what appears to be the same line / result multiple times.
It seems like it works as expected when the potfile is a single line. I.e. delete potfile, crack a WPA, crack again (skipped).
When I have multiple entries in the potfile - it reverts to the behavior of re-cracking, and writing the line again.
I'm not able to reproduce this new problem, regardless of what I try (potfile full of hashes, crap etc).
Seems that we now really need a github issue with full steps and examples that guide us to reproduce this behaviour. Please go here:
https://github.com/hashcat/hashcat/issues and post all the info that are needed to reproduce this.
Thanks