The last talk in the Open-Source password cracking series focuses on a tool that rivals the pay tools in function and capability – Hashcat.
The following is a summary of Hashcat functionality from the Hashcat Wiki. For more details, check out https://hashcat.net/wiki/
Very robust and open-source password hash attacking utility. The tool offers many of the options available in the pay password cracking suites and even offers some features the pay suites do not.
- Two versions:
- CPU based password recovery tool
- GPU based password recovery tool (oclhashcat)
- Available for Linux, OS X and Windows systems.
- Command line or GUI interface
Attack Mode Highlights
Hashcat supports multiple attack modes. The following is a quick breakdown of what each does. The Hashcat wiki has much more detail so the link is included for more details. Some of these attacks, particularly the Table-Lookup Attack, are very clever approaches that some of the pay password cracking suites do not have.
- Brute force Attack – tries all possible combinations of a given key-space.
- Dictionary Attack – applies a wordlist to attempt to crack the password
- Hybrid Attack – combination of a brute-force attack and dictionary attack
- Rule-Based Attack – applies a series of rules to a dictionary attack, essentially a manually made hybrid attack. This is one of the more complicated attacks. Rules include such things as:
- uppercase, lowercase, mixed case, etc
- appending\ prepending
- deleting first\ last character
- deleting certain characters
- duplicating certain characters certain amount of times
- rotating words
- Combinator Attack – allows you to apply two dictionaries in the attack, hashcat will append the words in dictionary 1 to dictionary 2 in different combinations. Also allows the creation of all possible mutations of a plaintext password via the Expander and will recombine the results with the same dictionary or another dictionary to create a third dictionary to be used in an attack.
- Mask Attack – allows you to build a more efficient brute force attack based on password patterns by configuring a password crack attempt using placeholders. The placeholder can be a custom character set, built in character variables or static characters. There is also a incremental flag option to allow incremental building of attacks for certain character lengths.
- Table Lookup Attack – automatic batch mask-attacks, includes character substitution tables (i.e. substituting “a” for “@, 8, ^” etc – very effective.
- Substitution tables
- leetspeak tables
- Fingerprint Attack – all possible permutations are generated from the results of the Combinator
- Permutation Attack – each word in a given dictionary generates all possible permutations of itself
Supported Algorithms (What you can attack!)
- MD5 & SHA with or without salt
- OS X (including 10.10)
- NTLM & LANMAN
- MS Office
- Blockchain wallet
- Bitcoin Wallet
- Android FDE
Read more at: