oclHashcat 101 (by d3ad0ne via ob-security.info)

Introduction:

The world of GPU hash crackers is not a very large one.  The list gets smaller when you consider the ones that support mutilhash, or dictionary attack. The list shrinks even further when you consider those that are free, work in both Linux or Windows and support both Nvidia, and ATI. Well really that only leaves one, oclHashcat(oclhc for short). oclhc originally started as a CUDA only tool called ‘Combination CUDA’. The original concept at the time was not to create another bruteforce tool, but instead to pioneer as the first GPU based dictionary cracker. As the project grew it was moved to a platform that was supported by more than just Nvidia, thus oclhc was born. The ocl in oclHashcat stands for Open Computing Language, and was a method for utilizing the two major GPU platforms using a single programming language. In this article I’ll be covering some simple concepts as well as very basic command line syntax.

Methods:

oclhc is centered around the idea of a left and right side. It’s an aspect of oclhc that some people struggle with initially, so it’s helpful to have a good understanding of it. Here is an examples of simple command line syntax.

1. # ./oclhashcat32.bin -m 0 hashlist.txt dict1.dic dict2.dic

The only switch used is -m 0, which indicates mode MD5. Next is hashlist.txt this is our sample hash list, and finally our left and right side objects. Had it been up to me I would have used the phrase base and modifier, rather then left and right. On the back end the left and right side are really just nested loops. A base word is bundled with an array of modifier words and sent to the GPU to be combined before being converted to a hash. For example imagine our two dictionaries dict1.dic and dict2.dic contained the following:

Dict1.dic Dict2.dic
pass tigger
abc1 baby
love angel
cat loveme
qwerty hate
12345 hello

Using our example dictionaries these are the combinations that we would have:

passtigger passbaby passangel passloveme passhate passhello
abc1tigger abc1baby abc1angel abc1loveme abc1hate abc1hello
lovetigger lovebaby loveangel loveloveme lovehate lovehello
cattigger catbaby catangel catloveme cathate cathello
qwertytigger qwertybaby qwertyangel qwertyloveme qwertyhate qwertyhello
12345tigger 12345baby 12345angel 12345loveme 12345hate 12345hello

Another aspect of oclhc is that it also supports mask. Mask are positional wild cards. Here is a list of the available mask:

?l = abcdefghijklmnopqrstuvwxyz
?u = ABCDEFGHIJKLMNOPQRSTUVWXYZ
?d = 0123456789
?s =  !”#$%&’()*+,-./:;<=>?@[]^_`{|}~
?h = ISO-8859 characters from 0xc0 – 0xff

An example using a mask with a dictionary would be as follows:

2. # ./oclhashcat32.bin -m 0 hashlist.txt dict1.dic ?d?d?d?d

In this example every word in our sample dictionary dict1.dic would be combined with every combination of 4 character digits (0000-9999). This would be 60,000 combinations, 6 dictionary words * 10,000 digit combinations.

Mask can be used on the left and right side or both, in any combination:

3. # ./oclhashcat32.bin -m 0 hashlist.txt ?l?l?l?l ?d?d?d?d

This would give us every combination of 4 lowercase letters combined with every 4 character digit. aaaa-zzzz * 0000-9999. This would give us 456,976 * 10,000 = 4,569,760,000 combinations.

Conclusion:

To some this may have been a little simplistic, to others it may have filled in the gaps. But the fact is that we all have to start somewhere. The best thing to do is to experiment with different options. oclhc comes with a example.hash file you can use to play with or you can download this one that can be used with -m 0. There is also an examples.txt file located in the docs/ folder that has several examples. In the next article I’ll be covering how to use rules, character sets, and the increment switch as well as some of the different switches and modes.

oclHashcat download

 

Original post: http://ob-security.info/?p=56

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s