New Attack-Mode: Association Attack

[undeath]

…

This attack mode is specifically designed for large salted hash lists. It doesn't make sense with single hashes.

[svobodnui11]

to see an example in action, in the same video

[nielsenjens463]

Have tryed on bcrypt this Association Attack, 0% recovered. did i did something wrong?
Have split usernames in 1 file called wordlist.txt and hashes in another called EPWhashes.txt

Or it could be that all salts are random and has nothing to do with the usernames? I have also 
seperate emails with every hash. Shall i try emails instead of usernames as a salt hint or there is no chance to improve speed? trying straight on bcrypt but it shows 66years to be finished with because i have only 1 GPU 1080TI 11gb


Session..........: hashcat
Status...........: Exhausted
Hash.Name........: bcrypt $2*$, Blowfish (Unix)
Hash.Target......: ./UPWhashes.txt
Time.Started.....: Fri Jan 08 11:30:36 2021 (4 mins, 10 secs)
Time.Estimated...: Fri Jan 08 11:34:46 2021 (0 secs)
Guess.Base.......: File (./wordlist.txt)
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........:      422 H/s (161.48ms) @ Accel:8 Loops:32 Thr:11 Vec:1
Recovered........: 0/105330 (0.00%) Digests, 0/105330 (0.00%) Salts
Remaining........: 105330 (100.00%) Digests, 105330 (100.00%) Salts
Recovered/Time...: CUR:0,N/A,N/A AVG:0,0,0 (Min,Hour,Day)
Progress.........: 210659/105330 (200.00%)
Rejected.........: 105330/210659 (50.00%)
Restore.Point....: 105330/105330 (100.00%)

[royce]

Test your attack against a known set of bcrypt hashes and their plains. Once that's working, you'll know that your method is correct.

[asaj2kk]

Can confirm that on optimized kernels I get erros as well
clEnqueueWriteBuffer(): CL_OUT_OF_RESOURCES
clWaitForEvents(): CL_UNKNOWN_ERROR
clEnqueueReadBuffer(): CL_OUT_OF_RESOURCES

This wouldn't be a problem but -m 2711 doesn't have a pure kernel only optimized.
Is there a fix for it or does it have to do on how you build hashcat ? 

msys build < error
wsl build < error

[Snoopy]

what about the idea to use the
--username
option to trigger this attack to do the (at least now) needed manual splitting on the fly?

so instead of using 2 separate files you can stick to the already there [user:pwalt] style of files, for which this attack was made for / is targeted at

[pokosima1999]

Is potfile support?

[Snoopy]

Is potfile support?

dont know what you mean, but in the potfile the standard

hash : [salt] : plain

is stored

[moahmed]

Hello i guess that the password is only 11 digit what i must write to check only 11 digit not passed to 8.9.10 digit only 11 like digits like crunch

[ZerBea]

If someone is interested: Association attack on hash mode 22000

on ESSID:

Code:

$ cat hashfile.hc22000 | awk 'BEGIN { FS = "*" } ; {print "$HEX[" $6 "]" }' > essid.list
$ hashcat -m 22000 -o founds -a9 hashfile.hc22000 test.list

on ESSID with rules:

Code:

$ cat hashfile.hc22000 | awk 'BEGIN { FS = "*" } ; {print "$HEX[" $6 "]" }' > essid.list
$ hashcat -m 22000 -r rockyou-30000.rule -o founds -a9 hashfile.hc22000 test.list

On MAC_AP:

Code:

$ cat hashfile.hc22000 | awk 'BEGIN { FS = "*" } ; {print $4 }' > macap.list
$ hashcat -m 22000 -o founds -a9 hashfile.hc22000 macap.list

Outfile (-o) should be used because there are no entries in the potfile (up to actual git head: hashcat v6.2.5-165-gb44495846)