feat: add remote hashcat backend support#340
Closed
l50 wants to merge 1 commit into
Closed
Conversation
**Added:** - Remote hashcat client backend that submits wordlist attack jobs to a crackd-compatible HTTP service when HASHCAT_SERVICE_URL and HASHCAT_TOKEN are configured, polls job status with timeout handling, and retrieves cracked potfile results - ares-tools/src/cracker/remote.rs **Changed:** - Hashcat cracking flow to delegate to the remote backend before local execution when a service URL is configured, preserving local hashcat behavior otherwise - ares-tools/src/cracker.rs
Codecov Report❌ Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #340 +/- ##
==========================================
- Coverage 80.03% 79.97% -0.07%
==========================================
Files 433 434 +1
Lines 125577 125682 +105
==========================================
+ Hits 100500 100508 +8
- Misses 25077 25174 +97
🚀 New features to boost your workflow:
|
Contributor
Author
|
Closing — re-opening through the standard fabric_pr workflow. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds an optional HTTP backend to the cracker tool. When the cracker agent has
HASHCAT_SERVICE_URL(andHASHCAT_TOKEN) in its environment,crack_with_hashcatdelegates to that service instead of spawning hashcat locally.Use case: the cluster nodes have no GPU, but a separate machine on the LAN (e.g. an Apple Silicon Mac, a dedicated cracking box) is reachable and exposes a small
/jobsAPI. The cracker agent becomes a thin client — no local hashcat binary, no GPU, no wordlist directory required.When neither env var is set, behavior is unchanged.
Service contract
POST /jobswithAuthorization: Bearer <token>and JSON{hash_mode, attack_mode, hashes, wordlist?, mask?}returns{job_id, status}.GET /jobs/{id}returns{status, log_tail?, error?}where status is one ofstarting | running | done | error.GET /jobs/{id}/potfilereturns{cracked: ["<hash>:<plaintext>", ...]}.Scope
Remote mode covers wordlist attack (
-a 0) against a single wordlist by basename only (the service owns its wordlist dir). Rules-based attacks and dynamic username-derived wordlists stay local-only — they depend on filesystem state that doesn't transfer to a remote service.hashcat_modeis auto-detected from the hash prefix the same way as the local path (Kerberoasting / AS-REP / NTLM defaults), and an explicithashcat_modearg still overrides.Test plan
cargo build --package ares-tools(passes)cargo clippy --package ares-tools(clean)cargo test --package ares-tools(passes via pre-commit)HASHCAT_SERVICE_URLset against a known-good service, submit acrack_with_hashcattask via the orchestrator, confirm result returns and includes the cracked plaintext.