Worst documentation and usability EVER
#1
Thumbs Down 
I'm not sure if anyone will get anything out of this post, or that it won't just immediately be deleted, but it needs saying either way.

Why is this program so damn hard to use?!?

A free GPU based password cracker that can do SHA, MD5, MSCache, etc? Great! Or so I initially thought... turns out not so!

I download oclHashcat-plus version 6, read the docs, and get ready to go with a trial hash. Only to be greeted with an error. So I try some more options, read some more examples, read the help, which states:

Code:
Usage: cudaHashcat-plus [options]... hash|hashfile|hccapfile [dictionary|mask|di
rectory]...

=======
Options
=======

* General:

  -m,  --hash-type=NUM               Hash-type, see references below
  -V,  --version                     Print version
  -h,  --help                        Print help
       --eula                        Print EULA
       --quiet                       Suppress output

Everything I'm doing *appears* to be right, so I finally just start copy pasting some example run lines from other people. Turns out typing "--hash-type=1500" is wrong, it needs to be "--hash-type 1500". Thanks a lot for including misleading and incorrect documentation. But ok, whatever, it's not the end of the world.

I then move on to trying brute force some hashes and quickly discover that it isn't a directly supported mode. That's too bad, but I'm not going to be deterred by something as simple as piping one program's output to another. So I get the wordlist generator going. And then I realize that I need to split the wordlist processing to use more of my GPU. The time I have spent by this point trying to get something as simple as password bruteforcing going seems pretty ridiculous, but hey, at least it's now all working. Or so I thought! After trying to crack a few different types of hashes (more on this later on), I realized that I should verify that my wordlist inputs were getting processed properly. So I take the hash of a simple password and pass it in, and get a result of zero passwords cracked! After reading more online, playing with the generation rules, saving the actual output to file and viewing it, it appears that while everything looks just fine, there's no actual way to make this thing consistently work. So I gave up. There were hints that a later version would just include bruteforce support, so I figured that this tool was just not worth using until then.

And so, version 7 comes out. And it includes brute force support! Great! Well, except that it also includes the world's worst documentation, just like the previous version. So you want to use brute force mode, you specify "-a 3", and all you get is an error. So then, lets check the wiki:
http://hashcat.net/wiki/brute_force_attack

Hmmm, none of those command line options are even supported! Release notes for version 7 say nothing, nor does the help, nor do any of the examples. Search online for a bit, and you'll find that:
http://hashcat.net/forum/thread-810-page...ttack-mode
clearly you need to provide the bruteforce character set as the last parameter, and no, there's no option to specify a brute force length.

So there's that. There's the fact that *no* hash format is documented as to what's actually needed for input (trial and error is a form of documentation, right?). Should the username come first or second for a MS Cache password? Who knows?! You'll know when you have it wrong, but never for sure if you've got it right.

So my point in all this is that, wtf, if this tool is for internal use only or something, no big deal. But if you're releasing this to the world, the world would probably appreciate if you documented things once and a while.
#2
Brute-force is possible with a mask attack.
#3
@stupid

Demand a refund...
#4
this is a young project. if you want to help making documentation better i will create you an account on the wiki pages.
#5
It was easy to understand the documentation, however for a few moments, I had a big problem figuring out how to create the mask for brute force attack... for one simple reason - there's a line that says -1 ?l?u?d and then it is like ?1?1?1?1 ... well, the FONT used in the documentation made ?l (lowercase L) and ?1 (the number one), as well as -1 (the actual part where you create the mask) look like they all used the number 1 or the letter L Big Grin Until I figured out that the first -1 was the number, the ?l?u?d were the letters and then the ?1?1?1.... section contained the numbers because they now stood in for "?l?u?d".

A bit confusing, simply because of the font! Big Grin

I'm currently very busy (term is coming to an end and tests are coming at me left & right), but maybe I could try and contribute to the wiki a bit when all this is over (February)
#6
BTW I changed the page on -plus to indicate brute-force is accomplished via mask attack (removed the link to brute-force attack page).
#7
It could be hard o understand how it works if you are a beginer because it has more options like other tools where you just bruteforce a-z. Later when you understand how it works it will be easier and you will see the advantage of hashcat.