+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Support (https://hashcat.net/forum/forum-3.html)
+--- Forum: hashcat (https://hashcat.net/forum/forum-45.html)
+--- Thread: Hashcat and linux process substitution (/thread-9121.html)
Hashcat and linux process substitution - gashmash - 04-08-2020
Hello,
Running on bash version 4.4.20, when i run:
hashcat -m 16500 hashes.txt <(cat wordlist)
I get:
Session..........: hashcat
Status...........: Exhausted
Hash.Type........: JWT (JSON Web Token)
Hash.Target......: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhY2MiOiI2MT...ygih0E
Time.Started.....: Tue Apr 7 23:36:42 2020 (0 secs)
Time.Estimated...: Tue Apr 7 23:36:42 2020 (0 secs)
Guess.Base.......: File (/dev/fd/63)
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........: 0 H/s (0.00ms) @ Accel:512 Loops:1 Thr:64 Vec:1
Recovered........: 0/1 (0.00%) Digests, 0/1 (0.00%) Salts
Progress.........: 0
Rejected.........: 0
Restore.Point....: 0
Restore.Sub.#1...: Salt:0 Amplifier:0-0 Iteration:0-1
Candidates.#1....: [Copying]
Hardware.Mon.#1..: Temp: 47c Util: 0% Core:1493MHz Mem:3504MHz Bus:16
And even though the actual password is included in the list, hashcat cannot find it.
The same stands true for using process substitution for the hashes (e.g. <(cat hashes.txt))
More on process substitution: https://tldp.org/LDP/abs/html/process-sub.html
Summary: Bash creates a pipe with two file descriptors, --fIn and fOut--. The stdin of the enclosed command connects to fOut (dup2(fOut, 0)), then Bash passes a /dev/fd/fIn argument to echo. On systems lacking /dev/fd/<n> files, Bash may use temporary files. (Thanks, S.C.)
RE: Hashcat and linux process substitution - philsmd - 04-08-2020
use
Code:
cat wordlist | hashcat -m 16500 -a 0 hashes.txtinstead... if and only if you really need to use a separate command (not using the dictionary directly, which of course should be preferred).
The problem with named pipes is that you can't really rewind/seek them and whenever hashcat loads a dictionary file it wants to count the line numbers for progress etc (i.e. search for newlines, test for valid lines, for statistics/progress and start all over to actually run the password candidates).