(02-09-2012, 06:59 PM)atom Wrote: OK! check out the new oclHashcat-plus beta in /beta. I have implented it that way. It is writing the cracked halfes to outfile/screen AND to hashcat.pot and you can run at any time:
Quote:oclHashcat-plus64 -m 3000 hashes.txt --show
and get the assembled results.
It works as described but there are a couple of points that could be better:
1) When you do the --show, having the ability to do also --remove for the fully cracked hash would be great.
2) Right now, the output with --show is on screen and can be redirected to a file using ">" but it would be more natural with the -o switch. I tried it, it does not bug -plus but does not do anything.
3) The uncracked part is shown as ******* right now. It does the job but does not discriminate with an actual ******* value since it's also 7 characters long. That's why, I was suggesting something like <not found> because you cannot mistaken it with an actual value since it's in lowercase and it's more than 7 characters long. While at it, a special code could be useful for space characters (since you don't see it especially if it is at the end of the password. I currently don't have a solution for this but we need to think about it.
4) It would be great to have a routine that checks the .pot file at the beginning so that there is no time wasted recracking the same hash (halves) over and over. For example let's say that for 50 full LM hash (100 halves unique or not), 99 were already cracked in the past, only 1 hash would be left to searched. So as soon as it is cracked, the attack finishes and you don't have to go through the rest of the attacks keyspace.