trustedsec / hate_crack Goto Github PK

A tool for automating cracking methodologies through Hashcat from the TrustedSec team.

Python 96.32% Perl 3.68%

hate_crack's Introduction

  ___ ___         __             _________                       __    
 /   |   \_____ _/  |_  ____     \_   ___ \____________    ____ |  | __
/    ~    \__  \\   __\/ __ \    /    \  \/\_  __ \__  \ _/ ___\|  |/ /
\    Y    // __ \|  | \  ___/    \     \____|  | \// __ \\  \___|    < 
 \___|_  /(____  /__|  \___  >____\______  /|__|  (____  /\___  >__|_ \
       \/      \/          \/_____/      \/            \/     \/     \/

Installation

Get the latest hashcat binaries (https://hashcat.net/hashcat/)

OSX Install (https://www.phillips321.co.uk/2016/07/09/hashcat-on-os-x-getting-it-going/)

mkdir -p hashcat/deps
git clone https://github.com/KhronosGroup/OpenCL-Headers.git hashcat/deps/OpenCL
cd hashcat/
make
make install

Download hate_crack

git clone https://github.com/trustedsec/hate_crack.git

Customize binary and wordlist paths in "config.json"
Make sure that at least "rockyou.txt" is within your "wordlists" path

Create Optimized Wordlists

wordlist_optimizer.py - parses all wordlists from <input file list>, sorts them by length and de-duplicates into <output directory>

usage: python wordlist_optimizer.py <input file list> <output directory>

$ python wordlist_optimizer.py wordlists.txt ../optimized_wordlists

Usage

$ ./hate_crack.py usage: python hate_crack.py <hash_file> <hash_type>

The <hash_type> is attained by running hashcat --help

Example Hashes: http://hashcat.net/wiki/doku.php?id=example_hashes

$ hashcat --help |grep -i ntlm
   5500 | NetNTLMv1                                        | Network protocols
   5500 | NetNTLMv1 + ESS                                  | Network protocols
   5600 | NetNTLMv2                                        | Network protocols
   1000 | NTLM                                             | Operating-Systems

$ ./hate_crack.py <hash file> 1000

  ___ ___         __             _________                       __    
 /   |   \_____ _/  |_  ____     \_   ___ \____________    ____ |  | __
/    ~    \__  \\   __\/ __ \    /    \  \/\_  __ \__  \ _/ ___\|  |/ /
\    Y    // __ \|  | \  ___/    \     \____|  | \// __ \\  \___|    < 
 \___|_  /(____  /__|  \___  >____\______  /|__|  (____  /\___  >__|_ \
       \/      \/          \/_____/      \/            \/     \/     \/
                          Version 1.09
  

	(1) Quick Crack
	(2) Extensive Pure_Hate Methodology Crack
	(3) Brute Force Attack
	(4) Top Mask Attack
	(5) Fingerprint Attack
	(6) Combinator Attack
	(7) Hybrid Attack
	(8) Pathwell Top 100 Mask Brute Force Crack
	(9) PRINCE Attack
	(10) YOLO Combinator Attack
	(11) Middle Combinator Attack
	(12) Thorough Combinator Attack
	(13) Bandrel Methodology

    (95) Analyze hashes with Pipal 
	(96) Export Output to Excel Format
	(97) Display Cracked Hashes
	(98) Display README
	(99) Quit

Select a task:

Quick Crack

Runs a dictionary attack using all wordlists configured in your "hcatOptimizedWordlists" path and optionally applies a rule that can be selected from a list by ID number. Multiple rules can be selected by using a comma separated list, and chains can be created by using the '+' symbol.

Which rule(s) would you like to run?
(1) best64.rule
(2) d3ad0ne.rule
(3) T0XlC.rule
(4) dive.rule
(99) YOLO...run all of the rules
Enter Comma separated list of rules you would like to run. To run rules chained use the + symbol.
For example 1+1 will run best64.rule chained twice and 1,2 would run best64.rule and then d3ad0ne.rule sequentially.
Choose wisely:

Extensive Pure_Hate Methodology Crack

Runs several attack methods provided by Martin Bos (formerly known as pure_hate)

Brute Force Attack (7 characters)
Dictionary Attack
- All wordlists in "hcatOptimizedWordlists" with "best64.rule"
- wordlists/rockyou.txt with "d3ad0ne.rule"
- wordlists/rockyou.txt with "T0XlC.rule"
Top Mask Attack (Target Time = 4 Hours)
Fingerprint Attack
Combinator Attack
Hybrid Attack
Extra - Just For Good Measure
- Runs a dictionary attack using wordlists/rockyou.txt with chained "combinator.rule" and "InsidePro-PasswordsPro.rule" rules

Brute Force Attack

Brute forces all characters with the choice of a minimum and maximum password length.

Top Mask Attack

Uses StatsGen and MaskGen from PACK (https://thesprawl.org/projects/pack/) to perform a top mask attack using passwords already cracked for the current session. Presents the user a choice of target cracking time to spend (default 4 hours).

Fingerprint Attack

https://hashcat.net/wiki/doku.php?id=fingerprint_attack

Runs a fingerprint attack using passwords already cracked for the current session.

Combinator Attack

https://hashcat.net/wiki/doku.php?id=combinator_attack

Runs a combinator attack using the "rockyou.txt" wordlist.

Hybrid Attack

https://hashcat.net/wiki/doku.php?id=hybrid_attack

Runs several hybrid attacks using the "rockyou.txt" wordlists.
- Hybrid Wordlist + Mask - ?s?d wordlists/rockyou.txt ?1?1
- Hybrid Wordlist + Mask - ?s?d wordlists/rockyou.txt ?1?1?1
- Hybrid Wordlist + Mask - ?s?d wordlists/rockyou.txt ?1?1?1?1
- Hybrid Mask + Wordlist - ?s?d ?1?1 wordlists/rockyou.txt
- Hybrid Mask + Wordlist - ?s?d ?1?1?1 wordlists/rockyou.txt
- Hybrid Mask + Wordlist - ?s?d ?1?1?1?1 wordlists/rockyou.txt

Pathwell Top 100 Mask Brute Force Crack

Runs a brute force attack using the top 100 masks from KoreLogic: https://blog.korelogic.com/blog/2014/04/04/pathwell_topologies

PRINCE Attack

https://hashcat.net/events/p14-trondheim/prince-attack.pdf

Runs a PRINCE attack using wordlists/rockyou.txt

YOLO Combinator Attack

Runs a continuous combinator attack using random wordlists from the optimized wordlists for the left and right sides.

Middle Combinator Attack

https://jeffh.net/2018/04/26/combinator_methods/

Runs a modified combinator attack adding a middle character mask: wordlists/rockyou.txt + masks + worklists/rockyou.txt

Where the masks are some of the most commonly used separator characters: 2 4 - _ , + . &

Thorough Combinator Attack

https://jeffh.net/2018/04/26/combinator_methods/

Runs many rounds of different combinator attacks with the rockyou list.
- Standard Combinator attack: rockyou.txt + rockyou.txt
- Middle Combinator attack: rockyou.txt + ?n + rockyou.txt
- Middle Combinator attack: rockyou.txt + ?s + rockyou.txt
- End Combinator attack: rockyou.txt + rockyou.txt + ?n
- End Combinator attack: rockyou.txt + rockyou.txt + ?s
- Hybrid middle/end attack: rockyou.txt + ?n + rockyou.txt + ?n
- Hybrid middle/end attack: rockyou.txt + ?s + rockyou.txt + ?s

Bandrel Methodology

Prompts for input of comma separated names and then creates a pseudo hybrid attack by capitalizing the first letter and adding up to six additional characters at the end. Each word is limited to a total of five minutes.
- Built in additional common words including seasons, months has been included as a customizable config.json entry
- The default five minute time limit is customizable via the config.json

Version History

Version 1.9 Revamped the hate_crack output to increase processing speed exponentially combine_ntlm_output function for combining Introducing New Attack mode "Bandrel Methodology" Updated pipal function to output top x number of basewords

Version 1.08 Added a Pipal menu Option to analyze hashes. https://github.com/digininja/pipal

Version 1.07 Minor bug fixes with pwdump formating and unhexify function

Version 1.06 Updated the quick crack and recylcing functions to use user customizable rules.

Version 1.05 Abstraction of rockyou.txt so that you can use whatever dictionary that you would like to specified in the config.json Minor change the quickcrack that allows you to specify 0 for number of times best64 is chained

Version 1.04 Two new attacks Middle Combinator and Thorough Combinator

Version 1.03 Introduction of new feature to use session files for multiple concurrent sessions of hate_crack Minor bug fix

Version 1.02 Introduction of new feature to export the output of pwdump formated NTDS outputs to excel with clear-text passwords

Version 1.01 Minor bug fixes

Version 1.00 Initial public release

hate_crack's People

Contributors

Stargazers

Watchers

Forkers

pentest30 cephurs gavz w00t3k qsdj pentestingtools clicknull shellgh05t firefalc0n ro9ueadmin cclauss incredibleindishell walexzzy minkione awesome-security techlord-rce samyoyo 0thm4n3 m41doror slowmistio himdar reconvillage1 ykankaya methos2016 gdraperi ashr architaa 1nd0 shantanu561993 peterg75 denisse-dev mlynchcogent r3dfruitrollup jbarcia dothanthitiendiettiende flywithoutwings howtoblind riviera12345 spoonman1091 alpha0king brianheeseis elykoel zard777 theanalyz3r 0x4e38 epheandrill wizard2773 ip-2014 seabreg watchmaker40 mcjon3z ritter0715 8l4nk dlat jrodriguez556 ellerbrock unsecureio sgachies raystyle catrebel 0xbadca7 rulzgz aryanrtm analyticsearch kellermannrobert dannymas strunz983 c002 yazidshil xstpl hackern0v1c3 dougray m00zh33 bbhunter yqyunjie balancedstate ara2104 wzdiyb jinnu92 kmackinley mother2110 liufeng-take oneplush rainbowspec generalzero superf0sh th-watch3r llenroc gnebbia sarmadbytes raimundojimenez acealchemycyberblaze cjsatuforc mspicer w1ck3dth1ngs offshores kylesmithit faidamine vinhjaxt oueldz4

hate_crack's Issues

Any chance of a Windows Python port for us poor folks stuck on a Windows base platform?

Pretty please?

:-)

Yours Hopefully,
SS.

Top Mask Attack - Mask Generation Fails

Running into the following issue. Let me know what other info I can provide:

python hate_crack.py /root/ntlm.txt 1000


  ___ ___         __             _________                       __
 /   |   \_____ _/  |_  ____     \_   ___ \____________    ____ |  | __
/    ~    \__  \\   __\/ __ \    /    \  \/\_  __ \__  \ _/ ___\|  |/ /
\    Y    // __ \|  | \  ___/    \     \____|  | \// __ \\  \___|    <
 \___|_  /(____  /__|  \___  >____\______  /|__|  (____  /\___  >__|_ \
       \/      \/          \/_____/      \/            \/     \/     \/
                          Version 1.06

PWDUMP format detected...
Parsing NT hashes...
Parsing LM hashes...
LM hashes identified. Would you like to brute force the LM hashes first? (Y) N

        (1) Quick Crack
        (2) Extensive Pure_Hate Methodology Crack
        (3) Brute Force Attack
        (4) Top Mask Attack
        (5) Fingerprint Attack
        (6) Combinator Attack
        (7) Hybrid Attack
        (8) Pathwell Top 100 Mask Brute Force Crack
        (9) PRINCE Attack
        (10) YOLO Combinator Attack
        (11) Middle Combinator Attack
        (12) Thorough Combinator Attack

        (96) Export Output to Excel Format
        (97) Display Cracked Hashes
        (98) Display README
        (99) Quit

Select a task: 4

Enter a target time for completion in hours (4):
Traceback (most recent call last):
  File "/root/tools/hate_crack/PACK/statsgen.py", line 302, in <module>
    statsgen.print_stats()
  File "/root/tools/hate_crack/PACK/statsgen.py", line 197, in print_stats
    self.filter_counter * 100 / self.total_counter, self.filter_counter, self.total_counter)
ZeroDivisionError: division by zero
Traceback (most recent call last):
  File "/root/tools/hate_crack/PACK/maskgen.py", line 312, in <module>
    maskgen.generate_masks(sorting_mode)
  File "/root/tools/hate_crack/PACK/maskgen.py", line 136, in generate_masks
    sample_occurrence * 100 / self.total_occurrence, sample_occurrence, self.total_occurrence)
ZeroDivisionError: division by zero
hashcat (v5.0.0) starting...

OpenCL Platform #1: NVIDIA Corporation
======================================
* Device #1: GeForce GTX 1080 Ti, 2793/11175 MB allocatable, 28MCU

Invalid mask.

Started: Thu Nov  1 10:40:48 2018
Stopped: Thu Nov  1 10:40:49 2018

Menu-less launch options

It would make it easier to use hate_crack with other scripts if there were options to run cracking without interacting with the main menu. An example would be

sudo python /opt/hatecrack/hate_crack.py ~/Documents/example_ntlm.txt 1000 1 0

Which would run quick cracking with 0 best64.rule. I'm not at all suggesting that you get rid of the main menu, just providing both launch options would be a really nice feature.

Keep up the fantastic work!

Add pipal menu option

If I added pipal as a menu option is this something you would be interested in accepting a pull request for?

I would add it as as an option in the config, and if it was disabled then the menu wouldn't show up

Add option to ignore duplicate accounts when using NetNTLM

Add a detection for duplicate accounts for NetNTLMv1 and NetNTLMv2 for when unique challenge and responses from Responder.

Will prompt use on detection if they want to ignore the duplicates or not.

<kernel>:9:10: fatal error: 'OpenCL/inc_vendor.h' file not found CYGWIN

Hi, im ran into a problem, when starting any attack in hate_crack. Im working in cygwin.
Here's log:

$ python hate_crack.py hash.txt 0

___ ___         __             _________                       __
/   |   \_____ _/  |_  ____     \_   ___ \____________    ____ |  | __
/    ~    \__  \\   __\/ __ \    /    \  \/\_  __ \__  \ _/ ___\|  |/ /
\    Y    // __ \|  | \  ___/    \     \____|  | \// __ \\  \___|    <
\___|_  /(____  /__|  \___  >____\______  /|__|  (____  /\___  >__|_ \
      \/      \/          \/_____/      \/            \/     \/     \/
                         Version 1.09


       (1) Quick Crack
       (2) Extensive Pure_Hate Methodology Crack
       (3) Brute Force Attack
       (4) Top Mask Attack
       (5) Fingerprint Attack
       (6) Combinator Attack
       (7) Hybrid Attack
       (8) Pathwell Top 100 Mask Brute Force Crack
       (9) PRINCE Attack
       (10) YOLO Combinator Attack
       (11) Middle Combinator Attack
       (12) Thorough Combinator Attack
       (13) Bandrel Methodology

       (95) Analyze hashes with Pipal
       (96) Export Output to Excel Format
       (97) Display Cracked Hashes
       (98) Display README
       (99) Quit

Select a task: 1

Enter path of wordlist or wordlist directory.
Press Enter for default optimized wordlists [/home/Admin123/hashcat/passwords1]:

Which rule(s) would you like to run?
(0) To run without any rules
(1) best64.rule
(2) d3ad0ne.rule
(3) T0XlC.rule
(4) dive.rule
(99) YOLO...run all of the rules
Enter Comma separated list of rules you would like to run. To run rules chained use the + symbol.
For example 1+1 will run best64.rule chained twice and 1,2 would run best64.rule and then d3ad0ne.rule sequentially.
Choose wisely: 1+1
hashcat (v6.2.6-792-ge6715fbd8) starting

Successfully initialized the NVIDIA main driver CUDA runtime library.

Failed to initialize NVIDIA RTC library.

* Device #1: CUDA SDK Toolkit not installed or incorrectly installed.
            CUDA SDK Toolkit required for proper device support and utilization.
            For more information, see: https://hashcat.net/faq/wrongdriver
            Falling back to OpenCL runtime.

* Device #1: WARNING! Kernel exec timeout is not disabled.
            This may cause "CL_OUT_OF_RESOURCES" or related errors.
            To disable the timeout, see: https://hashcat.net/q/timeoutpatch
OpenCL API (OpenCL 3.0 CUDA 12.2.79) - Platform #1 [NVIDIA Corporation]
=======================================================================
* Device #1: NVIDIA GeForce GTX 1650, 3968/4095 MB (1023 MB allocatable), 14MCU

Minimum password length supported by kernel: 0
Maximum password length supported by kernel: 31

Hashes: 1 digests; 1 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates
Rules: 4356

Optimizers applied:
* Optimized-Kernel
* Zero-Byte
* Precompute-Init
* Meet-In-The-Middle
* Early-Skip
* Not-Salted
* Not-Iterated
* Single-Hash
* Single-Salt
* Raw-Hash

Watchdog: Temperature abort trigger set to 90c

Initializing backend runtime for device #1. Please be patient...1 error generated.
clCompileProgram(): CL_COMPILE_PROGRAM_FAILURE

<kernel>:9:10: fatal error: 'OpenCL/inc_vendor.h' file not found
#include M2S(INCLUDE_PATH/inc_vendor.h)
        ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
<built-in>:4:16: note: expanded from here
#define M2S(x) XM2S(x)
              ^~~~~~~
<built-in>:3:17: note: expanded from here
#define XM2S(x) #x
               ^~
<scratch space>:2:1: note: expanded from here
"OpenCL/inc_vendor.h"
^~~~~~~~~~~~~~~~~~~~~

* Device #1: Kernel /home/Admin123/hashcat/OpenCL/m00000_a0-optimized.cl build failed.

Started: Sat Oct  7 02:46:38 2023
Stopped: Sat Oct  7 02:46:39 2023

Surprisingly, hashcat without hate_crack works perfectly. Left code below:

$ ./hashcat -m 0 -O -a 3 -1 '?l?d' example0.hash -i '?1?1?1?1?1?1?1?1'
hashcat (v6.2.6-792-ge6715fbd8) starting

Successfully initialized the NVIDIA main driver CUDA runtime library.

Failed to initialize NVIDIA RTC library.

* Device #1: CUDA SDK Toolkit not installed or incorrectly installed.
             CUDA SDK Toolkit required for proper device support and utilization.
             For more information, see: https://hashcat.net/faq/wrongdriver
             Falling back to OpenCL runtime.

* Device #1: WARNING! Kernel exec timeout is not disabled.
             This may cause "CL_OUT_OF_RESOURCES" or related errors.
             To disable the timeout, see: https://hashcat.net/q/timeoutpatch
OpenCL API (OpenCL 3.0 CUDA 12.2.79) - Platform #1 [NVIDIA Corporation]
=======================================================================
* Device #1: NVIDIA GeForce GTX 1650, 3968/4095 MB (1023 MB allocatable), 14MCU

Minimum password length supported by kernel: 0
Maximum password length supported by kernel: 55

Hashes: 6494 digests; 6494 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates

Optimizers applied:
* Optimized-Kernel
* Zero-Byte
* Precompute-Init
* Meet-In-The-Middle
* Early-Skip
* Not-Salted
* Not-Iterated
* Single-Salt
* Brute-Force
* Raw-Hash

Watchdog: Temperature abort trigger set to 90c

INFO: Removed 756 hashes found as potfile entries.

Host memory required for this attack: 829 MB

The wordlist or mask that you are using is too small.
This means that hashcat cannot use the full parallel power of your device(s).
Unless you supply more work, your cracking speed will drop.
For tips on supplying more work, see: https://hashcat.net/faq/morework

Approaching final keyspace - workload adjusted.


Session..........: hashcat
Status...........: Exhausted
Hash.Mode........: 0 (MD5)
Hash.Target......: example0.hash
Time.Started.....: Sat Oct  7 02:52:56 2023 (0 secs)
Time.Estimated...: Sat Oct  7 02:52:56 2023 (0 secs)
Kernel.Feature...: Optimized Kernel
Guess.Mask.......: ?1 [1]
Guess.Charset....: -1 ?l?d, -2 Undefined, -3 Undefined, -4 Undefined
Guess.Queue......: 1/8 (12.50%)
Speed.#1.........:     5200 H/s (0.04ms) @ Accel:128 Loops:36 Thr:256 Vec:8
Recovered........: 756/6494 (11.64%) Digests (total), 0/6494 (0.00%) Digests (new)
Remaining........: 5738 (88.36%) Digests
Recovered/Time...: CUR:N/A,N/A,N/A AVG:N/A,N/A,N/A (Min,Hour,Day)
Progress.........: 36/36 (100.00%)
Rejected.........: 0/36 (0.00%)
Restore.Point....: 1/1 (100.00%)
Restore.Sub.#1...: Salt:0 Amplifier:0-36 Iteration:0-36
Candidate.Engine.: Device Generator
Candidates.#1....: s -> x
Hardware.Mon.#1..: Temp: 49c Fan:  0% Util:  8% Core:1485MHz Mem:4001MHz Bus:16

I will be very grateful for your help. thank you in advance.

Optimizers

How can I apply optimizers like -O and -W (2,3,4) to hate crack?

hashcat-utils/bin/splitlen.app: 1: hashcat-utils/bin/splitlen.app: ��: not found

Hello,
I am following your guide on the TrestedSec release site and have created my wordlists file exactly as you have specified. When i run the following command i am getting this error... any thoughts on this one.

PC is a new ubuntu 16.04LTS build dual NVIDIA GTX 1080 FE's
Hashcat installed from PTF and hate_crack installed in home directory.

Thanks for the great tool! I got it running on my MAC and it is great!

:~/hate_crack$ python wordlist_optimizer.py wordlists.txt ../optimized_wordlists/
/home/redacted/Passwords/wordlists/hashes.org-2017.txt
hashcat-utils/bin/splitlen.app: 1: hashcat-utils/bin/splitlen.app: ��: not found
hashcat-utils/bin/splitlen.app: 2: hashcat-utils/bin/splitlen.app: Syntax error: word unexpected (expecting ")")

Hash Issues

Is anyone else noticing that hate_crack is outputting the same hash for different passwords?

c45cde80ed7302003b28d040862bf6e9:Shadai25
c45cde80ed7302003b28d040862bf6e9:Work4Me2
c45cde80ed7302003b28d040862bf6e9:Chelle76
c45cde80ed7302003b28d040862bf6e9:Thepijo2
c45cde80ed7302003b28d040862bf6e9:Kathleen1
c45cde80ed7302003b28d040862bf6e9:Shadow10

Had a list of NTLM hashes with username:hash. Stripped them out to just one hash per line.
Ran
./hate_crack.py tmp.txt 1000
Chose quick crack, and it started outputting the same hash over and over with a different password.

Note: I'm still investigating to see if this is a Hashcat issue.

Recommended methodology?

Hi there,

This isn't really an issue, but more a question about best practices for using Hatecrack. Do you have a recommended methodology for which Hatecrack options to use to most efficiently crack a list of hashes. I've just been starting at 1 and going up from there, and if there's a certain option that says it'll take days to run, I maybe let it run 24 hours and go on to the next for the sake of time.

But I'd love to hear if this is how the TrustedSec team uses the tool or if you have other recommendations/tips.

Thanks for the great tool!

Brian

Check if destination folder exists

Hi,

Simple request: a check if the destination folder exists, and if not let wordlist_optimizer.py create it or complain about missing permissions to do so?
At the moment it spits out this:

$ python wordlist_optimizer.py /usr/share/wordlists/rockyou.txt /usr/share/wordlists/optimized_wordlists/
123456
Traceback (most recent call last):
File "wordlist_optimizer.py", line 74, in
main()
File "wordlist_optimizer.py", line 45, in main
if len(os.listdir(destination)) == 0:
OSError: [Errno 2] No such file or directory: '/usr/share/wordlists/optimized_wordlists/'

Cheers!

ls -rt -d -1 $PWD/{,.} >../wordlists.txt

I have a folder with all my password files in it. I was trying to run...
ls -rt -d -1 $PWD/{,.} >../wordlists.txt

but getting

[root:...testing/Passwords/wordlists]# ls
bt4-password.txt darkweb2017-top1000.txt openwall.net-all.txt rockyou.txt
cirt-default-passwords.txt darkweb2017-top100.txt PHP-Magic-Hashes.txt twitter-banned.txt
clarkson-university-82.txt darkweb2017-top10.txt probable-v2-top12000.txt unkown-azul.txt
darkc0de.txt Keyboard-Combinations.txt probable-v2-top1575.txt UserPassCombo-Jay.txt
darkweb2017-top10000.txt Most-Popular-Letter-Passes.txt probable-v2-top207.txt

[root:...testing/Passwords/wordlists]# ls -rt -d -1 $PWD/{,.} >../wordlists.txt
zsh: no matches found: /root/pentesting/Passwords/wordlists/.*

What am I doing wrong here??

Thanmks

Support for hashcat bin file not located in hashcat directory

The default installation for hashcat in Kali has the binary file for hashcat located in /usr/bin/hashcat The existing code assumes that the hashcat bin is located in the same directory as the rest of the hashcat files, but in Kali these are located in /usr/share/hashcat

A workaround until this can be fixed is to add a symbolic link in the /usr/share directory using the following command cd /usr/share/hashcat && ln -s /usr/bin/hashcat hashcat

Support for recycling passwords that include a colon

Hi,

I'm extremely not knowledgeable about things (and this is pretty trivial), but I notice on lines 125, 147, 252, and 269 it looks like the cut command is being used to extract passwords cracked by hashcat like:

hcatProcess = subprocess.Popen("cat %s.out | cut -d : -f 2 > %s.working" % (hcatHashFile, hcatHashFile),
                                   shell=True).wait()

Might be worth changing the -f 2 option to -f 2- so that passwords including a colon are captured.

Cheers!

Invalid Path for hashcat binary

Getting this error even though I'm pretty sure the config.json file is pointing to the right folder paths....

Add automated detection of computer accounts for NTLM

Detect accounts that end in $ and prompt to ignore them or not.

Automatic Rule listing instead of using config

New feature to dynamically list the rules in the rules directory instead of individually in the config file.

wordlist_optimizer choking on certain wordlists?

Hello,

I just spun up a fresh Linux box, downloaded hashcat + utils + hatecrack as well as a bundle of wordlists, and am ready to run wordlist_optimizer.

As I kick off the optimization, I'll see hatecrack kind of bomb out with a blurb of text like this:

Checking /opt/wordlists/optimized//58 against cache
Lines compared 18
Removed 12 lines from cache

Sorting back to original positions...

Finished!
Removed 12 lines from cache
Writing 238119 lines to /tmp/splitlen.out
Traceback (most recent call last):
  File "wordlist_optimizer.py", line 88, in <module>
    main()
  File "wordlist_optimizer.py", line 72, in main
    if lineCount("/tmp/splitlen.out") > 0:
  File "wordlist_optimizer.py", line 20, in lineCount
    for line in outFile:
  File "/usr/lib/python3.6/codecs.py", line 321, in decode
    (result, consumed) = self._buffer_decode(data, self.errors, final)
UnicodeDecodeError: 'utf-8' codec can't decode byte 0xbb in position 1239: invalid start byte

Note: the issue appears to be wordlist related. This was happening on crackstation.txt. I renamed it to crackstation2.txt and then optimizer completed. Anything I can do to help troubleshoot why certain wordlists might be problematic? I'd love to have crackstation (and a few others that bomb out too) get properly optimized.

Thanks,
Brian