02-06-2019, 07:26 PM
(02-06-2019, 07:40 AM)royce Wrote: Switching to hashcat, you will definitely be able to get a lot more performance out of your hardware for a number of hash types, but it comes at a price: less point-and-click automation. You'll need to think of this as moving from an automatic to a stick shift (at least at first, until you get up to speed).
Good call with Hashtopolis for distributed work.
Fortunately, it's a lot easier than trying to get a list of all hashes. Using hashcat for attacks with a dictionary, a mask, a list of masks, or a combination of words + rules is all pretty easy once you get the syntax down.
You'll need to check out some hashcat tutorials, and maybe start with learning the command line and using hashcat directly for some basic attacks, before trying to do them at scale with Hashtopolis.
This walkthrough by m3g9tr0n is from an older version of hashcat, but the syntax is mostly the same:
http://blog.thireus.com/cracking-story-h...-passwords
... though you should now add "-O" if most of your candidates will be 15 chars or less and you're attacking a fast hash. (This will get you top speeds. If you need longer candidates, you drop the -O, but you pay a speed penalty in exchange for being able to handle longer passwords) If the -O isn't applicable, it will be ignored.
You'll also want to use the highest -w value that you can tolerate; since it's a farm situation, you'll probably be fine with the max (-w 4) once you get things going.
You'll also want to read through the wiki:
https://hashcat.net/wiki/
... and the FAQ therein.
Also, the bottom of hashcat --help has some basic examples:
Code:Wordlist | $P$ | hashcat -a 0 -m 400 example400.hash example.dict
Wordlist + Rules | MD5 | hashcat -a 0 -m 0 example0.hash example.dict -r rules/best64.rule
Brute-Force | MD5 | hashcat -a 3 -m 0 example0.hash ?a?a?a?a?a?a
Combinator | MD5 | hashcat -a 1 -m 0 example0.hash example.dict example.dict
As for automatically detecting hash types, that's more complex than it might appear. Passware may be able to detect a few, but there are some hash types (especially nested and/or truncated types) that you literally can't detect the actual hash type until you actually crack at least one hash. Most crackers work up to knowing many types by sight, and there is also https://github.com/psypanda/hashID, which a lot of folks use to do the heavy lifiting if they're trying to sort a big mixed pile of hashes. hashID will definitely get the ones that are easily differentiated, but you then must pick the right "mode" number in hashcat (-m) and supply that on the command line. If it's an obvious mismatch, hashcat will complain and reject all hashes in the list that aren't of the specified type ... but if it's not an obvious mismatch, hashcat will happily try the wrong algorithm. So you do need to keep in mind that hash identification is more of a manual/human process in the hashcat space right now.
Thank you so much for help I appreciate it, I will follow your guidelines and I hope to learn it as quickly as possible.