Home

Awesome

WebHashcat

Hashcat web interface

WebHashcat is a very simple but efficient web interface for hashcat password cracking tool. It hash the following features:

Currently WebHashcat supports rule-based and mask-based attack mode

This project is composed of 2 parts:

WebHashcat Usage

Adding rules, masks and wordlists to webhashcat

Go to the Hashcat > Files page, than simply use the upload button to add new files. Note that uploaded files are added to webhashcat but not deployed to nodes yet.

<p align="center"><img src="./screenshots/webhashcat_files.png" alt="Rules/Masks/Wordlists"></p>

Registering a node

The nodes can be simply added and removed on the Node page, you only need to define the ip, port, username and password (as defined in the hashcatnode configuration script).

<p align="center"><img src="./screenshots/webhashcat_node_list.png" alt="Node list"></p>

Once a node is registered, click on the node and hit the synchronise button on the top. Rules, Masks and Wordlists should now be uploaded to the node (all files should be green).

<p align="center"><img src="./screenshots/webhashcat_node.png" alt="Node"></p>

Adding a hashfile

In the hashcat page, simply hit the bottom "add" button to upload a new hashfile, after comparing the new hashfile to the centralised potfile (can take a few minutes with huge hashfiles), your hashfile should appear in the list.

Creating a cracking session

Simply hit the "+" button on the left of the hashfile, then select the desired cracking method. Note that sessions aren't started automatically, you will need to use the "play" button to start them.

<p align="center"><img src="./screenshots/webhashcat_hashfile_list.png" alt="Hashfile list"></p>

If you set the cron to 5 minutes, the central potfile will be updated every 5 minutes with newly cracked hashes.

Simply click on the hashfile to view the results, it can take few seconds on huge hashfiles. Note that you can also download the results on both the hashfile list and hashfile views.

<p align="center"><img src="./screenshots/webhashcat_hashfile.png" alt="Hashfile details"></p>

Search for ŝpecific patterns in usernames

Using this functionality you can easily search from client's email addresses in leaks uploaded in webhashcat. Simply provide a string you want to look for in the username and select in which hashfiles you want to look for it. Once the research in the database is done, you should be able to download the results. If you add a new hashfile afterwards, you can simply click on the 'reload' button and WebHashcat will search again in the whole database.

<p align="center"><img src="./screenshots/webhashcat_searches.png" alt="Hashfile details"></p>

Install

HashcatNode

Using docker

If you are using docker on Windows (or WSL), change the Dockerfile:

FROM dizcza/docker-hashcat:latest
# to:
FROM dizcza/docker-hashcat:cuda

First install nvidia-docker:

curl -s -L https://nvidia.github.io/nvidia-docker/gpgkey | sudo apt-key add -
distribution=$(. /etc/os-release;echo $ID$VERSION_ID)
curl -s -L https://nvidia.github.io/nvidia-docker/$distribution/nvidia-docker.list | sudo tee /etc/apt/sources.list.d/nvidia-docker.list
sudo apt-get update
sudo apt-get install -y nvidia-docker2
sudo pkill -SIGHUP dockerd

Then, run the following docker command:

docker-compose up -d --build

The default credentials are: test:test

Change them by editing the docker-compose.yml config file

Manual install

HashcatNode can be run on both Windows and Python

Windows limitation: Only one cracking session can be running/paused at a time

Install the pip packages:

pip3 install -r requirements.txt

If you are running it on Windows, install also the pywin32 package

pip3 install pywin32

Rename the settings.ini.sample file to settings.ini and fill the parameters accordingly.

The rules, mask and wordlist directory must be writable by the user running hashcatnode

the hashcatnode can be run simply by running ./hashcatnode.py

./create_database.py
openssl req -x509 -newkey rsa:4096 -keyout server.key -out server.crt -days 365 -nodes
python3 hashcatnode.py
Dependencies

WebHashcat

Using docker

docker-compose >= 2.29 is required, you can install it using the following guide: https://www.digitalocean.com/community/tutorials/how-to-install-and-use-docker-compose-on-ubuntu-20-04

Then, run the following command:

docker-compose up -d --build

WebHashcat should be available on port 8000

Manual install

Installing Packages

Install the following packages:

apt install mysql-server
apt install libmysqlclient-dev
apt install redis
apt install supervisor

Install the pip packages:

pip3 install -r requirements.txt
Creating the database

Create the database using the following command to ensure you can insert utf8 usernames/passwords

mysql> CREATE DATABASE webhashcat CHARACTER SET utf8;
mysql> CREATE USER webhashcat IDENTIFIED BY '<insert_password_here>';
mysql> GRANT ALL PRIVILEGES ON webhashcat.* TO 'webhashcat';
Configuration

WebHashcat is a django application using mysql database, its installation is done this way:

from django.utils.crypto import get_random_string

chars = 'abcdefghijklmnopqrstuvwxyz0123456789!@#$%^&*(-_=+)'
get_random_string(50, chars)
./manage.py makemigrations
./manage.py migrate
./manage.py createsuperuser
Setting up the web server
./manage.py runserver
Setting up supervisor

Supervisor is the deamon which is responsible of heavy background tasks such as pulling latest results from the nodes or importing hashfiles.

Dependencies

Operating System improvements

If you are willing to process more than 10M hashes, I recommend you to apply the following mofication to your system: