From 5542e460220bc0398aa40745e0489d97f534217e Mon Sep 17 00:00:00 2001 From: jsteube Date: Tue, 14 Jun 2016 21:49:33 +0200 Subject: [PATCH] Added option --stdout to print candidates instead of trying to crack a hash --- OpenCL/inc_types.cl | 4 +- docs/changes.txt | 1 + include/shared.h | 3 +- include/types.h | 1 - src/hashcat.c | 331 ++++++++++++++++++++++++++++++++++++++------ 5 files changed, 298 insertions(+), 42 deletions(-) diff --git a/OpenCL/inc_types.cl b/OpenCL/inc_types.cl index 75ba7ead9..44a9f7ee6 100644 --- a/OpenCL/inc_types.cl +++ b/OpenCL/inc_types.cl @@ -665,7 +665,9 @@ inline u32 amd_bytealign_S (const u32 a, const u32 b, const u32 c) typedef struct { - #if defined _DES_ + #if defined _STDOUT_ + u32 digest_buf[4]; + #elif defined _DES_ u32 digest_buf[4]; #elif defined _MD4_ u32 digest_buf[4]; diff --git a/docs/changes.txt b/docs/changes.txt index 9e2ba9261..068593abf 100644 --- a/docs/changes.txt +++ b/docs/changes.txt @@ -33,6 +33,7 @@ It combines all features of all hashcat projects in one project. - Added option --veracrypt-pim to set the VeraCrypt personal iterations multiplier - Added option --machine-readable for easier parsing of output - Added option --powertune-enable to work with NVidia devices as well, not just AMD +- Added option --stdout to print candidates instead of trying to crack a hash ## ## Algorithms diff --git a/include/shared.h b/include/shared.h index 1a6c53610..020311719 100644 --- a/include/shared.h +++ b/include/shared.h @@ -837,6 +837,7 @@ extern hc_thread_mutex_t mux_display; #define HASH_TYPE_BSDICRYPT 48 #define HASH_TYPE_RAR3HP 49 #define HASH_TYPE_KRB5TGS 50 +#define HASH_TYPE_STDOUT 51 #define KERN_TYPE_MD5 0 #define KERN_TYPE_MD5_PWSLT 10 @@ -1125,6 +1126,7 @@ extern hc_thread_mutex_t mux_display; #define ROUNDS_AXCRYPT 10000 #define ROUNDS_KEEPASS 6000 #define ROUNDS_ZIP2 1000 +#define ROUNDS_STDOUT 0 /** * salt types @@ -1216,7 +1218,6 @@ extern hc_thread_mutex_t mux_display; * digests */ -#define DGST_SIZE_0 0 #define DGST_SIZE_4_2 (2 * sizeof (uint)) // 8 #define DGST_SIZE_4_4 (4 * sizeof (uint)) // 16 #define DGST_SIZE_4_5 (5 * sizeof (uint)) // 20 diff --git a/include/types.h b/include/types.h index f2ed4b0b0..2135f1fa5 100644 --- a/include/types.h +++ b/include/types.h @@ -1252,7 +1252,6 @@ typedef struct uint quiet; uint force; uint benchmark; - uint benchmark_repeats; uint runtime; uint remove; uint remove_timer; diff --git a/src/hashcat.c b/src/hashcat.c index 0beaa24ed..225d28cf0 100644 --- a/src/hashcat.c +++ b/src/hashcat.c @@ -33,6 +33,7 @@ double TARGET_MS_PROFILE[4] = { 2, 12, 96, 480 }; #define MARKOV_DISABLE 0 #define MARKOV_CLASSIC 0 #define BENCHMARK 0 +#define STDOUT_FLAG 0 #define RESTORE 0 #define RESTORE_TIMER 60 #define RESTORE_DISABLE 0 @@ -388,6 +389,7 @@ const char *USAGE_BIG[] = " --outfile-autohex-disable | | Disable the use of $HEX[] in output plains |", " --outfile-check-timer | Num | Sets seconds between outfile checks to X | --outfile-check=30", " -p, --separator | Char | Separator char for hashlists and outfile | -p :", + " --stdout | | Do not crack a hash, instead print candidates only |", " --show | | Show cracked passwords only |", " --left | | Show un-cracked passwords only |", " --username | | Enable ignoring of usernames in hashfile |", @@ -2313,6 +2315,175 @@ static void check_cracked (hc_device_param_t *device_param, const uint salt_pos) } } +static void process_stdout (hc_device_param_t *device_param, const uint pws_cnt) +{ + char out_buf[HCBUFSIZ] = { 0 }; + + uint plain_buf[16] = { 0 }; + + u8 *plain_ptr = (u8 *) plain_buf; + + uint plain_len = 0; + + const uint il_cnt = device_param->kernel_params_buf32[27]; // ugly, i know + + if (data.attack_mode == ATTACK_MODE_STRAIGHT) + { + pw_t pw; + + for (uint gidvid = 0; gidvid < pws_cnt; gidvid++) + { + gidd_to_pw_t (device_param, gidvid, &pw); + + const uint pos = device_param->innerloop_pos; + + for (uint il_pos = 0; il_pos < il_cnt; il_pos++) + { + for (int i = 0; i < 8; i++) + { + plain_buf[i] = pw.i[i]; + } + + plain_len = pw.pw_len; + + plain_len = apply_rules (data.kernel_rules_buf[pos + il_pos].cmds, &plain_buf[0], &plain_buf[4], plain_len); + + if (plain_len > data.pw_max) plain_len = data.pw_max; + + format_output (stdout, out_buf, plain_ptr, plain_len, 0, NULL, 0); + } + } + } + else if (data.attack_mode == ATTACK_MODE_COMBI) + { + pw_t pw; + + for (uint gidvid = 0; gidvid < pws_cnt; gidvid++) + { + gidd_to_pw_t (device_param, gidvid, &pw); + + for (uint il_pos = 0; il_pos < il_cnt; il_pos++) + { + for (int i = 0; i < 8; i++) + { + plain_buf[i] = pw.i[i]; + } + + plain_len = pw.pw_len; + + char *comb_buf = (char *) device_param->combs_buf[il_pos].i; + uint comb_len = device_param->combs_buf[il_pos].pw_len; + + if (data.combs_mode == COMBINATOR_MODE_BASE_LEFT) + { + memcpy (plain_ptr + plain_len, comb_buf, comb_len); + } + else + { + memmove (plain_ptr + comb_len, plain_ptr, plain_len); + + memcpy (plain_ptr, comb_buf, comb_len); + } + + plain_len += comb_len; + + if (data.pw_max != PW_DICTMAX1) + { + if (plain_len > data.pw_max) plain_len = data.pw_max; + } + + format_output (stdout, out_buf, plain_ptr, plain_len, 0, NULL, 0); + } + } + } + else if (data.attack_mode == ATTACK_MODE_BF) + { + for (uint gidvid = 0; gidvid < pws_cnt; gidvid++) + { + for (uint il_pos = 0; il_pos < il_cnt; il_pos++) + { + u64 l_off = device_param->kernel_params_mp_l_buf64[3] + gidvid; + u64 r_off = device_param->kernel_params_mp_r_buf64[3] + il_pos; + + uint l_start = device_param->kernel_params_mp_l_buf32[5]; + uint r_start = device_param->kernel_params_mp_r_buf32[5]; + + uint l_stop = device_param->kernel_params_mp_l_buf32[4]; + uint r_stop = device_param->kernel_params_mp_r_buf32[4]; + + sp_exec (l_off, (char *) plain_ptr + l_start, data.root_css_buf, data.markov_css_buf, l_start, l_start + l_stop); + sp_exec (r_off, (char *) plain_ptr + r_start, data.root_css_buf, data.markov_css_buf, r_start, r_start + r_stop); + + plain_len = data.css_cnt; + + format_output (stdout, out_buf, plain_ptr, plain_len, 0, NULL, 0); + } + } + } + else if (data.attack_mode == ATTACK_MODE_HYBRID1) + { + pw_t pw; + + for (uint gidvid = 0; gidvid < pws_cnt; gidvid++) + { + gidd_to_pw_t (device_param, gidvid, &pw); + + for (uint il_pos = 0; il_pos < il_cnt; il_pos++) + { + for (int i = 0; i < 8; i++) + { + plain_buf[i] = pw.i[i]; + } + + plain_len = pw.pw_len; + + u64 off = device_param->kernel_params_mp_buf64[3] + il_pos; + + uint start = 0; + uint stop = device_param->kernel_params_mp_buf32[4]; + + sp_exec (off, (char *) plain_ptr + plain_len, data.root_css_buf, data.markov_css_buf, start, start + stop); + + plain_len += start + stop; + + format_output (stdout, out_buf, plain_ptr, plain_len, 0, NULL, 0); + } + } + } + else if (data.attack_mode == ATTACK_MODE_HYBRID2) + { + pw_t pw; + + for (uint gidvid = 0; gidvid < pws_cnt; gidvid++) + { + gidd_to_pw_t (device_param, gidvid, &pw); + + for (uint il_pos = 0; il_pos < il_cnt; il_pos++) + { + for (int i = 0; i < 8; i++) + { + plain_buf[i] = pw.i[i]; + } + + plain_len = pw.pw_len; + + u64 off = device_param->kernel_params_mp_buf64[3] + il_pos; + + uint start = 0; + uint stop = device_param->kernel_params_mp_buf32[4]; + + memmove (plain_ptr + stop, plain_ptr, plain_len); + + sp_exec (off, (char *) plain_ptr, data.root_css_buf, data.markov_css_buf, start, start + stop); + + plain_len += start + stop; + + format_output (stdout, out_buf, plain_ptr, plain_len, 0, NULL, 0); + } + } + } +} + static void save_hash () { char *hashfile = data.hashfile; @@ -2723,6 +2894,13 @@ static void run_kernel_bzero (hc_device_param_t *device_param, cl_mem buf, const static void choose_kernel (hc_device_param_t *device_param, const uint attack_exec, const uint attack_mode, const uint opts_type, const salt_t *salt_buf, const uint highest_pw_len, const uint pws_cnt, const uint fast_iteration) { + if (data.hash_mode == 2000) + { + process_stdout (device_param, pws_cnt); + + return; + } + if (attack_exec == ATTACK_EXEC_INSIDE_KERNEL) { if (attack_mode == ATTACK_MODE_BF) @@ -2761,6 +2939,12 @@ static void choose_kernel (hc_device_param_t *device_param, const uint attack_ex if (opts_type & OPTS_TYPE_HOOK12) { run_kernel (KERN_RUN_12, device_param, pws_cnt, false, 0); + + hc_clEnqueueReadBuffer (data.ocl, device_param->command_queue, device_param->d_hooks, CL_TRUE, 0, device_param->size_hooks, device_param->hooks_buf, 0, NULL, NULL); + + // do something with data + + hc_clEnqueueWriteBuffer (data.ocl, device_param->command_queue, device_param->d_hooks, CL_TRUE, 0, device_param->size_hooks, device_param->hooks_buf, 0, NULL, NULL); } uint iter = salt_buf->salt_iter; @@ -2950,10 +3134,13 @@ static void autotune (hc_device_param_t *device_param) if ((kernel_loops_min == kernel_loops_max) && (kernel_accel_min == kernel_accel_max)) { - try_run (device_param, kernel_accel, kernel_loops); - try_run (device_param, kernel_accel, kernel_loops); - try_run (device_param, kernel_accel, kernel_loops); - try_run (device_param, kernel_accel, kernel_loops); + if (data.hash_mode != 2000) + { + try_run (device_param, kernel_accel, kernel_loops); + try_run (device_param, kernel_accel, kernel_loops); + try_run (device_param, kernel_accel, kernel_loops); + try_run (device_param, kernel_accel, kernel_loops); + } device_param->kernel_accel = kernel_accel; device_param->kernel_loops = kernel_loops; @@ -5559,6 +5746,7 @@ int main (int argc, char **argv) uint version = VERSION; uint quiet = QUIET; uint benchmark = BENCHMARK; + uint stdout_flag = STDOUT_FLAG; uint show = SHOW; uint left = LEFT; uint username = USERNAME; @@ -5656,6 +5844,7 @@ int main (int argc, char **argv) #define IDX_FORCE 0xff08 #define IDX_RUNTIME 0xff09 #define IDX_BENCHMARK 'b' + #define IDX_STDOUT_FLAG 0xff77 #define IDX_HASH_MODE 'm' #define IDX_ATTACK_MODE 'a' #define IDX_RP_FILE 'r' @@ -5736,6 +5925,7 @@ int main (int argc, char **argv) {"outfile-check-dir", required_argument, 0, IDX_OUTFILE_CHECK_DIR}, {"force", no_argument, 0, IDX_FORCE}, {"benchmark", no_argument, 0, IDX_BENCHMARK}, + {"stdout", no_argument, 0, IDX_STDOUT_FLAG}, {"restore", no_argument, 0, IDX_RESTORE}, {"restore-disable", no_argument, 0, IDX_RESTORE_DISABLE}, {"status", no_argument, 0, IDX_STATUS}, @@ -6032,6 +6222,7 @@ int main (int argc, char **argv) case IDX_LIMIT: limit = atoll (optarg); break; case IDX_KEYSPACE: keyspace = 1; break; case IDX_BENCHMARK: benchmark = 1; break; + case IDX_STDOUT_FLAG: stdout_flag = 1; break; case IDX_RESTORE: break; case IDX_RESTORE_DISABLE: restore_disable = 1; break; case IDX_STATUS: status = 1; break; @@ -6145,6 +6336,10 @@ int main (int argc, char **argv) log_info ("%s (%s) starting in restore-mode...", PROGNAME, VERSION_TAG); log_info (""); } + else if (stdout_flag == 1) + { + // do nothing + } else { log_info ("%s (%s) starting...", PROGNAME, VERSION_TAG); @@ -6408,8 +6603,32 @@ int main (int argc, char **argv) case ATTACK_MODE_HYBRID2: attack_kern = ATTACK_KERN_COMBI; break; } - if (benchmark == 0) + if (benchmark == 1) { + if (myargv[optind] != 0) + { + log_error ("ERROR: Invalid argument for benchmark mode specified"); + + return (-1); + } + + if (attack_mode_chgd == 1) + { + if (attack_mode != ATTACK_MODE_BF) + { + log_error ("ERROR: Only attack-mode 3 allowed in benchmark mode"); + + return (-1); + } + } + } + else + { + if (stdout_flag == 1) // no hash here + { + optind--; + } + if (keyspace == 1) { int num_additional_params = 1; @@ -6467,25 +6686,6 @@ int main (int argc, char **argv) return (-1); } } - else - { - if (myargv[optind] != 0) - { - log_error ("ERROR: Invalid argument for benchmark mode specified"); - - return (-1); - } - - if (attack_mode_chgd == 1) - { - if (attack_mode != ATTACK_MODE_BF) - { - log_error ("ERROR: Only attack-mode 3 allowed in benchmark mode"); - - return (-1); - } - } - } if (skip != 0 && limit != 0) { @@ -6518,6 +6718,24 @@ int main (int argc, char **argv) quiet = 1; } + if (stdout_flag == 1) + { + status_timer = 0; + restore_timer = 0; + restore_disable = 1; + restore = 0; + potfile_disable = 1; + weak_hash_threshold = 0; + gpu_temp_disable = 1; + hash_mode = 2000; + quiet = 1; + outfile_format = OUTFILE_FMT_PLAIN; + kernel_accel = 1024; + kernel_loops = 1024; + force = 1; + outfile_check_timer = 0; + } + if (remove_timer_chgd == 1) { if (remove == 0) @@ -6864,6 +7082,7 @@ int main (int argc, char **argv) logfile_top_uint (attack_mode); logfile_top_uint (attack_kern); logfile_top_uint (benchmark); + logfile_top_uint (stdout_flag); logfile_top_uint (bitmap_min); logfile_top_uint (bitmap_max); logfile_top_uint (debug_mode); @@ -6990,6 +7209,7 @@ int main (int argc, char **argv) potfile_disable = 1; weak_hash_threshold = 0; gpu_temp_disable = 1; + outfile_check_timer = 0; #ifdef HAVE_HWMON if (powertune_enable == 1) @@ -6998,9 +7218,10 @@ int main (int argc, char **argv) } #endif - data.status_timer = status_timer; - data.restore_timer = restore_timer; - data.restore_disable = restore_disable; + data.status_timer = status_timer; + data.restore_timer = restore_timer; + data.restore_disable = restore_disable; + data.outfile_check_timer = outfile_check_timer; /** * force attack mode to be bruteforce @@ -8432,6 +8653,21 @@ int main (int argc, char **argv) dgst_pos3 = 3; break; + case 2000: hash_type = HASH_TYPE_STDOUT; + salt_type = SALT_TYPE_NONE; + attack_exec = ATTACK_EXEC_INSIDE_KERNEL; + opts_type = OPTS_TYPE_PT_GENERATE_LE; + kern_type = 0; + dgst_size = DGST_SIZE_4_4; + parse_func = NULL; + sort_by_digest = NULL; + opti_type = 0; + dgst_pos0 = 0; + dgst_pos1 = 0; + dgst_pos2 = 0; + dgst_pos3 = 0; + break; + case 2100: hash_type = HASH_TYPE_DCC2; salt_type = SALT_TYPE_EMBEDDED; attack_exec = ATTACK_EXEC_OUTSIDE_KERNEL; @@ -10866,7 +11102,6 @@ int main (int argc, char **argv) dgst_pos3 = 6; break; - default: usage_mini_print (PROGNAME); return (-1); } @@ -11395,7 +11630,7 @@ int main (int argc, char **argv) uint hashes_avail = 0; - if (benchmark == 0) + if ((benchmark == 0) && (stdout_flag == 0)) { struct stat f; @@ -11577,6 +11812,10 @@ int main (int argc, char **argv) { // useless to read hash file for keyspace, cheat a little bit w/ optind } + else if (stdout_flag == 1) + { + // useless to read hash file for stdout, cheat a little bit w/ optind + } else if (hashes_avail == 0) { } @@ -12386,7 +12625,7 @@ int main (int argc, char **argv) return (0); } - if (keyspace == 0) + if ((keyspace == 0) && (stdout_flag == 0)) { if (hashes_cnt == 0) { @@ -14903,7 +15142,9 @@ int main (int argc, char **argv) if ((opts_type & OPTS_TYPE_HOOK12) || (opts_type & OPTS_TYPE_HOOK23)) { - // none yet + switch (hash_mode) + { + } } // now check if all device-memory sizes which depend on the kernel_accel_max amplifier are within its boundaries @@ -16754,11 +16995,18 @@ int main (int argc, char **argv) if (data.devices_status != STATUS_CRACKED) data.devices_status = STATUS_STARTING; - hc_thread_t i_thread = 0; + uint i_threads_cnt = 0; + + hc_thread_t *i_threads = (hc_thread_t *) mycalloc (10, sizeof (hc_thread_t)); if ((data.wordlist_mode == WL_MODE_FILE) || (data.wordlist_mode == WL_MODE_MASK)) { - hc_thread_create (i_thread, thread_keypress, &benchmark); + if (stdout_flag == 0) + { + hc_thread_create (i_threads[i_threads_cnt], thread_keypress, &benchmark); + + i_threads_cnt++; + } } if (wordlist_mode == WL_MODE_STDIN) data.status = 1; @@ -16767,9 +17015,12 @@ int main (int argc, char **argv) hc_thread_t *ni_threads = (hc_thread_t *) mycalloc (10, sizeof (hc_thread_t)); - hc_thread_create (ni_threads[ni_threads_cnt], thread_monitor, NULL); + if (stdout_flag == 0) + { + hc_thread_create (ni_threads[ni_threads_cnt], thread_monitor, NULL); - ni_threads_cnt++; + ni_threads_cnt++; + } /** * Outfile remove @@ -17622,10 +17873,10 @@ int main (int argc, char **argv) * create autotune threads */ - data.devices_status = STATUS_AUTOTUNE; - hc_thread_t *c_threads = (hc_thread_t *) mycalloc (data.devices_cnt, sizeof (hc_thread_t)); + data.devices_status = STATUS_AUTOTUNE; + for (uint device_id = 0; device_id < data.devices_cnt; device_id++) { hc_device_param_t *device_param = &devices_param[device_id]; @@ -17890,11 +18141,13 @@ int main (int argc, char **argv) // wait for interactive threads - if ((data.wordlist_mode == WL_MODE_FILE) || (data.wordlist_mode == WL_MODE_MASK)) + for (uint thread_idx = 0; thread_idx < i_threads_cnt; thread_idx++) { - hc_thread_wait (1, &i_thread); + hc_thread_wait (1, &i_threads[thread_idx]); } + local_free (i_threads); + // we dont need restore file anymore if (data.restore_disable == 0) {