β˜•
Doc
  • πŸ‘‹Hi !
  • πŸ“’Documentations
    • πŸ€“Servers
      • πŸ”₯Ξ›rch Linux
      • πŸ’šCheckMk
      • πŸ“ΊZabbix
      • 🎰Google Authenticator
      • πŸš”FiveM
      • 🏎️Assetto Corsa
    • 😈Hacking
      • πŸ‘οΈNMAP
      • πŸ‰Hydra
      • πŸ’‰SQL Injection
      • πŸˆβ€β¬›Hashcat
      • πŸ“ŸShellcode
      • πŸ—ƒοΈLFI / RFI
      • 🐧Linux Password Cracking
      • ‴️Privesc
      • πŸšͺBypassing Antivirus (AV) Detection
      • πŸ’™Discord Tokens
      • πŸ–‡οΈLinks
    • πŸ’»Dev
      • 🌘C/C++
      • πŸ’€Assembly
    • πŸ—ƒοΈCheat Sheet
      • πŸͺƒGIT
      • ❌HTTP Codes and Methods
      • 🐳Docker
      • πŸ“°Regex
      • ⏰Crontab
  • πŸ΄β€β˜ οΈCTF TIPS
    • πŸŒ†Image Steganography
    • 🩻Useful Commands
Powered by GitBook
On this page
  • Introduction
  • Background
  • Brute Forcing Hashes
  • Using Hashcat
  • Examples
  • Cracking SSH Key Passphrase with Hashcat
  1. Documentations
  2. Hacking

Hashcat

Brute Forcing Hashes and Hashcat Usage

Introduction

As a cybersecurity professional, it's important to understand how password hashes work and how to crack them. In this course, we will explore how to brute force hashes and use the powerful tool hashcat to crack hashes.

Background

Password hashes are one-way functions that take a password as input and produce a fixed-size output, which is stored in a database. When a user logs in, their password is hashed and compared to the stored hash. If they match, the user is authenticated. This provides an added layer of security, as even if an attacker gains access to the password database, they won't be able to see the plaintext passwords.

However, if an attacker is able to obtain the password hashes, they can use brute force techniques to crack them. Brute forcing involves trying every possible combination of characters until the correct password is found.

Hashcat is a powerful password cracking tool that can be used to crack a wide variety of password hashes. It supports a range of hash algorithms, including MD2, MD4, MD5, SHA1, SHA256, and SHA512.

Brute Forcing Hashes

Brute forcing hashes involves trying every possible combination of characters until the correct password is found. This can be a time-consuming process, especially for longer and more complex passwords. However, with the right tools and techniques, it can be an effective way to crack hashes.

To get started, you will need a list of possible passwords. This can be a dictionary of common passwords, a list of previously leaked passwords, or a custom list of words and phrases relevant to the target. Once you have your list, you can use a tool like hashcat to perform the brute force attack.

Using Hashcat

Hashcat is a powerful password cracking tool that supports a range of hash algorithms. To use hashcat, you will need a list of hashes to crack and a list of possible passwords to try. You can then use hashcat to try each password in turn and see if it matches any of the hashes.

Here is an example command to crack MD5 hashes using hashcat:

hashcat -a 0 -m 0 hashes.txt wordlist.txt

This command uses the following options:

  • -a 0: Sets the attack mode to straight brute force.

  • -m 0: Sets the hash type to MD5.

  • hashes.txt: The file containing the MD5 hashes to crack.

  • wordlist.txt: The file containing the list of possible passwords to try.

Here are the hash types and corresponding numbers that can be used with hashcat:

  • MD2: -m 900

  • MD4: -m 0

  • MD5: -m 0

  • SHA1: -m 100

  • SHA256: -m 1400

  • SHA512: -m 1700

Examples

Here are some example commands for cracking different types of hashes using hashcat:

MD2

hashcat -a 0 -m 900 hashes.txt wordlist.txt

MD4

hashcat -a 0 -m 0 hashes.txt wordlist.txt

MD5

hashcat -a 0 -m 0 hashes.txt wordlist.txt

SHA1

hashcat -a 0 -m 100 hashes.txt wordlist.txt

SHA256

hashcat -a 0 -m 1400 hashes.txt wordlist.txt

SHA512

hashcat -a 0 -m 1700 hashes.txt wordlist.txt

Here's a list of hash-mode for hash type here.

Cracking SSH Key Passphrase with Hashcat

  • Choosing the appropriate attack mode (brute-force, dictionary, etc.)

  • Using the Hashcat command-line tool to crack the passphrase:

hashcat -m 17400 id_rsa.p8 /path/to/dictionary.txt

  • Explanation of the parameters used in the above command:

    • -m: the mode parameter that specifies the hash type. In this case, 17400 is the mode identifier for SSH keys in Hashcat.

    • id_rsa.p8: the file containing the SSH key in PKCS#8 format.

    • /path/to/dictionary.txt: the path to the dictionary file to be used in the dictionary attack.

    • -a: Specifies the attack mode. This can be set to 0 for a straight (or brute-force) attack, 1 for a combination attack, 3 for a mask attack, and 6 for a dictionary attack (the default).

    • -r: Specifies a rules file to use in conjunction with the attack mode. Rules files contain sets of transformations that can be applied to words in the dictionary to increase the chances of a successful crack.

    • -w: Specifies the workload profile to use. This can be set to 1 for low-memory usage, 2 for medium-memory usage, 3 for high-memory usage, or 4 for extreme-memory usage.

    • --username: Specifies a username to use in conjunction with the hash to crack. This can be useful if you know the username associated with the hash and want to use it to increase the chances of a successful crack.

    • --force: Forces Hashcat to continue with the cracking process even if it encounters errors.

    • --show: Displays the cracked passwords in the format hash:password.

PreviousSQL InjectionNextShellcode

Last updated 22 days ago

πŸ“’
😈
πŸˆβ€β¬›