1
0
mirror of https://github.com/hashcat/hashcat.git synced 2024-11-29 19:38:18 +00:00
hashcat/docs/readme.txt

456 lines
12 KiB
Plaintext
Raw Normal View History

_____: _____________ _____: -aTZ! _______ ____
_\ |__\_______ _/_______ _\ |_____ _______\______ /__ ______
| _ | __ \ ____/____ _ | ___/____ __ |_______/
|: | .| \ _\____ / | .| \ / \ :| |
|_____| :|______/ / //____| :|___ //_________| :|
|_____| /___________/ |_____| /_____/ /_______|
: : :
hashcat v6.2.6
==============
AMD GPUs on Linux require "AMDGPU" (21.50 or later) and "ROCm" (5.0 or later)
AMD GPUs on Windows require "AMD Adrenalin Edition" (Adrenalin 22.5.1 exactly)
Intel CPUs require "OpenCL Runtime for Intel Core and Intel Xeon Processors" (16.1.1 or later)
NVIDIA GPUs require "NVIDIA Driver" (440.64 or later) and "CUDA Toolkit" (9.0 or later)
2015-12-04 14:47:52 +00:00
##
## Features
##
- World's fastest password cracker
- World's first and only in-kernel rule engine
2015-12-04 14:47:52 +00:00
- Free
2016-02-04 09:59:13 +00:00
- Open-Source (MIT License)
2017-10-20 11:36:47 +00:00
- Multi-OS (Linux, Windows and macOS)
2020-06-16 13:08:32 +00:00
- Multi-Platform (CPU, GPU, APU, etc., everything that comes with an OpenCL runtime)
2016-02-04 09:59:13 +00:00
- Multi-Hash (Cracking multiple hashes at the same time)
- Multi-Devices (Utilizing multiple devices in same system)
- Multi-Device-Types (Utilizing mixed device types in same system)
2018-10-28 15:47:13 +00:00
- Supports password candidate brain functionality
2016-02-04 09:59:13 +00:00
- Supports distributed cracking networks (using overlay)
- Supports interactive pause / resume
2015-12-04 14:47:52 +00:00
- Supports sessions
- Supports restore
2016-04-29 03:28:49 +00:00
- Supports reading password candidates from file and stdin
2015-12-04 14:47:52 +00:00
- Supports hex-salt and hex-charset
2016-04-29 03:28:49 +00:00
- Supports automatic performance tuning
- Supports automatic keyspace ordering markov-chains
2015-12-04 14:47:52 +00:00
- Built-in benchmarking system
- Integrated thermal watchdog
- 300+ Hash-types implemented with performance in mind
2015-12-04 14:47:52 +00:00
##
## Hash-Types
##
- MD4
- MD5
- SHA1
- SHA2-224
- SHA2-256
- SHA2-384
- SHA2-512
- SHA3-224
- SHA3-256
- SHA3-384
- SHA3-512
- RIPEMD-160
- BLAKE2b-512
- GOST R 34.11-2012 (Streebog) 256-bit, big-endian
- GOST R 34.11-2012 (Streebog) 512-bit, big-endian
- GOST R 34.11-94
2021-11-21 15:39:01 +00:00
- GPG (AES-128/AES-256 (SHA-1($pass)))
- Half MD5
- Keccak-224
- Keccak-256
- Keccak-384
- Keccak-512
2015-12-04 14:47:52 +00:00
- Whirlpool
- SipHash
- md5(utf16le($pass))
- sha1(utf16le($pass))
- sha256(utf16le($pass))
- sha384(utf16le($pass))
- sha512(utf16le($pass))
2015-12-04 14:47:52 +00:00
- md5($pass.$salt)
- md5($salt.$pass)
- md5($salt.$pass.$salt)
- md5($salt.md5($pass))
- md5($salt.md5($pass.$salt))
- md5($salt.md5($salt.$pass))
- md5($salt.sha1($salt.$pass))
- md5($salt.utf16le($pass))
- md5(md5($pass))
- md5(md5($pass).md5($salt))
- md5(md5(md5($pass)))
- md5(sha1($pass))
2022-06-18 16:11:00 +00:00
- md5(sha1($pass).$salt)
- md5(sha1($pass).md5($pass).sha1($pass))
- md5(sha1($salt).md5($pass))
- md5(strtoupper(md5($pass)))
- md5(utf16le($pass).$salt)
2015-12-04 14:47:52 +00:00
- sha1($pass.$salt)
- sha1($salt.$pass)
- sha1($salt.$pass.$salt)
- sha1($salt.sha1($pass))
- sha1($salt.sha1($pass.$salt))
- sha1($salt.utf16le($pass))
- sha1($salt1.$pass.$salt2)
- sha1(CX)
2015-12-04 14:47:52 +00:00
- sha1(md5($pass))
2019-07-25 23:46:43 +00:00
- sha1(md5($pass).$salt)
- sha1(md5($pass.$salt))
2018-12-10 15:50:58 +00:00
- sha1(md5(md5($pass)))
- sha1(sha1($pass))
2020-09-08 09:45:03 +00:00
- sha1(sha1($pass).$salt)
- sha1(sha1($salt.$pass.$salt))
- sha1(utf16le($pass).$salt)
2015-12-04 14:47:52 +00:00
- sha256($pass.$salt)
- sha256($salt.$pass)
- sha256($salt.$pass.$salt)
- sha256($salt.sha256($pass))
- sha256($salt.sha256_bin($pass))
2018-01-30 10:24:21 +00:00
- sha256($salt.utf16le($pass))
2019-07-13 18:51:38 +00:00
- sha256(md5($pass))
- sha256(sha256($pass).$salt)
- sha256(sha256_bin($pass))
- sha256(utf16le($pass).$salt)
- sha384($pass.$salt)
- sha384($salt.$pass)
- sha384($salt.utf16le($pass))
- sha384(utf16le($pass).$salt)
2015-12-04 14:47:52 +00:00
- sha512($pass.$salt)
- sha512($salt.$pass)
2018-01-30 10:24:21 +00:00
- sha512($salt.utf16le($pass))
- sha512(utf16le($pass).$salt)
- BLAKE2b-512($pass.$salt)
- BLAKE2b-512($salt.$pass)
2015-12-04 14:47:52 +00:00
- HMAC-MD5 (key = $pass)
- HMAC-MD5 (key = $salt)
- HMAC-SHA1 (key = $pass)
- HMAC-SHA1 (key = $salt)
- HMAC-SHA256 (key = $pass)
- HMAC-SHA256 (key = $salt)
- HMAC-SHA512 (key = $pass)
- HMAC-SHA512 (key = $salt)
- HMAC-Streebog-256 (key = $pass), big-endian
- HMAC-Streebog-256 (key = $salt), big-endian
- HMAC-Streebog-512 (key = $pass), big-endian
- HMAC-Streebog-512 (key = $salt), big-endian
- CRC32
2021-10-02 07:57:16 +00:00
- CRC32C
2021-10-09 09:43:04 +00:00
- CRC64Jones
- Java Object hashCode()
- MurmurHash
2021-09-27 20:07:23 +00:00
- MurmurHash3
2021-08-29 15:22:59 +00:00
- 3DES (PT = $salt, key = $pass)
- DES (PT = $salt, key = $pass)
- AES-128-ECB NOKDF (PT = $salt, key = $pass)
- AES-192-ECB NOKDF (PT = $salt, key = $pass)
- AES-256-ECB NOKDF (PT = $salt, key = $pass)
2018-01-30 10:24:21 +00:00
- ChaCha20
- Linux Kernel Crypto API (2.4)
2021-08-29 15:22:59 +00:00
- Skip32 (PT = $salt, key = $pass)
2015-12-04 14:47:52 +00:00
- PBKDF2-HMAC-MD5
- PBKDF2-HMAC-SHA1
- PBKDF2-HMAC-SHA256
- PBKDF2-HMAC-SHA512
- scrypt
- phpass
- TACACS+
- SIP digest authentication (MD5)
- IKE-PSK MD5
- IKE-PSK SHA1
2021-07-24 11:56:49 +00:00
- SNMPv3 HMAC-MD5-96
2021-08-29 15:22:59 +00:00
- SNMPv3 HMAC-MD5-96/HMAC-SHA1-96
2021-07-20 20:24:35 +00:00
- SNMPv3 HMAC-SHA1-96
- SNMPv3 HMAC-SHA224-128
- SNMPv3 HMAC-SHA256-192
- SNMPv3 HMAC-SHA384-256
- SNMPv3 HMAC-SHA512-384
- WPA-EAPOL-PBKDF2
- WPA-EAPOL-PMK
2019-12-19 21:14:42 +00:00
- WPA-PBKDF2-PMKID+EAPOL
- WPA-PMK-PMKID+EAPOL
- WPA-PMKID-PBKDF2
- WPA-PMKID-PMK
2018-01-30 10:24:21 +00:00
- IPMI2 RAKP HMAC-SHA1
- CRAM-MD5
- JWT (JSON Web Token)
- Kerberos 5, etype 17, TGS-REP
- Kerberos 5, etype 17, Pre-Auth
- Kerberos 5, etype 18, TGS-REP
- Kerberos 5, etype 18, Pre-Auth
- Kerberos 5, etype 23, AS-REQ Pre-Auth
- Kerberos 5, etype 23, TGS-REP
- Kerberos 5, etype 23, AS-REP
- NetNTLMv1 / NetNTLMv1+ESS
2021-08-29 15:22:59 +00:00
- NetNTLMv1 / NetNTLMv1+ESS (NT)
- NetNTLMv2
2021-08-29 15:22:59 +00:00
- NetNTLMv2 (NT)
2022-06-11 09:35:28 +00:00
- Amazon AWS4-HMAC-SHA256
- Flask Session Cookie
- iSCSI CHAP authentication, MD5(CHAP)
- RACF
- AIX {smd5}
- AIX {ssha1}
- AIX {ssha256}
- AIX {ssha512}
2015-12-04 14:47:52 +00:00
- LM
- QNX /etc/shadow (MD5)
- QNX /etc/shadow (SHA256)
- QNX /etc/shadow (SHA512)
2018-01-30 10:24:21 +00:00
- DPAPI masterkey file v1
- DPAPI masterkey file v2
- GRUB 2
- MS-AzureSync PBKDF2-HMAC-SHA256
2018-01-30 10:24:21 +00:00
- BSDi Crypt, Extended DES
- NTLM
- Radmin2
2022-05-28 13:56:29 +00:00
- Radmin3
- Samsung Android Password/PIN
- Windows Hello PIN/Password
- Windows Phone 8+ PIN/password
2018-01-30 10:24:21 +00:00
- Cisco-ASA MD5
- Cisco-IOS $8$ (PBKDF2-SHA256)
- Cisco-IOS $9$ (scrypt)
- Cisco-IOS type 4 (SHA256)
- Cisco-PIX MD5
- Citrix NetScaler (SHA1)
- Citrix NetScaler (SHA512)
- Domain Cached Credentials (DCC), MS Cache
- Domain Cached Credentials 2 (DCC2), MS Cache 2
- FortiGate (FortiOS)
2021-06-08 09:12:54 +00:00
- FortiGate256 (FortiOS256)
2018-01-30 10:24:21 +00:00
- ArubaOS
- Juniper IVE
- Juniper NetScreen/SSG (ScreenOS)
- Juniper/NetBSD sha1crypt
- iPhone passcode (UID key + System Keybag)
2021-08-29 15:22:59 +00:00
- macOS v10.4, macOS v10.5, macOS v10.6
- macOS v10.7
- macOS v10.8+ (PBKDF2-SHA512)
- bcrypt $2*$, Blowfish (Unix)
- md5crypt, MD5 (Unix), Cisco-IOS $1$ (MD5)
- descrypt, DES (Unix), Traditional DES
- sha256crypt $5$, SHA256 (Unix)
- sha512crypt $6$, SHA512 (Unix)
- SQLCipher
- MSSQL (2000)
- MSSQL (2005)
- MSSQL (2012, 2014)
- MongoDB ServerKey SCRAM-SHA-1
- MongoDB ServerKey SCRAM-SHA-256
- PostgreSQL
- PostgreSQL CRAM (MD5)
2022-06-11 09:35:28 +00:00
- PostgreSQL SCRAM-SHA-256
- Oracle H: Type (Oracle 7+)
- Oracle S: Type (Oracle 11+)
- Oracle T: Type (Oracle 12+)
- MySQL $A$ (sha256crypt)
- MySQL CRAM (SHA1)
- MySQL323
- MySQL4.1/MySQL5
- Sybase ASE
- DNSSEC (NSEC3)
- KNX IP Secure - Device Authentication Code
- CRAM-MD5 Dovecot
- SSHA-256(Base64), LDAP {SSHA256}
- SSHA-512(Base64), LDAP {SSHA512}
- Dahua Authentication MD5
- RedHat 389-DS LDAP (PBKDF2-HMAC-SHA256)
- FileZilla Server >= 0.9.55
- ColdFusion 10+
- Apache $apr1$ MD5, md5apr1, MD5 (APR)
- Episerver 6.x < .NET 4
- Episerver 6.x >= .NET 4
- hMailServer
- nsldap, SHA-1(Base64), Netscape LDAP SHA
- nsldaps, SSHA-1(Base64), Netscape LDAP SSHA
2015-12-04 14:47:52 +00:00
- SAP CODVN B (BCODE)
- SAP CODVN B (BCODE) from RFC_READ_TABLE
2015-12-04 14:47:52 +00:00
- SAP CODVN F/G (PASSCODE)
- SAP CODVN F/G (PASSCODE) from RFC_READ_TABLE
2015-12-04 14:47:52 +00:00
- SAP CODVN H (PWDSALTEDHASH) iSSHA-1
- PeopleSoft
- PeopleSoft PS_TOKEN
- SolarWinds Orion
- SolarWinds Orion v2
2020-12-18 22:21:10 +00:00
- SolarWinds Serv-U
2018-01-30 10:24:21 +00:00
- Lotus Notes/Domino 5
- Lotus Notes/Domino 6
- Lotus Notes/Domino 8
2021-06-12 16:38:23 +00:00
- OpenEdge Progress Encode
2019-06-22 14:05:02 +00:00
- Oracle Transportation Management (SHA256)
- Huawei sha1(md5($pass).$salt)
- AuthMe sha256
- AES Crypt (SHA256)
2021-07-15 17:58:11 +00:00
- VMware VMX (PBKDF2-HMAC-SHA1 + AES-256-CBC)
2018-01-30 10:24:21 +00:00
- LUKS
- VeraCrypt
- BestCrypt v3 Volume Encryption
2018-06-18 12:38:35 +00:00
- FileVault 2
- VirtualBox (PBKDF2-HMAC-SHA256 & AES-128-XTS)
- VirtualBox (PBKDF2-HMAC-SHA256 & AES-256-XTS)
- DiskCryptor
- BitLocker
- Android FDE (Samsung DEK)
- Android FDE <= 4.3
- Apple File System (APFS)
- TrueCrypt
- eCryptfs
2017-12-13 09:39:39 +00:00
- PDF 1.1 - 1.3 (Acrobat 2 - 4)
- PDF 1.1 - 1.3 (Acrobat 2 - 4), collider #1
- PDF 1.1 - 1.3 (Acrobat 2 - 4), collider #2
2017-12-13 09:39:39 +00:00
- PDF 1.4 - 1.6 (Acrobat 5 - 8)
- PDF 1.4 - 1.6 (Acrobat 5 - 8) - user and owner pass
2017-12-13 09:39:39 +00:00
- PDF 1.7 Level 3 (Acrobat 9)
- PDF 1.7 Level 8 (Acrobat 10 - 11)
- MS Office 2007
- MS Office 2010
- MS Office 2013
2021-04-02 09:05:00 +00:00
- MS Office 2016 - SheetProtection
- MS Office <= 2003 $0/$1, MD5 + RC4
- MS Office <= 2003 $0/$1, MD5 + RC4, collider #1
- MS Office <= 2003 $0/$1, MD5 + RC4, collider #2
- MS Office <= 2003 $3, SHA1 + RC4, collider #1
- MS Office <= 2003 $3, SHA1 + RC4, collider #2
- MS Office <= 2003 $3/$4, SHA1 + RC4
- Open Document Format (ODF) 1.2 (SHA-256, AES)
- Open Document Format (ODF) 1.1 (SHA-1, Blowfish)
- Apple Secure Notes
- Apple iWork
- 1Password, agilekeychain
- 1Password, cloudkeychain
2018-01-30 10:24:21 +00:00
- Password Safe v2
- Password Safe v3
- LastPass + LastPass sniffed
- KeePass 1 (AES/Twofish) and KeePass 2 (AES)
- KeePass 1 (AES/Twofish) and KeePass 2 (AES) - keyfile only mode
- Bitwarden
- Ansible Vault
- Mozilla key3.db
- Mozilla key4.db
- Apple Keychain
- 7-Zip
- RAR3-hp
- RAR3-p (Compressed)
- RAR3-p (Uncompressed)
- RAR5
- PKZIP (Compressed Multi-File)
- PKZIP (Compressed)
- PKZIP (Mixed Multi-File)
- PKZIP (Mixed Multi-File Checksum-Only)
- PKZIP (Uncompressed)
- PKZIP Master Key
- PKZIP Master Key (6 byte optimization)
- SecureZIP AES-128
- SecureZIP AES-192
- SecureZIP AES-256
- WinZip
- Android Backup
- Stuffit5
- AxCrypt 1
- AxCrypt 1 in-memory SHA1
- AxCrypt 2 AES-128
- AxCrypt 2 AES-256
- iTunes backup < 10.0
- iTunes backup >= 10.0
- WBB3 (Woltlab Burning Board)
- PHPS
- SMF (Simple Machines Forum) > v1.1
- MediaWiki B type
- Redmine
- Umbraco HMAC-SHA1
- Joomla < 2.5.18
- OpenCart
- PrestaShop
- Tripcode
- Drupal7
- PunBB
- MyBB 1.2+, IPB2+ (Invision Power Board)
- vBulletin < v3.8.5
- vBulletin >= v3.8.5
- bcrypt(md5($pass)) / bcryptmd5
- bcrypt(sha1($pass)) / bcryptsha1
2022-03-02 11:58:28 +00:00
- bcrypt(sha512($pass)) / bcryptsha512
- osCommerce, xt:Commerce
- TOTP (HMAC-SHA1)
- Web2py pbkdf2-sha512
- Django (PBKDF2-SHA256)
- Django (SHA-1)
- Atlassian (PBKDF2-HMAC-SHA1)
- Ruby on Rails Restful-Authentication
2021-08-29 15:22:59 +00:00
- Ruby on Rails Restful Auth (one round, no sitekey)
- Python passlib pbkdf2-sha512
- Python passlib pbkdf2-sha256
- Python passlib pbkdf2-sha1
- PKCS#8 Private Keys (PBKDF2-HMAC-SHA1 + 3DES/AES)
- PKCS#8 Private Keys (PBKDF2-HMAC-SHA256 + 3DES/AES)
- JKS Java Key Store Private Keys (SHA1)
- RSA/DSA/EC/OpenSSH Private Keys ($0$)
- RSA/DSA/EC/OpenSSH Private Keys ($6$)
- RSA/DSA/EC/OpenSSH Private Keys ($1, $3$)
- RSA/DSA/EC/OpenSSH Private Keys ($4$)
- RSA/DSA/EC/OpenSSH Private Keys ($5$)
- XMPP SCRAM PBKDF2-SHA1
- Teamspeak 3 (channel hash)
- Telegram Desktop < v2.1.14 (PBKDF2-HMAC-SHA1)
- Telegram Desktop >= v2.1.14 (PBKDF2-HMAC-SHA512)
- Telegram Mobile App Passcode (SHA256)
- Skype
2021-08-29 15:22:59 +00:00
- MetaMask Wallet
- BitShares v0.x - sha512(sha512_bin(pass))
- Bitcoin/Litecoin wallet.dat
- Bitcoin WIF private key (P2PKH)
- Bitcoin WIF private key (P2SH(P2WPKH))
- Bitcoin WIF private key (P2WPKH, Bech32)
- Electrum Wallet (Salt-Type 1-3)
- Electrum Wallet (Salt-Type 4)
- Electrum Wallet (Salt-Type 5)
- Blockchain, My Wallet
- Blockchain, My Wallet, V2
- Blockchain, My Wallet, Second Password (SHA256)
- Stargazer Stellar Wallet XLM
- Ethereum Pre-Sale Wallet, PBKDF2-HMAC-SHA256
- Ethereum Wallet, PBKDF2-HMAC-SHA256
- Ethereum Wallet, SCRYPT
- MultiBit Classic .key (MD5)
- MultiBit Classic .wallet (scrypt)
- MultiBit HD (scrypt)
- Exodus Desktop Wallet (scrypt)
- Terra Station Wallet (AES256-CBC(PBKDF2($pass)))
2015-12-04 14:47:52 +00:00
##
2016-04-29 03:28:49 +00:00
## Attack-Modes
2015-12-04 14:47:52 +00:00
##
2016-04-29 03:28:49 +00:00
- Straight *
- Combination
- Brute-force
- Hybrid dict + mask
- Hybrid mask + dict
2016-02-04 09:59:13 +00:00
2016-04-29 03:28:49 +00:00
* = Supports rules
2016-02-04 09:59:13 +00:00
##
2016-04-29 03:28:49 +00:00
## Supported OpenCL runtimes
2015-12-04 14:47:52 +00:00
##
- AMD
2016-04-29 03:28:49 +00:00
- Apple
- Intel
- NVidia
- POCL
- ROCm
##
## Supported OpenCL device types
##
- GPU
2016-10-29 11:50:43 +00:00
- CPU
- APU