oclHashcat Help Plz
#1
I need help with ocl hashcat. I have an nvidia gtx 770; at first I was getting nowhere with this program I am using the latest gui alternate from haskiller.co.uk (v 0.41) and ocl hashcat 1.20. So far I found one issue that I fixed. I was not able to perform any functional attack on my own router or any of my targets even if the password was in the dictionary. I am using two dictionaries; one is called Evil Ghost that I torrented that is about 93 gigs unrared and one that is a culmination of word-lists that is approx. 17 GB. I thought my captures and hash files were messed up. I tested my hangshake caps in aircrack and not problems but hashcat could not find my passkey and wpa-clean was annihilating my captures and the online conversion to hccap fails always no matter what I do with capture files. I decided to use wireshark to filter out all EAPOL packets for cleaning process. This worked beautifully and found out that doing this not only is a highly effective way of isolating handsha
ke messages 1-4 but also saving in the pcap format and then using the -J switch in aircrack (like I did before) made for a working hashfile that hashcat could use and then find my password Smile So I am assuming that .cap extension are becoming unsupported in the newer nvidia oclhashcat when it comes to a interpreting a hashfile that has been converted to a capture. The only problem that I have left is that when my password is not in any dictionary on any of my targets that I found hashcat to miserably useless for days. My experience with hashcat so far is that it is awful at hacking wpa/wpa2 is this true or am I doing something wrong. My rejection rate will drop to nearly zero and then rise to as high as 100 and then drop to almost zero again even if the length of the password is below 15 characters and at the beginning of the attack it tells me this... 1 hashes, 1 unique digests and 1 unique salt; Bitmaps:8 bits, 256 entries 0x000000ff mask, 1024 bytes. I have given up on the straigh
t attacks and have switched to using some of the most known effective rules. This is what I am using now. http://hashcat.net/forum/thread-3176.html. I am using this rules in this order and my attempt have been futile for days. My hashes/sec fluctuate when I constant press the status key from as much as 40,000 h/s down to 0/hs as fast as a second it could go from 40k to zero and back up. I have tried low and high loops and lower gpu accel as low as 160 and no change accept when it is lower accel my h/s seem to appear on the screen more consistently instead of seeing 0 h/s more often and often on this setting 160 accel/256 loops I see consisten h/s results instead of zero every so often. So is there anything at all I could do to make this work better; other people seem to hack wpa/wpa 2 like nothing if they have a huge dictionary. The encoding of my dictionaries seem to be irrelevant and turn purple instead of blue when they are really large is the Nvidia GTX 770 fully supported (1536
Cuda Cores) Please help and provide something definitive that will definitely be a definite best tact because as far as I am concerned I cannot say hashcat works at all unless the password is directly in the dictionary with any rule at all. I don't fully understand mask selection in the gui or character selection at all and I find the command line for this program to be not user friend and frustrating to learn. Please advice my on a better strategy for this gui that you know will work for me. I know that the rules/masks are not working in any effective manner with this rule set going on it says 10 years. I get it may take that long to try all the combos but still you would think that it would come up with something sooner but no results at all and no % change on the digest recovered. When my password is in the dictionary it jumps straight to 100% and finds it. What should my focus be I need professional advice so that I have some more to go on please help.

Regards,

David
------------------------------------------------
Update 6/12

I am still using the same GUI and have started using the markov 90 attack with the rockyou 60 hybrid mask dictionary attack and my rejection rate is staying at 0.03% on the mask (?d?d?d?d?d) [4] on the rockyou.txt for a dictionary. The attack has already progressed through input base [1-3]. Am i doing this right? More specifically I am using the rockyou-1-60.hcmask and the hybrid mask+Dictionary and there are 44 days remaining on this mask base [4] bust still staying at 0.03% I assume because of the markov attack...before it was jumping up and down as low as the figure I just mentioned to anything else but had the tendency to drop real low so I don't think the psk is over 15 char. Any pro that can help? Oh and also please guide me on the gui if you can...not a tedious command line in linux or a linux program; I am only a windows guy and I am only learning the hashcat gui right now because I am just learning hashcat and it is easier for me.

Regards,

David
#2
tl;dr

posting your hashes is forbidden
#3
(06-12-2014, 08:49 PM)undeath Wrote: tl;dr

posting your hashes is forbidden

Oh okay I'll remove it now.
#4
(06-12-2014, 10:18 PM)djohn Wrote:
(06-12-2014, 08:49 PM)undeath Wrote: tl;dr

posting your hashes is forbidden

Oh okay I'll remove it now.

Can you help me with oclHashcat GUI?
#5
(06-12-2014, 10:20 PM)djohn Wrote:
(06-12-2014, 10:18 PM)djohn Wrote:
(06-12-2014, 08:49 PM)undeath Wrote: tl;dr

posting your hashes is forbidden

Oh okay I'll remove it now.

Can you help me with oclHashcat GUI?

PS I am currently running at slightly over 40,000 h/s with my gtx 770 (consistently and it still says over 44 days but still constant at 0.03 rejection rate with the markov 90 attack, rockyou-1-60 mask using the rockyou.txt...anyone want to read my posts and respond???
#6
(06-12-2014, 08:42 PM)djohn Wrote: The only problem that I have left is that when my password is not in any dictionary on any of my targets that I found hashcat to be miserably useless for days [...] My experience with hashcat so far is that it is awful at hacking wpa/wpa2 [...] as far as I am concerned I cannot say hashcat works at all unless the password is directly in the dictionary with any rule at all.

i want you to imagine a paint brush. it is the finest, most amazing paint brush money can buy. all the artists rave about how amazing this paint brush is. you start to think about how cool it would be to paint a picture with this spectacular paint brush, so you rush out to buy one and begin painting a picture.

with your horsehair baton in hand, you tirelessly work for days to craft your masterpiece. the soft bristles effortlessly glide over the canvas, applying layer upon layer of paint. you're in such a fever pitch it almost seems like you're selecting paints at random, throwing as many different colors on the canvas as you can find. to the untrained eye it almost appears as if you haven't a clue as to what you are painting. but you're painting the hell out of it.

at last, your masterpiece is finished. you take a step back to behold its glory, and you are utterly surprised and devastated to learn the painting looks like complete and utter shit.

man, what a useless paint brush! everyone who talked about how awesome this paint brush is has no idea what they are talking about. never mind the fact that you're not an artist, and have never painted anything before in your life. it's all this paint brush's fault! it's like this paint brush doesn't work at all unless you already know how to paint. from your experience so far, this paint brush is awful at painting pictures. what a miserably useless paint brush.
#7
Can anyone read my initial posts and offer me any useful advice?
#8
that was useful advice.

hashcat is just a tool, and like most other tools used in skilled trades, it is useless in the hands of someone who doesn't know how to use it. password cracking is more an art than it is science, and just as you can't pick up a paint brush for the first time and expect to paint a masterpiece, you can't just download a copy of hashcat and expect to be a successful password cracker. it takes skill, determination, and practice to master.

learn how to use the tool, spend 15 minutes to learn the fucking command line (the GUI is not supported here anyway), and learn how to actually become a password cracker. and most importantly, stop blaming the tool for your own failures.
#9
I really enjoyed your answers epixoip. They were poetic and inspired. Well said.