Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Suggestion] support for larger wordlists/hashlists. #2

Closed
ghost opened this issue Jul 7, 2018 · 14 comments
Closed

[Suggestion] support for larger wordlists/hashlists. #2

ghost opened this issue Jul 7, 2018 · 14 comments

Comments

@ghost
Copy link

ghost commented Jul 7, 2018

Node has a buffer limit of one gigabyte. Many of the wordlists exceed this size, and they cannot be loaded into the program.

@ghost
Copy link
Author

ghost commented Jul 7, 2018

I'd be happy to donate a bit of monero or bch for this functionality. Drop your address in this thread.

@brannondorsey
Copy link
Owner

Right you are, in the current implementation you woun't be able to load large word lists. This was really a proof-of-concept for a talk I gave last year and as such it isn't all that well fleshed out. If your goal is to actually crack password hashes, using hashcat on dedicated GPU hardware would actually perform far better.

That said, are you still interested in having this support added? If so I will accept PRs for sure 👍.

@ghost
Copy link
Author

ghost commented Jul 8, 2018

Generally, this particular issue is an relatively easy fix (to get line by line), however this code is still relevant and can still be used in a multitude of ways. I hope you keep this repository active. For this particular issue, I can fix it myself. Thanks for the fast reply.

@brannondorsey
Copy link
Owner

Yeah, line-by-line processing vs loading the whole file into RAM is certainty the more elegant solution. If you do end up fixing it I'd love to merge a PR. I'd like to think I could get to it soon but I'm mid-move and the boxes in my life are taking a bit of a priority, haha. Thanks for the kind words about the repo, I too hope that it can stay active and useful for others in the future.

@ghost
Copy link
Author

ghost commented Jul 8, 2018

Also, have you ever considered implementing this type of server on WPA/WPA2 hashing? This would make brute-force attacks for wireless feasible.

@ghost
Copy link
Author

ghost commented Jul 8, 2018

It would be embedded on websites like CoinHive, and webmasters would be paid from the bounties users place on a handshake.

@brannondorsey
Copy link
Owner

I actually have a bit of experience with WPA2 hash cracking. I wrote a tutorial a while ago on the subject, and I've got to say, without GPU acceleration CPU cracking just doesn't compare, even with potentially hundreds of worker nodes. One dream of mine, at least a few months ago, was to implement MD5 hashing with WebAssembly. While that would significantly improve the cracking speed, I think a WebGL accelerated version might actually make your idea feasible. Unfortunately I don't think my SIMD skills are elite enough to implement WPA2 or MD5 hashing via WebGL.

@ghost
Copy link
Author

ghost commented Jul 8, 2018

Your tutorial actually helped me learn what handshakes are... yada yada. I use wifite irl most of the time because it's just easier.

Using a GPU in the browser is probably not very efficient because it would need to be done with floats or shaders. However, this would still massively outperform GPU crackers because of the sole number of users. WebAssembly is fast enough, and remember that not everyone has a dGPU.

I heard compiling to webassembly is as easy as feeding it through some program? Am I wrong?

@ghost
Copy link
Author

ghost commented Jul 8, 2018

I should just compare the numbers on my quadro p6000 vs my cpu.

(redacted contact information due to possible spam)

@brannondorsey
Copy link
Owner

Compiling to WebAssembly is indeed as easy as switching the compiler. The trouble I was having during the ~6 hours that I was working on it was figuring out how to properly share arbitrary length memory to pass strings between JS and WebAssembly. Given another weekend, or a dev with more WebAssembly experience than me, it would no doubt be a simple solution.

I think I may be a bit more pessimistic about the distributed browser CPU vs dedicated GPU hashrates than you. That said, we should do a benchmark and answer the question for real!

@ghost
Copy link
Author

ghost commented Jul 10, 2018

Alright, here are the #'s

Hashcat for WPA2 on GeForce 1080ti (high end consumer gpu) Speed.Dev.#1.....: 576.8 kH/s (49.53ms)

@ghost ghost closed this as completed Jul 10, 2018
@ghost
Copy link
Author

ghost commented Jul 10, 2018

Accidentally misclicked, sorry.

Hashcat on i7-7700K (high end desktop cpu)

Speed.Dev.#2.....: 16406 H/s (61.76ms)

A gpu is around
35.1578690723 times faster

@ghost ghost reopened this Jul 10, 2018
@brannondorsey
Copy link
Owner

Wow, that's actually an order of magnitude closer than I expected. I guess the next question is what's the wasm benchmark for a WPA2 crack.

Funny enough, my home workstation has the same CPU and a GTX 1080 (not Ti).

@ghost
Copy link
Author

ghost commented Jul 12, 2018

It looks already to be reasonably fast. Also remember Google mentioned "near native speeds" for WebAssembly at the I/O conference.

@ghost ghost closed this as completed Feb 2, 2019
This issue was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant