Posts: 893
Threads: 15
Joined: Sep 2017
First of all, i read the full announcement regarding the brain and THOUGHT i understand it, but seems not...
https://hashcat.net/forum/thread-7903.html
so i started some tests using brain server and client with client-features=3. i used a very basic setup (md5 to crack and a simple dictionary)
first run (one matching pw in dict-1.txt)
Code: .\hashcat64.exe -z --brain-client-features=3 -a 0 -m 0 .\hash-1.txt .\dict-1.txt
Recovered........: 1/5 (20.00%) Digests, 0/1 (0.00%) Salts
Progress.........: 10/10 (100.00%)
Rejected.........: 0/10 (0.00%)
worked as expected
second run (added one new matching pw to dict -> dict2.txt
Code: .\hashcat64.exe -z --brain-client-features=3 -a 0 -m 0 .\hash-1.txt .\dict-2.txt
Recovered........: 2/5 (40.00%) Digests, 0/1 (0.00%) Salts
Progress.........: 11/11 (100.00%)
Rejected.........: 10/11 (90.91%)
worked as expected, rejected 10 old already testet pw , just using the new one, recovered one new hash, perfekt
now i simulated some other work, blabla, my dict is evolving to dict-3 and now im getting a new hashlist from somewhere else (hash-2.txt) with some already known pw (potfile to the rescue) but also some new hashes with "old" pw within dict-3.txt
Code: .\hashcat64.exe -z --brain-client-features=3 -a 0 -m 0 .\hash-2.txt .\dict-3.txt
Recovered........: 3/10 (30.00%) Digests, 0/1 (0.00%) Salts
Progress.........: 12/12 (100.00%)
Rejected.........: 11/12 (91.67%)
not working as i expected, brain rejected 11 pw from dict-3 but these pw where never testet against this new file hash-2.txt
i thought the brain stores a hash of the input file, to track attacks versus that file but seems not?
so how can i achieve, that the brain tracks attacks but also recognize new files the correct way?
Posts: 2,267
Threads: 16
Joined: Feb 2013
Can you show also the server logs ? do the IDs change ?
Posts: 893
Threads: 15
Joined: Sep 2017
(05-08-2020, 11:27 AM)philsmd Wrote: Can you show also the server logs ? do the IDs change ?
do u mean this?
Code: 1588925438.782727 | 0.01s | 0 | Generated authentication password:
1588925438.790691 | 0.01s | 0 | Brain server started
1588926224.533265 | 785.74s | 0 | Connection from 127.0.0.1:52041
1588926224.537165 | 0.00s | 1 | Session: 0xbc75b2c2, Attack: 0x2156ff62, Kernel-power: 393216
1588926224.836517 | 0.30s | 1 | R | 0.06 ms | Offset: 0, Length: 10, Overlap: 0
1588926224.852119 | 0.02s | 1 | L | 0.01 ms | Long: 0, Inc: 10, New: 10
1588926224.856018 | 0.00s | 1 | C | 0.02 ms | Attacks: 1
1588926224.860895 | 0.00s | 1 | C | 4.74 ms | Hashes: 10
1588926225.599553 | 0.74s | 1 | Disconnected
1588926341.339809 | 115.74s | 0 | Wrote 80 bytes from session 0xbc75b2c2 in 0.49 ms
1588926341.340785 | 0.00s | 0 | Wrote 16 bytes from attack 0x2156ff62 in 0.38 ms
1588926398.528107 | 57.19s | 0 | Connection from 127.0.0.1:52102
1588926398.532008 | 0.00s | 1 | Session: 0xbc75b2c2, Attack: 0x90999a54, Kernel-power: 393216
1588926399.069792 | 0.54s | 1 | R | 0.08 ms | Offset: 0, Length: 11, Overlap: 0
1588926399.108801 | 0.04s | 1 | L | 0.01 ms | Long: 10, Inc: 11, New: 1
1588926399.111726 | 0.00s | 1 | C | 0.01 ms | Attacks: 1
1588926399.111726 | 0.00s | 1 | C | 0.00 ms | Hashes: 1
1588926399.573458 | 0.46s | 1 | Disconnected
1588926642.524029 | 242.95s | 0 | Wrote 88 bytes from session 0xbc75b2c2 in 0.47 ms
1588926642.525005 | 0.00s | 0 | Wrote 16 bytes from attack 0x90999a54 in 0.47 ms
1588928652.603860 | 2010.08s | 0 | Connection from 127.0.0.1:53385
1588928652.607761 | 0.00s | 1 | Session: 0xbc75b2c2, Attack: 0x62397987, Kernel-power: 393216
1588928652.872984 | 0.27s | 1 | R | 0.06 ms | Offset: 0, Length: 12, Overlap: 0
1588928652.888585 | 0.01s | 1 | L | 0.01 ms | Long: 11, Inc: 12, New: 1
1588928652.892486 | 0.00s | 1 | C | 0.02 ms | Attacks: 1
1588928652.892486 | 0.00s | 1 | C | 0.00 ms | Hashes: 1
1588928654.633645 | 1.74s | 1 | Disconnected
1588928750.851845 | 96.22s | 0 | Wrote 96 bytes from session 0xbc75b2c2 in 0.42 ms
1588928750.852820 | 0.00s | 0 | Wrote 16 bytes from attack 0x62397987 in 0.45 ms
Posts: 2,267
Threads: 16
Joined: Feb 2013
could you please try with latest beta version from https://hashcat.net/beta/ ? just to make sure we are testing with the same version / code.
Posts: 893
Threads: 15
Joined: Sep 2017
05-08-2020, 01:34 PM
(This post was last modified: 05-08-2020, 01:35 PM by Snoopy.)
same workflow as above
Code: Recovered........: 1/5 (20.00%) Digests
Progress.........: 10/10 (100.00%)
Rejected.........: 0/10 (0.00%)
Code: Recovered........: 2/5 (40.00%) Digests
Progress.........: 11/11 (100.00%)
Rejected.........: 10/11 (90.91%)
Code: Recovered........: 3/10 (30.00%) Digests
Progress.........: 12/12 (100.00%)
Rejected.........: 11/12 (91.67%)
Brain-Server
Code: Session: 0xbc75b2c2, Attack: 0x929e9cd4
Session: 0xbc75b2c2, Attack: 0x16388999
Session: 0xbc75b2c2, Attack: 0x72bb22f1
it seems The Brain did not recognize the new file / session correctly, am i right?
Posts: 2,267
Threads: 16
Joined: Feb 2013
I currently can't reproduce to get an identical session ID with different hash lists.
could you please provide your full server and client commands and also the hash lists (PM is also okay, or even a similar generated example that leads to the same problem).
do you use --potfile-disable ? are there duplicate hashes, are some hashes already in the potfile ?
please give a full example with commands that we can try to reproduce. Thank you very, very much
Posts: 893
Threads: 15
Joined: Sep 2017
05-08-2020, 02:47 PM
(This post was last modified: 05-08-2020, 02:48 PM by Snoopy.)
setup
windows 10 1903 (18362.778) , hashcat beta, new directory, no old potfile
starting server
Code: .\hashcat.exe --brain-server
"generating my hashes and dict"
i know it is forbidden to post hashes so u have to generate it for yourself (easy enough md5)
the files are input:hash (--username option)
hash-1.txt
Code: 7:
123:
abc:
1234567890:
abcdef:
hash-2.txt
Code: 7:
123:
abc:
1234567890:
abcdef:
0:
5:
test1:
test2:
test3:
my sample dicts are also quite simple
dict-1.txt
dict-2.txt
Code: 0
1
2
3
4
5
6
7
8
9
123
dict-3.txt
Code: 0
1
2
3
4
5
6
7
8
9
123
1234567890
used client commands
Code: .\hashcat.exe -z --brain-password=*insert autogenerated pw* --brain-client-features=3 --username -a 0 -m 0 .\hash-1.txt .\dict-1.txt
.\hashcat.exe -z --brain-password=** --brain-client-features=3 --username -a 0 -m 0 .\hash-1.txt .\dict-2.txt
.\hashcat.exe -z --brain-password=** --brain-client-features=3 --username -a 0 -m 0 .\hash-2.txt .\dict-3.txt
the potfile starts empty and after each run 1 pw is found/added (7, 123, 1234567890)
Posts: 2,267
Threads: 16
Joined: Feb 2013
05-09-2020, 11:50 AM
(This post was last modified: 05-10-2020, 08:33 PM by philsmd.)
wow, thanks.
I can reproduce now and suspect the bug is located here:
https://github.com/hashcat/hashcat/blob/...ain.c#L119
the index out_idx is never increased (no out_idx++) therefore we currently incorrectly only check the last hash in the sorted list. What a strange/nasty bug.
Will discuss this problem with other devs, most importantly with atom, and we will try to fix it soon and build a new beta for testing (not yet available, will propably give an announcement here, if I do not forget).
Thanks for reporting. What a nice find !
update: should be fixed now with this new commit https://github.com/hashcat/hashcat/commi...11bb684787 , thanks again and would of course be great if you could test the new version (from github or any beta >= hashcat-5.1.0+1795 from https://hashcat.net/beta/). Thx
Posts: 893
Threads: 15
Joined: Sep 2017
will try it tomorrow when im back...
Posts: 893
Threads: 15
Joined: Sep 2017
05-11-2020, 10:32 AM
(This post was last modified: 05-11-2020, 10:51 AM by Snoopy.)
hashcat (v5.1.0-1795-g08ea0002)
setup as above
Code: Recovered........: 1/5 (20.00%) Digests
Progress.........: 10/10 (100.00%)
Rejected.........: 0/10 (0.00%)
Code: Recovered........: 2/5 (40.00%) Digests
Progress.........: 11/11 (100.00%)
Rejected.........: 0/11 (0.00%)
Code: Recovered........: 5/10 (50.00%) Digests
Progress.........: 12/12 (100.00%)
Rejected.........: 0/12 (0.00%)
Serverlog
Code: Session: 0x81039c62, Attack: 0x0ebd08bb
Session: 0x83810334, Attack: 0x2dfbaaf5
Session: 0xf4ab8a45, Attack: 0x13cd2111
plz be aware, that run 2 is now not working as expected (new session-id on hash-1.txt, not dropping already used pw)
run 2 should have the same session-id like run 1 but with different attack-id as i understand the brain
im really not that deep into c, so i can not really see how session-id is calculated (i see some vars regarding hashes and salts, a loop etc.) so i can only guess, maybe the already found pw is excluded, so hash-1.txt get a new session-id.
|