.NET Membership audit

In previous article we’ve got through the setup and prepared a hash list for us to work on. And it’s perfectly valid for running through a smaller list of words and hashes (anything smaller than Rockyou dictionary is fine). However, for serious jobs…

Hashcat alone is not going to cut it

By serious jobs we mean anything that takes orders of magnitude of months of GPU time on at least a couple of nodes. Yes, you can run Hashcat on one node, and save session between node reboots. Just make sure to back it up every now and then as it’s very easy to accidentally overwrite! Alternatively you can run multiple nodes and split jobs by calculating [cci]–skip[/cci] factor yourself. But soon you’d reach a point when managing it becomes too mundane. It doesn’t have to be, however.

Ladies and gentlemen, I give you Hashtopolis

Everything has been taken care of for us: managing lists, dictionaries, jobs and workers. All packaged up in a nice Bootstrap UI that even offers cracked password reports out of the box. And if you don’t want to bother setting up LAMP stack yourself…

There’s a Docker image for that

There’s a few to choose from, we’ve been quite happy with this one.
[cc lang=”yaml”]version: ‘3.6’
image: sizmek/mariadb:10.1.20
– db_data:/var/lib/mysql
MYSQL_ROOT_PASSWORD: “whatever you’ve set up”
image: phpmyadmin/phpmyadmin
– 8080:80
PMA_HOST: “mysql”
image: kpeiruza/hashtopolis
– 80:80
MYSQL_HOST: “mysql”
MYSQL_ROOT_PASSWORD: “whatever you’ve set up”
H8_USER: “admin”
H8_PASS: “your password of choice”
– ./php.ini:/etc/php/7.0/php.ini:ro #a bit of a gotcha here. Big dictionaries and hashlists require bigger PHP file upload limits. if you’re fine with stock standard you won’t need this
– hashtopolis_import:/var/www/html/import
– hashtopolis_upload:/var/www/html/files

Setting up agents is a bit more pain though

With current level of GPU support in Docker we can’t really run these for seious work. Luckily for us Hashtopolis comes with a choice of agents that should be suiable for most platforms. Given we reside in Windows world we went with C# agent. Set up is pretty simple:

  1. Generate secret token on server
  2. Fire up agent, let it know server URL
  3. Feed the secret token to agent when requested and that’s it