Skip to content

Server Manual

Sein Coray edited this page Aug 1, 2019 · 18 revisions

Get Started

Initial Configuration

Adjust the configuration variables to your need:

  • Agenttimeout How long will agent ask for work if there was none last time. Default: 30
  • Benchtime How long should hashcat benchmark each agent in seconds. Default: 30
  • Chunktime Default chunk time how long should each chunk take to complete in seconds. Default: 600
  • Chunktimeout How long does the chunk need to be inactive, before considered timed out in seconds. Default: 30
  • Fieldseparator Default field separator for data import/export. Default: ":"
  • HashlistAlias Identifier used to tell the client the name and location of the hashlist. Default: #HL#
  • Statustimer How often should agent report its status during cracking in seconds. Default: 5
  • Timefmt Date/time format to display in admin (see PHP function date() for this)

Users

(This section is outdated and needs an update)

User accounts allow you to set user privileges to specific users.

  • View user (1): This users can only see their own account information and Tasks, this includes Task progress and number of cracks. They cannot see plain text password cracks or any other information.
  • Read only user (5): Have the same permissions as lower users (1) plus they can see Hashlists, Superhashlists, Tasks, Chunk Activity and Plain text password cracks.
  • Normal User (20): Have the same permissions as lower users (1,5) plus access to Agent Data, Files, Hashcat Releases. User can Create Tasks, Pre-conf Tasks, Supertasks, Hashlists, and Superhashlists. User cannot create Agents, Hashcat Releases, Modify Agents they do not own, or create other users.
  • Superuser (30): Has read/write on everything except creating other users or modifying user accounts and server config.
  • Admin (50): All hail our dark lord and master!

Pre-configured Tasks

As you might have noticed, you often apply the same kind of attacks against every hashlist you acquire. It would be a waste of time to create tasks every time. That's why Hashtopolis has pre-configured tasks. Pre-configured tasks look like normal tasks but they are not directly attached to any hashlist. Once you upload a new hashlist, you can select which of the pre-configured tasks you want to apply to it. Hashtopolis will then duplicate those tasks for that specific hashlist and execute them in the defined priority.

Features Documentation

Server Configuration

Allows you to set configuration values for your server. You also have a set of DB-cleaning tools in case you get yourself into some inconsistency trouble.

Some important events of users and on the API are logged on the system. This log can be viewed by the admin.

Crackers

Hashtopolis employs distribution mechanism to ensure that every agent will have the correct cracker binary for the associated task. You can define cracker types (e.g. Hashcat) and for every type you can add as many version as you like. Make sure to keep the download URLs of the binaries up-to-date in case they change over time. The URL has to be absolute.

Files

Think of this as a file server. Every word list and rule set needs to be added to this list before you can use it in your tasks. You have three ways of adding files:

  • URL Download The file will be downloaded from the specified URL.
  • HTTP upload The file will be uploaded from your browser. Suitable for smaller files because default server limits are not very generous.
  • Import The file will be moved from directory called 'import' you can create inside the web directory. Suitable for large files, you can copy them via FTP/SSH or locally and then simply import. Because these files will be delivered to every agent who needs them for their current task, you can compress them using 7zip to save bandwidth.

However, you need to keep some basic rules: the file can't be in any subdirectory inside the archive and the algorithm needs to be LZMA (to be specific, it must be extractable by 7z). Every time an agent will download a file ending with .7z, it will first extract it prior to starting the task. You can mark any file as "Secret" using the checkbox in the column with a lock icon. This will allow only trusted agents to download the file. Agents not marked as trusted won't even get such task to begin with.

For a better management the rules and wordlist files are separated. This makes it easier to keep the overview over the available wordlist and rules which are on the server. On the client side it doesn't matter if a file is from the rule or wordlist section.

Pre-conf Tasks

There are three types of tasks in Hashtopolis. Tasks, Supertasks, and Pre-configured Tasks. They are actually the same thing with one difference: While regular tasks NEED to be assigned to a specific hashlist, pre-configured and supertasks do not. Pre-conf task and supertasks can't have any agents assigned or any chunks dispatched. Unlike regular tasks, pre-configured and super tasks can be defined without having any actual hashes in the system.

Once defined, you will be allowed to apply these tasks to every hashlist you upload to Hashtopolis. SuperTasks are groups of pre-conf tasks lets say for example you have 10 pre-conf tasks each brute forcing 1,2,3..10 digits respectively if you have these tasks grouped together in a supertask all 10 tasks can be deployed with a single click.

Tasks can only be added to a supertask if they are first created as a pre-configured task.

New Task

In this form, you can define a new task (it can be pre-configured). Every task needs to have a name, it's REALLY a good idea to keep names organized once you have many of them. The command line entered is not the actual final command line, it will be enriched with more parameters which is the reason you can't use them here (as the form informs you). Also the server config sets a list of blacklisted characters which are not allowed to be used to prevent some command line executions. An example of command line would be: -a 0 #HL# words.txt, provided that you would check words.txt in the table on the right (read below). Finally, Choose an existing hashlist or a pre-configured task.

Following are some tweaking parameters:

The chunk size instructs Hashtopolis, how big chunks should it dispatch to agents, time-wise. This means that more powerful agents will be given larger chunks of key-space compared to less powerful ones, but they should take about the same time. This is achieved by benchmarking the agents prior to giving them chunks.

Next option is the status timer. This defines, how often should an agent report to the server during task cracking. Also you can select which benchmarking type should be used. Generally it's recommended to use the new 'Speed Test' which is also the default selection if set on the config. Only in some cases (big salted lists) it's better to use the 'Runtime Benchmark' type.

The Small Task allows to set that only one agent can be assigned to this task at the same time. This is recommended for tasks which are very small and quickly are finished by a single agent and others don't need to waste time in benchmarking it.

You also can set if a task should only be assigned to cpu only agents for specific reasons.

If you have already uploaded something into Global files, you see another table on the right with every file in the system. If you want to use any of those files for this task, check the box next to the item you wish to use. 7-Zip archives when added will show the file extention as ".???" Hashtopolis does not know the name of the file inside of the archive so you must use the file name inside the archive in the task command line. Example: Wordlist.7z contains the file Wordlist.txt the command line will need to be manualy changed from Wordlist.??? to Wordlist.txt

New Agent

On the top of the page, you see the available Agent applications. There you can download the desired newest Agent on the server. Download one executable on all machines intended for cracking hashes.

Once executed, the agent will ask for registration voucher. That's what is the form on the page for. You can generate as many vouchers as you want. These vouchers are one-time tickets to allow agent registration. Once the registration is successful, the agent will receive a connection token and will never ask for a password unless you delete that token or delete the agent from the administration panel.

Note: on the config page it can be set that vouchers can be used multiple times and don't get automatically deleted.

Agents

Assuming you have your agents registered, you will see them in this list along with lots of useful information:

  • Act This little check box enabled/disables the agent. Should a Hashcat error occur, the agent will be deactivated automatically unless 'Ignore errors' is enabled for it.
  • Machine Name This is the actual machine name.
  • Owner User name of the agent owner.
  • OS A little icon identifying Windows from Linux.
  • Devices A shortened list of detected GPU cards. Hover mouse for full text.
  • Last activity Tells you what, when and from what IP has the agent done last.

Important thing is that agent ID and Name are click-able, which will get you to agent detail page. On this page, you can see all of the information from before plus some more.

  • Extra Parameters Agent Specific command line options (--force, --workload-profile or --gpu-temp-disable)
  • Trust only trusted agents will be allowed to crack tasks with secret hashlist or files
  • Error ignoring the agent will not be deactivated if an error occurs.

Hashlists

A hashlist, as the name suggests, is a list of hashes, even if there should be only one hash in it. In this table you can see all your hashlists, along with information how many hashes there are and how many of them are cracked. You can also see the hash type and you have some options like deleting the hashlist or importing/exporting pre-cracked hashes. These option allows easy synchronizing between multiple Hashtopolis instances or even between off-line Hashcat instances and Hashtopolis.

Be sure to set correct field separator in Server configuration. The hashlist name and ID are clickable and will get you to hashlist detail page. In there, you can see info on the Hashlist list and current tasks cracking against this hashlist. Clicking on most of the hash counts will take you to view the actual hashes there. Enabling Secret option will allow only trusted agents to crack the hashlist. The option 'Generate wordlist' will take all already cracked hashes, strip the $HEX[] format and save the file as a .txt in your Global files.

If you have some tasks pre-configured, you can see them in the list at the bottom. Checking any of them and clicking the 'Create' button will result in duplicating the pre-conf tasks and turning the copies into regular tasks attached to this hashlist. The priority of these new tasks will be sum of the maximum priority of the regular tasks and the priority of their pre-conf originals.

New Hashlist

Again, every hashlist needs to have a name (this one here is mandatory, it won't be generated if omitted). Hashlist format specifies whether the hashlist is a text file with many hashes, HCCAPX file with network captures or binary hashlist (used for TrueCrypt 512B headers but not limited to that size).

Below you have an option to select where to get the hashes from. You are already familiar with Upload, Import and URL download from Global files section. The only remaining is the Paste, which will simply show text box allowing you to copy-paste hashes in there.

Please note that creating text-based hashlists takes some time. For multi-million hashes, that will go into minutes and that's on well configured MySQL server and sorted list. If you mis-configure your MySQL server, you might as well end up waiting several hours. This is a MySQL limitation and there is really nothing we can do about it, unless optimizing as good as possible.

New Superhashlist

Sometimes you find yourself in a situation where you have multiple hashlists of the same hash type. Naturally, the fastest way is to merge them as one and crack all at once. But what if they are from different sources and the results should never be mixed?

The superhashlist is the feature to solve this problem. Once you have created some hashlists, you can create a superhashlist over them and use it as a regular hashlist in your tasks. However, the cracks will be kept in the original hashlists, so you will see exactly which plain text belongs where. Should one hash be contained in more hashlists, it will be cracked in all of them at once.

However, if any of the contained hashlists is marked as secret, hashes from this hashlist will not be given to untrusted agents to crack. Should the superhashlist itself be marked as secret, no task cracking this superhashlist will be given to untrusted agent in the first place.

Tasks

Let's assume you have created a hashlist and either assigned a bunch of pre-conf tasks to it or simply created new tasks from scratch, just for this hashlist. You can see them in this list. The information shown to you are:

  • Name Name of the task that you specified or that was generated (hover mouse to get task command line pop-up).
  • Hashlist Name of the (super)hashlist the task is cracking.
  • Chunks Number of dispatched chunks and how long they are configured to take.
  • Dispatched How much of keyspace was cut into existing chunks.
  • Searched How much of keyspace was actually searched in these chunks.
  • Cracked How many hashes were cracked in this task. If clicked, will take you to the actual list of those hashes.
  • Agents Number of agents currently assigned to this task.
  • Files Number of global files attached to this task.
  • Priority Here you can see or change the priority of each task. Tasks with the highest priority are cracked first. If you have an agent assigned to a task and you prioritize a new task over the current one, as soon as the agents will finish their current chunk, they will move to the new task. To make it simple, every time an agent asks for new chunk, it will be directed to the most prioritized task. A lock icon in any column marks secret data.
  • Action As in every page, an option to delete the task.

Clicking on task name will take you to task detail, which is one of the most important screens in the system. You can see all the information about the task from the task list plus estimated and spent time, and current cracking speed. You can also see the full command line. Notice that some options are changeable - you can redefine chunk size and after you do that, all agents' benchmarks will be recalculated to match it.

Under the main table is a visual representation of a task. This picture shows the exact chunk spread thoughout the keyspace including if anything was cracked in each chunk (green filling) or if there were any problems and the chunk was trimmed (red border). Below is the list of attached files (click able to detail in Global files section).

The table under it shows information about agents assigned to this task:

  • Name Name of agent that will link you to agent detail.
  • Benchmark This affects how big a chunk will be for this agent. Keep in mind that there are two different types of benchmarking results. Feel free to modify this value as high performance systems require larger chunks to fully utilize all the GPU power, but know first what you're doing there.
  • Speed Current cracking speed (only on active agents).
  • Key space searched What part of the total key space has the agent searched.
  • Time spent Also good way to reward your agents, this shows how much actual time has the agent spent on this task.
  • Cracked A simple number showing how many hashes has the agent cracked.
  • Last activity Tells you exactly when was agent's last activity on this tasks.
  • Action Lets you unassign the agent from this task. Keep in mind that if it's the highest priority task, the agent will return to it just after finishing its chunk.
  • Show All Assignments is an option that allows you to see stats on a task without clients currently assigned. If a client spent time assigned to the task its data should be seen such as key space searched and time spent.

Chunk Activity

Last and also very informative table shows the actual chunks that were dispatched in this task. You see numerous values there:

  • Start Where exactly in the keyspace this chunk starts.
  • Length How long the chunk is, key space-wise.
  • Checkpoint If the agent crashed, set where it would the chunk have to be restarted.
  • Progress Real progress in that chunk, regardless of checkpoint.
  • Agent Self-explanatory.
  • Dispatch time When the task was given to the agent.

A good place to monitor overall cracking activity.

Hashtypes

Hashcat gets constantly developed and often new hashtypes get added. To be flexible Hashtopolis provides the possibility for the server admin to add new Hashcat algorithms. Even if you use a customized Hashcat with some special algorithm. To add a new type you just need to add the -m number of Hashcat and the name of it.

Salted says if a hash of this algorithm has a separate hash value (e.g. vBulletin), but this does not include algorithms which have the salt included in the full hash (e.g. bcrypt). This is a feature to help that when this algorithm is selected on hashlist import, the salted checkbox gets ticked automatically.

Groups

Every user and agent can be assigned to one or more groups which denote to which tasks and hashlists he should have access to. The server admin easily can add existing users and agents to groups on the group page. All created users and registered agents automatically get assigned to the default group on creation.

When a new hashlist is created, the creator can select from the groups he is member of, to which the hashlist should belong. All tasks which are created on this hashlist then are also member of this group. Only agents which are member of the according group will get such tasks assigned and are allowed to work on it.