CPU v GPU configuration
#1
Hey gang...
I am currently running a recent version of hashcat (hashcat -V pull/1273/head) on an Ubuntu 18 VM.

When running a crack against an MS Office doc, I have to use the --force option which produces this output:


hashcat -m9600 '<obfuscated hash>' -o test05 --force

Device #1: pthread-Intel(R) Core(TM) i7-4870HQ CPU @ 2.50GHz, 1478/1478 MB allocatable, 4MCU

Hashes: 1 digests; 1 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates
Rules: 1

Applicable optimizers:
* Zero-Byte
* Single-Hash
* Single-Salt

Watchdog: Hardware monitoring interface not found on your system.
Watchdog: Temperature abort trigger disabled.
Watchdog: Temperature retain trigger disabled.

* Device #1: build_opts '-I /usr/share/hashcat/OpenCL -D VENDOR_ID=64 -D CUDA_ARCH=0 -D VECT_SIZE=4 -D DEVICE_TYPE=2 -D DGST_R0=0 -D DGST_R1=1 -D DGST_R2=2 -D DGST_R3=3 -D DGST_ELEM=4 -D KERN_TYPE=9600 -D _unroll -cl-std=CL1.2'
- Device #1: autotuned kernel-accel to 128                
- Device #1: autotuned kernel-loops to 128
Starting attack in stdin mode...



Session..........: hashcat
Status...........: Running
Hash.Type........: MS Office 2013
Hash.Target......: <obfuscated hash>
Time.Started.....: Wed Aug 15 15:35:24 2018 (4 mins, 0 secs)
Time.Estimated...: Wed Aug 15 15:39:24 2018 (0 secs)
Guess.Base.......: Pipe
Speed.Dev.#1.....:        0 H/s (0.00ms)
Recovered........: 0/1 (0.00%) Digests, 0/1 (0.00%) Salts
Progress.........: 0
Rejected.........: 0
Restore.Point....: 0
Candidates.#1....: [Copying]
HWMon.Dev.#1.....: N/A


The above keeps repeating itself and the Speed.Dev.#1 never increases.  It works 'normally' on other hashes and I get 'normal' results.

Is there a file that I can edit to force the DEVICE_TYPE to 1 to force to CPU?  I have to use --force to get hashcat to work at all in the current configuration.

Thanks in advance from the new guy!  Let me know if there are any questions or clarifications...
#2
A few things:

- if you have to use --force you're likely having something wrong with your system (wrong driver, too old hardware...)
- you need to read more about hashcat's usage
- you should read the output, it more than likely give you answers (hint: the part about stdin, the mention of 'Pipe')

So make sure to use the minimum options required for the attack you want to run.


Also is there a specific reason for running hashcat in a VM ? I would run it directly on the host system to avoid layers and potential issues.
#3
(08-16-2018, 12:52 AM)Xanadrel Wrote: A few things:

- if you have to use --force you're likely having something wrong with your system (wrong driver, too old hardware...)
- you need to read more about hashcat's usage
- you should read the output, it more than likely give you answers (hint: the part about stdin, the mention of 'Pipe')

So make sure to use the minimum options required for the attack you want to run.


Also is there a specific reason for running hashcat in a VM ? I would run it directly on the host system to avoid layers and potential issues.

All do respect but I'm not looking for 'self discovery' here... as there is little documentation as to how the stdin works in this case nor any mention of the Pipe, let's make this a real teaching moment for the less-than-average coders like me and provide more context to your comments so we (the rest of the mere mortals) can look a bit closer at the issue.

As to the rest... I already use this VM for Bro and ELK and thought it would be a good addition to the kit for the one-off need to crack a password.  I will look into driver issues/compatibility as I was planning updating to 4.2.1.  The options are as stated and are the correct method for the file I am attempting to crack, no extras.

The hardware isn't really an issue as it a MacBook Pro with all the bells and whistles though a few years old.
#4
hashcat currently supports these attack modes:
-a 0 dict.txt
-a 1 dict1.txt dict2.txt
-a 3 ?a?a?a?a?a
-a 6 dict.txt ?a?a?a?a?a
-a 7 ?a?a?a?a?a dict.txt

you did use NONE (including the mask and/or dictionary parameters) of them, therefore hashcat defaults to the stdin mode which expects the password candidates from a pipe, something like this:
princeprocessor dict.txt | ./hashcat -r prince_optimized.rule hashes.txt

If hashcat doesn't receive any input from such a pipe, the speed will of course stay at 0 H/s and hashcat will "wait" for the first password candidates from the pipe (if you do not use a pipe it won't receive anything and speed will always stay at 0)

Please run: hashcat --help and read about the -a options available and how to use them.
#5
All... I am the first to admit when there has been operator error on my part.  That being said, I have solved my issue after taking a break (which is highly recommended).

solution to one of the issues:
hashcat -m9600 '<obfuscated hash>' <hash list like RockYou> -o test05 --force

I missed linking to the hash list.  Once I re-ran it, it was cracked in about 23 seconds in the VM using the --force

Session..........: hashcat

Status...........: Cracked

Hash.Type........: MS Office 2013

Hash.Target......: <obfuscated hash>

Time.Started.....: Sat Aug 18 06:25:55 2018 (23 secs)

Time.Estimated...: Sat Aug 18 06:26:18 2018 (0 secs)

Guess.Base.......: File (hash_list)

Guess.Queue......: 1/1 (100.00%)

Speed.Dev.#1.....:       61 H/s (10.50ms)

Recovered........: 1/1 (100.00%) Digests, 1/1 (100.00%) Salts

Progress.........: 1408/14343342 (0.01%)

Rejected.........: 0/1408 (0.00%)

Restore.Point....: 704/14343342 (0.00%)

Candidates.#1....: bambam -> tagged
HWMon.Dev.#1.....: N/A

so far, so good...

The residual question is what file can I edit to change these configs so I don't have to use the --force option:

OpenCL Platform #1: The pocl project

====================================
* Device #1: pthread-Intel(R) Core(TM) i7-4870HQ CPU @ 2.50GHz, 1478/1478 MB allocatable, 4MCU

* Device #1: build_opts '-I /usr/share/hashcat/OpenCL -D VENDOR_ID=64 -D CUDA_ARCH=0 -D VECT_SIZE=4 -D DEVICE_TYPE=2 -D DGST_R0=0 -D DGST_R1=1 -D DGST_R2=2 -D DGST_R3=3 -D DGST_ELEM=4 -D KERN_TYPE=9600 -D _unroll -cl-std=CL1.2'

Specifically, change the DEVICE_TYPE=2 to equal 1 for CPU.  I'd rather not add the -D every time I run a hash (and it doesn't seem to change anyway when I use it).


Thanks!!
#6
(08-16-2018, 08:26 AM)philsmd Wrote: hashcat currently supports these attack modes:
-a 0 dict.txt
-a 1 dict1.txt dict2.txt
-a 3 ?a?a?a?a?a
-a 6 dict.txt ?a?a?a?a?a
-a 7 ?a?a?a?a?a dict.txt

you did use NONE (including the mask and/or dictionary parameters) of them, therefore hashcat defaults to the stdin mode which expects the password candidates from a pipe, something like this:
princeprocessor dict.txt | ./hashcat -r prince_optimized.rule hashes.txt

If hashcat doesn't receive any input from such a pipe, the speed will of course stay at 0 H/s and hashcat will "wait" for the first password candidates from the pipe (if you do not use a pipe it won't receive anything and speed will always stay at 0)

Please run: hashcat --help and read about the -a options available and how to use them.

Thanks for the response!  Thats the kind of response I was hoping for the first go around.  I appreciate the time you gave me in your response.  The explanation was great.