trustedsec / hate_crack Goto Github PK
View Code? Open in Web Editor NEWA tool for automating cracking methodologies through Hashcat from the TrustedSec team.
Home Page: https://www.trustedsec.com
A tool for automating cracking methodologies through Hashcat from the TrustedSec team.
Home Page: https://www.trustedsec.com
I have a folder with all my password files in it. I was trying to run...
ls -rt -d -1 $PWD/{,.} >../wordlists.txt
but getting
[root:...testing/Passwords/wordlists]# ls
bt4-password.txt darkweb2017-top1000.txt openwall.net-all.txt rockyou.txt
cirt-default-passwords.txt darkweb2017-top100.txt PHP-Magic-Hashes.txt twitter-banned.txt
clarkson-university-82.txt darkweb2017-top10.txt probable-v2-top12000.txt unkown-azul.txt
darkc0de.txt Keyboard-Combinations.txt probable-v2-top1575.txt UserPassCombo-Jay.txt
darkweb2017-top10000.txt Most-Popular-Letter-Passes.txt probable-v2-top207.txt
[root:...testing/Passwords/wordlists]# ls -rt -d -1 $PWD/{,.} >../wordlists.txt
zsh: no matches found: /root/pentesting/Passwords/wordlists/.*
What am I doing wrong here??
Thanmks
Hello,
I just spun up a fresh Linux box, downloaded hashcat + utils + hatecrack as well as a bundle of wordlists, and am ready to run wordlist_optimizer.
As I kick off the optimization, I'll see hatecrack kind of bomb out with a blurb of text like this:
Checking /opt/wordlists/optimized//58 against cache
Lines compared 18
Removed 12 lines from cache
Sorting back to original positions...
Finished!
Removed 12 lines from cache
Writing 238119 lines to /tmp/splitlen.out
Traceback (most recent call last):
File "wordlist_optimizer.py", line 88, in <module>
main()
File "wordlist_optimizer.py", line 72, in main
if lineCount("/tmp/splitlen.out") > 0:
File "wordlist_optimizer.py", line 20, in lineCount
for line in outFile:
File "/usr/lib/python3.6/codecs.py", line 321, in decode
(result, consumed) = self._buffer_decode(data, self.errors, final)
UnicodeDecodeError: 'utf-8' codec can't decode byte 0xbb in position 1239: invalid start byte
Note: the issue appears to be wordlist related. This was happening on crackstation.txt
. I renamed it to crackstation2.txt
and then optimizer completed. Anything I can do to help troubleshoot why certain wordlists might be problematic? I'd love to have crackstation (and a few others that bomb out too) get properly optimized.
Thanks,
Brian
How can I apply optimizers like -O and -W (2,3,4) to hate crack?
Hi, im ran into a problem, when starting any attack in hate_crack. Im working in cygwin.
Here's log:
$ python hate_crack.py hash.txt 0
___ ___ __ _________ __
/ | \_____ _/ |_ ____ \_ ___ \____________ ____ | | __
/ ~ \__ \\ __\/ __ \ / \ \/\_ __ \__ \ _/ ___\| |/ /
\ Y // __ \| | \ ___/ \ \____| | \// __ \\ \___| <
\___|_ /(____ /__| \___ >____\______ /|__| (____ /\___ >__|_ \
\/ \/ \/_____/ \/ \/ \/ \/
Version 1.09
(1) Quick Crack
(2) Extensive Pure_Hate Methodology Crack
(3) Brute Force Attack
(4) Top Mask Attack
(5) Fingerprint Attack
(6) Combinator Attack
(7) Hybrid Attack
(8) Pathwell Top 100 Mask Brute Force Crack
(9) PRINCE Attack
(10) YOLO Combinator Attack
(11) Middle Combinator Attack
(12) Thorough Combinator Attack
(13) Bandrel Methodology
(95) Analyze hashes with Pipal
(96) Export Output to Excel Format
(97) Display Cracked Hashes
(98) Display README
(99) Quit
Select a task: 1
Enter path of wordlist or wordlist directory.
Press Enter for default optimized wordlists [/home/Admin123/hashcat/passwords1]:
Which rule(s) would you like to run?
(0) To run without any rules
(1) best64.rule
(2) d3ad0ne.rule
(3) T0XlC.rule
(4) dive.rule
(99) YOLO...run all of the rules
Enter Comma separated list of rules you would like to run. To run rules chained use the + symbol.
For example 1+1 will run best64.rule chained twice and 1,2 would run best64.rule and then d3ad0ne.rule sequentially.
Choose wisely: 1+1
hashcat (v6.2.6-792-ge6715fbd8) starting
Successfully initialized the NVIDIA main driver CUDA runtime library.
Failed to initialize NVIDIA RTC library.
* Device #1: CUDA SDK Toolkit not installed or incorrectly installed.
CUDA SDK Toolkit required for proper device support and utilization.
For more information, see: https://hashcat.net/faq/wrongdriver
Falling back to OpenCL runtime.
* Device #1: WARNING! Kernel exec timeout is not disabled.
This may cause "CL_OUT_OF_RESOURCES" or related errors.
To disable the timeout, see: https://hashcat.net/q/timeoutpatch
OpenCL API (OpenCL 3.0 CUDA 12.2.79) - Platform #1 [NVIDIA Corporation]
=======================================================================
* Device #1: NVIDIA GeForce GTX 1650, 3968/4095 MB (1023 MB allocatable), 14MCU
Minimum password length supported by kernel: 0
Maximum password length supported by kernel: 31
Hashes: 1 digests; 1 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates
Rules: 4356
Optimizers applied:
* Optimized-Kernel
* Zero-Byte
* Precompute-Init
* Meet-In-The-Middle
* Early-Skip
* Not-Salted
* Not-Iterated
* Single-Hash
* Single-Salt
* Raw-Hash
Watchdog: Temperature abort trigger set to 90c
Initializing backend runtime for device #1. Please be patient...1 error generated.
clCompileProgram(): CL_COMPILE_PROGRAM_FAILURE
<kernel>:9:10: fatal error: 'OpenCL/inc_vendor.h' file not found
#include M2S(INCLUDE_PATH/inc_vendor.h)
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
<built-in>:4:16: note: expanded from here
#define M2S(x) XM2S(x)
^~~~~~~
<built-in>:3:17: note: expanded from here
#define XM2S(x) #x
^~
<scratch space>:2:1: note: expanded from here
"OpenCL/inc_vendor.h"
^~~~~~~~~~~~~~~~~~~~~
* Device #1: Kernel /home/Admin123/hashcat/OpenCL/m00000_a0-optimized.cl build failed.
Started: Sat Oct 7 02:46:38 2023
Stopped: Sat Oct 7 02:46:39 2023
Surprisingly, hashcat without hate_crack works perfectly. Left code below:
$ ./hashcat -m 0 -O -a 3 -1 '?l?d' example0.hash -i '?1?1?1?1?1?1?1?1'
hashcat (v6.2.6-792-ge6715fbd8) starting
Successfully initialized the NVIDIA main driver CUDA runtime library.
Failed to initialize NVIDIA RTC library.
* Device #1: CUDA SDK Toolkit not installed or incorrectly installed.
CUDA SDK Toolkit required for proper device support and utilization.
For more information, see: https://hashcat.net/faq/wrongdriver
Falling back to OpenCL runtime.
* Device #1: WARNING! Kernel exec timeout is not disabled.
This may cause "CL_OUT_OF_RESOURCES" or related errors.
To disable the timeout, see: https://hashcat.net/q/timeoutpatch
OpenCL API (OpenCL 3.0 CUDA 12.2.79) - Platform #1 [NVIDIA Corporation]
=======================================================================
* Device #1: NVIDIA GeForce GTX 1650, 3968/4095 MB (1023 MB allocatable), 14MCU
Minimum password length supported by kernel: 0
Maximum password length supported by kernel: 55
Hashes: 6494 digests; 6494 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates
Optimizers applied:
* Optimized-Kernel
* Zero-Byte
* Precompute-Init
* Meet-In-The-Middle
* Early-Skip
* Not-Salted
* Not-Iterated
* Single-Salt
* Brute-Force
* Raw-Hash
Watchdog: Temperature abort trigger set to 90c
INFO: Removed 756 hashes found as potfile entries.
Host memory required for this attack: 829 MB
The wordlist or mask that you are using is too small.
This means that hashcat cannot use the full parallel power of your device(s).
Unless you supply more work, your cracking speed will drop.
For tips on supplying more work, see: https://hashcat.net/faq/morework
Approaching final keyspace - workload adjusted.
Session..........: hashcat
Status...........: Exhausted
Hash.Mode........: 0 (MD5)
Hash.Target......: example0.hash
Time.Started.....: Sat Oct 7 02:52:56 2023 (0 secs)
Time.Estimated...: Sat Oct 7 02:52:56 2023 (0 secs)
Kernel.Feature...: Optimized Kernel
Guess.Mask.......: ?1 [1]
Guess.Charset....: -1 ?l?d, -2 Undefined, -3 Undefined, -4 Undefined
Guess.Queue......: 1/8 (12.50%)
Speed.#1.........: 5200 H/s (0.04ms) @ Accel:128 Loops:36 Thr:256 Vec:8
Recovered........: 756/6494 (11.64%) Digests (total), 0/6494 (0.00%) Digests (new)
Remaining........: 5738 (88.36%) Digests
Recovered/Time...: CUR:N/A,N/A,N/A AVG:N/A,N/A,N/A (Min,Hour,Day)
Progress.........: 36/36 (100.00%)
Rejected.........: 0/36 (0.00%)
Restore.Point....: 1/1 (100.00%)
Restore.Sub.#1...: Salt:0 Amplifier:0-36 Iteration:0-36
Candidate.Engine.: Device Generator
Candidates.#1....: s -> x
Hardware.Mon.#1..: Temp: 49c Fan: 0% Util: 8% Core:1485MHz Mem:4001MHz Bus:16
I will be very grateful for your help. thank you in advance.
If I added pipal as a menu option is this something you would be interested in accepting a pull request for?
I would add it as as an option in the config, and if it was disabled then the menu wouldn't show up
Hi,
I'm extremely not knowledgeable about things (and this is pretty trivial), but I notice on lines 125, 147, 252, and 269 it looks like the cut command is being used to extract passwords cracked by hashcat like:
hcatProcess = subprocess.Popen("cat %s.out | cut -d : -f 2 > %s.working" % (hcatHashFile, hcatHashFile),
shell=True).wait()
Might be worth changing the -f 2
option to -f 2-
so that passwords including a colon are captured.
Cheers!
Add a detection for duplicate accounts for NetNTLMv1 and NetNTLMv2 for when unique challenge and responses from Responder.
Will prompt use on detection if they want to ignore the duplicates or not.
Hi there,
This isn't really an issue, but more a question about best practices for using Hatecrack. Do you have a recommended methodology for which Hatecrack options to use to most efficiently crack a list of hashes. I've just been starting at 1 and going up from there, and if there's a certain option that says it'll take days to run, I maybe let it run 24 hours and go on to the next for the sake of time.
But I'd love to hear if this is how the TrustedSec team uses the tool or if you have other recommendations/tips.
Thanks for the great tool!
Brian
Detect accounts that end in $ and prompt to ignore them or not.
It would make it easier to use hate_crack with other scripts if there were options to run cracking without interacting with the main menu. An example would be
sudo python /opt/hatecrack/hate_crack.py ~/Documents/example_ntlm.txt 1000 1 0
Which would run quick cracking with 0 best64.rule. I'm not at all suggesting that you get rid of the main menu, just providing both launch options would be a really nice feature.
Keep up the fantastic work!
The default installation for hashcat in Kali has the binary file for hashcat located in /usr/bin/hashcat
The existing code assumes that the hashcat bin is located in the same directory as the rest of the hashcat files, but in Kali these are located in /usr/share/hashcat
A workaround until this can be fixed is to add a symbolic link in the /usr/share
directory using the following command cd /usr/share/hashcat && ln -s /usr/bin/hashcat hashcat
Is anyone else noticing that hate_crack is outputting the same hash for different passwords?
c45cde80ed7302003b28d040862bf6e9:Shadai25
c45cde80ed7302003b28d040862bf6e9:Work4Me2
c45cde80ed7302003b28d040862bf6e9:Chelle76
c45cde80ed7302003b28d040862bf6e9:Thepijo2
c45cde80ed7302003b28d040862bf6e9:Kathleen1
c45cde80ed7302003b28d040862bf6e9:Shadow10
Had a list of NTLM hashes with username:hash. Stripped them out to just one hash per line.
Ran
./hate_crack.py tmp.txt 1000
Chose quick crack, and it started outputting the same hash over and over with a different password.
Note: I'm still investigating to see if this is a Hashcat issue.
Pretty please?
:-)
Yours Hopefully,
SS.
Hello,
I am following your guide on the TrestedSec release site and have created my wordlists file exactly as you have specified. When i run the following command i am getting this error... any thoughts on this one.
PC is a new ubuntu 16.04LTS build dual NVIDIA GTX 1080 FE's
Hashcat installed from PTF and hate_crack installed in home directory.
Thanks for the great tool! I got it running on my MAC and it is great!
:~/hate_crack$ python wordlist_optimizer.py wordlists.txt ../optimized_wordlists/
/home/redacted/Passwords/wordlists/hashes.org-2017.txt
hashcat-utils/bin/splitlen.app: 1: hashcat-utils/bin/splitlen.app: �������: not found
hashcat-utils/bin/splitlen.app: 2: hashcat-utils/bin/splitlen.app: Syntax error: word unexpected (expecting ")")
Getting this error even though I'm pretty sure the config.json file is pointing to the right folder paths....
Running into the following issue. Let me know what other info I can provide:
python hate_crack.py /root/ntlm.txt 1000
___ ___ __ _________ __
/ | \_____ _/ |_ ____ \_ ___ \____________ ____ | | __
/ ~ \__ \\ __\/ __ \ / \ \/\_ __ \__ \ _/ ___\| |/ /
\ Y // __ \| | \ ___/ \ \____| | \// __ \\ \___| <
\___|_ /(____ /__| \___ >____\______ /|__| (____ /\___ >__|_ \
\/ \/ \/_____/ \/ \/ \/ \/
Version 1.06
PWDUMP format detected...
Parsing NT hashes...
Parsing LM hashes...
LM hashes identified. Would you like to brute force the LM hashes first? (Y) N
(1) Quick Crack
(2) Extensive Pure_Hate Methodology Crack
(3) Brute Force Attack
(4) Top Mask Attack
(5) Fingerprint Attack
(6) Combinator Attack
(7) Hybrid Attack
(8) Pathwell Top 100 Mask Brute Force Crack
(9) PRINCE Attack
(10) YOLO Combinator Attack
(11) Middle Combinator Attack
(12) Thorough Combinator Attack
(96) Export Output to Excel Format
(97) Display Cracked Hashes
(98) Display README
(99) Quit
Select a task: 4
Enter a target time for completion in hours (4):
Traceback (most recent call last):
File "/root/tools/hate_crack/PACK/statsgen.py", line 302, in <module>
statsgen.print_stats()
File "/root/tools/hate_crack/PACK/statsgen.py", line 197, in print_stats
self.filter_counter * 100 / self.total_counter, self.filter_counter, self.total_counter)
ZeroDivisionError: division by zero
Traceback (most recent call last):
File "/root/tools/hate_crack/PACK/maskgen.py", line 312, in <module>
maskgen.generate_masks(sorting_mode)
File "/root/tools/hate_crack/PACK/maskgen.py", line 136, in generate_masks
sample_occurrence * 100 / self.total_occurrence, sample_occurrence, self.total_occurrence)
ZeroDivisionError: division by zero
hashcat (v5.0.0) starting...
OpenCL Platform #1: NVIDIA Corporation
======================================
* Device #1: GeForce GTX 1080 Ti, 2793/11175 MB allocatable, 28MCU
Invalid mask.
Started: Thu Nov 1 10:40:48 2018
Stopped: Thu Nov 1 10:40:49 2018
Hi,
Simple request: a check if the destination folder exists, and if not let wordlist_optimizer.py create it or complain about missing permissions to do so?
At the moment it spits out this:
$ python wordlist_optimizer.py /usr/share/wordlists/rockyou.txt /usr/share/wordlists/optimized_wordlists/
123456
Traceback (most recent call last):
File "wordlist_optimizer.py", line 74, in
main()
File "wordlist_optimizer.py", line 45, in main
if len(os.listdir(destination)) == 0:
OSError: [Errno 2] No such file or directory: '/usr/share/wordlists/optimized_wordlists/'
Cheers!
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.