Hash Cracking
Identifying hash formats
hashid <hash>John
hashid -j <hash>Hashcat
hashid -m <hash>LM
john --format=lm hash.txthashcat -m 3000 -a 3 hash.txt wordlist.txtNT
john --format=nt hash.txthashcat -m 1000 hash.txt wordlist.txtNetNTLMv1
john --format=netntlm hash.txthashcat -m 5500 -a 3 hash.txt wordlist.txthttps:/crack.shNetNTLMv2
Kerberos 5 TGS
Kerberos 5 TGS AES128
Kerberos 5 TGS AES256
Kerberos ASREP
MsCache 2
MD5
Attack modes
Dictionary Attack
Dictionary attack (-a 0) is, as the name suggests, a dictionary attack. The user provides password hashes and a wordlist as input, and Hashcat tests each word in the list as a potential password until the correct one is found or the list is exhausted.
Dictionary Attack with rules
Mask Attack
Mask attack (-a 3) is a type of brute-force attack in which the keyspace is explicitly defined by the user. For example, if we know that a password is eight characters long, rather than attempting every possible combination, we might define a mask that tests combinations of six letters followed by two numbers.
?l
abcdefghijklmnopqrstuvwxyz
?u
ABCDEFGHIJKLMNOPQRSTUVWXYZ
?d
0123456789
?h
0123456789abcdef
?H
0123456789ABCDEF
?s
«space»!"#$%&'()*+,-./:;<=>?@[]^_`{
?a
?l?u?d?s
?b
0x00 - 0xff
Let's say that we specifically want to try passwords which start with an uppercase letter, continue with four lowercase letters, a digit, and then a symbol. The resulting hashcat mask would be ?u?l?l?l?l?d?s.
Last updated