Tuesday, January 22, 2013

Hashcat - Advanced password recovery

Hashcat is an advanced tool for password recovery.
You can download hashcat from here
Hashcat support 6 attack-modes:
-0=Straight
-1=Combination
-2=Toggle-case
-3=Brute-force
-4=Permutation
-5=Table-lookup
Hashcat support a lot of algorithms like MD5, SHA1, MySQL, Phpass, MD4, SHA256, SHA512, OS X, vBullettin.
Hashcat work on all linux distro, windows and mac os x
Syntax : hashcat [options] hashfile [mask|wordfiles|directories]
-m : Hash-type, see references below
-a : Attack-mode
-o : Output file
-n : Number of threads
--pw-min=NUM Password-length minimum
--pw-max=NUM Password-length maximum
--custom-charset1=CS User-defined charsets
Charset :
-?l = abcdefghijklmnopqrstuvwxyz
-?u = ABCDEFGHIJKLMNOPQRSTUVWXYZ
-?d = 0123456789
-?s = !"#$%&'()*+,-./:;<=>?@[\]^_`{|}~
-?a = ?l?u?d?s
-?h = 8 bit characters from 0xc0 - 0xff
-?D = 8 bit characters from german alphabet
-?F = 8 bit characters from french alphabet
-?R = 8 bit characters from russian alphabet
For more info type : hashcat -h

Hash type :
0 = MD5
10 = md5($pass.$salt)
20 = md5($salt.$pass)
50 = HMAC-MD5 (key = $pass)
60 = HMAC-MD5 (key = $salt)
100 = SHA1
110 = sha1($pass.$salt)
120 = sha1($salt.$pass)
150 = HMAC-SHA1 (key = $pass)
160 = HMAC-SHA1 (key = $salt)
200 = MySQL
300 = MySQL4.1/MySQL5
400 = phpass, MD5(Wordpress), MD5(phpBB3)
500 = md5crypt, MD5(Unix), FreeBSD MD5, Cisco-IOS MD5
800 = SHA-1(Django)
900 = MD4
1000 = NTLM
1100 = Domain Cached Credentials, mscash
1400 = SHA256
1410 = sha256($pass.$salt)
1420 = sha256($salt.$pass)
1450 = HMAC-SHA256 (key = $pass)
1460 = HMAC-SHA256 (key = $salt)
1600 = md5apr1, MD5(APR), Apache MD5
1700 = SHA512
1710 = sha512($pass.$salt)
1720 = sha512($salt.$pass)
1750 = HMAC-SHA512 (key = $pass)
1760 = HMAC-SHA512 (key = $salt)
1800 = SHA-512(Unix)
2600 = Double MD5
3300 = MD5(Sun)
3500 = md5(md5(md5($pass)))
3610 = md5(md5($salt).$pass)
3710 = md5($salt.md5($pass))
3810 = md5($salt.$pass.$salt)
3910 = md5(md5($pass).md5($salt))
4010 = md5($salt.md5($salt.$pass))
4110 = md5($salt.md5($pass.$salt))
4210 = md5($username.0.$pass)
4300 = md5(strtoupper(md5($pass)))
4400 = md5(sha1($pass))
4500 = sha1(sha1($pass))
4600 = sha1(sha1(sha1($pass)))
4700 = sha1(md5($pass))
4800 = MD5(Chap)
5000 = SHA-3(Keccak)


Example :
hashcat -m 0 -a 3 -n 5 --pw-min=3 --pw-max=5 --custom-charset1=?l hash.txt ?1?1?1?1?1 -o /home/HackForLulz/result
Type = MD5 (0=MD5)
Attack mode = Bruteforce
Threads = 5
Min lenght of password = 3
Max lenght of password = 5
Charset = ?l -> abcdefghijklmnopqrstuvwxyz
Hash = /home/HackForLulz/hash.txt
?1?1?1?1?1 = after ? you specify the "type" of char, for example if the first character is b you can specify ?l (because b is in ?l charset), if you don't know you use 1
Output = /home/HackForLulz/result <- File

hashcat -m 1400 -a 3 -n 5 --pw-min=4 --pw-max=7 --custom-charset1=?l?u?d?s hash.txt ?l?1?1?1?1?1?1 -o /home/HackForLulz/hash
Type = SHA256 (1400=SHA256)
Threads = 5
Min lenght of password = 4
Max lenght of password = 7
Charset = ?l?u?d?s -> abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!"#$%&'()*+,-./:;<=>?@[\]^_`{|}~
Hash = hash.txt <- File

?l?1?1?1?1?1?d -> first character is in ?l (abcde...) and the last character is in ?d (0123...)

If you have any problem or if you need some explanations just write under this post!
Posted by at

1 comment:

  1. AnonymousAugust 28, 2014 at 6:31 AM

    can you give an example for password with lenght 12 or 13 where the first character is a number (?d) , the second one can be a number or '-' ,the third one is '-' or letter (?l?u) and the other characters are ?l?u ? thank you :)

    ReplyDelete

Subscribe to: Post Comments (Atom)