Skip to content

Server Manual

Jump to bottom
Sein Coray edited this page Feb 20, 2017 · 18 revisions

TODO: write somehwere a bit about the blacklist feature

TODO: write about how to update the agent binary

Get Started

Initial Configuration

Adjust the configuration variables to your need:

  • Agenttimeout How long will agent ask for work if there was none last time. Default: 30
  • Benchtime How long should hashcat benchmark each agent in seconds. Default: 30
  • Chunktime Default chunk time how long should each chunk take to complete in seconds. Default: 600
  • Chunktimeout How long does the chunk need to be inactive, before considered timed out in seconds. Default: 30
  • Fieldseparator Default field separator for data import/export. Default: ":"
  • HashlistAlias Identifier used to tell the client the name and location of the hashlist. Default: #HL#
  • Statustimer How often should agent report its status during cracking in seconds. Default: 5
  • Timefmt Date/time format to display in admin (see PHP function date() for this)

Users

One of the largest differences between Hashtopus and Hashtopussy are user accounts. These accounts allow you to set user privileges to specific users.

  • View user (1): This users can only see their own account information and Tasks, this includes Task progress and number of cracks. They cannot see plain text password cracks or any other information.
  • Read only user (5): Have the same permissions as lower users (1) plus they can see Hashlists, Superhashlists, Tasks, Chunk Activity and Plain text password cracks.
  • Normal User (20): Have the same permissions as lower users (1,5) plus access to Agent Data, Files, Hashcat Releases. User can Create Tasks, Pre-conf Tasks, Supertasks, Hashlists, and Superhashlists. User cannot create Agents, Hashcat Releases, Modify Agents they do not own, or create other users.
  • Superuser (30): Has read/write on everything except creating other users or modifying user accounts and server config.
  • Admin (50): All hail our dark lord and master!

Pre-configured Tasks

As you might have noticed, you often apply the same kind of attacks against every hashlist you acquire . It would be a waste of time to create tasks every time. That's why Hashtopussy has Pre-configured tasks Pre-configured tasks look like normal tasks but they are not directly attached to any hashlist. Once you upload a new hashlist, you can select which of the Pre-configured tasks you want to apply to it. Hashtopussy will then duplicate those tasks for that specific hashlist and execute them in the defined priority.

Features Documentation

Server Configuration

Allows you to set configuration values for your server. TODO: Describe some of the configuration values here. You also have a set of DB-cleaning tools in case you get yourself into some inconsistency trouble.

TODO: write something about the new Logging feature here

Hashcat Releases

Hashtopussy employs distribution mechanism to ensure that every agent will have the newest possible Hashcat release. This section contains list of defined Hashcat releases. The installation SQL script comes with a pre-configured release pointing to the current version at the time of release, but as newer versions will be released, you will need to add them to your releases.
Root directory is simply the name of the Root directory inside the archive. If a release is still used by some agent, you won't be allowed to delete it.

New Release

As the name suggests, this is the place to define new Hashcat releases. Every time you open this form, it will be pre-filled by the data of the last release. The URL has to be absolute. All files are separated by a new line.

Files

Think of this as a file server. Every word list and rule set needs to be added to this list before you can use it in your tasks. You have three ways of adding files:

  • URL Download The file will be downloaded from the specified URL.
  • HTTP upload The file will be uploaded from your browser. Suitable for smaller files because default server limits are not very generous.
  • Import The file will be moved from directory called 'import' you can create inside the web directory. Suitable for large files, you can copy them via FTP/SSH or locally and then simply import. Because these files will be delivered to every agent who needs them for their current task, you can compress them using 7zip to save bandwidth.

However, you need to keep some basic rules: the file can't be in any subdirectory inside the archive and the algorithm needs to be LZMA (to be specific, it must be extractable by 7z). Every time an agent will download a file ending with .7z, it will first extract it prior to starting the task. You can mark any file as "Secret" using the checkbox in the column with a lock icon. This will allow only trusted agents to download the file. Agents not marked as trusted won't even get such task to begin with.

For a better management the rules and wordlist files are separated. This makes it easier to keep the overview over the available wordlist and rules which are on the server. On the client side it doesn't matter if a file is from the rule or wordlist section.

Pre-conf Tasks

There are three types of tasks in Hashtopussy. Tasks, Supertasks, and Pre-configured Tasks. They are actually the same thing with one difference: While regular tasks NEED to be assigned to a specific hashlist, pre-configured and supertasks do not. Pre-conf task and supertasks can't have any agents assigned or any chunks dispatched. Unlike regular tasks, pre-configured and super tasks can be defined without having any actual hashes in the system.

Once defined, you will be allowed to apply these tasks to every hashlist you upload to Hashtopussy. SuperTasks are groups of pre-conf tasks lets say for example you have 10 pre-conf tasks each brute forcing 1,2,3..10 digits respectively if you have these tasks grouped together in a supertask all 10 tasks can be deployed with a single click.

Tasks can only be added to a supertask if they are first created as a pre-configured task.

New Task

In this form, you can define a new task (it can be pre-configured). Every task needs to have a name, it's REALLY a good idea to keep names organized once you have many of them. The command line entered is not the actual final command line, it will be enriched with more parameters which is the reason you can't use them here (as the form informs you). An example of command line would be: -a 0 #HL# words.txt, provided that you would check words.txt in the table on the right (read below). Choose an existing hashlist or a pre-configured task.

Following are some tweaking parameters:

The chunk size instructs Hashtopussy, how big chunks should it dispatch to agents, time-wise. This means that more powerful agents will be given larger chunks of key-space compared to less powerful ones, but they should take about the same time. This is achieved by benchmarking the agents prior to giving them chunks.

Next option is the status timer. This defines, how often should an agent report to the server during task cracking. Also you can select which benchmarking type should be used. Generally it's recommended to use the new 'Speed Test' which is also the default selection. Only in some cases (big salted lists) it's better to use the 'Runtime Benchmark' type.

If you have already uploaded something into Global files, you see another table on the right with every file in the system. If you want to use any of those files for this task, check the box next to the item you wish to use. 7-Zip archives when added will show the file extention as ".???" Hashtopussy does not know the name of the file inside of the archive so you must use the file name inside the archive in the task command line. Example: Wordlist.7z contains the file Wordlist.txt the command line will need to be manualy changed from Wordlist.??? to Wordlist.txt

New Agent

On the top of the page, you see the available Agent applications. There you can download the desired newest Agent on the server. Download one executable on all machines intended for cracking hashes.

Once executed, the agent will ask for registration voucher. That's what is the form on the page for. You can generate as many vouchers as you want. These vouchers are one-time tickets to allow agent registration. Once the registration is successful, the agent will receive a connection token and will never ask for a password unless you delete that token or delete the agent from the administration panel.

Agents

Assuming you have your agents registered, you will see them in this list along with lots of useful information:

  • Act This little check box enabled/disables the agent. Should a Hashcat error occur, the agent will be deactivated automatically unless 'Ignore errors' is enabled for it.
  • Machine Name This is the actual machine name.
  • Owner User name of the agent owner.
  • OS A little icon identifying Windows from Linux.
  • GPUs A shortened list of detected GPU cards. Hover mouse for full text.
  • Hashcat If not empty, tells you what release of hashcat the agent has downloaded.
  • Last activity Tells you what, when and from what IP has the agent done last.
  • Assignment Shows you and lets you change agent's current assignment.

Important thing is that agent ID and Name are click-able, which will get you to agent detail page. On this page, you can see all of the information from before plus some more.

  • GPU Platform Set GPU platform (Nvidia, AMD) as well as CPU only agents.
  • Extra Parameters Agent Specific command line options (--force, --workload-profile or --gpu-temp-disable)
  • Trust only trusted agents will be allowed to crack tasks with secret hashlist or files
  • Error ignoring the agent will not be deactivated if an error occurs.

Hashlists

A hashlist, as the name suggests, is a list of hashes, even if there should be only one hash in it. In this table you can see all your hashlists, along with information how many hashes there are and how many of them are cracked. You can also see the hash type and you have some options like deleting the hashlist or importing/exporting pre-cracked hashes. These option allows easy synchronizing between multiple Hashtopussy instances or even between off-line Hashcat instances and Hashtopussy.

Be sure to set correct field separator in Server configuration. The hashlist name and ID are clickable and will get you to hashlist detail page. In there, you can see info on the Hashlist list and current tasks cracking against this hashlist. Clicking on most of the hash counts will take you to view the actual hashes there. Enabling Secret option will allow only trusted agents to crack the hashlist. The option 'Generate wordlist' will take all already cracked hashes, strip the $HEX[] format and save the file as a .txt in your Global files.

If you have some tasks pre-configured, you can see them in the list at the bottom. Checking any of them and clicking the 'Create' button will result in duplicating the pre-conf tasks and turning the copies into regular tasks attached to this hashlist. The priority of these new tasks will be sum of the maximum priority of the regular tasks and the priority of their pre-conf originals.

New Hashlist

Again, every hashlist needs to have a name (this one here is mandatory, it won't be generated if omitted). Hashlist format specifies whether the hashlist is a text file with many hashes, HCCAPX file with network captures or binary hashlist (used for TrueCrypt 512B headers but not limited to that size).

Below you have an option to select where to get the hashes from. You are already familiar with Upload, Import and URL download from Global files section. The only remaining is the Paste, which will simply show text box allowing you to copy-paste hashes in there.

Please note that creating text-based hashlists takes some time. For multi-million hashes, that will go into minutes and that's on well configured MySQL server and sorted list. If you miss-configure your MySQL server and don't sort your hashlist (that's really a MUST), you might as well end up waiting several hours. This is a MySQL limitation and there is really nothing we can do about it, unless optimizing as good as possible.

New Superhashlist

Sometimes you find yourself in a situation where you have multiple hashlists of the same hash type. Naturally, the fastest way is to merge them as one and crack all at once. But what if they are from different sources and the results should never be mixed?

The superhashlist is the feature to solve this problem. Once you have created some hashlists, you can create a superhashlist over them and use it as a regular hashlist in your tasks. However, the cracks will be kept in the original hashlists, so you will see exactly which plain text belongs where. Should one hash be contained in more hashlists, it will be cracked in all of them at once.

However, if any of the contained hashlists is marked as secret, hashes from this hashlist will not be given to untrusted agents to crack. Should the superhashlist itself be marked as secret, no task cracking this superhashlist will be given to untrusted agent in the first place.

Tasks

Let's assume you have created a hashlist and either assigned a bunch of pre-conf tasks to it or simply created new tasks from scratch, just for this hashlist. You can see them in this list. The information shown to you are:

  • Name Name of the task that you specified or that was generated (hover mouse to get task command line pop-up).
  • Hashlist Name of the (super)hashlist the task is cracking.
  • Chunks Number of dispatched chunks and how long they are configured to take.
  • Dispatched How much of keyspace was cut into existing chunks.
  • Searched How much of keyspace was actually searched in these chunks.
  • Cracked How many hashes were cracked in this task. If clicked, will take you to the actual list of those hashes.
  • Agents Number of agents currently assigned to this task.
  • Files Number of global files attached to this task.
  • Priority Here you can see or change the priority of each task. Tasks with the highest priority are cracked first. If you have an agent assigned to a task and you prioritize a new task over the current one, as soon as the agents will finish their current chunk, they will move to the new task. To make it simple, every time an agent asks for new chunk, it will be directed to the most prioritized task. A lock icon in any column marks secret data.
  • Action As in every page, an option to delete the task.

Clicking on task name will take you to task detail, which is one of the most important screens in the system. You can see all the information about the task from the task list plus estimated and spent time, and current cracking speed. You can also see the full command line. Notice that some options are changeable - you can redefine chunk size and after you do that, all agents' benchmarks will be recalculated to match it.

Under the main table is a visual representation of a task. This picture shows the exact chunk spread thoughout the keyspace including if anything was cracked in each chunk (green filling) or if there were any problems and the chunk was trimmed (red border). Below is the list of attached files (click able to detail in Global files section).

The table under it shows information about agents assigned to this task:

  • Name Name of agent that will link you to agent detail.
  • Benchmark This affects how big a chunk will be for this agent. Keep in mind that there are two different types of benchmarking results. Feel free to modify this value as high performance systems require larger chunks to fully utilize all the GPU power, but know first what you're doing there.
  • Speed Current cracking speed (only on active agents).
  • Key space searched What part of the total key space has the agent searched.
  • Time spent Also good way to reward your agents, this shows how much actual time has the agent spent on this task.
  • Cracked A simple number showing how many hashes has the agent cracked.
  • Last activity Tells you exactly when was agent's last activity on this tasks.
  • Action Lets you unassign the agent from this task. Keep in mind that if it's the highest priority task, the agent will return to it just after finishing its chunk.
  • Show All Assignments is an option that allows you to see stats on a task without clients currently assigned. If a client spent time assigned to the task its data should be seen such as key space searched and time spent.

Chunk Activity

Last and also very informative table shows the actual chunks that were dispatched in this task. You see numerous values there:

  • Start Where exactly in the keyspace this chunk starts.
  • Length How long the chunk is, key space-wise.
  • Checkpoint If the agent crashed, set where it would the chunk have to be restarted.
  • Progress Real progress in that chunk, regardless of checkpoint.
  • Agent Self-explanatory.
  • Dispatch time When the task was given to the agent.

A good place to monitor overall cracking activity.

Hashtypes

Hashcat gets constantly developed and often new hashtypes get added. To be flexible Hashtopussy provides the possibility for the server admin to add new Hashcat algorithms. Even if you use a customized Hashcat with some special algorithm. To add a new type you just need to add the -m number of Hashcat and the name of it.

Salted says if a hash of this algorithm has a separate hash value (e.g. vBulletin), but this does not include algorithms which have the salt included in the full hash (e.g. bcrypt). This is a feature to help that when this algorithm is selected on hashlist import, the salted checkbox gets ticked automatically.

Home

News

Project Update

Server

Installation

Setup

Upgrading

Configuration

Getting Started

Server Manual

Notifications

Trust or Secret Status

Usage

Task Creation Guidelines

Registration

Reports

Client

Client Prerequisites and Installation

Legacy Client Info

Development

Setup Development environment

Release steps

UI Design

API Design

Troubleshooting

Frequent Problems

Clone this wiki locally