Hashcat
De Linuxmemo.
[modifier] Install
git clone https://github.com/hashcat/hashcat.git git submodule init git submodule update make (make install)
[modifier] Utilisation
Windows hash format:
3000 | LM | Operating-Systems 1000 | NTLM | Operating-Systems
- Exemples:
./hashcat -t 32 -a 7 example0.hash ?a?a?a?a example.dict ./hashcat -m 1000 -t 32 -a 3 -i --increment-min=3 --increment-max=8 example0.hash ?a?a?a?a?a?a?a?a
-t, --markov-threshold | Num | Threshold X when to stop accepting new markov-chains
-a Attack Modes # | Mode ===+====== 0 | Straight 1 | Combination 3 | Brute-force 6 | Hybrid Wordlist + Mask 7 | Hybrid Mask + Wordlist
Wordlist | $P$ | hashcat -a 0 -m 400 example400.hash example.dict Wordlist + Rules | MD5 | hashcat -a 0 -m 0 example0.hash example.dict -r rules/best64.rule Brute-Force | MD5 | hashcat -a 3 -m 0 example0.hash ?a?a?a?a?a?a Combinator | MD5 | hashcat -a 1 -m 0 example0.hash example.dict example.dict
- Masks
For each position of the generated password candidates we need to configure a placeholder. If a password we want to crack has the length 8, our mask must consist of 8 placeholders.
A mask is a simple string that configures the keyspace of the password candidate engine using placeholders. A placeholder can be either a custom charset variable, a built-in charset variable or a static letter. A variable is indicated by the ? letter followed by one of the built-in charset (l, u, d, s, a) or one of the custom charset variable names (1, 2, 3, 4). A static letter is not indicated by a letter. An exception is if we want the static letter ? itself, which must be written as ??.
Built-in charsets
?l = abcdefghijklmnopqrstuvwxyz ?u = ABCDEFGHIJKLMNOPQRSTUVWXYZ ?d = 0123456789 ?s = «space»!"#$%&'()*+,-./:;<=>?@[\]^_`{|}~ ?a = ?l?u?d?s ?b = 0x00 - 0xff
Note: if you do not specify any mask while performing a mask attack (-a 3), then the following default mask is used: ?1?2?2?2?2?2?2?3?3?3?3?d?d?d?d