Please note, this is a STATIC archive of website hashcat.net from October 2020, cach3.com does not collect or store any user information, there is no "phishing" involved.
hashcat Forum
New Attack-Mode: Association Attack - Printable Version

+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Developer (https://hashcat.net/forum/forum-39.html)
+--- Forum: Beta Tester (https://hashcat.net/forum/forum-31.html)
+--- Thread: New Attack-Mode: Association Attack (/thread-9534.html)

Pages: 1 2 3


RE: New Attack-Mode: Association Attack - atom - 09-30-2020

(09-29-2020, 08:14 PM)AndrewOnDev Wrote: If this is not a correct place to report some issues/make suggestions then please let me know and I'll shut up Big Grin

I noticed that this mode doesn't really work with optimized kernels (-O).

Errors like CL_UNKNOWN_ERROR and L_OUT_OF_RESOURCES appeared even when I've tried running some small amount hashes without any rules. Pure kernel works perfectly though.

Actually it should work with all modes in optimized and pure mode. Which mode did not work for you?


RE: New Attack-Mode: Association Attack - atom - 09-30-2020

(09-29-2020, 08:51 PM)KillerCube Wrote: I think this new attack method is awesome and I would also like to be able to use something like
Code:
mypass,passtest,passguess:<hash>

Of course using something like
Code:
pass1:hash1
pass2:hash1
pass3:hash1
works I suppose, also generates more work

It's possible, please read here: https://hashcat.net/forum/thread-9534-post-50296.html#pid50296


RE: New Attack-Mode: Association Attack - undeath - 09-30-2020

This is a great feature!

(09-30-2020, 12:13 PM)atom Wrote: Instead you would create 3 wordlists, each containing one of the passwords at the same line number. That's much easier to maintain (especially automatically).

Do I understand correctly that using this syntax you need to have the same number of "hints" for each hash you are attacking?


RE: New Attack-Mode: Association Attack - AndrewOnDev - 09-30-2020

(09-30-2020, 12:16 PM)atom Wrote:
(09-29-2020, 08:14 PM)AndrewOnDev Wrote: If this is not a correct place to report some issues/make suggestions then please let me know and I'll shut up Big Grin

I noticed that this mode doesn't really work with optimized kernels (-O).

Errors like CL_UNKNOWN_ERROR and L_OUT_OF_RESOURCES appeared even when I've tried running some small amount hashes without any rules. Pure kernel works perfectly though.

Actually it should work with all modes in optimized and pure mode. Which mode did not work for you?

To be fair I haven't tested many modes. I've been getting this exact error with mode 2711, 2611 pure worked without any issues. I also tested it with mode 20, optimized one didn't give me any error this time but it said it's gonna take 40 years to complete the attack which took around 7 minutes on pure kernel.

Maybe someone else who experienced simillar issue could tell more?


RE: New Attack-Mode: Association Attack - atom - 09-30-2020

(09-30-2020, 01:44 PM)AndrewOnDev Wrote:
(09-30-2020, 12:16 PM)atom Wrote:
(09-29-2020, 08:14 PM)AndrewOnDev Wrote: If this is not a correct place to report some issues/make suggestions then please let me know and I'll shut up Big Grin

I noticed that this mode doesn't really work with optimized kernels (-O).

Errors like CL_UNKNOWN_ERROR and L_OUT_OF_RESOURCES appeared even when I've tried running some small amount hashes without any rules. Pure kernel works perfectly though.

Actually it should work with all modes in optimized and pure mode. Which mode did not work for you?

To be fair I haven't tested many modes. I've been getting this exact error with mode 2711, 2611 pure worked without any issues. I also tested it with mode 20, optimized one didn't give me any error this time but it said it's gonna take 40 years to complete the attack which took around 7 minutes on pure kernel.

Maybe someone else who experienced simillar issue could tell more?

If you want this fixed please provide all information needed to reproduce locally.


RE: New Attack-Mode: Association Attack - royce - 09-30-2020

(09-30-2020, 12:11 PM)atom Wrote:
Code:
The wordlist or mask that you are using is too small.
This means that hashcat cannot use the full parallel power of your device(s).
Unless you supply more work, your cracking speed will drop.
For tips on supplying more work, see: https://hashcat.net/faq/morework

This doesn't seem to me to be the same thing? I'm suggesting warning on when the number of *hashes* is too small, not the number of wordlists words. If the minimum threshold is a known number, as you said here:
Quote:Your hashlist needs a large number of unique salts to make this attack efficient (to utilize the GPU fully). Ideally the number of GPU Processors * 64 (or more). You can find out about the GPU Processors of your GPU using hashcat -I. My GTX980 has 16, so I need a hashlist of at least 1024 entries to fully utilize the GPU.
.... then it seems to me that all of these values are known at runtime, and a different warning could be issued.


RE: New Attack-Mode: Association Attack - blandyuk - 10-01-2020

Well, I obsolutely LOVE this new attack mode and will be exploiting it to its FULL potential. Already done a real world test with atom and working perfectly.

Awesome as always atom Smile


RE: New Attack-Mode: Association Attack - svobodnui11 - 10-01-2020

guys, I don't quite understand how it works, if I understood correctly, we give the program a list of words that we know and on their basis it generates possible password options or how, Google translator may not have translated correctly


RE: New Attack-Mode: Association Attack - royce - 10-01-2020

"Association" is a general term here that allows attacks to be targets *on a per-hash basis*.

In other words, you don't have to try each word against each hash. Instead, you can try just one word against one hash, at scale. Chick3nman has called this a "salt-wise" attack in the past.

Put another way: a correlation attack is one type of association attack.


RE: New Attack-Mode: Association Attack - ciccio17 - 10-01-2020

but lets say that mine is a single hash:
hashcat -a 3 -m xxxx singlehash.txt -1 ?u?d ?1?1?1?1?1?1?1?1?1?1 the pass is for sure in this range.
how port that to the new attack -9 ?
i understand that is based on wordlist! words in the wordlists=hash in the hashlist.

i have tested -m 16800 -m 22000, no success. but for sure it's me that need understand more.
thanks atom