hashcat Forum
Single-mode john analog for hashcat - Printable Version

+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Support (https://hashcat.net/forum/forum-3.html)
+--- Forum: hashcat (https://hashcat.net/forum/forum-45.html)
+--- Thread: Single-mode john analog for hashcat (/thread-7594.html)



Single-mode john analog for hashcat - hashdawg - 06-20-2018

Hi.

It seems there is no Single mode implemented in hashcat, it's a very fast mode to crack passwords using some derived data (e.g. usernames or emails) for salted hashes.

And it should be very fast because the derived candidate should be tried only for certain hash (not for every hash).

Any chance of implementing it in hashcat?

Thanks.


RE: Single-mode john analog for hashcat - undeath - 06-20-2018

jtr's single mode just takes the user name/email and applies some rules to it (afaik). You can easily do that with hashcat. Just that you have to manually supply your rules.


RE: Single-mode john analog for hashcat - hashdawg - 06-21-2018

@undeath, yes it does.

But the problem is, let's say you have 5 million file with salted hashes:

1) hashcat will try every password candidate with each hash thus making the run process very slow if you have many salted hashes
2) jtr with option
PHP Code:
SingleRetestGuessed 
 will only test rules + certain username/email ONLY for 1 hash (not for every hash in the file)

The idea is to apply rules to certain word and test only with single hash where this username/email belongs.

Here is an example of using jtr single-mode attack: https://www.patpro.net/blog/index.php/2017/04/09/3071-my-take-on-the-myspace-dump/


RE: Single-mode john analog for hashcat - royce - 06-21-2018

I have to admit, it seems like single mode would only make a real difference for slow hashes for which each target password itself has a known per-password plaintext component (such as the Myspace leak).

That being said, something in that patpro post gave me pause: "If your file is 60M hashes long, then your GPU will only try 16.6 candidates per second (1000/60). It's very slow and inefficient." That's not the way it works, as I understand it. Is this a CPU vs GPU argument, or a JtR vs hashcat argument?

I'm not sure that I'm following why "hashcat on an Nvidia GTX 1080 is more than 200 times slower than John the Ripper on a single CPU core on this very particular job." Aren't the target hashes described in the article nothing more than salted SHA1? [Edit: OK, I think I understand this now ... for this very specific use case, I assume that optimizing it to work on GPU would probably not be worth the trouble, and that JtR only does this on CPU?]

I sense a gap in my understanding that must be closed. Smile

[Edit: it might help if I'd read the CynosurePrime post. Taking a look]

[Deleted very incorrect analysis of speeds]

Yeah, I think I've been spoiled and have spent too much time working with unsalted hashes. Smile The speed difference might indeed be significant - but I'll have to defer to people with more experience than me on this one, before I dig this hole any deeper. Smile


RE: Single-mode john analog for hashcat - atom - 06-21-2018

Single-mode cracking is incompatible to GPGPU cracking, it's not a hashcat problem.


RE: Single-mode john analog for hashcat - hashdawg - 06-21-2018

(06-21-2018, 11:34 AM)atom Wrote: Single-mode cracking is incompatible to GPGPU cracking, it's not a hashcat problem.

thanks for the clarification!