Hashcat has the particularity to be able to run on various OS. If Linux/UNIX based operating systems provide an easy way to connect to a remote workstation using SSH, this is not the case for Windows.
Even if some solutions like Bash on Windows or OpenSSH by the PowerShell team seem to be able to address this need, they also have some major caveats (rendering problems, tty-based communications problems, etc.).
Cygwin and MSYS/MSYS2 also have some tty-based problems: the way Cygwin and MSYS/MSYS2 use mintty, which they rely on, don't provide unbuffering capabilities. The consequence is that 's', 'b', 'q', 'p' keystrokes are buffered while pressed, thus not treated as they should.
Another solution must be found to be able to use the cat through an SSH session: meet winpty.
The following is directly taken from winpty README and provides instructions for both Cygwin and MSYS/MSYS2.
THIS GUIDE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF FITNESS FOR A PARTICULAR PURPOSE. WE WILL NOT ACCEPT ANY LIABILITY FOR ANY SECURITY RISKS YOU INTRODUCE TO YOUR ENVIRONMENT UPON FOLLOWING THIS GUIDE.
At a minimum, you should ensure that all commands are executed in a trusted – and preferably isolated – environment.
You need the following to build winpty:
The default g++ compiler for Cygwin targets Cygwin itself, but Cygwin also packages MinGW-w64 compilers. As of this writing, the necessary packages are:
As of writing this tutorial, winpty over an SSH session using MSYS or MSYS2 has not been tested. Nevertheless, things should not been different from Cygwin case.
For the original MSYS, use the mingw-get tool (MinGW Installation Manager), and select at least these components:
When running ./configure, make sure that mingw32-g++ is in your PATH. It will be in the C:\MinGW\bin directory.
For MSYS2, use pacman and install at least these packages:
MSYS2 provides three start menu shortcuts for starting MSYS2:
To build winpty, use either MinGW-w64 Win32 shortcut or MinGW-w64 Win64 shortcut, depending of the architecture matching your MSYS2 installation.
These shortcuts will put the g++ compiler (from mingw32/mingw-w64-i686-gcc packages if your installation is 32bits or from mingw64/mingw-w64-x86_64-gcc packages if your installation is 64bits) into the PATH.
Alternatively, instead of installing mingw32/mingw-w64-i686-gcc or mingw64/mingw-w64-x86_64-gcc, install the mingw-w64-cross-gcc and mingw-w64-cross-crt-git packages.
These packages install cross-compilers into /opt/bin, and then any of the three shortcuts will work.
In the project directory, run:
$ ./configure $ make $ make install
By default, winpty is installed into /usr/local. Pass PREFIX=<path> to make install to override this default.
To run a Windows console program in mintty or Cygwin/MSYS/MSYS2 sshd, prepend winpty to the command-line:
$ winpty hashcat64.exe -m 0 ....
Unbuffered-related problems should be resolved now!
As winpty is not aware of chroot'ed environment, all paths to files (like outputfile or wordlist) must be either relative to current directory or absolute regarding Windows filesystem (ie. '/opt/data/wordlists/MyWordlist' must be replaced by 'DRIVELETTER:/INSTALLATION_PATH/opt/data/wordlists/MyWordlist').
As connected with “sshd” account to my remote Windows workstation “TimmyStation”, if your Cygwin/MSYS/MSYS2 environnement is located in C:\INSTALL_PATH and your hashcat folder is in C:\INSTALL_PATH\opt\data\hashcat-3.20, a typical successful command line should look like this:
sshd@TimmyStation /opt/data/hashcat-3.20 $ winpty hashcat64.exe -m 0 -o C:/INSTALL_PATH/opt/data/hashcat_outputhashes C:/INSTALL_PATH/opt/data/RawMD5_test.dump -a 0 C:/INSTALL_PATH/opt/data/wordlists/MyWordlist -r rules/best64.rule