Since Cubination uses Hashcat under the hood, it also provides the same attack modes. Attack modes refer to the different ways of cracking the hashes you provide as the job input.

What attack mode to use depends on the job in question, but first, you need to get a feel for what each of them does. In this section, we'll take a closer look at each of the available modes.

Dictionary Attack

A dictionary attack will try every possible password from given password dictionaries. You can select one or more dictionaries you want to use using the table (1). For each dictionary available, you can see the keyspace signifying the number of passwords which will be used. If you choose multiple dictionaries, the total keyspace of the job is a sum of keyspaces of all selected dictionaries.

You can choose whether to perform dictionary fragmentation on the Cube or leave it to the host machines (2).

It is also possible to select a file with password-mangling rules from the bottom table (3). The number of rules in each file is shown in the count column. The rules enhance the repertoire of passwords, but they also increase the total keyspace of the job. This is because Cubination applies every rule from the rule file to each dictionary password. The total keyspace is calculated as the sum of dictionary keyspaces multiplied by the number of rules in the rule file.

Combination Attack

The combination attack is based on combining passwords from two dictionaries you select as left and right side (1). Each password from the left dictionary is concatenated with every single password from the right dictionary. Such newly created passwords are then used for cracking.

It is also possible to define password-mangling rules for both sides (2). The left and/or right rule will be applied to every password from the respective dictionary before the concatenation mentioned above happens. Unlike in a dictionary attack, with rules in a combination attack, there is only one rule per dictionary and it is always applied, hence the rules do not increase the password keyspace.

Brute Force Attack

The brute-force attack allows the user to define one or more password masks which define how a password may look like. Cubination then tries every possible permutation of characters in each mask.

Password mask

A mask is simply a template defining allowed characters on each position. It may contain either a concrete character, or a substitute symbol for a group of characters – e.g. ?l for lowercase letter, or ?d for digit.

For example, the mask He?l?lo?d represents all passwords between Heaao0 and Hezzo9.

In masks, following basic substitute symbols are allowed:

• ?l or a-z – lowercase Latin letters: abcdefghijklmnopqrstuvwxyz
• ?u or A-Z – uppercase Latin letters: ABCDEFGHIJKLMNOPQRSTUVWXYZ
• ?d or 0-9 – digits: 0123456789
• ?s or special – special ASCII characters including spaces, punctuation, etc.: (space)!"#$%&'()*+,-./:;<=>?@[\]^_`{|}~
• ?h or 0-f – characters representing hexadecimal digits with small letters: 0123456789abcdef
• ?H or 0-F – characters representing hexadecimal digits with big letters: 0123456789ABCDEF
• ?a or a-z,A-Z,0-9,special – any character from ?l, ?u, ?d, ?s
• ?b or ASCII – all ASCII characters starting from 0x00 (0) to 0xFF (255)

You can create a mask by using a mask editor. For crafting masks, you can either use the popup bar with buttons (1) for inserting substitute symbols, or you can enter the mask by yourself in the input field (2) as text. The editor will turn red and show you if there is an error. You can also use multiple masks – if you want to add a new mask, use the Add masks button (3). Click the trash can icon next to the input field to delete that mask.

It is also possible to load masks. In Cubination, you do not have to enter masks manually every time you create a new job. You can have the masks stored in a mask set (.hcmask) file. Using the Load masks button (4), you can choose a mask file, and the masks will be imported automatically. To remove all masks and start over, use the Reset masks button.

Custom character sets

The basic set of substitute symbols can be enhanced by using custom character sets. In the charset table (5), you can select up to four charset files with custom character sets. After adding a charset, a button for it will be available in the popup bar (1) and you will be able to use one or more of the following extra substitute symbols:

• ?1 – custom character set no. 1
• ?2 – custom character set no. 2
• ?3 – custom character set no. 3
• ?4 – custom character set no. 4

Markov chains

For generating passwords, the brute-force attack does not employ the traditional lexicographical order of characters by default (meaning b will be after a, etc.), but uses Markov chains instead. The order of generating password candidates is defined by a probability matrix or matrices in a Markov statistics file (with .hcstat2 extension). For each brute-force attack, Cubination allows you to select the file with Markov statistics that will be used (6).

You can select a mode or disable the use of markov chains to use lexicographical order, if you want. You can also define a threshold (7), which will limit the keyspace of each character set to the number you choose.

Hybrid Attacks

Hybrid attacks combine the dictionary and brute-force approaches. The password candidates are crafted from two parts. One part is taken from a dictionary, just like in a combination attack. The other part is generated from a mask using the brute-force technique. Depending on which parts are made from dictionary and which from a mask, we can distinguish between two types of hybrid attacks:

• Hybrid wordlist + mask – the left part is taken from a dictionary, the right part from a mask
• Hybrid mask + wordlist – the left part is generated from a mask, the right part is taken from a dictionary.

Select one or more dictionaries for the left or right part of the password (1), and a mask for the other part (2). You can define a password-mangling rule for the dictionary as well (3).

PCFG Attack

PCFGs (Probabilistic Context Free Grammars) generate passwords using machine learning magic trained on password sets.

Select a grammar from the list (1) and optionally limit the keyspace below (2). You can select a ruleset (3) to be used on the password candidates. These do not, however, affect the keyspace.

PRINCE Attack

The PRINCE (PRobability INfinite Chained Elements) attack is an advanced combinator attack that uses the PRINCE algorithm to generate password candidates. There are various options that control the generation, such as a password length limit (both ends), element chaining limit or letter case permutation. Apart from the source dictionary, all the other configuration is optional.

To see the jobs list, navigate to the All Jobs page via the main navigation bar. From here, you can also get to the individual jobs' detail views.

The jobs list shows all the jobs currently in the system in a paginated table, and allows you to search and filter them. Jobs can also be hidden from the main listing and are then shown separately.

Search and Filter

Listed Jobs

Jobs satisfying the selected criteria are shown in a table view below the controls. The table is paginated and only shows a selected number of rows at a time. Using some of the shown table headers (1), you can also sort the table by their respective columns.

The table shows the job name, which is also a link to its detailed view, along some of the most useful stats to know at a glance, such as current state and progress.

You can select multiple jobs to make actions using the checkboxes at the start of the rows. At the end of each row, there are quick actions (2) you can use to control the job right from the listing.

From the list, you can also quickly see which jobs are missing required options, such as assigned hosts. This is represented by a warning icon (3) in the status column.

Bins allow you to create your own job lists and add or remove jobs from them at will. This functionality is baked into the navigation bar's Jobs tab.

Bin management

To create, move, edit and delete bins, you need to have the global editing permission. Create a bin using the 'New' button in the Job Bins header. Provide a name and confirm with the tick button or press enter.

Created bins are listed below and can be arranged by dragging the dots icon with the number. This shows how many jobs are contained within the bin.

Adding jobs

To add jobs to a bin, make a selection in any job listing, such as All Jobs or a bin that already has jobs in it. When you select jobs in the table using the checkboxes, The bin icons will change to a plus (or minus for the bin you are in for removing the selected jobs) and allow you to add the selected jobs to any of the bins by clicking on it.

When listing a bin, you can rename or delete it from the top bar. You can also delete bins by pressing the delete key while viewing them.

The job detail view is where you find everything there is to know about a specific job. From its setup to the passwords found, you can see statistics, breakdowns, logs from participating hosts and much more...

Main Info Panel

The main panel shows most of the information on the job setup, current state, progress and more. It is also where you'll find the main controls for starting, stopping and other operations for the job.

The top area where the name is has different colors depending on the current state of the job, so that you can tell what's happening at a glance. Here you can also open the edit dialog, which allows you to change the job's name, description (comment) and reschedule its start and end times.

Attack Info and Hashes

The Details panel varies based on the attack mode used. It shows you how the attack was set up, for example what dictionaries are being used for a dictionary attack. It also shows the hashes being cracked. When a password is found, you'll see it next to its hash. A history of the job status is shown in a timeline along the top, with the option to purge the job (see this as well) and return it to a fresh state.

Hosts and Their Contribution

The Hosts panel shows a table of hosts assigned to the job. At the bottom of the table, you can open the host assignment dialog and make changes. The contribution chart is also shown, breaking down each host's contribution to the job by the amount of passwords tried.

Stat Graphs

Various statistics are aggregated while the job is running. These are then displayed in the form of different kinds of graphs. You can see how the job has progressed in time, for example, or see how the workunits were distributed between different host nodes.

Workunits and Logs

At the bottom of the page is a workunit table. It shows an overview of all the workunits in the job as a bar graphic, with a thorough breakdown in a table below, including complete logs for each workunit's run.

During the lifecycle of a job in the system, it goes through different states. Depending on the current state, the job can be controlled in different ways.

When a job is created, it starts off in a ready state, not doing anything yet. It can be started or modified, and later in the lifecycle, it can be stopped, restarted or, should the need arise, purged.

Starting and Restarting

Jobs that are ready can be started. Jobs that are no longer running, be it after successful finish or in an error state, can be restarted and will run again.

Before a job can start, it has to have hosts assigned. If it doesn't, you will see a warning and a button to assign the hosts instead of the typical job controls.

Stopping and Purging

You can stop a job prematurely or purge (kill) it if there are problems with it. As an example, some jobs may grind to a halt and get stuck in a finishing state. Purging such job will stop all participating hosts from working on it and will return the job to a clean ready state.

Reassigning Hosts

You may want to assign new hosts to a job or remove already assigned ones. This can be helpful when you want to add hosts that joined the system after the job was created, for example.

If you want to change the host assignment, you can do so from the Hosts panel in the detail view. The host assignment dialog updates automatically.

To run multiple jobs in a sequence, you can create a batch queue. This is preferred to starting all the jobs at once, as it helps to distribute the jobs to all hosts in order, instead of trying to distribute parts of all of the jobs simultaneously.

Creating a Batch

Make a selection while listing jobs from any view and select Batch Run from the selection toolbar. The batch preparation dialog will appear.

The selected ready jobs will be shown color coded with a preview of their password amount (and thus probable cracking times distribution) as a graph at the bottom (1). You can reorder them by dragging or use a predefined sorting from the dropdown (2). When ready, provide a name and select Create Batch at the bottom. You will be taken to the bacth detail view.

Batch List and Detail

You can see all your batches in the list accessed via the Batches link in the Jobs tab of the navigation. Detailed view is available, showing the overall progress and the list of jobs.

To control the batches, use the shortcut in the list or open the detail view. Batches can be started and interrupted or resumed. A failed job may interrupt the batch. From the detail view, you can also rename or delete the batch. While editing, you can reorder the job list again.

The Hashes page lists all hashes currently stored in the hash cache. The system stores every hash that was entered, along with their passwords, if they were found.

This is why you can sometimes see the message Hash already in hash cache when entering hashes into a cracking job input. You can still create a job with such hashes, but you may also find them in the cache and skip the cracking altogether.

If a hash doesn't fit the table, it will be truncated with ellipsis. You can see all of it by clicking on it, which will pop up a box with the full hash.

The Cubination installation also comes with a set of preloaded hashes. These function as a default rainbow table.

There are different kinds of assets used by the various attack modes available in Cubination, such as dictionaries, rulesets, and more. Many of these can be managed on their respective pages in Webadmin. You can edit or remove the ones shipping with Cubination, and you can, of course, upload new ones, extending the system's capabilities.

Dictionaries

The Dictionaries page allows you to manage password dictionaries. A dictionary is simply a text file (with a .txt extension) containing different password candidates where each password is stored on a separate line. Dictionaries are used for dictionary attacks, a combination attacks, and hybrid attacks.

Each dictionary can be opened and searched by clicking its name. You can download or delete dictionaries. To add a new dictionary, you can directly upload the text file.

Dictionaries can also be sorted on creation. This will sort the lines by length, which can lead to significant performance boosts when cracking certain hashes, for example a 7zip archive.

PCFGs

PCFGs generate passwords using machine learning magic trained on password sets.

To define a new one, you can upload a zip archive directly or select a dictionary to create it from.

Rulesets

Rules define various modifications of password candidates. Such alterations include replacing and swapping of characters and substrings, password truncation, etc. Cubination uses Hashcat, which uses its own rule engine. Supported rules can be found in the Hashcat docs.

While the combinator and hybrid attacks allow the use of only one rule definition for each part, the dictionary and PCFG attacks can use a ruleset file.

A ruleset file is a text file which can contain one or more password-mangling rules on each line. The rules are all applied to every candidate password in the dictionary, meaning the password count will be a product of the dictionary size and the rule count.

Character Sets

In password masks used within brute-force or hybrid attacks, you can use the substitute symbols ?1 to ?4 for custom characters. The custom user-defined character sets are stored within a charset file with a .txt, .hcchr or .charset extension, which may contain both ASCII and non-ASCII characters.

Charsets can be edited by clicking the Edit button in their detail view.

Masks

Mask files contain a set of masks on separate lines. These can be loaded into a brute force attack when creating a job.

Markov Chains

Markov chains are used in brute borce attacks. They define what characters from a set go after another.

To define a new one, you can upload a hcstat2 file directly or select a dictionary to create it from.

You can set up Webadmin appearance and system behavior on this page.

Use appearance to set your preferred theme. This setting only affects your client web browser.

• Automatic – This uses your system preference if available. macOS, Windows, modern versions of GNOME, and other environments allow you to choose a light or dark theme. Webadmin will react to any changes to this system value.
• Light and Dark – Always uses the selected theme.

Various aspects of Webadmin as well as the system can be tuned in the behavior section.

• Job purge confirmation – Purging a job deletes all progress. To avoid accidental loss of data, turn this on. The purge button now effectively requires you to double-click.
• Verify hash format – When creating a job, your hashes will be verified by the Cubination instance.
• Add new hosts to running jobs – When you connect a new host to the system, it can be assigned to any running job right away. Codename 'Automatically job'.
• Fully benchmark new hosts – Newly connected hosts will go through a full benchmark suite. This takes a while, so the default is to do benchmarks on demand later.

Advanced settings

You can fine-tune your installation using these advanced settings. Be careful, these are hidden for a reason.

There are several permissions your users can be granted via roles. You can add users and roles via the Manage users page.

The permissions are briefly described below.

• Manage users – Allows access to the management page
• Add new job – Allows access to the job creation form
• View all jobs – Allows to view all jobs and batches regardless of individual permissions
• Edit all jobs – Allows to edit all jobs and batches regardless of individual permissions, along with creating and managing job bins
• Operate all jobs – Allows to operate (start, stop, etc.) all jobs and batches regardless of individual permissions
• Add new dictionaries – Allows to upload dictionary files to the Cube

Individual Job Permissions

Each job (and batch, as well) has its owner. This is the user that created the job. The owner always has all permissions on their job, but they can also grant any of the the permissions (view, edit and operate) to individual users in the system.

To do this, open the job's detail view, enter edit mode and select Permissions in the action bar. The Permissions Manager dialog will appear. Here, use the Add User button to pick a user to grant permissions to, and then enable or disable the permissions as you wish. Your changes are saved automatically.

The hosts page lists all hosts currently attached to the system. For now in Cubination, this means your current Cube. You can monitor device utilization and temperatures by clicking on it. You can also see its recently processed workunits and jobs.

The server monitor page shows which system services are running on the Cube and displays resource usage as graphs.

You can view concrete values by hovering over any point on the sparkline. To change the time interval for which data is shown, use the radio buttons at the bottom of the page.

You can export jobs you select from any job listing (via the Add to Export button in the selection toolbar) to a single, portable file. This can then be imported to other Cubination instances or serve as backup. The exports don't carry cracking assets such as dictionaries and PCFG grammars, so you'll need to add those manually before importing. The import interface will inform you if any are missing.