Downloading all not found networks

[ElDavoo]

Hello,
I've been running help_crack.py and I've noticed it's way inefficient in 2024:

• It tries to crack one hash at the time, but it's way more efficient to crack lots of hashes in one go
• It uses wordlists that were huge in 2011, but are now tiny and get completed in seconds
  This means that a lot of time is wasted in hashcat autotuning and loading the dictionaries, for a run that lasts only a few seconds.

I quickly scanned the server source code but I haven't found an endpoint to get all the uncracked hashes. I think doing so would speed up a lot the research, as people (like me) can try their own huge dictionaries on them.
An alternative would be to get N hashes at the same time (maybe the user (the client) can choose how many, up to a max of 10? 100?), and maybe considering merging some dicts together (like the wps keys)?.

Thank you for the amazing project <3

[RealEnder]

Hi,
First of all, thanks for your help and contribution to wpa-sec!
The server combines same SSID hashes when creating the work unit, since this allows the heacy PBKDF2-SHA1 4096-round operation to be executed only once. This gives a huge speedup. If the SSID is unique, we don't have many options - we attack only one hash. Then it measures every cycle and increments the number of dictionaries it offers for cracking, up to 15 in 5-minute period.
There are some things you can do on the client side, to better use the GPUs, if you have the resources:

• add rules, eg. --co="-r rules/best64.rule" - this is the best option IMO
• -ad your_dict.txt to add additional local dictionary in the mix
• there is -cd option, which is to attack all uncracked with custom dict, but it's deprecated and will be removed soon
  For sure will have to merge WPS dicts in pairs. This will move them on top of wikipedia dumps.

If you have ideas and HW and want to try some more hashes, drop me a mail and we'll discuss. We have some hashes, we've battered for years and still standing :)
Cheers!

[ElDavoo]

First of all, thanks for your help and contribution to wpa-sec!

Thanks to you for the project, to the dedication to maintenance and for the quick and kind response!

If you have ideas and HW and want to try some more hashes, drop me a mail and we'll discuss. We have some hashes, we've battered for years and still standing :)

Sure, will do it in a few days.

I wanted to make a "Huge wordlist with a huge list of hashes" experiment, more like a one-off than a continuous run.

• there is -cd option, which is to attack all uncracked with custom dict, but it's deprecated and will be removed soon

I tried it, but only takes one unique SSID at a time, a run with wordlist takes 36 hours, so it would take 36h for each...., while giving hundreds, thousands (?) of hashes at a time should make it more efficient (should.. I mean that's the point of experimenting)

[S0ly]

@RealEnder does wpa sec only use word list ? because if the password is not in a word list this mean we will never be able to discover password but only check for ones that have already been found

maybe having a mode where the Decrypter can do Mask Attack to find new password could be nice on old network that have never been found
this may require to have some "stats" for eatch password like the number of attempt etc that have been tried on them

[FFAMax]

@S0ly now rules are implemented it will help a little bit.
In general IIUC project is focusing on audit, study and improve security. Decrypter is a little bit different.
Is mode '-a 3' is what you asking about?
like

 /usr/bin/hashcat -m22000  help_crack.hash -a 3 ?d?d?d?d?d?d?d?d

[FFAMax]

we attack only one hash

@RealEnder Alex, here is some comparison:
1 device 1 hash:

user@b250:~/hashcat$ time /usr/bin/hashcat -d 2 -w 1 -m22000 --advice-disable --logfile-disable --potfile-disable --nonce-error-corrections=8 --session help_crack   -ohelp_crack.key help_crack.hash combined.txt
Speed.#2.........:   356.2 kH/s (1.50ms) @ Accel:8 Loops:32 Thr:512 Vec:1

1 device multiple hashes

user@b250:~/hashcat$ time /usr/bin/hashcat -d 2 -w 1 -m22000 --advice-disable --logfile-disable --potfile-disable --nonce-error-corrections=8 --session help_crack   -ohelp_crack.key help_crack_multiple_71.hash combined.txt
Speed.#2.........:   434.3 kH/s (1.77ms) @ Accel:64 Loops:8 Thr:256 Vec:1

Multiple devices, one hash

user@b250:~/hashcat$ time /usr/bin/hashcat -d 1,4,5,6,7 -w 1 -m22000 --advice-disable --logfile-disable --potfile-disable --nonce-error-corrections=8 --session help_crack   -ohelp_crack.key help_crack.hash combined.txt
Speed.#*.........:   878.6 kH/s

Multiple devices multiple hashes

user@b250:~/hashcat$ time /usr/bin/hashcat -d 1,4,5,6,7 -w 1 -m22000 --advice-disable --logfile-disable --potfile-disable --nonce-error-corrections=8 --session help_crack   -ohelp_crack.key help_crack_multiple_71.hash combined.txt
Speed.#*.........:  1180.5 kH/s