hashcat Forum

Full Version: Mask attack with brain
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Curious why my mask attack slows down from a few seconds, to 15+ hours when I try to use the brain.  I"m also noticing that my candidates show the hex value instead of the actual candidate.  For example:

Session..........: hashcat (Brain Session/Attack:0xd042a0d3/0xb676d56e)
Status...........: Quit
Hash.Type........: NetNTLMv1 / NetNTLMv1+ESS
Hash.Target......: XXXXXXXXXXXXXX
Time.Started.....: Sat Dec  8 00:33:44 2018 (29 secs)
Time.Estimated...: Sat Dec  8 16:51:52 2018 (16 hours, 17 mins)
Guess.Mask.......: ?d?u?l?s?s?u?u?d [8]
Guess.Queue......: 1/34695 (0.00%)
Speed.#1.........:   106.0 kH/s (0.17ms) @ Accel:8 Loops:1 Thr:896 Vec:1
Speed.#2.........:   105.6 kH/s (0.16ms) @ Accel:8 Loops:1 Thr:896 Vec:1
Speed.#3.........:   105.7 kH/s (0.15ms) @ Accel:8 Loops:1 Thr:896 Vec:1
Speed.#4.........:   105.6 kH/s (0.15ms) @ Accel:8 Loops:1 Thr:896 Vec:1
Speed.#5.........:   106.2 kH/s (0.15ms) @ Accel:8 Loops:1 Thr:896 Vec:1
Speed.#6.........:   105.7 kH/s (0.15ms) @ Accel:8 Loops:1 Thr:896 Vec:1
Speed.#7.........:   105.7 kH/s (0.15ms) @ Accel:8 Loops:1 Thr:896 Vec:1
Speed.#8.........:   106.1 kH/s (0.15ms) @ Accel:8 Loops:1 Thr:896 Vec:1
Speed.#*.........:   846.6 kH/s
Recovered........: 0/1 (0.00%) Digests, 0/1 (0.00%) Salts
Progress.........: 105082880/49764686400 (0.21%)
Rejected.........: 91320320/105082880 (86.90%)
Brain.Link.#1....: RX: 13.2 MB (0.00 Mbps), TX: 106.7 MB (0.00 Mbps), receiving
Brain.Link.#2....: RX: 12.9 MB (0.00 Mbps), TX: 104.4 MB (0.00 Mbps), receiving
Brain.Link.#3....: RX: 13.2 MB (0.00 Mbps), TX: 106.7 MB (0.00 Mbps), receiving
Brain.Link.#4....: RX: 13.2 MB (0.00 Mbps), TX: 106.7 MB (0.00 Mbps), receiving
Brain.Link.#5....: RX: 13.2 MB (0.00 Mbps), TX: 106.7 MB (0.00 Mbps), receiving
Brain.Link.#6....: RX: 13.2 MB (0.00 Mbps), TX: 106.7 MB (0.00 Mbps), receiving
Brain.Link.#7....: RX: 13.0 MB (0.00 Mbps), TX: 105.5 MB (0.00 Mbps), receiving
Brain.Link.#8....: RX: 13.2 MB (0.00 Mbps), TX: 106.7 MB (0.00 Mbps), receiving
Restore.Point....: 105082880/49764686400 (0.21%)
Restore.Sub.#1...: Salt:0 Amplifier:0-1 Iteration:0-1
Restore.Sub.#2...: Salt:0 Amplifier:0-1 Iteration:0-1
Restore.Sub.#3...: Salt:0 Amplifier:0-1 Iteration:0-1
Restore.Sub.#4...: Salt:0 Amplifier:0-1 Iteration:0-1
Restore.Sub.#5...: Salt:0 Amplifier:0-1 Iteration:0-1
Restore.Sub.#6...: Salt:0 Amplifier:0-1 Iteration:0-1
Restore.Sub.#7...: Salt:0 Amplifier:0-1 Iteration:0-1
Restore.Sub.#8...: Salt:0 Amplifier:0-1 Iteration:0-1
Candidates.#1....: $HEX[31005700760028002c004f0041003000] -> $HEX[3600460062007c002c004f0041003000]
Candidates.#2....: $HEX[31004d0071003e002b004f0041003000] -> $HEX[36005600760028002c004f0041003000]
Candidates.#3....: $HEX[3100510067003c002d004f0041003000] -> $HEX[36005a006c0026002e004f0041003000]
Candidates.#4....: $HEX[310043006c007e002a004f0041003000] -> $HEX[36004c0071003e002b004f0041003000]
Candidates.#5....: $HEX[3100470062007c002c004f0041003000] -> $HEX[3600500067003c002d004f0041003000]
Candidates.#6....: $HEX[310059007500210029004f0041003000] -> $HEX[3600480061005b0029004f0041003000]
Candidates.#7....: $HEX[3100530066002b002a004f0041003000] -> $HEX[360042006c007e002a004f0041003000]
Candidates.#8....: $HEX[3100490061005b0029004f0041003000] -> $HEX[3600520066002b002a004f0041003000]
Hardware.Mon.#1..: Temp: 32c Fan: 27% Util:  0% Core:1607MHz Mem:4513MHz Bus:1
Hardware.Mon.#2..: Temp: 28c Fan: 27% Util: 15% Core:1607MHz Mem:4513MHz Bus:1
Hardware.Mon.#3..: Temp: 32c Fan: 27% Util:  0% Core:1607MHz Mem:4513MHz Bus:1
Hardware.Mon.#4..: Temp: 28c Fan: 27% Util: 15% Core:1607MHz Mem:4513MHz Bus:1
Hardware.Mon.#5..: Temp: 28c Fan: 27% Util:  0% Core:1607MHz Mem:4513MHz Bus:1
Hardware.Mon.#6..: Temp: 33c Fan: 27% Util:  2% Core:1607MHz Mem:4513MHz Bus:1
Hardware.Mon.#7..: Temp: 31c Fan: 27% Util: 15% Core:1911MHz Mem:4513MHz Bus:1
Hardware.Mon.#8..: Temp: 30c Fan: 27% Util: 11% Core:1911MHz Mem:4513MHz Bus:1


My command line is:

sudo hashcat -z --brain-password <pass> --brain-client-features 1 -a 3 -m 5500 -O hash.txt maskfile.mask

Without the brain here is my GPU performance on the same hash and maskfile:

Speed.#1.........:  7414.5 MH/s (18.41ms) @ Accel:32 Loops:256 Thr:896 Vec:1
Speed.#2.........:  7452.2 MH/s (18.33ms) @ Accel:32 Loops:256 Thr:896 Vec:1
Speed.#3.........:  7485.4 MH/s (18.30ms) @ Accel:32 Loops:256 Thr:896 Vec:1
Speed.#4.........:  7496.0 MH/s (18.25ms) @ Accel:32 Loops:256 Thr:896 Vec:1
Speed.#5.........:  7426.7 MH/s (18.46ms) @ Accel:32 Loops:256 Thr:896 Vec:1
Speed.#6.........:  7484.0 MH/s (18.31ms) @ Accel:32 Loops:256 Thr:896 Vec:1
Speed.#7.........:  7539.1 MH/s (18.18ms) @ Accel:32 Loops:256 Thr:896 Vec:1
Speed.#8.........:  7542.9 MH/s (18.10ms) @ Accel:32 Loops:256 Thr:896 Vec:1
Speed.#*.........: 59843.6 MH/s

And the candidates look the way I expect for the mask it's processing at the time:

Candidates.#1....: 1Ay(]IWT -> 6Zs"|FXT
Candidates.#2....: 1Ae,:UAU -> 6Zo&?RBU
Candidates.#3....: 1Ad{!DYT -> 6Zg[&AZT
Candidates.#4....: 1Ap[&AZT -> 6Zj;+XZT
Candidates.#5....: 1Ah"|FXT -> 6Zb{!DYT
Candidates.#6....: 1Ax=/OUT -> 6Za.>LVT
Candidates.#7....: 1Ai.>LVT -> 6Zl(]IWT
Candidates.#8....: 1Av;+XZT -> 6Zq+:UAU


Am I using the brain the wrong way?
Fast hashes can be too fast for brain to track exhausted attacks on a candidate-by-candidate basis (brain featureset 1 or 3), even if there is a very fast network between the brain server and the brain client.

This should make intuitive sense, if you think about it. When cracking without brain, hashcat can guess billions of passwords per second without having to actually *remember* each one of them. If you're cracking a fast hash with brain features -1 or -3, you're telling the brain to *track* trillions of hashes, which is an entirely different workload.

For fast hashes, use brain features -2. This records that an entire *mask* or an entire *dictionary* was exhausted, which is a much simpler workload.

Using -1 or -3 only makes sense if you're attacking a slower hash (like bcrypt). Tracking thousands of candidates per second is then feasible for the brain.
Thanks! That makes sense! However, I'm not seeing any change when using -2. It's still a whole lot slower, and my candidates are all hex encoded.. Sad
What's your whole command line?
(12-08-2018, 02:21 PM)undeath Wrote: [ -> ]What's your whole command line?

Originally I was using:

sudo hashcat -z --brain-password <pass> --brain-client-features 1 -a 3 -m 5500 -O hash.txt maskfile.mask

But after the explanation from royce I tried:

sudo hashcat -z --brain-password <pass> --brain-client-features 2 -a 3 -m 5500 -O hash.txt maskfile.mask

Changing the client features to 2 didn't make a difference at all. 

Thanks!!
That indeed looks like a missing feature. Technically, when using brain-client-features=2 there should be no need to enable -S, but it looks like hashcat is still using it.