For instance twitter's webserver was not vulnerable but a few of their mailservers in the back still had SSLv2 support. In that case one could have cracked the private key for twitters certificate and used it either to spy on the traffic or impersonate twitter. I think you can come up with why someone would do that at your own.
However as a side note, I just launched my new project ( https://uleak.de/ ) yesterday which actually has a self made scanner for DROWN free to use for everyone. By the way the scan available on my page is realtime, not just a database query like https://drownattack.com/
]]>With experience in the sector we've seen the problem of those people keeping up with the management of their in most cases heterogenous platforms like wordpress, joomla and drupal. With uLeak we try to give those poeple a bit of help by creating a central platform from which they can monitor their websites. You can monitor the version of your CMS, availability and possible hacks that might occur and get notified in case of emergency.
We also provide a unique feature which gives you the possibility to check your user passwords (in form of a hash) against our vast database of leaked passwords which we keep up to date with the help of hashcat.
]]>With the opensource launch he made some major improvements and went for a major release namely version 2.00
Since then further improvements and an OSX port combined with the support of multiple OCL platforms made it into the master tree. Version 2.10 is now the pinnacle.
The first improvements that you see are the implementations of bcrypt and sha512crypt, but the coolest things are more hidden. The most important thing in everyday use of hashcat is the new "bruteforce++" and the "partial reversing".
The brutefoce++ is basicly a classic bruteforce attack pimped with markov chains. This means that hashcat doesn't go from aaaaaa to zzzzzz but looks up a table with the more frequent usages and picks combination that have proved to be used more often first.
The most important upgrade in my eye is the support for GPU clustering. We had severe problems building a good distributed solution for hashcat at the last crack me if you can contest. Atom and i had a very clear plan on how a good distributed solution should look like but we weren't really able to pull it off. However, thorsheim and epixoip informed atom a few weeks ago about a MOSIX project called VLC a few weeks ago and he decided to give it a shot. After initial problems he contacted the developers and managed to produce a new version of VLC that works with hashcat and other GPU crackers. The really cool thing about this solution is, that you can build a GPU cluster with up to 128 GPUs and use hashcat as it just would run on your local machine. Hashcat's dispatcher does magic in distributing the jobs to the clients, which was really a pain in the ass with a seperate third-party distribution solution. Since distributed systems are most fun for me, i will probably play with it very often in the future!
Enough for today, check out the whole release notes:
]]>We are proud to present oclHashcat-plus v0.09!
Download it here: http://hashcat.net/oclhashcat-plus/
Lots of new features and algorithms have been added, and many bugs have been fixed.
The major changes are:
Support for cracking the bcrypt and sha512crypt ($6$) algorithms.
Support for GPU clustering across multiple LAN hosts via VCL, and an increase to support 128 GPUs.
Added what we call a Brute-Force++ attack (see details for description).
Increased cracking performance, especially on multi-hash due to partially reversing as you know it from single-hash cracking.Lets start with the algorithms added; in this case, the generic types:
added -m 10 = md5(pass.salt)
added -m 20 = md5(salt.pass)
added -m 30 = md5(unicode(pass).salt)
added -m 40 = md5(salt.unicode(pass))
added -m 110 = sha1(pass.salt)
added -m 120 = sha1(salt.pass)
added -m 130 = sha1(unicode(pass).salt)
added -m 140 = sha1(salt.unicode(pass))
added -m 1410 = sha256(pass.salt)
added -m 1420 = sha256(salt.pass)
added -m 1710 = sha512(pass.salt)
added -m 1720 = sha512(salt.pass)They have been added for two reasons.
1. Because there were many requests by users to add them like here:
http://hashcat.net/forum/thread-1009.html
http://hashcat.net/forum/thread-1152.html
http://hashcat.net/forum/thread-1444.html
http://hashcat.net/forum/thread-474.html
http://hashcat.net/forum/thread-490.html
http://hashcat.net/forum/thread-574.html
http://hashcat.net/forum/thread-577.html
http://hashcat.net/forum/thread-651.html
http://hashcat.net/forum/thread-830.html
http://hashcat.net/forum/thread-833.html
http://hashcat.net/forum/thread-944.html
http://hashcat.net/forum/thread-951.html2. By adding another feature -- that is, setting the minimum length for a salt to 0 -- you can construct your own hashing modes if you exploit the salt by putting some data into the calculation. Since we have support in oclHashcat-plus for --hex-salt, this will make your lives even easier.
Next one is the bcrypt algorithm.
Guys, there is not much to say. Just one thing: do not expect too much! This algorithm was designed to run extremly slow on GPUs. It is highly dependant on memory-lookups, and is both salted and iterated. On our hd6990, we can reach 4085/s. This isn't much, but it's still multiple times faster than on CPU.
Details here:
http://hashcat.net/forum/thread-1219.html
http://hashcat.net/forum/thread-302.html
http://hashcat.net/forum/thread-186.htmlAnother algorithm we added was the EPIserver algorithm. These are the hashes stored by the ASP.NET membership provider. For more detailed information about this, have a look here: http://hashcat.net/forum/thread-987.html
There are plans to rename this algorithm from EPIserver to something like "asp.net membership provider." For now we will stick to EPIserver, but we will certainly rename this in a later version.
There was already an interesting blog post about all this here, definitely a good read: http://www.troyhunt.com/2012/06/our-pass...othes.html
Last but at least, the most impressive addition is the sha512crypt algorithm, aka $6$, which is used in nearly all Linux distributions by default.
Like all crypt(3) algorithms, this is another algorithm which is designed to run slow; plus, it is based on sha512, which uses 64 bit integers. Today's AMD GPUs do not have support for native 64 bit bitwise arithmetics (except shifts), so this is another reason why this algorithm is slow.
Still, the speedup cracking sha512crypt on GPU versus CPU is much higher compared to bcrypt. My hd6990 gives an impressive 32519/s, which we are very proud of!
This algorithm was requested here:
http://hashcat.net/forum/thread-790.html
http://hashcat.net/forum/thread-736.html
http://hashcat.net/forum/thread-303.htmlThe partial reversing of hashes for multi-hash lists differs a bit from classic single-hash reversal, which you are already familiar with if you use oclHashcat-lite. For several reasons, it is not efficient to reverse all hashes that many steps back as in single-hash cracking, and thus we can not reach oclHashcat-lite speed. But, it can still be more efficient than just traditional early checks.
To visualize this, here made some graphs:
You can see that the less hashes you have, the more efficient it is. The curves on Nvidia are a bit sharper.
Whenever you run brute force on multiple MD4, NTLM or MD5 hashes, oclHashcat-plus will use this partial reveral technique. In theory we can port this to salted hashes as well, but multi-hash on a salted hash is a bad idea. So for now, we stick to raw and reversable algorithms.
Another nice thing that came up lately is the Virtual OpenCL Cluster Platform (VCL) project. When thorsheim and epixoip informed us about this project in this post http://hashcat.net/forum/thread-1473.html it was totally not working with oclHashcat-*, nor any other OpenCL-based password cracker. But, we got in contact with the developers at MOSIX, and after some debugging and trace sessions, we were able to pinpoint the problems. MOSIX then released VCL version 1.15 which addressed these issues.
The overhead produced by the network agents is very low. This is one of the most important factors for a distributed solution. I made some stats on this here:
VCL is intended to be used on dedicated LANs or with High Speed Interconnects. I would not recommend clustering nodes over the Internet, as both latency and bandwidth would be an issue.
Development for VCL support is still in its infancy, but I've tested it with 22 GPUs and it worked well. Installing and configuring VCL is outside the scope of these release notes, but I plan to write a form post on this topic soon. However, there is no magic required to get VCL running on your own.
To better support VCL, we have increased the maximum number of GPUs from 16 to 128. We do not know for a fact if VCL can handle 128 GPUs, but it works with at least 22 GPUs.
Another nice thing about this is that it works around the 8-GPU limitation in AMD's drivers and Xorg. Since VCL does not require X to run, you can build giant GPU clusters this way.
Something that already was included in the newer versions of oclHashcate-lite is the support for markov-chains.
It does not matter if you do simple Brute-Force attack using -a 3 or you do a dictionary based Hybrid-Attack using either -a 6 or -a 7. This enhancement is automatically used EVERY time you use a mask.
A little background on this, as if you do not use oclHashcat-lite you might not know:
The markov-attack is a statistically based brute-force like attack, but instead of specifying a charset or a mask, we specify a file that was generated once in a previous step. It contains statistical information which is made out of an automated analysis of a given dictionary.
It can fully replace Brute-Force since it covers the full keyspace.
In Brute-Force Attack (or in Mask Attack) we can limit the keyspace by setting a smaller charset in order to reduce the attack-time. In Markov Attack we have something similar, the "threshold". All you do is to specify a number. The higher the number, the higher the threshold to add a new link between two characters on the two-level table on which the markov-attack is based on.
The background is not so important -- just remember that the lower the value, the smaller the keyspace, and thus the faster the attack is.
But if you take a close look on it, the technical correct description would be: "Brute-Force attack enhanced by per-position markov-chains built out of wordlists for statistics with the ability to use filters using a mask". OK? That required some special naming, and since it's 100% replacing Brute Force, we made it simple for ourselves and called it Brute-Force++
Here is a nice chart that visualizes the efficiency of Brute-Force++:
The original description of how this works can be found here:
http://hashcat.net/forum/thread-1291.html
http://hashcat.net/forum/thread-1285.html
http://hashcat.net/forum/thread-1265.htmlUse .ptx ad .llvmir intermediate kernels - from oclHashcat-lite
The kernels are distributed in an "intermediate" format (aka IL). This format cannot be reversed to its original C code, but is still not a binary format that can be used for execution.
The JIT (just-in-time) compilers from both OpenCL and CUDA, which ship with the driver, compile the final bytecode out of the IL. This takes a few seconds per kernel, but this is a one-time operation as the bytecode is cached (CUDA does it automatically, OpenCL does not, but we add eda function that emulates CUDA's behavior.)
This has some nice advantages:
Not 32/64 bit specific
Less HDD space
Smaller .7z
Less problems with driver specific problems as we often see with Catalyst
There is no more need to release a new oclHashcat-* in case a new driver optimization has been added. Cached oclHashcat-* kernels are driver specific. If it recognizes a driver change, it will rebuild the bytecode from the IL, but using the new JIT from the new driver, resulting in driver-specific optimized bytecode.Added Retaining GPU temperature - from oclHashcat-lite
When I started with oclHashcat-* Hardware mangement support, some people asked me for add support for fan-speed. For a long time I was not interessted in adding fan-speed code to oclHashcat-* since this is the job for the driver or some specialized controling software.
I did not change my mind completly on this, but still we have added some fan-speed controlling code. The new parameters are:
Code:
--gpu-temp-disable Disable temperature and fanspeed readings and triggers
--gpu-temp-abort=NUM Abort session if GPU temperature reaches NUM degrees celsius
--gpu-temp-retain=NUM Try to retain GPU temperature at NUM degrees celsius (AMD only)So what this does is, if the temperature configured with the new --gpu-temp-retain parameter is reached, it starts to increase the fan-speed by 1 percent each second. Thats all. In practice, this means is it enables you to enfore a very specific operating temperature for your GPUs.
Some notes:
--gpu-temp-disable you can completly disable all the temperature stuff.
--gpu-temp-retain currently only works for AMD.
--gpu-temp-abort parameter is just the renamed version of the old --gpu-watchdog.
Both parameters accept the 0 value which disables only this specific feature. This means you can step back to the old behavior by specifying --gpu-temp-retain 0.
The default for --gpu-temp-abort is still 90c.
The default for --gpu-temp-retain is 80c.More implemented feature requestes on forum:
http://hashcat.net/forum/thread-1303.html - Increment-mode for Brute Force
http://hashcat.net/forum/thread-1065.html - OpenLDAP SSHA's Dynamic Base64 Parser
http://hashcat.net/forum/thread-1335.html - Implement command line rules for plus
http://hashcat.net/forum/thread-1263.html - Add Charset ?a
http://hashcat.net/forum/thread-1140.html - Hashcat Exit Statuses
http://hashcat.net/forum/thread-1043.html - Next Dictionary In LineMore implemented feature requestes on PM / IRC / Email:
Default-mask for -a 3 mode from oclHashcat-lite v0.10
Commandline switch --disable-potfile feature from hashcat v0.40This new version has been tested by many beta testers on a wide variety of hardware and operating systems.
All new features were available to beta tester for several weeks. All we did for the last few weeks was perform both automated and manual tests of all features and algorithms, until all issues were 100% fixed.
We want to say a special thank-you to the following beta-testers for their massive support during development:
epixoip
blandyuk
forumhero
M@LIK
mastercracker
proinsideThis is great proof of how the cracking community is working together, regardless of what team they are on.
Of course we want to say thanks to all the beta testers who helped finding bugs and suggesting things as well -- Thanks!
--
atom and matrix
Full changelog:
Code:
type: feature
file: kernels
desc: added -m 10 = md5(pass.salt)
type: feature
file: kernels
desc: added -m 20 = md5(salt.pass)
type: feature
file: kernels
desc: added -m 30 = md5(unicode(pass).salt)
type: feature
file: kernels
desc: added -m 40 = md5(salt.unicode(pass))
type: feature
file: kernels
desc: added -m 110 = sha1(pass.salt)
type: feature
file: kernels
desc: added -m 120 = sha1(salt.pass)
type: feature
file: kernels
desc: added -m 130 = sha1(unicode(pass).salt)
type: feature
file: kernels
desc: added -m 140 = sha1(salt.unicode(pass))
type: feature
file: kernels
desc: added -m 141 = EPiServer 6.x
cred: thorsheim
type: feature
file: kernels
desc: added -m 1410 = sha256(pass.salt)
type: feature
file: kernels
desc: added -m 1420 = sha256(salt.pass)
type: feature
file: kernels
desc: added -m 1710 = sha512(pass.salt)
type: feature
file: kernels
desc: added -m 1720 = sha512(salt.pass)
type: feature
file: kernels
desc: added -m 1800 = sha512crypt, SHA512(Unix)
type: feature
file: kernels
desc: added -m 3200 = bcrypt
type: feature
file: kernels
desc: removed -a 4 permutation attack (use rules and combinator-attack instead)
type: feature
file: kernels
desc: added reversing kernel for multihash MD5 if running in -a 3 mode and mask < length 9
type: feature
file: kernels
desc: added reversing kernel for multihash MD4 if running in -a 3 mode and mask < length 13
type: feature
file: kernels
desc: added reversing kernel for multihash NTLM if running in -a 3 mode and mask < length 9
type: feature
file: kernels
desc: on AMD, switched from .kernel to .llvmir to reduce diskspace
type: feature
file: kernels
desc: on NV, switched from .cubin to .ptx to reduce diskspace
type: feature
file: kernels
desc: added kernel cache to avoid unnecessary recompilation
cred: m4tr1x
type: feature
file: kernels
desc: brought back support for AMD hd4xxx GPUS due to .llvmir integration
type: feature
file: kernels
desc: optimized 0x80 handling; +3.6% speed in combinator- and hybrid-attack
type: feature
file: host programs
desc: added support for Virtual OpenCL (VCL) Cluster Platform VCL 1.15
cred: epixoip
type: feature
file: host programs
desc: added support for up to 128 GPUS
type: feature
file: host programs
desc: ported markov-attack from oclHashcat-lite v0.10
type: feature
file: host programs
desc: ported increment-mode from oclHashcat-lite v0.10
type: feature
file: host programs
desc: ported default-mask from oclHashcat-lite v0.10
type: feature
file: host programs
desc: ported -j and -k single rules from oclHashcat v0.27
type: feature
file: host programs
desc: allowed zero-length salts in the generic algorithms makes it more easy to exploit them
type: feature
file: host programs
desc: added next-dictionary-in-line feature to skip inefficient dictionaries on keypress
type: feature
file: host programs
desc: implemented base64 parser that would allow for dynamic salt lengths in nsldaps
type: feature
file: host programs
desc: worked around memory allocation limit, you can load twice as much hashes in multihash
type: driver
file: kernels
desc: added support for NVidia CUDA 5.0
type: driver
file: kernels
desc: added support for AMD APP SDK v2.7
type: driver
file: host programs
desc: added support for NVidia NVML library and got rid of nvidia-smi command
type: feature
file: host programs
desc: splitted --gpu-watchdog to --gpu-temp-disable and --gpu-temp-abort
type: feature
file: host programs
desc: added --gpu-temp-retain to try retain temperature at NUM degrees celsius
cred: m4tr1x
type: feature
file: host programs
desc: worked around AMD bug in clGetDeviceInfo() CL_DEVICE_MAX_CLOCK_FREQUENCY
cred: m4tr1x
type: change
file: host program
desc: updated exit status code, see status_codes.txt for details
cred: m4tr1x
type: feature
file: host programs
desc: backported --disable-potfile feature from hashcat v0.41
cred: m4tr1x
type: feature
file: host programs
desc: add ?a to built-in charsets as ?l?u?d?s
cred: m4tr1x
type: feature
file: host programs
desc: added fan-speeds to status display
type: bug
file: host programs
desc: fixed a bug in host program for WPA/WPA2 in -a 1, -a 6 and -a 7 mode
cred: bjorn
type: bug
file: kernels
desc: fixed a bug in kernel for WPA/WPA2 on AMD VLIW architecture leading to code not found
cred: DrGeek
type: change
file: contact.txt
desc: updated contact information (moved to freenode IRC)
length> length> length>
All informations are available here:
https://hashcat.net/forum/thread-1133.html
https://hashcat.net/oclhashcat-plus/
Summary of changes:
Added support for Catalyst 12.4.
Added support for CUDA 4.2.
Added backport of base SHA-512 algorithm.
SHA-512 is also the base hash of the Mac OSX v10.7 Lion hashes.
EULA changed.
New best64.rule from "The Best64 Challenge".
For this release, you *must* update to Catalyst 12.4
]]>]]>* changes v0.08 -> v0.09:
type: feature
file: kernels
cred: added -m 2811 = IPB 2.0, MyBB1.2type: feature
file: kernels
cred: added -m 3000 = LMtype: driver
file: kernels
desc: added support for AMD APP SDK 2.6type: driver
file: kernels
desc: added support for NVidia CUDA 4.1type: feature
file: kernels
desc: added support for AMD GPU's "Devastator" and "Scrapper"type: feature
file: kernels
desc: added support for AMD GPU's "Capeverde", "Pitcairn" and "Tahiti"type: feature
file: host programs
desc: backported --outfile-format from oclHashcat-plus v0.07type: feature
file: host programs
desc: backported --seperator-char feature from hashcat v0.38
cred: thorsheimtype: feature
file: host programs
desc: add support for passwords smaller length 4type: bug
file: host programs
desc: fixed issue with unaligned --pw-skip, did not auto-shutdown when 100% keyspace reached
cred: MrUltimatetype: bug
file: host programs
desc: fixed issue when using --pw-skip-plain in combination with --hex-charsettype: change
file: host programs
desc: changed default setting for CPU affinity: Linux unlocked, Windows unlockedtype: change
file: host programs
desc: ETA is now calculated regarding to configured value of --pw-skip and --pw-limit
cred: MrUltimatetype: change
file: host programs
desc: changed restore-timer default value to 60 due to GPU utilization issue
cred: MrUltimate, d-unknown, khempanhomtype: change
file: host programs
desc: EULA. Removed sections 2, 6, 8 and 9. Relaxed sections 3 and 7.
cred: hdmooretype: change
file: kernels
desc: renamed -m 1 to -m 10
desc: renamed -m 3 to -m 2600
desc: renamed -m 5 to -m 2611
desc: renamed -m 15 to -m 2711
desc: renamed -m 101 to -m 110
desc: renamed -m 600 to -m 101
desc: renamed -m 700 to -m 111
desc: renamed -m 1300 to -m 131
desc: renamed -m 2000 to -m 112
desc: renamed -m 2300 to -m 132type: change
file: rules
desc: redesigned usage screen
cred: http://hashcat.net/forum/thread-716.html
]]>...
MD5: hd5970 = 4940M/s, hd7970 = 8156M/s.
...
Conclusion: This card rocks, i am looking forward for the 7990!
http://hashcat.net/forum/thread-105-post-4034.html#pid4034
Join #hashcat on rizon for more.
]]>]]>* changes v0.06 -> v0.07:
type: speedups
file: kernels and host programs
desc: vBulletin< v3 .8.5: AMD hd5970 +5.20%, NV GTX580 +7.86%
desc: vBulletin> v3.8.5: AMD hd5970 +16.19%, NV GTX580 +5.93%
desc: IPB2, MyBB1.2: AMD hd5970 +14.83%, NV GTX580 +5.78%
desc: SHA1: AMD hd5970 +9.01%, NV GTX580 0.00%
desc: SHA256: AMD hd5970 +1.55%, NV GTX580 +4.21%
desc: md5crypt: AMD hd5970 +11.19%, NV GTX580 +2.83%
desc: md5apr1: AMD hd5970 +10.17%, NV GTX580 +1.73%
desc: NTLM: AMD hd5970 +3.43%, NV GTX580 0.00%
desc: DCC: AMD hd5970 +2.46%, NV GTX580 +0.33%
type: feature
file: kernels
desc: added -m 11 = Joomla
type: feature
file: kernels
desc: added -m 21 = osCommerce, xt:Commerce
type: feature
file: kernels
desc: added -m 121 = SMF > v1.1
type: feature
file: kernels
desc: added -m 122 = OSX v10.4, v10.5, v10.6
v
type: driver
file: kernels
desc: added support for AMD Catalyst 11.12 and AMD APP SDK 2.6
type: feature
file: kernels
desc: added support for AMD GPU's "Devastator" and "Scrapper"
type: feature
file: kernels
desc: added support for AMD GPU's "Capeverde", "Pitcairn" and "Tahiti"
type: feature
file: host programs and kernel
desc: backported combinator attack from oclHashcat v0.26
type: feature
file: host programs and kernel
desc: backported hybrid attack from oclHashcat v0.26
type: feature
file: host programs and kernel
desc: backported brute-force attack from oclHashcat-lite v0.08
type: feature
file: host programs
desc: backported --cpu-affinity from oclHashcat-lite v0.08
type: feature
file: host programs
desc: backported --outfile-format from oclHashcat-lite v0.08
type: feature
file: host programs
desc: added support for multirules (multiple -r parameters allowed)
cred: http://hashcat.net/forum/thread-703.html
type: improvement
file: rules
desc: added lots of minirules for multirule engine to rules/hybrid/
type: change
file: kernels
desc: renamed -m 5 to -m 2611
desc: renamed -m 9 to -m 2811
desc: renamed -m 15 to -m 2711
desc: renamed -m 600 to -m 101
desc: renamed -m 700 to -m 111
desc: renamed -m 1300 to -m 131
desc: renamed -m 2000 to -m 112
desc: renamed -m 2300 to -m 132
type: change
file: rules
desc: redesigned usage screen
cred: http://hashcat.net/forum/thread-716.html
type: bug
file: kernels
desc: fixed bug in WPA/WPA2 kernel if essid length >= 28
cred: http://hashcat.net/forum/showthread.php?tid=494
type: bug
file: host programs
desc: reenabled file-globbing on cmdline for windows
type: docs
file: bugs.txt
desc: added bugs file
v3> v3> v3> v3> v3> v3>
With them you will be able to combine an unlimited (as much ram you have) rules files.
http://hashcat.net/forum/thread-703-post-3472.html
]]>Hey Guys,
I wanted to give you a sneakpeak to the latest oclHashcat-plus feature coming with version 0.07.
This feature goes back to an suggestion from Hash-IT, see here: http://hashcat.net/forum/thread-645.html
Again, thanks for this!
Since no other cracker have this feature, I had to find a name for it.
I will call it "multirules".
Instead of just giving one -r parameter and a file, you can now add as many -r's as you want.
But they are not just appended (or executed in serial).
They are combined. Each rule of each rule-file is combined with each rule of each rule-file (see original post above to see the details).
]]>* changes v0.06 -> v0.07:
type: feature
file: kernels
desc: added support for AMD GPU's "Devastator" and "Scrapper"type: feature
file: kernels
desc: added -m 600 = nsldap, SHA-1(Base64), Netscape LDAP SHAtype: feature
file: kernels
desc: added -m 700 = nsldaps, SSHA-1(Base64), Netscape LDAP SSHAtype: feature
file: kernels
desc: added -m 1300 = MSSQL(2000)type: feature
file: kernels
desc: added -m 2300 = MSSQL(2005)type: feature
file: kernels
desc: added -m 2400 = Cisco-PIX MD5type: feature
file: kernels
desc: added support for vector datatypes on NV for better sm_21 utilizationtype: feature
file: host programs
desc: added support for mixed GPU types (example: hd5970 and hd6850)type: feature
file: host programs
desc: simplified --pw-skip and --pw-limit for more intuitive usuage, see hashcat wiki for detailstype: feature
file: host programs
desc: added --pw-skip-plain and --pw-limit-plain, user can specify a string instead of a numbertype: feature
file: host programs
desc: added support for setting CPU affinity. Defaults: Linux unlocked, Windows locked to CPU #1
cred: MrUltimatetype: feature
file: host programs
desc: added display of the mask in status screen
cred: tatgditype: feature
file: host programs
desc: added display of the hash in status screentype: feature
file: host programs
desc: changed restore-timer function. if set to 0, the restore-file is written instantly on progresstype: change
file: host programs
desc: changed restore-timer default value to 0type: change
file: kernels
desc: switched to AMD Accelerated Parallel Processing "APP" SDK v2.5type: change
file: host programs
desc: changed outfile-formats for more flexibility. default value is 3. see --help for more
cred: TheFiretype: change
file: host programs
desc: recalibrated defaults for gpu_accel and gpu_loops that kernels run fast but not to aggressivetype: change
file: host programs
desc: changed speed display compressing threshold from 10000 to 100000type: change
file: kernels
desc: removed kernel encryption. thus, archive file became smaller and startup-time reducedtype: bug
file: host programs
desc: fixed some typos in error messagestype: bug
file: host programs
desc: fixed bug in --gpu-async which was not enabled even if specifiedtype: bug
file: host programs
desc: fixed NVidia issue: cuStreamsynchronize() 700type: bug
file: host programs
desc: workarounded AMD issue: "100% CPU killer bug". Linux only, requires Catalyst >= 11.11type: bug
file: host programs
desc: workarounded AMD issue: ../../src/xcb_io.c:140: dequeue_pending_request
type: feature
file: kernels
desc: added support for "Devastator" and "Scrapper" GPU's
-
type: feature
file: host programs
desc: added support for mixed GPU types (example: hd5970 and hd6850)
-
type: feature
file: host programs
desc: if --restore-timer is 0, restore file is written on change instantly
-
type: change
file: host programs
desc: changed default value for --restore-timer to 0
-
type: change
file: kernels
desc: switched to Accelerated Parallel Processing "APP" SDK v2.5
root@sf:~/oclHashcat-lite-0.07# ./oclHashcat-lite64.bin -n 160 -1 ?l?d?s?u --pw-min 8 -m 0 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa ?1?1?1?1?1?1?1?1?1
oclHashcat-lite v0.7 by atom starting...
Platform: AMD compatible platform found
Watchdog: Temperature limit set to 90c
Device #1: Cypress, 512MB, 0Mhz, 20MCU
Device #2: Cypress, 512MB, 0Mhz, 20MCU
[s]tatus [p]ause [r]esume [q]uit => s
Status.......: Running
Hash.Type....: MD5
Time.Running.: 15 secs
Time.Left....: 6 days, 17 hours
Plain.Text...: ***aaaaa
Plain.Length.: 8
Speed.GPU.#1.: 5691.4M/s
Speed.GPU.#2.: 5692.7M/s
Speed.GPU.#*.: 11384.1M/s
Progress.....: 171547033600/6634204312890625 (0.00%)
HWMon.GPU.#1.: 99% GPU, 50c Temp
HWMon.GPU.#2.: 98% GPU, 47c Temp
As a side note, you don't need the SDK 2.5 since the new catalyst 11.11 includes it.
]]>I don't think that these numbers can say enough without any background story:
So, as you might notice i write as i where a member of any team, actually i took part in the contest as a member of team hashcat. Sadly i was very late and got in about 12 hours after the contest actually started and was quite overwhelmed by the challenges, hashes, websites, irc channels etc. It took me about an hour to actually get an overview and start working since i didn't know what the past 12 hours happened. There were a few issues and rumors about strange things that happened. The first to mention is that somehow hashcat.net went offline a few hours before the contest started, as by now there is no evidence of any attack but it's strange.
There are a few other things which i will mention later but now to the contest. The contest itself was about as you might guess hashcracking, yes! To be exactly it was about little more, 19 challenges and 20 lists of hashes with different encryption (mscash2, bf, phpass-md5, md5, md5_gen(28), bsdi, raw-sha512, mysql-sha1, md5_gen(23), md5_gen(22), des, md5_gen(12), ssha, mssql, oracle11, raw-sha1, md5_gen(16), phps, md5_gen(0), nt). The contest was not directly about to crack the most hashes since there where different weights for example one mscash2 got you 16000 points and one DES just 10. In addition to this lists there where the mentioned 19 challenges which included things like a encryped zip, rars, pdfs, docs and even a encrypted dmg file. Some of the challenges contained again hash lists.
So yea, that's about it. Back to the point as i got into the contest. The clock is running, already 12 hours past, hashcat is #1 on the leaderboard with about 5m points followed by john-users and insidepro. I am preparing myself to get started with special contest optimized versions of hashcat and an (i call it for now) special online management suite where the team could manage itself. I am looking at the cracked hashes and studying the left hash lists. Where to get started? Most of these hashes are not crackable with hashcat. As i take a loot back in the irc channel where the rest of the team hangs i notice rumors. "damn, why we have to use john?" followed by an "this is freaking slow!" and something like "john-users are catching up" gave me the hint that there is a problem. Of the 20 hashlists minga provided the minority could be cracked by hashcat with GPU acceleration. I decided to ignore this for now and try my luck on the left phpass, MD5-Unix and NTLM. A few hours went by in which i struggled with these lists. Only a couple of hashes every now and then. I'm trying to figure out what's the point, where did minga get the hashes, wich pattern, masks, dictionaries etc he used. Searching for patterns and masks in the already cracked hashes, wrapping my head around the challenges i notice resentment in the channel. The john users are ahead! Ok, now to the fridge, some more redbulls and coffees are necessary! Back at my computer i see that atom was awake again talking about the mscash2. It's 6 somewhat AM saturday, the contest is now up 21 hour and atom is deciding to implementing mscash2 in oclhashcat-plus. Yes, you don't read wrong, there is a about 27 hours left and he decides to pull out all his abillities and implement an algorythm he never used before! So ok, i'm thinking "the chance is not really huge that he can do this in time but if, it would be great" and sending atom "give it a shot".
The coffeein is kicking in and i go back to my work. Let's check my mac to see what the dmg cracking tool did. Hm..nothing, great. What are the left rar and zip files do? Nothing, no plain worked. Suxx...let's run a freaking bruteforce. Back to the hash lists. I have multiple machines running cpu and gpu jobs on several lists. 50 new NTLM, nice. upload. 5 new phpass. upload. 3 new MD5-Unix. upload. 2 hours work. Progress!
This can not be" i am saying to myself as i look at the results. "Where are the patterns we are missing?" asking the rest of the team. No one have a answer. "We are missing some importend clues!" i am saying to the team. "We know that there are correlations of patterns on every list, if we get on pattern on one list, the chance is huge that we get a more cracks on another".
I am looking at my latest cracks on MD5-Unix and phpass as i seem to discover a pattern. The obsession kicks in and i am working the next two hours on a dictionary. The words a combined patterns, like "mel", "and", "ina" etc. Let's put these all in a list and run a permutation attack on it. Yes, success. Quite a few hits. Gather the results use the expander on them and bam, some more hits. Take all the new gathered plains and check all the other hashlists with rules. And again more hits. Feeling good, but tired.
"Where is atom?" someone asks on irc. "Didn't see him for hours!" comes back. He is now gone for 6-7 hours. What's he doing? "atom> YEEEAAAAAAA" out of nowhere. "atom> got it!!!!". "atom> mscash2! but only for ati". "Ok well pretty damn good" i think "but since my one box with ATI died an hour ago i better keep my work on the challenges and hashes i am able to crack". With one eye following the team on the irc channel hyping the new beta and fetching mscash2 i am trying to point the other eye on other things. The challenges are still not done. And now suddenly team insidepro is ahead. Hopefuly the mscash2 will do it's work.
I am now about 30 hours awake and can't remember when i have eat last. Hm...let's take a break. Hm..all stores are closed and i have nothing good at home...too late for my favorite bistro...suxx...let's drive to McD. The burger tastes like nothing. Well, at least as expected. Back to work.
Let's see what happened. A fair amount of mscash2 more, nice! Our last update with the contest-system was a couple hours ago, we are still behind insidepro. Let's run another round with the new gained plains on mssql, MD5-Unix, phpass and NTLM. Bingo, a couple more. Upload. The admin starts the sync and i am looking at the contest table to check our progress. Yes! Back at the top! Back on the journey on finding the lost pattern. Discussing with the other members on what we haven't tried, what we should do and what minga might have done. "are the other teams listening?" maybe not. But well who knows.
"Let's put in another bruteforce, maybe if have luck and just relax a few minutes." Getting the jobs started and put in a Starcraft2 replay. Man, my back could take a few minutes off, better i lay done on the couch till the replay ends.
The was the last thing i remember after about 36 hours awake. I even don't know how the SC2 match ended or who played. I woke up 3 hours after the contest ended. It was somehow bitter to find team insidepro ahead because of the bonus points minga has given for the most cracked hashes in a list. It was really close, we missed 5 NTLM for the bonus.
]]>The contest started today at 0:00 PST. At this time the teams are working on the hashlists minga handed out!
Good Luck team Hashcat!
Update:
Live-Stats: http://contest.korelogic.com/stats.html
Check it out: http://hashcat.net/
]]>However, the changes will not be disclosed to public at least until atom gives a statement on the release date.
Be prepared!
]]>You may raise the main question of "what has changed?", simple answer alot!
As a mattereffect of not wanting to paste the whole changelog i simply put the following statement in front of this release: oclhashcat-plus will be the first GPGPU DES multihash cracker in the world!
So far so good. As soon as atom is willing to release it, i will write up a summary and conclusions of the changes.
Be prepared!
]]>The 0.04 suffered from two bugs in the restore function:
--restore-timer aborted oclHashcat
--restore was not using correct position
Here is a log of the user:
gpu-01 x86_64 # ./oclHashcat-lite64.bin -1 ?l?d?s?u --pw-min 8 --runtime 60 -n 800 -m 0 ffffffffffffffffffffffffffffffff ?1?1?1?1?1?1?1?1?1
oclHashcat-lite v0.3 starting...Platform: AMD compatible platform found
Watchdog: Temperature limit set to 90cMonitor1..: 99% GPU, 82c Temp
Monitor2..: 99% GPU, 81c Temp
Monitor3..: 99% GPU, 81c Temp
Monitor4..: 99% GPU, 80c Temp
Monitor5..: 99% GPU, 73c Temp
Monitor6..: 99% GPU, 78c Temp
Monitor7..: 98% GPU, 81c Temp
Monitor8..: 98% GPU, 75c Temp
Speed.GPU*: 45.7G/s
Credit go to user "login" for his beautiful rig: https://www.facebook.com/pages/TMTOdotORG/162988683720444?sk=wall
]]>- DES(Unix)
- MSSQL
- improved SL3 kernel
- Oracle 11G
As you see, atom again put a great amount of work into the new version. The support of the above mentioned algorythm lift oclhashcat-lite on a new level. For instance the new SL3 kernel brings a significant performance improve and should make a lot of the most new users happy. And of course the support for DES(Unix) of which atom was bothered since the beginning is a huge milestone.
These are just the big new features, there are plenty of little features and bugfixes that would blow this post, please take a look at the changes, it's worth it!
There is a new feature in the v0.04 that looks tiny and easily could unintentionally be skipped by most of the users but it is really powerfull and my brain imediatly started thinking as i heared about it. The feature i am talking about is the outfile-watchdog. This tiny feature forces hashcat to check the outfile every x seconds (60 by default) for found hashes and aborts the attack if the hash is found.
So, this doesn't sound very powerful at first but let me show you my thoughts. In the past you were able to distribute hashcat over several nodes by splitting the masks or by splitting the hashlist. If you split the mask you came across the problem that if one of your nodes found the hash, the other nodes would still continue it's attack until the hit the end of their mask.
There are a few projects out there that have a central webservice distributing the hashes and partial masks, with that you are now able to build your own fully automated cluster if you add a daemon that continuously fetches the found hashes in addition to the hashlist and masks. Imagine a fully automated and flexible cloud that you can control through a webinterface.
Just with a click you can create as many nodes as you want, add a hashlist and start an attack within minutes. This would be mindblowing on amazon if they would have AMD GPUs instead of Teslas. In a few words, this feature makes distributed environments so much more attractive!
Cheers to the users that build their own low-budget rigs. It makes us and especially atom really proud to the those pictures of homegrown gpu farmes!
http://hashcat.net/oclhashcat-lite/
Beware of the cat!
]]>Despite the release of the long expected version 0.02 lasts now only 5 days and still SL3 guys are flooding the channel and the forum with their attendance atom has decided to pull the trigger on a feature that oclhashcat users are awaiting for quite longer. DES(unix). It's the world first implementation of this algorithm on amd/ati GPU and indeed the world fasted!
Let's face the facts, these days for example the most popular cracker JTR is able to do about 3.5M/sec in DES(unix) on a slightly overclocked (2.66 GHz to 3.6 GHz) CPU. You can imagine that state of the art multi CPU machines with special compiled version of JTR can do much more and are much more expensive (one XEON MP X7550 will cost you about 2500 Eur, not to mention about the mainboard and ram) as you can see at JTR's wiki http://openwall.info/wiki/john/benchmarks.
Atom on the other side today showed us his FIRST example on erebus, you remember the box with 8x6970. His demonstration showed amazing results. Keep in mind that this is atom's first try without optimizations at all! I'm pretty courious how much he can optimize it.
Be prepared!
Enjoy:
http://hashcat.net/forum/thread-393.html
http://hashcat.net/oclhashcat-lite/
Example for two devices:
export DISPLAY=:0
aticonfig --pplib-cmd "set fanspeed 0 60"
export DISPLAY=:0.1
aticonfig --pplib-cmd "set fanspeed 0 60"
Thanks to d3ad0ne!
]]>I know we have a lot of new users from gsmhosting because of SL3 cracking. Welcome guys!
Before we get bombed with questions i decided to write a small howto.
Yes, the latest oclHashcat-lite is able to crack SL3! But please keep in mind oclHashcat-lite was not specially designed to crack SL3.
If you want an easy-to-use-one-click solution: buy one. There a diffrent commercial solutions out.
Ok, lets start:
AMD/ATI Users only: Get latest catalyst driver! Minimum 11.3. This step is absolutly neccessary otherwise you will not find the code and you will not get a error message!
Get oclHashcat-lite v0.2 from Homepage and unpack it
Open command shell window and cd to oclHashcat-lite installation directory
Get your hash (SHA1). Its a 40 char hex-encoded string and looks like this: 21B1E417AF2DE6496772BCC2FE33D2593A9BB7A0
Get your salt (IMEI). Its a 14 char hex-encoded string and looks like this: 35152304783734
Prepare your salt. Prepend and Append 00 to the salt like this: 003515230478373400
The following command starts oclHashcat-lite. Its a complicated looking string but its static, it does not change. The only thing that changes is your hash and your salt. The smart user put it into a .bat file!
Quote:
oclHashcat64.exe -m 101 -n 160 -1 00010203040506070809 --pw-min=15 --pw-max=15 --hex-charset --hex-salt --output-format=1 --output-file=out.txt 21B1E417AF2DE6496772BCC2FE33D2593A9BB7A0:003515230478373400 ?1?1?1?1?1?1?1?1?1?1?1?1?1?1?1
The linux command is exactly the same. I will explain the parameters so you know what you are doing:
-m 101: This sets the hash-type of oclHashcat-lite. SL3 uses the sha1($pass.$salt) scheme.
-n 160: This is the workload-amplifier and its the most important flag that controls the Performance of the program. If you want more speed, raise it. If you want less speed, lower it. This is if your desktop is lagging to much.
-1 00010203040506070809: This binds the charset to our custom charset 1. SL3 uses only a small charset of ten chars (0-9, binary encoded)
--pw-min=15 --pw-max=15: We want to crack a Password with length 15. SL3 Passwords have a static length: 15. If you do not specify it starts with length 4 and ends with length 15. Its good in password cracking but useless in SL3.
--hex-charset: Tells oclHashcat-lite that our charset is given in hex
--hex-salt: Tells oclHashcat-lite that our salt is given in hex
--output-format=1: This is important! Otherwise the output is ascii encoded and useless for SL3
--output-file=out.txt: This is where the cracked pass is stored to
21B1E417AF2DE6496772BCC2FE33D2593A9BB7A0:003515230478373400: The only thing that changes.
?1?1?1?1?1?1?1?1?1?1?1?1?1?1?1: its our "mask". 15 times ?1 (which ist custom charset 1 we bound before)
Of course there are a lot of options to optimize the attack, use it in distributed mode, restore sessions... Stuff like that.
Please play around a bit with it before asking Questions. Its really not that hard.
--
atom
You can download it at http://hashcat.net/oclhashcat-lite/
Cheers atom!
]]>It may be only hours till the new hashcat release, be prepared!
atom> AMD APP intends to deprecate the following as of SDK 2.5:
atom> ??? AMD CAL
atom> LOOOL
atom> they want to kick out CAL
UPDATE:
Atom released quick review on the new SDK.
]]>AMD APP SDK v2.4 released
Finally, they released it. The long awaited SDK that should patch all Bugs. Guess what: not a single Bug fixed!Here are the unresolved issues that are related to oclHashcat:
Most Important:
Quote:
The ATI Radeon™ HD 5970 GPU is currently supported in single-GPU mode only. It is recommended users only access the first device on an ATI Radeon™ HD 5970 GPU for GPU compute.Well this is a Problem for oclHashcat, but we have that hack, that hidden environment variable "GPU_USE_SYNC_OBJECTS". Using it we are able to utilize the 2nd GPU fully. It has been tested several times. It works fine. However its inofficial.
Semi Important:
bitselect() still not mapped to BFI_INT. Thats sad, would save me a lot of work. So that means i still have to hack the BFI_INT instructions into the binaries.
clGetDeviceInfo CL_DEVICE_MAX_CLOCK_FREQUENCY returns 0mhz, sometimes i've seen 1mhz. Its not listed in the in the release notes, but its still there.
Quote:
The OpenCL runtime currently exposes less than the total amount of memory physically available on the cardLast but not least, SDK v2.4 had something usefull:
Added support for BeaverCreek, Caicos, Turks and WinterPark GPUs.Some additionally notes from me. In the developer release notes they say:
Quote:
AMD APP intends to deprecate the following as of SDK 2.5:
– AMD CAL
– Support for the Windows XP platform
– BIF 1.0 (the binary format prior to SDK 2.2)All of the following points are interessting from our view:
Kick out CAL? I guess some guys in the GPGPU scene really do not like to read this! Just to name some of them: IGHASHGPU, KK, Fenix or calpp version of Pyrit base on it.
Kick out Windows XP support. Thats not so bad however i know some Hashcat users still use XP. Guys, upgrade to Win7 or Linux
Kick out BIF 1.0. Well thats a problem for oclHashcat. They all use the binary format. But I hope they stick at least to ELF. At least that means new releases of all oclHashcats after AMD releases SDK 2.5Also it seems they finally renamed that ATI to AMD in the SDK. That means, on Linux, you have to replace the files from the ICD registration on /etc/OpenCL/vendors. Remove the old ones and unpack the icd-registration.tgz in the SDK 2.4.
Thats all from my first impressions. However it will not prevent me from releasing oclHashcat-lite. I guess on weekend
--
atom
oclhachcat-lite64.bin --session site01.oclhc --restore
In the meantime a beta tester confirmed that hashcat pefroms well on the ATI 6990, no problems at all!
Another maybe even more interesting new part especially of the lite version is a protection against crackers. After a session with atom i came up with a way to protect hashcat against such hillarious things that happened two weeks ago. I don't want to go in the detail but, atom has adpted my advice, enhanced it, implemented it and gave it two "real" crackers to check if it would work. One of the crackers couldn't do the job and the other one sayed that he just had a little luck. The one that got it gave the last hint to make it really hard for others to copy this piece of software.
So long, if these guys out there are such good to get it, they should do some more constructive things instead!
Big thanks to the two guys that gave us their time!
]]>ERROR: clGetDeviceIDs() -1
- are you logged in as the user who has opened the X session?
- did you use "export DISPLAY=:0"?
- is your display manager configed correctly?
(gdm example config: http://www.sch0.org/gdm.conf )
- did you get the latest driver?
]]>Xanadrel_> Final result : only atom can use oclHashcat :D
So, here are some quick facts especialy for the SL3 community:
Q: When will atom release oclhashcat-lite?
A: As soon as the new stream SDK is available.
Q: How much speed do i get with oclhashcat-lite?
A: You will get 20% speed gain in average.
Q: How much does oclhashcat-lite cost?
A: Nothing.
UPDATE:
Q: does it support distributed cracking (multiple pcs)
A: yes, but you need to do it per hand, see blandys approach: http://md5decrypter.co.uk/projects.aspx
Q: can i run it with multiple gpus?
A: yes, but they need to be of the same type. for example: 2x5970 works, but not 1x5970 + 1x5870
Q: is it possible to restore a session?
A: yes
UPDATE 2:
Q: do i need to run the cards in SLI / CrossFire mode?
A: NO! In Fact, you need to remove the hardware bridges and disable it in CCC otherwise it will not work
d3adOne did a quick example SL3 run on his machine and captured it:
http://ob-security.info/files/sl3_run.avi
Here is a great article about an actual implementation: http://blog.renderstream.com/?p=1078
]]>The article: http://ob-security.info/?p=208
As an addition i'm glad to announce that d3ad0ne is now the proud holder of the world fastest hash cracking unit as you can see in this video: http://ob-security.info/files/oclhc-lite.avi
]]>Hello Guys,
today i got some bad news. It seems a oclHashcat-lite beta tester ripped me off and now sells his modified oclHashcat-lite version as a new SL3 unlocking solution. Needless to say this is clear violation of my EULA.
See here: http://forum.gsmhosting.com/vbb/f299/sl3...l-1235118/
To all potential customers: The beta version this guys sells is not working.
The version has Bugs. It will find your hash only sporadically. Chances are 50/50.
The version does not support restore at all.
He says it works on windows with hd5970. He is wrong. oclHashcat-lite bases on OpenCL but OpenCL support for hd5970 it not yet working on windows. It is known the 2nd GPU does not work, see AMDs driver compatibility List: http://developer.amd.com/gpu/AMDAPPSDK/p...ility.aspxIt makes no sense to sell it. oclHashcat-lite will be free for all when i release it. I did not yet release it because it is not finished. Now i have to think about the consequences of this violation. I feel myself deceived.
--
atom
The new processor is about 12% faster than the previous.
]]>The new GUI will support oclhashcat-lite as well and it's quite finish. Yet scandium and atom didn't arrange a release date. Maybe it will take place soon after the release of oclhashcat-lite.
]]>Check it out!
]]>$1 = ?l?d?u
$2 = ?l?d
$3 = ?l?d*!$@_
mask = ?1?2?2?2?2?2?2?3?3?3?3?d?d?d?d
This mask would produce output like this:
"Abcd123*!$@4567"
As a side node, it has the increment mode set as default and as matter effect it will start with e.g. "Aaaaa" and goes through the mask as the char space continues.
It's kind of needless to say that atom managed to gain performance improve. This time it's another 5% on every hash on all sm_20 cards. nVidia 580 on stock clock for example will give you 2260 M/s MD5.
The restore option is now implemented as well.
]]>As a conclusion oclhashcat-lite takes now about 45 seconds for the whole space of 6 chars on a 5970 at stock clock in NTLM!
He also finished his implementation of DCC and got a very nice performance improve of about 36% to 4608.1M/s from 3420M/s in oclhashcat v0.25.
To give that some extra spice he also finished increment mode support on salted hashes.
]]>Since the unique features of oclhashcat is the per position charsets it will automaticly use it in the default attack of the lite version. The masks are set like this:
?1 = "?u?l"
?2 = "?l?d@ "
mask = "?1?l?l?l?2?2?2?2?2"
This will produce output like this:
"Abcdx1 2@"
"Tommy 123"
Another new feature will be a "current"-line in the status output:
Status....: Running
Length....: 8
Mask......: ?1?2?2?2?2?2?2?3
Current...: **2jkisc
Speed.GPU*: 9500.3M/s
Progress..: 333692928000/5668341202944 (5.89%)
Running...: 35 secs
Estimated.: 9 mins, 21 secs
[s]tatus [p]ause [r]esume [q]uit =>
oclHashcat lite v0.01 = 10.1B on hd5970@770mhz
]]>The default attack of oclhashcat-lite will adress 5-8 chars!
]]>One of the first questions that popped out of my mind as atom told me about the lite version was what will be the "predefined" attack mode? So basicly it will be a mask attack with followng features:
- 8 chars (cause that will hit approximitly 90%)
- lower chars
- digest chars
- some symbols
He constructed this because this will take approxmitly 1 hour one an ATI 5970.
]]>]]>root@sf:~/oclHashcat-0.26# ./oclHashcat64.bin -m 1 74685d01e04319787bdbedcd07369d88:5iaM55xWHMXcasPkehTpZk1v3FtphPJA ?l?l?l?l?l?l?l?l
oclHashcat lite v0.1 starting...
Platform: ATI compatible platform found
Device #1: Cypress, 512MB, 0Mhz, 20MCU
Device #2: Cypress, 512MB, 0Mhz, 20MCU
74685d01e04319787bdbedcd07369d88:5iaM55xWHMXcasPkehTpZk1v3FtphPJA:paulchen
Status....: Finished
Length....: 40
Mask......: '?l?l?l?l?l?l?l?l' (208827064576)
Speed.GPU*: 9500.8M/s
Progress..: 108213043200/208827064576 (51.82%)
Running...: 11 secs
Started: Sun Feb 27 23:24:27 2011
Stopped: Sun Feb 27 23:24:40 2011
In this spirit there are plenty of news round about the fastest cracking tool in world. At first there is a relative great story to write about. Atom focused on optimizing as you all know that there a major improvements in the current beta v0.26 and there will be more till the release of the version.
As a side project he decided to fork a new branch out of the v0.26 and call it oclHashcat-Lite. This new branch will, as the name is telling, be focused on usability and lightwight handling so it's ultimate goal is to make it easier for beginner get good results.
There are some details on how this will be approached:
- All options of the main branch will be available but optional so that the user only has to submit the hash itself
- The core cracking method will be the extrem fast bruteforcer
- Addionally to the algorythms oclhashcat support at this moment there will be MD5 and SHA1 salted
Atom's work on main branch of oclHashcat v0.26 now is based on the thesis that it was still extremly fast on the one side but on the other there was pretty much potential left unused because of the worldlists. Now with bruteforce there are much optimizations to tune such as reversing.
Here are some numbers to point this out (single hash):
- SHA1 3B/s
- MySQL-old 50B/s
- MD5 again 50M/s faster to the previous world record of 9637 M/s and is now 9687 M/s
He told me that his whole work is at the moment based on ATI and his private opinion is that he would kick the nVidia support out of the codebase because the performance of ATI compared is outstanding. Fear the mighty and make him sacrifices! Don't be a fool, he doesn't drop nVidia support, he loves you guys no matter what card you use!
Stay tuned!
]]>To impress this here are the numbers of the benchmarks performaned on hd5970 at stock clocks:
- oclhashcat v0.26 9637 M/s
- ighashgpu v0.92.17.2 8561 M/s
- whitepixel-2 8275 M/s
VERY VERY INTERESTING: As addition i'm very proud to announce that atom found a weakness in SHA1 that exploitation will signifcantly improve the performance and will be implemented soon!
Benchmark of oclhaschat v0.26:
For more details take a look in the forum:
http://hashcat.net/forum/thread-309.html
http://hashcat.net/forum/thread-298.html
]]>type: bug
file: hashcat-cli
desc: crashes if using -a 1 or -a 2 in combination with a single rule
cred: shopeonarope
type: bug
file: hashcat-cli
desc: sse2 inefficiently used if using in -a 1 in combination with rules
cred: shopeonarope
type: bug
file: hashcat-cli
desc: rule K and @ were not working correctly
cred: d3ad0ne
type: bug
file: hashcat-cli
desc: rule i was not working correctly
cred: Tommie_c
type: improvement
file: hashcat-cli
desc: added new rule ".N", replaces char on pos N with char from pos N + 1
cred: d3ad0ne
type: improvement
file: hashcat-cli
desc: added new rule ",N", replaces char on pos N with char from pos N - 1
cred: d3ad0ne
type: improvement
file: hashcat-cli
desc: implemented new attack-mode 5 Table-Lookup Attack.
cred: d3ad0ne
type: improvement
file: hashcat-cli
desc: added -m 1600 = MD5(APR)
cred: atom
type: improvement
file: hashcat-cli
desc: added -m 1700 = SHA512
cred: atom
type: improvement
file: hashcat-cli
desc: added -m 1700 = SHA512(Unix)
cred: atom
type: improvement
file: hashcat-cli
desc: optimized performance of all double iterated attacks
http://hashcat.net/forum/thread-287.html
preview note: i managed to utilize the BFI_INT instruction on AMD GPU's 5xxx and 6xxx on oclHashcat v0.26 which gave a nice performance boost. afaik oclHashcat v0.26 is the first BFI_INT hacked OpenCL based program. here is a preview from a 4 x hd5970 rig:
MD5: 20.1B/s
SHA1: 11.1B/s
NTLM: 33.2B/si think this hack also make oclHashcat the worlds fastest SHA1 single hash cracker.
To give a little descriptions, BFI_INT is an opcode of the GPU that is not available in the compiler. Atom made a permutable kernel that builds and patches itself at the runtime to be able to use the opcode!
]]>more details are following as soon as they are public.
]]>The actual record setter is d3ad0ne with a box that contains 8 GTX.
Here are the stats:
oclhashcat multihash MD5 hybrid 10,8 B/s
(i will write up the exact parameters for the test to make a proper benchmark)
]]>To the performance:
oclhashcat+ multihash NTLM rulebased 11,3 B/s
oclhashcat multihash MD5 hybrid 9,8 B/s
(both against 500k hashes)
oclhashcat takes about 7,5 days for the full space of -1 ?l?d?s?u ?1?1?1?1 ?1?1?1?1
Here is a pic of this sick box:
]]>http://hashcat.net/oclhashcat+/
http://ob-security.info/?p=211
http://hashcat.net/forum/thread-213.html
MD4 based (NTLM, DCC, ...):
1 hash: v0.34 = 9.64M/s, v0.35 = 11.06M/s = + 12.8%
2 hash: v0.34 = 6.70M/s, v0.35 = 6.84M/s = + 2.0%
MD5 based (MD5, md5crypt, phpass, ...):
1 hash: v0.34 = 7.27M/s, v0.35 = 9.05M/s = + 19.6%
2 hash: v0.34 = 5.43M/s, v0.35 = 6.04M/s = + 10.0%
SHA1 based (SHA1, MYSQL4, ...):
1 hash: v0.34 = 4.99M/s, v0.35 = 5.25M/s = + 5.0%
2 hash: v0.34 = 4.06M/s, v0.35 = 4.09M/s = + 0.8%
cheers atom!
]]>If you get the following:
ERROR: clGetPlatformIDs() -1001
your GPU probably isn't supported.
to be continued..
]]>Congratz Atom!
]]>We developed such a system. It's called meshU. It isn't perfect at it's current stage but it can bring you the online vs real world experience that you deserve! We are activly developing and releasing new versions every few weeks. We would be proud if you and your friends try it and tell us your thoughts!
http://www.go-meshu.com/
iPhone: http://itunes.apple.com/us/app/meshu/id390095041?mt=8
Android: market://search?q=pname:com.meshu
Facebook: http://www.facebook.com/apps/application.php?id=119290231432136
http://itunes.apple.com/us/app/meshu/id390095041?mt=8
itunes: itms://itunes.apple.com/us/app/meshu/id390095041?mt=8
http://www.go-meshu.com/
http://www.facebook.com/apps/application.php?id=119290231432136
sed -i s/lenny/squeeze/ /etc/apt/sources.list
aptitude update
aptitude install linux-image-2.6-686
(the arch of your kernel may differ)
--- reboot ---
aptitude full-upgrade
]]>Update: 09/08/10
Apple noticed us that the iPhone app is now under review.
congrats team hashcat!
https://contest.korelogic.com/team_hashcat.html
http://www.backtrack-linux.org/backtrack/crack-me-if-you-can-defcon-2010-password-cracking-challenge/
http://www.youtube.com/watch?v=AdUdCNJ901k
http://hashcat.net
This app allows you to connect your facebook profile with your real time location. You can share your location and watch where your friends are and if there are poeple online near you.
The web client for browsers gets your geolocation through browser api (IP based, accuracy depends on your provider). That's just to give users without smartphones the ability to use it. You will be able to choose between privacy modes e.g. public, friends, private (select who should see your location). The backend is at a matured beta stage, the mobile clients for iphone, android and windows mobile are in work and should be ready soon.
If you want to try it, you will in first place just see yourself on the map unless one of your friends will use it as well.
Update:
went live with the web client: http://www.go-meshu.com.
]]>Windows Server Backup.
-in case of a complete desaster recovery insert the windows 2008 dvd, go for the recover mode and select the image
-in case of a db failure or lost mailbox:
-restore the database files out of the image ()
-create recovery database: New-MailboxDatabase -Recovery -Name "RDB" -Server WIN2008R2 -EdbFilePath "C:\EDBRestore\MailboxDB.edb" -LogFolderPath "C:\EDBRestore"
-replay the log files: "cd EDBRestore ; ESEUTIL /R E00 /I /D" (to get the DB to a clean shutdown state use "Eseutil /mh MailboxDB.edb")
-mount the database: Mount-Database RDB
-restore a lost mailbox: Restore-Mailbox -recoverymailbox lostmailbox -Identity lostmailbox -TargetFolder "Restore" -RecoveryDatabase "RDB"
(Detailed steps: http://blog.chrislehr.com/2009/10/exchange-2010-recovery-scenario-1.htm)
Windows Server Backup complete Image backup should be a consistent state within a DAG.
-Suspend-MailboxDatabaseCopy DB1\SRV14 -SuspendComment "backup break" -Confirm:$false
-vssadmin create shadow /For=C:\mountpoints\db01
-vssadmin create shadow /For=C:\mountpoints\db01_logs
-eseutil.exe /r /e00 /a
-Resume-MailboxDatabaseCopy DBs1\EX3
Replication-delay within a DAG.
archive-mailbox (requires enterprise cals)
Single Item Recovery: http://msexchangeteam.com/archive/2009/09/25/452632.aspx
Databse-Recovery with DPM 2010
-create new recovery database (new-mailboxdatabase -name "RDB" -recovery)
-select the state in dpm you want to recovery
-select the exchange and the recovery-db
-go for it
-as a side node, the bad thing about this is that this will recover the whole database
-Finally you can export the mailbox you need from the Exchange console.
(-New-ManagementRoleAssignment -Role "Mailbox Import Export" -User administrator)
-Get-MailboxStatistics -Database RDB
-restore-Mailbox -recoverymailbox john@contosoc.com -Identity john@contoso.com -TargetFolder "Restore" -RecoveryDatabase "RDB"
Query completequery = new Query()
{
Where = new Where(GetWhereElement(node, field, BeginsWith)), // custom method
OrderBy = new OrderBy(new FieldRef(field.InternalName)) // custom method
};
SPQuery query = new SPQuery(!string.IsNullOrEmpty(ViewID) ? list.Views[new Guid(ViewID)] : list.DefaultView);
query.Query = completequery.ToString();
return list.RenderAsHtml(query);
Indeed it was clear that the query failed if the statement in it had more then 160 interlaced ORs in it. The SQL-Server says "no thank's" at this point, what is definitly legitimate. So...to work arround that problem i first had to figure out that CAML is really really "special" and not really smart. After a few hours of headaches i switched over to do the stuff manually and build the list by hand.
]]>Here you can view the thread on the support forum:
http://forums.citrix.com/thread.jspa?messageID=1453176�
In my case the uninstall failed again and again with more different kind of errors, e.g. i had to give him the mapi32.dll and pttrace.dll again (just copied it to system32 from the old sp2-setup).
]]>1. Go to Control Panel - Administrative Tools - Local Security Policy
2. Select Local Policies - Security Options
3. Change the "Network: LAN Manager authentication level" to "Send LM & NTLM respones"
watch it here: http://www.youtube.com/watch?v=Sxa0JTJ29II&fmt=22
]]>It took me quite some time of investigation to figure out that this was the problem. It was quite hell and really annoying since there doesn't appear any error in any of the logfiles and the worst part is that you are able to see the iso images in your xen center, only your vm isn't able to access the content.
]]>On my customer wanted to use a tape drive in a vm for backup propose. Yes, you are right, basicly it's a bad idea to attach external devices to a vm...but you all know customers. :)
So, as Xen Enterprise doesn't support scsi passthrough i in first place tought about some scsi-to-ip-bridge wich are available but are not that cheap. But, if such a device can do that job, why not just create a iscsi target that does it?
I figured out that this wasn't quite that hard to configure and with the help of a nice guy who put a howto together it fitted quite fast.
First you have to get the DDK of your XenEnterprise version.
Second step would be to get and compile ietd with the rawio patch.
At last would be to copy the compiled ietd over to the dom0, install and configure it to give access to the scsi-device.
Here is the link to the complete howto: http://www.wlug.org.nz/XenNotes
]]>Status of rbl.cluecentral.net: DEAD
Status of blackholes.us: DEAD
Status of vox.schpider.com: DEAD
Status of bl.open-whois.org: DEAD
We are happy to announce that Exchange 2010 is Code Complete! Our senior leadership team has signed off on the final code, and it has been sent to our early adopters for one final look before its public release. This Release to Manufacturing (RTM) milestone means we are on our way to general availability and the launch at Tech·Ed Europe 2009 (http://www.microsoft.com/europe/teched/) in early November.
For those of you attending Tech·Ed in Berlin this year, be sure to check out the Unified Communications track, which is packed with technical content on Exchange 2010. And be sure to visit us at the Exchange product booth in the Exhibition Hall and let us know what you think of the product. Crystal Flores, who interviewed some of you on video at Tech·Ed North America earlier this year, will be on-hand in Berlin in a few weeks, armed with a camera and interview questions. A group of us are also marching to Las Vegas for Exchange Connections the same week where our fearless leader Rajesh is giving the keynote.
We hope to see you in Berlin or Vegas, but if you can't join us in person, tune in via the Web (www.thenewefficiency.com) to be part of the launch.
- The Exchange Team
]]>they used a model that i've thought about, too. sender and reciever in the swarm don't know about each other directly, all traffic is rewrited through peers. i got instead a little more in the detail and would have the sender dynamicly connected to the last known peers before the reciever. this would also assure that the connections trough the swarm would change on and on again so that no 'synthetic bottleneck' and or "big route hosts" will appear.
]]>I'm waiting for Exchange 2010 with the new clustering features. Hope the installation went good for the most of you who have clustered setups of ex07...
]]>my feelings during this process are bouncing between tiredness to aggression to frustation...kind of sad...
]]>If you get something like that:
W: GPG error: http://security.debian.org etch/updates Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 9AA38DCD55BE302B
W: GPG error: http://ftp.debian.org etch Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 9AA38DCD55BE302B
W: GPG error: http://updates.xensource.com etch Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 841D6D8DFE3F8BB2
W: You may want to run apt-get update to correct these problems
you have to update your keyrings.
For the debian mirrors:
apt-get install debian-archive-keyring
And for the xen mirrors (current v 5.5):
wget -q http://updates.vmd.citrix.com/XenServer/5.5.0/GPG-KEY -O- | apt-key add -
The small elegant path consists of following steps:
- create a Windows VM
- install Powerchute UPS Management Suite on it and connect it to your UPS
- install the Xencenter
- create a bat that conatains:
c:\xe\xe -s masterserver -u root -pw rootpw vm-shutdown vm=vm
c:\xe\xe -s masterserver -u root -pw rootpw host-disable host=masterserver
c:\xe\xe -s masterserver -u root -pw rootpw host-shutdown host=masterserver
(remember not to shutdown the "management"-vm that runs the script, just the otherswich my contain e.g. sql server)
- go to the management interface
- create a event on battery discharge e.g. and add the bat file there
- be happy
I give the update a try at the weekend and will update this post with my experience as soon as possible.
]]>!!! Caution !!!
Keep in mind that this is a 'hack'. If you use this, it's on you on your own risk.
If you update your installation, this changes may be overwritten and you will have to do this again.
In first place you have to setup a development environment, or in other words install exactly the same system in a local vm.
Then you have to install two dev packages:
conary update rmake conary-build
The cvc command should now be available, if not the python script is located under /usr/lib/python2.4/site-packages/conary
Now install the following packages, wich are requiered to build quota:
conary update binutils:devellib debugcedit:runtime e2fsprogs:devel elfutils:runtime gcc:devel gcc:devellib gcc:lib gcc:runtime gettext:runtime glibc:devel glibc:devellib libgcc:devellib patch:runtime tcp_wrappers:devel
If you got that, add a new user for the compile action or just give the user rmake a shell, su into the user and check out quota:
cvc checkout quota
Now open the recipe and add the following to configure: --enable-rpcsetquota=yes
Finally start the cooking:
cvc cook quota/quota.recipe
If no error appears you should get the build under: /srv/rmake/conary/builds/quota/
Test it and make your it has the -S option avaiable, then you can copy it to your production system.
]]>I had to dig very deep and at the end a mix of the following steps helped me trough:
- given rights to all kind of system users, since the setup only ran as user SYSTEM
- debugging the web.config of the central administration virtual host since there were error in the eventlog that some controls couldn't be loaded
- create a site collection (i have tried hours without one, since i had realised that the setup will add the feature in the created site collection when it has approriate rights, i was sure that there was a issue with privilegs)
- disable IE-autologon and log back in the central administration with an enterprise admin account
- install the cumulative update for SQL 2008 (http://support.microsoft.com/kb/956717)
Now i got the Reporting Services configuration section in my central administration but when i try to connect it to database ("Grant Database Access") it tells "Unable to connect to the Report Server WMI provider."
Update:
I have figured out that there was a problem with the service account, he couldn't use keberos against the domain. To solve the last issue you have to set the SPN on a DC and set the Authenticationprovider to NTLM on the Reportserver.
DC:
setspn.exe -a http/IIS_computer's_NetBIOS_name DomainName\UserName
setspn.exe -a http/IIS_computer's_FQDN DomainName\UserName
Reportserver:
cscript adsutil.vbs set w3svc/NTAuthenticationProviders "NTLM"
Now you are able to auth on your Reportserver on any URL not only at localhost.
Update2:
To go more in detail, you need to add the spn for both servers (the sharepoint frontend and the reporting server backend). Then your authentication should work.
A little summery of the steps:
- install 2 Openfiler nodes with your drive-setup
- create two DRBD devices (one for the metadata and the other for the data itself)
- configure Hearbeat
- change the location of the important configuration files to the metadata-DRBD-device via symlinks
- create a volumegroup
- create your shares
A very detailed and nice howto can be found here: http://www.howtoforge.com/installing-and-configuring-openfiler-with-drbd-and-heartbeat
]]>Detailed description is available here: http://technolochief.wordpress.com/2008/11/28/shrink-vhd-files-in-microsoft-virtual-pc-2007/
]]>Now i'm waiting to get access to the target from microsoft wich is available as addon for the windows server datacenter edition that definitly should support PR. The problem with this that it's only available for partners and OEMs.
]]>I took some time for myself, so nothing interessing to report so far. But it's a new year and there will be new bugs...
This year started glorious with a servercrash at my hoster and thereforce i have to spend some time on less interessting things.
How ever, i wish you more luck with your problems than i had!
]]>Another boring problem that wasted my weekend.
]]>The only workaround if've got so far is to install the old 4.1 version add the ISO library and upgrade it to 5.0, then it will work as intended.
I'm in contact with the support team and will update you as soon as possible.
]]>