Do I understand .pot file correctly?
#1
When I run an attack on a large block of hashes, does each successful crack embed the hash and the password in the pot file so that the next time I run an attack on a different data set, the pot file is queried for each hash to determine if it's already been cracked (assuming same hash algorithm of course)? So the longer I use hashcat, the more the pot file learns? Seems like there could be a fairly large pot file assembled for download to skip a bunch of cracking - much like the sharing of dictionary files. Thanks.
Reply
#2
Depending on the goals of the cracking operation a potfile has different uses, someone might want to disable the potfile or keep separate files. If I was going to work on a list of NTLM hashes for a client I would handle that output differently than if I was testing a new custom rule set. There are rainbow tables that contain lists of precomputed hashes that were fairly common before some of the new more beastly GPU solutions were popular.
https://en.wikipedia.org/wiki/Rainbow_table

Search here for "potfile" to see some of the ways hashcat handles it.
https://hashcat.net/wiki/doku.php?id=hashcat
Reply