|
|
|
|
@ -1 +1,211 @@
|
|
|
|
|
Welcome to the hashcat wiki!
|
|
|
|
|
## Frequently asked questions
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
* [FAQ](frequently_asked_questions)
|
|
|
|
|
|
|
|
|
|
## Source code
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
* [Github repositories](https///github.com/hashcat)
|
|
|
|
|
|
|
|
|
|
## Hashcat suite
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
* [hashcat](hashcat) - World's fastest and most advanced password recovery utility
|
|
|
|
|
|
|
|
|
|
* [hashcat-utils](hashcat_utils) - Small utilities that are useful in advanced password cracking
|
|
|
|
|
|
|
|
|
|
* [maskprocessor](maskprocessor) - High-performance word generator with a per-position configureable charset
|
|
|
|
|
|
|
|
|
|
* [statsprocessor](statsprocessor) - Word generator based on per-position markov-chains
|
|
|
|
|
|
|
|
|
|
* [princeprocessor](princeprocessor) - Standalone password candidate generator using the PRINCE algorithm
|
|
|
|
|
|
|
|
|
|
* [kwprocessor](kwprocessor) - Advanced keyboard-walk generator with configureable basechars, keymap and routes
|
|
|
|
|
|
|
|
|
|
Documentation for older hashcat versions like hashcat-legacy, oclHashcat, ... can be found by using the Sitemap button.
|
|
|
|
|
|
|
|
|
|
## Core attack modes
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
* [Dictionary attack](dictionary_attack) - trying all words in a list; also called "straight" mode (attack mode 0, ''-a 0'')
|
|
|
|
|
|
|
|
|
|
* [Combinator attack](combinator_attack) - concatenating words from multiple wordlists (mode 1)
|
|
|
|
|
|
|
|
|
|
* [Brute-force attack](mask_attack) and [Mask attack](mask_attack) - trying all characters from given charsets, per position (mode 3)
|
|
|
|
|
|
|
|
|
|
* [Hybrid attack](hybrid_attack) - combining wordlists+masks (mode 6) and masks+wordlists (mode 7); can [also be done with rules](toggle_attack_with_rules)
|
|
|
|
|
|
|
|
|
|
## Other attacks
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
* [Rule-based attack](rule_based_attack) - applying rules to words from wordlists; combines with wordlist-based attacks (attack modes 0, 6, and 7)
|
|
|
|
|
|
|
|
|
|
* [Toggle-case attack](toggle_case_attack) - toggling case of characters; now accomplished with rules
|
|
|
|
|
|
|
|
|
|
## Most important wiki pages
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
* [Example hashes](example_hashes)
|
|
|
|
|
|
|
|
|
|
* [Brute-Force attack (aka mask attack)](mask_attack)
|
|
|
|
|
|
|
|
|
|
* [When I click on hashcat.exe a black window flashes up and then disappears](ubernoobs)
|
|
|
|
|
|
|
|
|
|
* [Timeout Patch](timeout_patch)
|
|
|
|
|
|
|
|
|
|
* [HCCAPX format description](hccapx)
|
|
|
|
|
|
|
|
|
|
* [Resuming cracking jobs and .restore file format description](restore)
|
|
|
|
|
|
|
|
|
|
* [Cracking WPA/WPA2 with hashcat](cracking_wpawpa2)
|
|
|
|
|
|
|
|
|
|
* [Using maskprocessor to generate rules](rules_with_maskprocessor)
|
|
|
|
|
|
|
|
|
|
* [Using rules to emulate hybrid attack](hybrid_atttack_with_rules)
|
|
|
|
|
|
|
|
|
|
* [Using rules to emulate toggle attack](toggle_attack_with_rules)
|
|
|
|
|
|
|
|
|
|
* [Using machine-readable output](machine_readable)
|
|
|
|
|
|
|
|
|
|
* [Ubuntu Server + AMD Catalyst + hashcat HOWTO](linux_server_howto) (not up-to-date)
|
|
|
|
|
|
|
|
|
|
* [HOWTO: Upgrading AMD Drivers on Windows](upgrading_amd_drivers_how_to) (not up-to-date)
|
|
|
|
|
|
|
|
|
|
* [hashcat and the drivers: Catalyst and ForceWare](oclhashcat_catalyst_forceware) (not up-to-date)
|
|
|
|
|
|
|
|
|
|
* `<del>`[Table-Lookup Attack beginner guide](table_lookup_beginner_guide)`</del>` - only available in [hashcat-legacy](hashcat-legacy)
|
|
|
|
|
|
|
|
|
|
* `<del>`[Distributing workload in oclHashcat-lite](distributing_workload_in_oclhashcat_lite)`</del>` - now accomplished with ''-s/`<nowiki>`--skip`</nowiki>` and ''-l/`<nowiki>`--limit`</nowiki>`
|
|
|
|
|
|
|
|
|
|
* `<del>`[VCL Cluster HOWTO](vcl_cluster_howto)`</del>`
|
|
|
|
|
|
|
|
|
|
* `<del>`[Distributing workload in oclHashcat](distributing_workload_in_oclhashcat)`</del>`
|
|
|
|
|
|
|
|
|
|
* `<del>`[Using maskprocessor to emulate brute-force attack](brute_force_in_oclhashcat_plus)`</del>` - now implemented directly in [hashcat](hashcat)
|
|
|
|
|
|
|
|
|
|
* `<del>`[Using maskprocessor to emulate mask attack in hashcat](mask_attack_in_hashcat)`</del>` - now implemented directly in [hashcat](hashcat)
|
|
|
|
|
|
|
|
|
|
* *Strike-through = Outdated article*
|
|
|
|
|
|
|
|
|
|
## Patches, tips and tricks
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
* [Calculating total combinations for masks](combination_count_formula)
|
|
|
|
|
|
|
|
|
|
* [SSH into running terminal](ssh_running_process) - using ''screen''
|
|
|
|
|
|
|
|
|
|
* [I use hashcat on Windows and want to access it through ssh](hashcat_on_windows_ssh)
|
|
|
|
|
|
|
|
|
|
* `<del>`[Changing fan speed of ATI under linux](changing_fan_speed_of_ati_under_linux)`</del>`
|
|
|
|
|
|
|
|
|
|
* `<del>`[WPA Clean and Convert Script](WPA_Clean_and_Convert_Script)`</del>`
|
|
|
|
|
* *Strike-through = Outdated article*
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
## Howtos, Videos, Papers, Articles, etc. in the wild
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
* [A cheat-sheet for password crackers](http://www.unix-ninja.com/p/A_cheat-sheet_for_password_crackers)
|
|
|
|
|
|
|
|
|
|
* [A guide to password cracking with Hashcat](http://www.unix-ninja.com/p/A_guide_to_password_cracking_with_Hashcat/)
|
|
|
|
|
|
|
|
|
|
* [Building a Password Cracking Rig for Hashcat](http://www.unix-ninja.com/p/Building_a_Cracking_Rig_for_Hashcat/)
|
|
|
|
|
|
|
|
|
|
* [Building a Password Cracking Rig for Hashcat - Part II](http://www.unix-ninja.com/p/Building_a_Password_Cracking_Rig_for_Hashcat_-_Part_II/)
|
|
|
|
|
|
|
|
|
|
* [Exploiting masks in Hashcat for fun and profit](http://www.unix-ninja.com/p/Exploiting_masks_in_Hashcat_for_fun_and_profit/)
|
|
|
|
|
|
|
|
|
|
* [Hashcat Line Length Exceptions](http://www.unix-ninja.com/p/Hashcat_Line_Length_Exceptions/)
|
|
|
|
|
|
|
|
|
|
* [ Agilebits 1Password support and Design Flaw?](https///hashcat.net/forum/thread-2238.html)
|
|
|
|
|
|
|
|
|
|
* [Colliding password protected MS office 97-2003 documents](https///hashcat.net/forum/thread-3665.html)
|
|
|
|
|
|
|
|
|
|
* [Colliding password protected PDF documents](https///hashcat.net/forum/thread-3818.html)
|
|
|
|
|
|
|
|
|
|
* [Facebook full directory of first and lastnames, 8GB, sorted with counts, latin and non-latin](https///hashcat.net/forum/thread-4114.html)
|
|
|
|
|
|
|
|
|
|
* [Explaining the PostgreSQL pass-the-hash vulnerability](https///hashcat.net/forum/thread-4148.html)
|
|
|
|
|
|
|
|
|
|
* [PHDays 2014, "Hashrunner challenge": Writeup Team hashcat](https///hashcat.net/forum/thread-3397.html)
|
|
|
|
|
|
|
|
|
|
* [PHDays 2015, "Hashrunner challenge": Writeup Team hashcat](https///hashcat.net/forum/thread-4370.html)
|
|
|
|
|
|
|
|
|
|
* [How not to salt a hash](https///hashcat.net/forum/thread-4429.html)
|
|
|
|
|
|
|
|
|
|
* [CheckPoint Security Gateway (firewall) and Security Management password hashes](https///hashcat.net/forum/thread-4436.html)
|
|
|
|
|
|
|
|
|
|
* [Cracking Netgear default WPA passwords with oclHashcat](https///hashcat.net/forum/thread-4463.html)
|
|
|
|
|
|
|
|
|
|
* [Cracking eight different TrueCrypt ciphers for the price of three](https///hashcat.net/forum/thread-4812.html)
|
|
|
|
|
|
|
|
|
|
* [DEFCON 2010, "Crack Me If You Can": Writeup Team hashcat](http://contest-2010.korelogic.com/team_hashcat.html)
|
|
|
|
|
|
|
|
|
|
* [DEFCON 2011, "Crack Me If You Can": Writeup Team hashcat](http://contest-2011.korelogic.com/team_hashcat.html)
|
|
|
|
|
|
|
|
|
|
* [DEFCON 2014, "Crack Me If You Can": Writeup Team hashcat](http://contest-2014.korelogic.com/team_hashcat.html)
|
|
|
|
|
|
|
|
|
|
* [DEFCON 2015, "Crack Me If You Can": Writeup Team hashcat](https///hashcat.net/forum/thread-4595.html)
|
|
|
|
|
|
|
|
|
|
* [Cracking Android passwords, a how-to](https///www.pentestpartners.com/blog/cracking-android-passwords-a-how-to/)
|
|
|
|
|
|
|
|
|
|
* [Custom charsets and rules with John The Ripper and oclhashcat](https///www.pentestpartners.com/blog/custom-charsets-and-rules-with-john-the-ripper-and-oclhashcat/)
|
|
|
|
|
|
|
|
|
|
* [Efficient Password Cracking Where LM Hashes Exist for Some Users](https///www.pentestpartners.com/blog/efficient-password-cracking-where-lm-hashes-exist-for-some-users/)
|
|
|
|
|
|
|
|
|
|
* [Introduction to Hashcat](https///www.youtube.com/watch?v=EfqJCKWtGiU)
|
|
|
|
|
|
|
|
|
|
* [Passwords: A step-by-step analysis of breaking them](https///www.pentestpartners.com/blog/passwords-a-step-by-step-analysis-of-breaking-them/)
|
|
|
|
|
|
|
|
|
|
* [Cracking IKE Mission:Improbable (Part 1)](https///www.trustwave.com/Resources/SpiderLabs-Blog/Cracking-IKE-Mission-Improbable-%28Part-1%29/)
|
|
|
|
|
|
|
|
|
|
* [Cracking IKE Mission:Improbable (Part 2)](https///www.trustwave.com/Resources/SpiderLabs-Blog/Cracking-IKE-Mission-Improbable-%28Part-2%29/)
|
|
|
|
|
|
|
|
|
|
* [Hashcat Per Position Markov Chains](https///www.trustwave.com/Resources/SpiderLabs-Blog/Hashcat-Per-Position-Markov-Chains/)
|
|
|
|
|
|
|
|
|
|
* [A Practical Guide to Cracking Password Hashes](https///labs.mwrinfosecurity.com/blog/a-practical-guide-to-cracking-password-hashes/)
|
|
|
|
|
|
|
|
|
|
* [Rule-Fu: The art of word mangling](https///web.archive.org/web/20131111231827/http///ob-security.info/?p=31)
|
|
|
|
|
|
|
|
|
|
* [How to Extract OS X Mavericks Password Hash for Cracking With Hashcat](https///web.archive.org/web/20140703020831/http///www.michaelfairley.co/blog/2014/05/18/how-to-extract-os-x-mavericks-password-hash-for-cracking-with-hashcat/)
|
|
|
|
|
|
|
|
|
|
* [Statistics Will Crack Your Password](https///www.praetorian.com/blog/statistics-will-crack-your-password-mask-structure)
|
|
|
|
|
|
|
|
|
|
* [Troy Hunt: Our password hashing has no clothes](https///www.troyhunt.com/2012/06/our-password-hashing-has-no-clothes.html)
|
|
|
|
|
|
|
|
|
|
* [The 3 Way21 Confessions of a crypto cluster operator](https///www.youtube.com/watch?v=1MiY44KS-y4)
|
|
|
|
|
|
|
|
|
|
* [Passwords^12: Exploiting a SHA-1 weakness in password cracking](https///www.youtube.com/watch?v=7YebpMoK9VQ)
|
|
|
|
|
|
|
|
|
|
* [Passwordscon: Advanced Password Cracking: Hashcat Techniques for the Last 20%](https///www.youtube.com/watch?v=9l6COVMer8M)
|
|
|
|
|
|
|
|
|
|
* [Passwordscon: Optimizing the Computation of Hash Algorithms as an Attacker](https///www.youtube.com/watch?v=SEiL9fqcEwk)
|
|
|
|
|
|
|
|
|
|
* [Passwordscon: I have the hashcat, I make the rules](https///hashcat.net/events/p14-vegas/I%20have%20the%20%23cat%20i%20make%20the%20rules_YC.pdf)
|
|
|
|
|
|
|
|
|
|
* [Cracking an MD5 of an IP address](https///www.phillips321.co.uk/2012/04/04/cracking-an-md5-of-an-ip-address/)
|
|
|
|
|
|
|
|
|
|
* [Bruteforcing .known_hosts file with hashcat](http://up1ink.tumblr.com/post/132370869368/bruteforcing-knownhosts-file-with-hashcat)
|
|
|
|
|
|
|
|
|
|
* [Convert metasploit cachedump files to Hashcat format for cracking](http://www.commandlinefu.com/commands/view/11574/convert-metasploit-cachedump-files-to-hashcat-format-for-cracking)
|
|
|
|
|
|
|
|
|
|
* [GPU Based Password Cracking with Amazon EC2 and oclHashcat](http://www.rockfishsec.com/2015/05/gpu-password-cracking-with-amazon-ec2.html)
|
|
|
|
|
|
|
|
|
|
* [How to crack WPA2-Enterprise EAP-MD5 with hashcat](http://www.securitybydefault.com/2014/01/wpa2-enterprise-cracking-de-eap-md5.html)
|
|
|
|
|
|
|
|
|
|
* [Cracking TrueCrypt: container, non-system, system, hidden](https///web.archive.org/web/20161026005447/0x31.de/cracking-truecrypt-container-non-system-system/) (archived on archive.org, current version contains adware)
|
|
|
|
|
|
|
|
|
|
* [Cracking Story – How I Cracked Over 122 Million SHA1 and MD5 Hashed Passwords](http://blog.thireus.com/cracking-story-how-i-cracked-over-122-million-sha1-and-md5-hashed-passwords)
|
|
|
|
|
|
|
|
|
|
* [Android Pin/Password Cracking](http://linuxsleuthing.blogspot.co.uk/2012/10/android-pinpassword-cracking-halloween.html)
|
|
|
|
|
|
|
|
|
|
* [Tool Deep Dive: PRINCE](http://reusablesec.blogspot.de/2014/12/tool-deep-dive-prince.html)
|
|
|
|
|
|
|
|
|
|
* [HASHCAT: GPU PASSWORD CRACKING FOR MAXIMUM WIN](https///abigisp.com/talks/hashcat/)
|
|
|
|
|
|
|
|
|
|
* [Video introduction to Hashcat v3 and Debug-Rules example](https///www.youtube.com/watch?v=0C5jftc4nqs)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
If your hashcat article is not listed, tell us. We would love to link it here.
|
|
|
|
|
|
Jens Steube
4 years ago