09-17-2011, 05:21 PM
I have to say a big thank you once again to you atom for your fantastic work on hashcat+. The long awaited WPA support has been worth it, to gain that much of a speed increase over EWSA I thought I would have had to change hardware not just a simple software change from EWSA to Hashcat+ !!!
However, as a relatively new user to hashcat+ and a long time user of EWSA I have experienced some problems, mainly due to my own ignorance I admit. Although some issues I have had are down to not fully understanding the limitations of each version of hashcat, which to be fair are not clearly stated.
My post title may seem a little strange, as speed when cracking hashes, is of course very important but I personally believe there are other things to consider. A good example of this is the “resume†or “auto save†option (or lack of ). My reasoning for this is that it is all very well rattling through many thousands of WPA keys a second but a simple accidental shutdown many days or weeks into a cracking attempt can leave the user having to start all over again. So as you will probably have already worked out gaining those few thousand tests per second over EWSA is worthless if you have to start all over again losing many days, weeks or even months of work.
I have other requests which are probably best written in list form and I am sorry to bore you or anyone else with long explanations. :o) Although I would willingly elaborate on any of them if you wish.
Allow longer passwords. The password limit of 16 is quite restricting for WPA.
Auto save every 10 minutes. This would allow the user to start from almost where they left off due to accidental shutdown or power outage. Hashcat+ should just do this automatically in case the user forgets to set it. The recovery file or resume file should be named by whichever WPA key is being worked on.
Brute force. There are some wifi providers which use 8 character all upper case only, this is now brute-forcible but hashcat+ doesn’t allow u?u?u?u?u?u?u?u .
Brute Force Start From…
It would be a great help to allow users to define where the brute force (above) should start from. This would allow users to share workload between themselves as it would allow the use to do the following. Brute force A-Z (8) Start at NNNNNNNN.
Massive lists !! I am a great believer in small but effective password lists. It depresses me seeing these massive GB text files being shared on the internet. There is no need for it and that is one reason I helped, ( as much as I could ), Blazer who wrote ULM with his excellent program. I would very much appreciate it if you could make hashcat+ use password permutations just like Cain&Able does. This would allow users to make all their lists lowercase and without numbers prefixed or suffixed. This dramatically reduces the size of password lists and it would also mean that no number appended to a password was missed or any combination of upper / lower case either.
Even now EWSA doesn’t do password mutilation very well. Say a user selects to change the case and suffix numbers EWSA only performs these tasks separately and not collectively as Cain&Able does. In fact Cain&Able is the only program I have seen that correctly and comprehensively applies password permutations. I wish hashcat+ would have the same mutation ability as Cain&Able.
Anyway these are just a few ideas I ask you to think about, I recommend you sit back and enjoy the glory of being one of the coolest people on the internet for a while for releasing hashcat+ WPA support before considering my requests !
Thanks atom, you make computers fun !
However, as a relatively new user to hashcat+ and a long time user of EWSA I have experienced some problems, mainly due to my own ignorance I admit. Although some issues I have had are down to not fully understanding the limitations of each version of hashcat, which to be fair are not clearly stated.
My post title may seem a little strange, as speed when cracking hashes, is of course very important but I personally believe there are other things to consider. A good example of this is the “resume†or “auto save†option (or lack of ). My reasoning for this is that it is all very well rattling through many thousands of WPA keys a second but a simple accidental shutdown many days or weeks into a cracking attempt can leave the user having to start all over again. So as you will probably have already worked out gaining those few thousand tests per second over EWSA is worthless if you have to start all over again losing many days, weeks or even months of work.
I have other requests which are probably best written in list form and I am sorry to bore you or anyone else with long explanations. :o) Although I would willingly elaborate on any of them if you wish.
Allow longer passwords. The password limit of 16 is quite restricting for WPA.
Auto save every 10 minutes. This would allow the user to start from almost where they left off due to accidental shutdown or power outage. Hashcat+ should just do this automatically in case the user forgets to set it. The recovery file or resume file should be named by whichever WPA key is being worked on.
Brute force. There are some wifi providers which use 8 character all upper case only, this is now brute-forcible but hashcat+ doesn’t allow u?u?u?u?u?u?u?u .
Brute Force Start From…
It would be a great help to allow users to define where the brute force (above) should start from. This would allow users to share workload between themselves as it would allow the use to do the following. Brute force A-Z (8) Start at NNNNNNNN.
Massive lists !! I am a great believer in small but effective password lists. It depresses me seeing these massive GB text files being shared on the internet. There is no need for it and that is one reason I helped, ( as much as I could ), Blazer who wrote ULM with his excellent program. I would very much appreciate it if you could make hashcat+ use password permutations just like Cain&Able does. This would allow users to make all their lists lowercase and without numbers prefixed or suffixed. This dramatically reduces the size of password lists and it would also mean that no number appended to a password was missed or any combination of upper / lower case either.
Even now EWSA doesn’t do password mutilation very well. Say a user selects to change the case and suffix numbers EWSA only performs these tasks separately and not collectively as Cain&Able does. In fact Cain&Able is the only program I have seen that correctly and comprehensively applies password permutations. I wish hashcat+ would have the same mutation ability as Cain&Able.
Anyway these are just a few ideas I ask you to think about, I recommend you sit back and enjoy the glory of being one of the coolest people on the internet for a while for releasing hashcat+ WPA support before considering my requests !
Thanks atom, you make computers fun !