Release v0.14.2

Tech Preview New API

Release 0.14.2 comes with an update to the tech preview of APIv2. Be aware, it is a preview, it contains bugs and it will change; To use it, please see https://github.com/hashtopolis/server/wiki/Installation.

Bugfixes

• Setting maxAgent after creating doesn't update the maxAgents of the taskwrapper. This only causes issues when the maxAgents was set at creation time. #1013

Release v0.14.1

Tech Preview New API

Release 0.14.1 comes with an update to the tech preview of APIv2. Be aware, it is a preview, it contains bugs and it will change; To use it, please see https://github.com/hashtopolis/server/wiki/Installation.

Bugfixes

• Clicking pretask in Supertask create screen now directs correctly to the pretask and not a task with the same id (#945)
• Pretask attackCmd parameter was not checked for maximum length of 256 on creation (#963)
• Creating supertask fails when provided crackerType != pretask.crackerType (#969)
• Searching for hashes and plaintext now also searches non archived hashlists (#974)

New feature

• Number of agents per supertask/taskwrapper can be limited (#769).

Release v0.14.0

Tech Preview New API

Release 0.14.0 comes with a tech preview of APIv2. This is the starting point of the seperating of the frontend and the backend and gives
insight into what the future brings for Hashtopolis. We invite you to test it with the new web-ui and provide us with feedback. Be aware,
it is a preview, it contains bugs and it will change; also it does not contain any permission checking. To use it, please see
https://github.com/hashtopolis/server/wiki/Installation.

Default installation method changed to Dockerimage

With the release 0.14.0 the default installation method changed to Docker. Docker images are now available at https://hub.docker.com/u/hashtopolis

Bugfixes

• Setting 'Salt is in hex' during Hashlist creation will not set the --hex-salt flag (#892)

Release v0.13.1

Bugfixes

• When deleting a supertask that was created from an import, pretasks that were removed from this supertask should also be deleted (issue #865).
• Setting config values to false using the user API now works as intended.
• When using the rulesplit function an internal server error was thrown. (#836)
• Deleting the last Hashlist resulted in an fatal error issue #888.

Enhancements

• Hash.hash is now of type MEDIUMTEXT to avoid issues with longer hashes (e.g. LUKS, issue #851).

Release v0.13.0

Features

• Added monitoring of CPU utilization of agents.
• Cracked hashes for all hashlists can be shown together (caution: only use when having smaller hashlists).
• Allow abort all chunks of a specific access group from the User API.
• Tasks can be set to top priority (to be first in the list) by the User API.
• Supertask runtime can be estimated on the supertask detail page by entering expected attack speeds for hashcat wordlist and bruteforce attacks.
• Number of agents per task can be limited (pull request #764).
• Hashlists can be archived.
• Added hashtype dropdown autocompletion for creating new hashlists (pull request #781).
• Allow agents to register as CPU agents only (feature request #805).

Bugfixes

• Fixed search hash function.
• Fixed possible path traversal vulnerability on filename check.
• Fixed pre-crack import of lists with >1000 lines.
• Fixed availability of cracked hashes link on restrained permissions.
• Fixed access controls for owners of agents.
• Fixed improper updating of superhashlist counts on deletion of hashlists.
• Fixed missing .map files for javascript dependencies.
• Fixed users being able to access tasks with hashlists they would not be allowed to view.
• Fixed users being able to access hashlists they are not allowed to see.
• Adjusted handling to be able to deal with changed mode 22000 output.
• Fixed pagination of hashes on cracks page.
• Time of Zaps inserted is now saved.
• Fixed unable to unassign agent from the task detail screen.
• Fixed speed graph incorrect when status timer is different from servers default.
• Fixed sending two to headers when sending emails (issue #751).
• Fixed access group not being changed on Hashlist detailed screen (issue #765).
• Fixed missing check on permissions for sending notifications (issue #757).
• Fixed unassignable agents are shown as assignable (issue #777).
• Fixed not deleting all references (related to zaps) when deleting hashlist (issue #747).
• Added check for max length of the attack command (issue #668).
• Fixed missing flag isArchived on User API getTask requests (issue #794).

Enhancements

• Cracker version and name are shown on task details.
• Task notes and cracker version are copied.
• Agent activity is also shown on the agent status page.
• Chunks for a task can be all view, instead of only the last 100.
• Allow changing the status interval for created tasks.
• Permissions for managing access groups is separate from the permission to manage users.
• The agent status page shows more detailed information on temperature and usage.
• JQuery updated to v3.6.0.
• Print database connection error in UI theme.
• Agent detail page now has a hide/show button for the config parameters.
• Agents overview page and agent detail page now show counter for repeating devices.
• Increase size of database column for storing agentstats.

Release v0.12.0

Features

• Generic preprocessor integration to allow inclusion of any preprocessor supporting chunking.
• Dark mode added.

Bugfixes

• Fixed increasing the superhashlist cracked count if there are cracks running one of the hashlists alone.
• Fixed hidden superhashlists on task creation page due to filtering.
• Fixed reporting result of health check which resulted in endless loop depending on the used IDs.
• Fixed reporting outdated speed on tasks page when agent is put inactive directly.
• Fixed recalculation of benchmark when changing chunk time.
• Fixed discord notification to work again.
• Fixed missing index structure on speed measurements table.

Enhancements

• Agents can be assigned to tasks via user API.
• Server can be configured to provide 'isComplete' flag on the user API when requesting all tasks.
• Certain agent errors can be whitelisted to be completely ignored (for such who don't affect the running).
• Hashlists can be moved to other Access Groups after creation.
• Health checks can now be deleted.
• API keys can get masked if admin is not assigned to them.
• Agent data for temperature and util are split into separate graphs and have more different colors.
• Files can now be selected for either the cracker task or the preprocessor and are filled in the corresponding field.
• Included new Hashcat modes included in newest beta.
• Adjusted to new format of Hashcat printing cracked WPA hashes.
• Adjusted to PMKID handling of Hashcat.

Release v0.11.0

Bugfixes

• Fixed wrong task speed summation for task overview page.
• Fixed error on hashlist hash retrieval.
• Fixed XSS on hashes view page when printing a hashlist.
• Fixed missing check for blacklisted characters when editing task.
• Fixed issue with creating a preconfigured task from the API.
• Fixed wrong rendering of forms when showing supertasks on hashlist pages.
• Fixed wrong reporting of speed on tasks overview due to cached speeds.
• Fixed wrong search value of tasks list on hashlist details page.
• Fixed missing update of cracked count for superhashlists.
• Fixed listing of hashlists and hashes of lists which should not be accessible by user.

Enhancements

• Temperature and util thresholds for agent status page can be configured.
• User API can provide all cracks for a given task.
• User API provides information if task is complete or not.
• User API can provide all cracks for a given hashlist.
• Support for new Hashcat versions without 32/64-bit naming.

Release v0.10.1

Bugfixes

• Fixed createHashlist API call with wrong brain parameter conversion.
• Fixed createUser API call with wrong amount of parameters.
• Fixed applying supertasks directly from hashlist view.
• Fixed wrong saving of build number if it didn't exist.

Updating

Please read the notes regarding updating for newer Hashtopolis version on the 0.10.0 release: https://hashtopolis.org/thread-41.html

Release v0.10.0

Features

• Integration of Hashcat Brain feature.
• Speed data is kept and can be shown in graphs for tasks.
• Agents can automatically de-register if allowed on the server.
• Agent updates can now automatically be retrieved, based on selected update track.
• Update scripts in the future can be handled differently. Applying updates is easier as there is a build number.

Bugfixes

• Fixed wrong percentage in case of big tasks where percentage was close to 0.
• Rule splitting can only happen if at least two subparts get created afterwards.
• Fixed filesize calculation for temporary files after rule splitting.

Enhancements

• In case of client errors the corresponding chunk now also is saved if available.
• Make more clear naming on rule splitting tasks, rules have an empty line at the end to increase readability.

Additional information about the release can be found in This Post

Release v0.9.0

Features

• The server saves the crackpos for hash founds given by hashcat.
• Trimming of chunks can be disabled so a chunk is always run fully again (or splitted if it is too large).
• Supertasks can now can be created by specifying a base command and iterate over a selection of files to be placed in the command.
• Notes can be added to hashlists.
• Added optional trace logging of actions from the client API to get more information in case of failures.
• Slow hashes are marked, so the client can decide if piping could make sense for this hash type.
• Agents can run health checks to determine if all agents are running correctly.

Bugfixes

• Fixed GPU data graph when having multiple agents.
• Fixed assignment issue with subtasks of supertasks if they were in the same supertask.
• Fixed that cracker types cannot be deleted when there are supertasks using this type.

Enhancements

• Telegram notifications can now completely be configured via server config and also can be used through proxies.
• Peppers of Encryption.class.php and CSRF.class.php were moved out of the files to make updating easier.
• When importing supertasks it can be selected if they should use the optimized flag and which benchmark type should be used.
• Subtasks are only loaded when being viewed to speed up loading of the tasks page.
• Changed type of the hash column to TEXT to make sure to handle all the long hashes. It should not affect speed as long as there is not a multi-million hashlist.
• Preconfigured task attack commands can be edited after creation.
• If needed it can be set that the server should also distribute tasks with priority 0.

Additional information about the release can be found in This Post.