01-13-2012, 02:15 AM
I'm not sure if anyone will get anything out of this post, or that it won't just immediately be deleted, but it needs saying either way.
Why is this program so damn hard to use?!?
A free GPU based password cracker that can do SHA, MD5, MSCache, etc? Great! Or so I initially thought... turns out not so!
I download oclHashcat-plus version 6, read the docs, and get ready to go with a trial hash. Only to be greeted with an error. So I try some more options, read some more examples, read the help, which states:
Everything I'm doing *appears* to be right, so I finally just start copy pasting some example run lines from other people. Turns out typing "--hash-type=1500" is wrong, it needs to be "--hash-type 1500". Thanks a lot for including misleading and incorrect documentation. But ok, whatever, it's not the end of the world.
I then move on to trying brute force some hashes and quickly discover that it isn't a directly supported mode. That's too bad, but I'm not going to be deterred by something as simple as piping one program's output to another. So I get the wordlist generator going. And then I realize that I need to split the wordlist processing to use more of my GPU. The time I have spent by this point trying to get something as simple as password bruteforcing going seems pretty ridiculous, but hey, at least it's now all working. Or so I thought! After trying to crack a few different types of hashes (more on this later on), I realized that I should verify that my wordlist inputs were getting processed properly. So I take the hash of a simple password and pass it in, and get a result of zero passwords cracked! After reading more online, playing with the generation rules, saving the actual output to file and viewing it, it appears that while everything looks just fine, there's no actual way to make this thing consistently work. So I gave up. There were hints that a later version would just include bruteforce support, so I figured that this tool was just not worth using until then.
And so, version 7 comes out. And it includes brute force support! Great! Well, except that it also includes the world's worst documentation, just like the previous version. So you want to use brute force mode, you specify "-a 3", and all you get is an error. So then, lets check the wiki:
http://hashcat.net/wiki/brute_force_attack
Hmmm, none of those command line options are even supported! Release notes for version 7 say nothing, nor does the help, nor do any of the examples. Search online for a bit, and you'll find that:
http://hashcat.net/forum/thread-810-page...ttack-mode
clearly you need to provide the bruteforce character set as the last parameter, and no, there's no option to specify a brute force length.
So there's that. There's the fact that *no* hash format is documented as to what's actually needed for input (trial and error is a form of documentation, right?). Should the username come first or second for a MS Cache password? Who knows?! You'll know when you have it wrong, but never for sure if you've got it right.
So my point in all this is that, wtf, if this tool is for internal use only or something, no big deal. But if you're releasing this to the world, the world would probably appreciate if you documented things once and a while.
Why is this program so damn hard to use?!?
A free GPU based password cracker that can do SHA, MD5, MSCache, etc? Great! Or so I initially thought... turns out not so!
I download oclHashcat-plus version 6, read the docs, and get ready to go with a trial hash. Only to be greeted with an error. So I try some more options, read some more examples, read the help, which states:
Code:
Usage: cudaHashcat-plus [options]... hash|hashfile|hccapfile [dictionary|mask|di
rectory]...
=======
Options
=======
* General:
-m, --hash-type=NUM Hash-type, see references below
-V, --version Print version
-h, --help Print help
--eula Print EULA
--quiet Suppress output
Everything I'm doing *appears* to be right, so I finally just start copy pasting some example run lines from other people. Turns out typing "--hash-type=1500" is wrong, it needs to be "--hash-type 1500". Thanks a lot for including misleading and incorrect documentation. But ok, whatever, it's not the end of the world.
I then move on to trying brute force some hashes and quickly discover that it isn't a directly supported mode. That's too bad, but I'm not going to be deterred by something as simple as piping one program's output to another. So I get the wordlist generator going. And then I realize that I need to split the wordlist processing to use more of my GPU. The time I have spent by this point trying to get something as simple as password bruteforcing going seems pretty ridiculous, but hey, at least it's now all working. Or so I thought! After trying to crack a few different types of hashes (more on this later on), I realized that I should verify that my wordlist inputs were getting processed properly. So I take the hash of a simple password and pass it in, and get a result of zero passwords cracked! After reading more online, playing with the generation rules, saving the actual output to file and viewing it, it appears that while everything looks just fine, there's no actual way to make this thing consistently work. So I gave up. There were hints that a later version would just include bruteforce support, so I figured that this tool was just not worth using until then.
And so, version 7 comes out. And it includes brute force support! Great! Well, except that it also includes the world's worst documentation, just like the previous version. So you want to use brute force mode, you specify "-a 3", and all you get is an error. So then, lets check the wiki:
http://hashcat.net/wiki/brute_force_attack
Hmmm, none of those command line options are even supported! Release notes for version 7 say nothing, nor does the help, nor do any of the examples. Search online for a bit, and you'll find that:
http://hashcat.net/forum/thread-810-page...ttack-mode
clearly you need to provide the bruteforce character set as the last parameter, and no, there's no option to specify a brute force length.
So there's that. There's the fact that *no* hash format is documented as to what's actually needed for input (trial and error is a form of documentation, right?). Should the username come first or second for a MS Cache password? Who knows?! You'll know when you have it wrong, but never for sure if you've got it right.
So my point in all this is that, wtf, if this tool is for internal use only or something, no big deal. But if you're releasing this to the world, the world would probably appreciate if you documented things once and a while.