Hashcat je open-source software pro prolamování hesel, který dokáže prolamovat různé hashe pomocí různých způsobů útoku.
Podporuje pět jedinečných způsobů útoku pro více než 300 vysoce optimalizovaných hashovacích algoritmů.
V současné době podporuje CPU, GPU a další hardwarové akcelerátory v Linuxu. Tento nástroj lze také použít na macOS a Windows.
Instalace nástroje
Tento nástroj je součástí distribuce Kali Linux.
Bash
sudo apt install hashcatMožnosti které nástroj nabízí
Bash
hashcat --help
hashcat (v6.2.6) starting in help mode
Usage: hashcat [options]... hash|hashfile|hccapxfile [dictionary|mask|directory]...
- [ Options ] -
Options Short / Long | Type | Description | Example
================================+======+======================================================+=======================
-m, --hash-type | Num | Hash-type, references below (otherwise autodetect) | -m 1000
-a, --attack-mode | Num | Attack-mode, see references below | -a 3
-V, --version | | Print version |
-h, --help | | Print help |
--quiet | | Suppress output |
--hex-charset | | Assume charset is given in hex |
--hex-salt | | Assume salt is given in hex |
--hex-wordlist | | Assume words in wordlist are given in hex |
--force | | Ignore warnings |
--deprecated-check-disable | | Enable deprecated plugins |
--status | | Enable automatic update of the status screen |
--status-json | | Enable JSON format for status output |
--status-timer | Num | Sets seconds between status screen updates to X | --status-timer=1
--stdin-timeout-abort | Num | Abort if there is no input from stdin for X seconds | --stdin-timeout-abort=300
--machine-readable | | Display the status view in a machine-readable format |
--keep-guessing | | Keep guessing the hash after it has been cracked |
--self-test-disable | | Disable self-test functionality on startup |
--loopback | | Add new plains to induct directory |
--markov-hcstat2 | File | Specify hcstat2 file to use | --markov-hcstat2=my.hcstat2
--markov-disable | | Disables markov-chains, emulates classic brute-force |
--markov-classic | | Enables classic markov-chains, no per-position |
--markov-inverse | | Enables inverse markov-chains, no per-position |
-t, --markov-threshold | Num | Threshold X when to stop accepting new markov-chains | -t 50
--runtime | Num | Abort session after X seconds of runtime | --runtime=10
--session | Str | Define specific session name | --session=mysession
--restore | | Restore session from --session |
--restore-disable | | Do not write restore file |
--restore-file-path | File | Specific path to restore file | --restore-file-path=x.restore
-o, --outfile | File | Define outfile for recovered hash | -o outfile.txt
--outfile-format | Str | Outfile format to use, separated with commas | --outfile-format=1,3
--outfile-autohex-disable | | Disable the use of $HEX[] in output plains |
--outfile-check-timer | Num | Sets seconds between outfile checks to X | --outfile-check-timer=30
--wordlist-autohex-disable | | Disable the conversion of $HEX[] from the wordlist |
-p, --separator | Char | Separator char for hashlists and outfile | -p :
--stdout | | Do not crack a hash, instead print candidates only |
--show | | Compare hashlist with potfile; show cracked hashes |
--left | | Compare hashlist with potfile; show uncracked hashes |
--username | | Enable ignoring of usernames in hashfile |
--remove | | Enable removal of hashes once they are cracked |
--remove-timer | Num | Update input hash file each X seconds | --remove-timer=30
--potfile-disable | | Do not write potfile |
--potfile-path | File | Specific path to potfile | --potfile-path=my.pot
--encoding-from | Code | Force internal wordlist encoding from X | --encoding-from=iso-8859-15
--encoding-to | Code | Force internal wordlist encoding to X | --encoding-to=utf-32le
--debug-mode | Num | Defines the debug mode (hybrid only by using rules) | --debug-mode=4
--debug-file | File | Output file for debugging rules | --debug-file=good.log
--induction-dir | Dir | Specify the induction directory to use for loopback | --induction=inducts
--outfile-check-dir | Dir | Specify the outfile directory to monitor for plains | --outfile-check-dir=x
--logfile-disable | | Disable the logfile |
--hccapx-message-pair | Num | Load only message pairs from hccapx matching X | --hccapx-message-pair=2
--nonce-error-corrections | Num | The BF size range to replace AP´s nonce last bytes | --nonce-error-corrections=16
--keyboard-layout-mapping | File | Keyboard layout mapping table for special hash-modes | --keyb=german.hckmap
--truecrypt-keyfiles | File | Keyfiles to use, separated with commas | --truecrypt-keyf=x.png
--veracrypt-keyfiles | File | Keyfiles to use, separated with commas | --veracrypt-keyf=x.txt
--veracrypt-pim-start | Num | VeraCrypt personal iterations multiplier start | --veracrypt-pim-start=450
--veracrypt-pim-stop | Num | VeraCrypt personal iterations multiplier stop | --veracrypt-pim-stop=500
-b, --benchmark | | Run benchmark of selected hash-modes |
--benchmark-all | | Run benchmark of all hash-modes (requires -b) |
--speed-only | | Return expected speed of the attack, then quit |
--progress-only | | Return ideal progress step size and time to process |
-c, --segment-size | Num | Sets size in MB to cache from the wordfile to X | -c 32
--bitmap-min | Num | Sets minimum bits allowed for bitmaps to X | --bitmap-min=24
--bitmap-max | Num | Sets maximum bits allowed for bitmaps to X | --bitmap-max=24
--cpu-affinity | Str | Locks to CPU devices, separated with commas | --cpu-affinity=1,2,3
--hook-threads | Num | Sets number of threads for a hook (per compute unit) | --hook-threads=8
--hash-info | | Show information for each hash-mode |
--example-hashes | | Alias of --hash-info |
--backend-ignore-cuda | | Do not try to open CUDA interface on startup |
--backend-ignore-hip | | Do not try to open HIP interface on startup |
--backend-ignore-metal | | Do not try to open Metal interface on startup |
--backend-ignore-opencl | | Do not try to open OpenCL interface on startup |
-I, --backend-info | | Show system/evironment/backend API info | -I or -II
-d, --backend-devices | Str | Backend devices to use, separated with commas | -d 1
-D, --opencl-device-types | Str | OpenCL device-types to use, separated with commas | -D 1
-O, --optimized-kernel-enable | | Enable optimized kernels (limits password length) |
-M, --multiply-accel-disable | | Disable multiply kernel-accel with processor count |
-w, --workload-profile | Num | Enable a specific workload profile, see pool below | -w 3
-n, --kernel-accel | Num | Manual workload tuning, set outerloop step size to X | -n 64
-u, --kernel-loops | Num | Manual workload tuning, set innerloop step size to X | -u 256
-T, --kernel-threads | Num | Manual workload tuning, set thread count to X | -T 64
--backend-vector-width | Num | Manually override backend vector-width to X | --backend-vector=4
--spin-damp | Num | Use CPU for device synchronization, in percent | --spin-damp=10
--hwmon-disable | | Disable temperature and fanspeed reads and triggers |
--hwmon-temp-abort | Num | Abort if temperature reaches X degrees Celsius | --hwmon-temp-abort=100
--scrypt-tmto | Num | Manually override TMTO value for scrypt to X | --scrypt-tmto=3
-s, --skip | Num | Skip X words from the start | -s 1000000
-l, --limit | Num | Limit X words from the start + skipped words | -l 1000000
--keyspace | | Show keyspace base:mod values and quit |
-j, --rule-left | Rule | Single rule applied to each word from left wordlist | -j 'c'
-k, --rule-right | Rule | Single rule applied to each word from right wordlist | -k '^-'
-r, --rules-file | File | Multiple rules applied to each word from wordlists | -r rules/best64.rule
-g, --generate-rules | Num | Generate X random rules | -g 10000
--generate-rules-func-min | Num | Force min X functions per rule |
--generate-rules-func-max | Num | Force max X functions per rule |
--generate-rules-func-sel | Str | Pool of rule operators valid for random rule engine | --generate-rules-func-sel=ioTlc
--generate-rules-seed | Num | Force RNG seed set to X |
-1, --custom-charset1 | CS | User-defined charset ?1 | -1 ?l?d?u
-2, --custom-charset2 | CS | User-defined charset ?2 | -2 ?l?d?s
-3, --custom-charset3 | CS | User-defined charset ?3 |
-4, --custom-charset4 | CS | User-defined charset ?4 |
--identify | | Shows all supported algorithms for input hashes | --identify my.hash
-i, --increment | | Enable mask increment mode |
--increment-min | Num | Start mask incrementing at X | --increment-min=4
--increment-max | Num | Stop mask incrementing at X | --increment-max=8
-S, --slow-candidates | | Enable slower (but advanced) candidate generators |
--brain-server | | Enable brain server |
--brain-server-timer | Num | Update the brain server dump each X seconds (min:60) | --brain-server-timer=300
-z, --brain-client | | Enable brain client, activates -S |
--brain-client-features | Num | Define brain client features, see below | --brain-client-features=3
--brain-host | Str | Brain server host (IP or domain) | --brain-host=127.0.0.1
--brain-port | Port | Brain server port | --brain-port=13743
--brain-password | Str | Brain server authentication password | --brain-password=bZfhCvGUSjRq
--brain-session | Hex | Overrides automatically calculated brain session | --brain-session=0x2ae611db
--brain-session-whitelist | Hex | Allow given sessions only, separated with commas | --brain-session-whitelist=0x2ae611db
- [ Hash modes ] -
# | Name | Category
======+============================================================+======================================
900 | MD4 | Raw Hash
0 | MD5 | Raw Hash
100 | SHA1 | Raw Hash
1300 | SHA2-224 | Raw Hash
1400 | SHA2-256 | Raw Hash
10800 | SHA2-384 | Raw Hash
1700 | SHA2-512 | Raw Hash
17300 | SHA3-224 | Raw Hash
17400 | SHA3-256 | Raw Hash
17500 | SHA3-384 | Raw Hash
17600 | SHA3-512 | Raw Hash
6000 | RIPEMD-160 | Raw Hash
600 | BLAKE2b-512 | Raw Hash
11700 | GOST R 34.11-2012 (Streebog) 256-bit, big-endian | Raw Hash
11800 | GOST R 34.11-2012 (Streebog) 512-bit, big-endian | Raw Hash
6900 | GOST R 34.11-94 | Raw Hash
17010 | GPG (AES-128/AES-256 (SHA-1($pass))) | Raw Hash
5100 | Half MD5 | Raw Hash
17700 | Keccak-224 | Raw Hash
17800 | Keccak-256 | Raw Hash
17900 | Keccak-384 | Raw Hash
18000 | Keccak-512 | Raw Hash
6100 | Whirlpool | Raw Hash
10100 | SipHash | Raw Hash
70 | md5(utf16le($pass)) | Raw Hash
170 | sha1(utf16le($pass)) | Raw Hash
1470 | sha256(utf16le($pass)) | Raw Hash
10870 | sha384(utf16le($pass)) | Raw Hash
1770 | sha512(utf16le($pass)) | Raw Hash
610 | BLAKE2b-512($pass.$salt) | Raw Hash salted and/or iterated
620 | BLAKE2b-512($salt.$pass) | Raw Hash salted and/or iterated
10 | md5($pass.$salt) | Raw Hash salted and/or iterated
20 | md5($salt.$pass) | Raw Hash salted and/or iterated
3800 | md5($salt.$pass.$salt) | Raw Hash salted and/or iterated
3710 | md5($salt.md5($pass)) | Raw Hash salted and/or iterated
4110 | md5($salt.md5($pass.$salt)) | Raw Hash salted and/or iterated
4010 | md5($salt.md5($salt.$pass)) | Raw Hash salted and/or iterated
21300 | md5($salt.sha1($salt.$pass)) | Raw Hash salted and/or iterated
40 | md5($salt.utf16le($pass)) | Raw Hash salted and/or iterated
2600 | md5(md5($pass)) | Raw Hash salted and/or iterated
3910 | md5(md5($pass).md5($salt)) | Raw Hash salted and/or iterated
3500 | md5(md5(md5($pass))) | Raw Hash salted and/or iterated
4400 | md5(sha1($pass)) | Raw Hash salted and/or iterated
4410 | md5(sha1($pass).$salt) | Raw Hash salted and/or iterated
20900 | md5(sha1($pass).md5($pass).sha1($pass)) | Raw Hash salted and/or iterated
21200 | md5(sha1($salt).md5($pass)) | Raw Hash salted and/or iterated
4300 | md5(strtoupper(md5($pass))) | Raw Hash salted and/or iterated
30 | md5(utf16le($pass).$salt) | Raw Hash salted and/or iterated
110 | sha1($pass.$salt) | Raw Hash salted and/or iterated
120 | sha1($salt.$pass) | Raw Hash salted and/or iterated
4900 | sha1($salt.$pass.$salt) | Raw Hash salted and/or iterated
4520 | sha1($salt.sha1($pass)) | Raw Hash salted and/or iterated
24300 | sha1($salt.sha1($pass.$salt)) | Raw Hash salted and/or iterated
140 | sha1($salt.utf16le($pass)) | Raw Hash salted and/or iterated
19300 | sha1($salt1.$pass.$salt2) | Raw Hash salted and/or iterated
14400 | sha1(CX) | Raw Hash salted and/or iterated
4700 | sha1(md5($pass)) | Raw Hash salted and/or iterated
4710 | sha1(md5($pass).$salt) | Raw Hash salted and/or iterated
21100 | sha1(md5($pass.$salt)) | Raw Hash salted and/or iterated
18500 | sha1(md5(md5($pass))) | Raw Hash salted and/or iterated
4500 | sha1(sha1($pass)) | Raw Hash salted and/or iterated
4510 | sha1(sha1($pass).$salt) | Raw Hash salted and/or iterated
5000 | sha1(sha1($salt.$pass.$salt)) | Raw Hash salted and/or iterated
130 | sha1(utf16le($pass).$salt) | Raw Hash salted and/or iterated
1410 | sha256($pass.$salt) | Raw Hash salted and/or iterated
1420 | sha256($salt.$pass) | Raw Hash salted and/or iterated
22300 | sha256($salt.$pass.$salt) | Raw Hash salted and/or iterated
20720 | sha256($salt.sha256($pass)) | Raw Hash salted and/or iterated
21420 | sha256($salt.sha256_bin($pass)) | Raw Hash salted and/or iterated
1440 | sha256($salt.utf16le($pass)) | Raw Hash salted and/or iterated
20800 | sha256(md5($pass)) | Raw Hash salted and/or iterated
20710 | sha256(sha256($pass).$salt) | Raw Hash salted and/or iterated
21400 | sha256(sha256_bin($pass)) | Raw Hash salted and/or iterated
1430 | sha256(utf16le($pass).$salt) | Raw Hash salted and/or iterated
10810 | sha384($pass.$salt) | Raw Hash salted and/or iterated
10820 | sha384($salt.$pass) | Raw Hash salted and/or iterated
10840 | sha384($salt.utf16le($pass)) | Raw Hash salted and/or iterated
10830 | sha384(utf16le($pass).$salt) | Raw Hash salted and/or iterated
1710 | sha512($pass.$salt) | Raw Hash salted and/or iterated
1720 | sha512($salt.$pass) | Raw Hash salted and/or iterated
1740 | sha512($salt.utf16le($pass)) | Raw Hash salted and/or iterated
1730 | sha512(utf16le($pass).$salt) | Raw Hash salted and/or iterated
50 | HMAC-MD5 (key = $pass) | Raw Hash authenticated
60 | HMAC-MD5 (key = $salt) | Raw Hash authenticated
150 | HMAC-SHA1 (key = $pass) | Raw Hash authenticated
160 | HMAC-SHA1 (key = $salt) | Raw Hash authenticated
1450 | HMAC-SHA256 (key = $pass) | Raw Hash authenticated
1460 | HMAC-SHA256 (key = $salt) | Raw Hash authenticated
1750 | HMAC-SHA512 (key = $pass) | Raw Hash authenticated
1760 | HMAC-SHA512 (key = $salt) | Raw Hash authenticated
11750 | HMAC-Streebog-256 (key = $pass), big-endian | Raw Hash authenticated
11760 | HMAC-Streebog-256 (key = $salt), big-endian | Raw Hash authenticated
11850 | HMAC-Streebog-512 (key = $pass), big-endian | Raw Hash authenticated
11860 | HMAC-Streebog-512 (key = $salt), big-endian | Raw Hash authenticated
28700 | Amazon AWS4-HMAC-SHA256 | Raw Hash authenticated
11500 | CRC32 | Raw Checksum
27900 | CRC32C | Raw Checksum
28000 | CRC64Jones | Raw Checksum
18700 | Java Object hashCode() | Raw Checksum
25700 | MurmurHash | Raw Checksum
27800 | MurmurHash3 | Raw Checksum
14100 | 3DES (PT = $salt, key = $pass) | Raw Cipher, Known-plaintext attack
14000 | DES (PT = $salt, key = $pass) | Raw Cipher, Known-plaintext attack
26401 | AES-128-ECB NOKDF (PT = $salt, key = $pass) | Raw Cipher, Known-plaintext attack
26402 | AES-192-ECB NOKDF (PT = $salt, key = $pass) | Raw Cipher, Known-plaintext attack
26403 | AES-256-ECB NOKDF (PT = $salt, key = $pass) | Raw Cipher, Known-plaintext attack
15400 | ChaCha20 | Raw Cipher, Known-plaintext attack
14500 | Linux Kernel Crypto API (2.4) | Raw Cipher, Known-plaintext attack
14900 | Skip32 (PT = $salt, key = $pass) | Raw Cipher, Known-plaintext attack
11900 | PBKDF2-HMAC-MD5 | Generic KDF
12000 | PBKDF2-HMAC-SHA1 | Generic KDF
10900 | PBKDF2-HMAC-SHA256 | Generic KDF
12100 | PBKDF2-HMAC-SHA512 | Generic KDF
8900 | scrypt | Generic KDF
400 | phpass | Generic KDF
16100 | TACACS+ | Network Protocol
11400 | SIP digest authentication (MD5) | Network Protocol
5300 | IKE-PSK MD5 | Network Protocol
5400 | IKE-PSK SHA1 | Network Protocol
25100 | SNMPv3 HMAC-MD5-96 | Network Protocol
25000 | SNMPv3 HMAC-MD5-96/HMAC-SHA1-96 | Network Protocol
25200 | SNMPv3 HMAC-SHA1-96 | Network Protocol
26700 | SNMPv3 HMAC-SHA224-128 | Network Protocol
26800 | SNMPv3 HMAC-SHA256-192 | Network Protocol
26900 | SNMPv3 HMAC-SHA384-256 | Network Protocol
27300 | SNMPv3 HMAC-SHA512-384 | Network Protocol
2500 | WPA-EAPOL-PBKDF2 | Network Protocol
2501 | WPA-EAPOL-PMK | Network Protocol
22000 | WPA-PBKDF2-PMKID+EAPOL | Network Protocol
22001 | WPA-PMK-PMKID+EAPOL | Network Protocol
16800 | WPA-PMKID-PBKDF2 | Network Protocol
16801 | WPA-PMKID-PMK | Network Protocol
7300 | IPMI2 RAKP HMAC-SHA1 | Network Protocol
10200 | CRAM-MD5 | Network Protocol
16500 | JWT (JSON Web Token) | Network Protocol
29200 | Radmin3 | Network Protocol
19600 | Kerberos 5, etype 17, TGS-REP | Network Protocol
19800 | Kerberos 5, etype 17, Pre-Auth | Network Protocol
28800 | Kerberos 5, etype 17, DB | Network Protocol
19700 | Kerberos 5, etype 18, TGS-REP | Network Protocol
19900 | Kerberos 5, etype 18, Pre-Auth | Network Protocol
28900 | Kerberos 5, etype 18, DB | Network Protocol
7500 | Kerberos 5, etype 23, AS-REQ Pre-Auth | Network Protocol
13100 | Kerberos 5, etype 23, TGS-REP | Network Protocol
18200 | Kerberos 5, etype 23, AS-REP | Network Protocol
5500 | NetNTLMv1 / NetNTLMv1+ESS | Network Protocol
27000 | NetNTLMv1 / NetNTLMv1+ESS (NT) | Network Protocol
5600 | NetNTLMv2 | Network Protocol
27100 | NetNTLMv2 (NT) | Network Protocol
29100 | Flask Session Cookie ($salt.$salt.$pass) | Network Protocol
4800 | iSCSI CHAP authentication, MD5(CHAP) | Network Protocol
8500 | RACF | Operating System
6300 | AIX {smd5} | Operating System
6700 | AIX {ssha1} | Operating System
6400 | AIX {ssha256} | Operating System
6500 | AIX {ssha512} | Operating System
3000 | LM | Operating System
19000 | QNX /etc/shadow (MD5) | Operating System
19100 | QNX /etc/shadow (SHA256) | Operating System
19200 | QNX /etc/shadow (SHA512) | Operating System
15300 | DPAPI masterkey file v1 (context 1 and 2) | Operating System
15310 | DPAPI masterkey file v1 (context 3) | Operating System
15900 | DPAPI masterkey file v2 (context 1 and 2) | Operating System
15910 | DPAPI masterkey file v2 (context 3) | Operating System
7200 | GRUB 2 | Operating System
12800 | MS-AzureSync PBKDF2-HMAC-SHA256 | Operating System
12400 | BSDi Crypt, Extended DES | Operating System
1000 | NTLM | Operating System
9900 | Radmin2 | Operating System
5800 | Samsung Android Password/PIN | Operating System
28100 | Windows Hello PIN/Password | Operating System
13800 | Windows Phone 8+ PIN/password | Operating System
2410 | Cisco-ASA MD5 | Operating System
9200 | Cisco-IOS $8$ (PBKDF2-SHA256) | Operating System
9300 | Cisco-IOS $9$ (scrypt) | Operating System
5700 | Cisco-IOS type 4 (SHA256) | Operating System
2400 | Cisco-PIX MD5 | Operating System
8100 | Citrix NetScaler (SHA1) | Operating System
22200 | Citrix NetScaler (SHA512) | Operating System
1100 | Domain Cached Credentials (DCC), MS Cache | Operating System
2100 | Domain Cached Credentials 2 (DCC2), MS Cache 2 | Operating System
7000 | FortiGate (FortiOS) | Operating System
26300 | FortiGate256 (FortiOS256) | Operating System
125 | ArubaOS | Operating System
501 | Juniper IVE | Operating System
22 | Juniper NetScreen/SSG (ScreenOS) | Operating System
15100 | Juniper/NetBSD sha1crypt | Operating System
26500 | iPhone passcode (UID key + System Keybag) | Operating System
122 | macOS v10.4, macOS v10.5, macOS v10.6 | Operating System
1722 | macOS v10.7 | Operating System
7100 | macOS v10.8+ (PBKDF2-SHA512) | Operating System
3200 | bcrypt $2*$, Blowfish (Unix) | Operating System
500 | md5crypt, MD5 (Unix), Cisco-IOS $1$ (MD5) | Operating System
1500 | descrypt, DES (Unix), Traditional DES | Operating System
29000 | sha1($salt.sha1(utf16le($username).':'.utf16le($pass))) | Operating System
7400 | sha256crypt $5$, SHA256 (Unix) | Operating System
1800 | sha512crypt $6$, SHA512 (Unix) | Operating System
24600 | SQLCipher | Database Server
131 | MSSQL (2000) | Database Server
132 | MSSQL (2005) | Database Server
1731 | MSSQL (2012, 2014) | Database Server
24100 | MongoDB ServerKey SCRAM-SHA-1 | Database Server
24200 | MongoDB ServerKey SCRAM-SHA-256 | Database Server
12 | PostgreSQL | Database Server
11100 | PostgreSQL CRAM (MD5) | Database Server
28600 | PostgreSQL SCRAM-SHA-256 | Database Server
3100 | Oracle H: Type (Oracle 7+) | Database Server
112 | Oracle S: Type (Oracle 11+) | Database Server
12300 | Oracle T: Type (Oracle 12+) | Database Server
7401 | MySQL $A$ (sha256crypt) | Database Server
11200 | MySQL CRAM (SHA1) | Database Server
200 | MySQL323 | Database Server
300 | MySQL4.1/MySQL5 | Database Server
8000 | Sybase ASE | Database Server
8300 | DNSSEC (NSEC3) | FTP, HTTP, SMTP, LDAP Server
25900 | KNX IP Secure - Device Authentication Code | FTP, HTTP, SMTP, LDAP Server
16400 | CRAM-MD5 Dovecot | FTP, HTTP, SMTP, LDAP Server
1411 | SSHA-256(Base64), LDAP {SSHA256} | FTP, HTTP, SMTP, LDAP Server
1711 | SSHA-512(Base64), LDAP {SSHA512} | FTP, HTTP, SMTP, LDAP Server
24900 | Dahua Authentication MD5 | FTP, HTTP, SMTP, LDAP Server
10901 | RedHat 389-DS LDAP (PBKDF2-HMAC-SHA256) | FTP, HTTP, SMTP, LDAP Server
15000 | FileZilla Server >= 0.9.55 | FTP, HTTP, SMTP, LDAP Server
12600 | ColdFusion 10+ | FTP, HTTP, SMTP, LDAP Server
1600 | Apache $apr1$ MD5, md5apr1, MD5 (APR) | FTP, HTTP, SMTP, LDAP Server
141 | Episerver 6.x < .NET 4 | FTP, HTTP, SMTP, LDAP Server
1441 | Episerver 6.x >= .NET 4 | FTP, HTTP, SMTP, LDAP Server
1421 | hMailServer | FTP, HTTP, SMTP, LDAP Server
101 | nsldap, SHA-1(Base64), Netscape LDAP SHA | FTP, HTTP, SMTP, LDAP Server
111 | nsldaps, SSHA-1(Base64), Netscape LDAP SSHA | FTP, HTTP, SMTP, LDAP Server
7700 | SAP CODVN B (BCODE) | Enterprise Application Software (EAS)
7701 | SAP CODVN B (BCODE) from RFC_READ_TABLE | Enterprise Application Software (EAS)
7800 | SAP CODVN F/G (PASSCODE) | Enterprise Application Software (EAS)
7801 | SAP CODVN F/G (PASSCODE) from RFC_READ_TABLE | Enterprise Application Software (EAS)
10300 | SAP CODVN H (PWDSALTEDHASH) iSSHA-1 | Enterprise Application Software (EAS)
133 | PeopleSoft | Enterprise Application Software (EAS)
13500 | PeopleSoft PS_TOKEN | Enterprise Application Software (EAS)
21500 | SolarWinds Orion | Enterprise Application Software (EAS)
21501 | SolarWinds Orion v2 | Enterprise Application Software (EAS)
24 | SolarWinds Serv-U | Enterprise Application Software (EAS)
8600 | Lotus Notes/Domino 5 | Enterprise Application Software (EAS)
8700 | Lotus Notes/Domino 6 | Enterprise Application Software (EAS)
9100 | Lotus Notes/Domino 8 | Enterprise Application Software (EAS)
26200 | OpenEdge Progress Encode | Enterprise Application Software (EAS)
20600 | Oracle Transportation Management (SHA256) | Enterprise Application Software (EAS)
4711 | Huawei sha1(md5($pass).$salt) | Enterprise Application Software (EAS)
20711 | AuthMe sha256 | Enterprise Application Software (EAS)
22400 | AES Crypt (SHA256) | Full-Disk Encryption (FDE)
27400 | VMware VMX (PBKDF2-HMAC-SHA1 + AES-256-CBC) | Full-Disk Encryption (FDE)
14600 | LUKS v1 (legacy) | Full-Disk Encryption (FDE)
29541 | LUKS v1 RIPEMD-160 + AES | Full-Disk Encryption (FDE)
29542 | LUKS v1 RIPEMD-160 + Serpent | Full-Disk Encryption (FDE)
29543 | LUKS v1 RIPEMD-160 + Twofish | Full-Disk Encryption (FDE)
29511 | LUKS v1 SHA-1 + AES | Full-Disk Encryption (FDE)
29512 | LUKS v1 SHA-1 + Serpent | Full-Disk Encryption (FDE)
29513 | LUKS v1 SHA-1 + Twofish | Full-Disk Encryption (FDE)
29521 | LUKS v1 SHA-256 + AES | Full-Disk Encryption (FDE)
29522 | LUKS v1 SHA-256 + Serpent | Full-Disk Encryption (FDE)
29523 | LUKS v1 SHA-256 + Twofish | Full-Disk Encryption (FDE)
29531 | LUKS v1 SHA-512 + AES | Full-Disk Encryption (FDE)
29532 | LUKS v1 SHA-512 + Serpent | Full-Disk Encryption (FDE)
29533 | LUKS v1 SHA-512 + Twofish | Full-Disk Encryption (FDE)
13711 | VeraCrypt RIPEMD160 + XTS 512 bit (legacy) | Full-Disk Encryption (FDE)
13712 | VeraCrypt RIPEMD160 + XTS 1024 bit (legacy) | Full-Disk Encryption (FDE)
13713 | VeraCrypt RIPEMD160 + XTS 1536 bit (legacy) | Full-Disk Encryption (FDE)
13741 | VeraCrypt RIPEMD160 + XTS 512 bit + boot-mode (legacy) | Full-Disk Encryption (FDE)
13742 | VeraCrypt RIPEMD160 + XTS 1024 bit + boot-mode (legacy) | Full-Disk Encryption (FDE)
13743 | VeraCrypt RIPEMD160 + XTS 1536 bit + boot-mode (legacy) | Full-Disk Encryption (FDE)
29411 | VeraCrypt RIPEMD160 + XTS 512 bit | Full-Disk Encryption (FDE)
29412 | VeraCrypt RIPEMD160 + XTS 1024 bit | Full-Disk Encryption (FDE)
29413 | VeraCrypt RIPEMD160 + XTS 1536 bit | Full-Disk Encryption (FDE)
29441 | VeraCrypt RIPEMD160 + XTS 512 bit + boot-mode | Full-Disk Encryption (FDE)
29442 | VeraCrypt RIPEMD160 + XTS 1024 bit + boot-mode | Full-Disk Encryption (FDE)
29443 | VeraCrypt RIPEMD160 + XTS 1536 bit + boot-mode | Full-Disk Encryption (FDE)
13751 | VeraCrypt SHA256 + XTS 512 bit (legacy) | Full-Disk Encryption (FDE)
13752 | VeraCrypt SHA256 + XTS 1024 bit (legacy) | Full-Disk Encryption (FDE)
13753 | VeraCrypt SHA256 + XTS 1536 bit (legacy) | Full-Disk Encryption (FDE)
13761 | VeraCrypt SHA256 + XTS 512 bit + boot-mode (legacy) | Full-Disk Encryption (FDE)
13762 | VeraCrypt SHA256 + XTS 1024 bit + boot-mode (legacy) | Full-Disk Encryption (FDE)
13763 | VeraCrypt SHA256 + XTS 1536 bit + boot-mode (legacy) | Full-Disk Encryption (FDE)
29451 | VeraCrypt SHA256 + XTS 512 bit | Full-Disk Encryption (FDE)
29452 | VeraCrypt SHA256 + XTS 1024 bit | Full-Disk Encryption (FDE)
29453 | VeraCrypt SHA256 + XTS 1536 bit | Full-Disk Encryption (FDE)
29461 | VeraCrypt SHA256 + XTS 512 bit + boot-mode | Full-Disk Encryption (FDE)
29462 | VeraCrypt SHA256 + XTS 1024 bit + boot-mode | Full-Disk Encryption (FDE)
29463 | VeraCrypt SHA256 + XTS 1536 bit + boot-mode | Full-Disk Encryption (FDE)
13721 | VeraCrypt SHA512 + XTS 512 bit (legacy) | Full-Disk Encryption (FDE)
13722 | VeraCrypt SHA512 + XTS 1024 bit (legacy) | Full-Disk Encryption (FDE)
13723 | VeraCrypt SHA512 + XTS 1536 bit (legacy) | Full-Disk Encryption (FDE)
29421 | VeraCrypt SHA512 + XTS 512 bit | Full-Disk Encryption (FDE)
29422 | VeraCrypt SHA512 + XTS 1024 bit | Full-Disk Encryption (FDE)
29423 | VeraCrypt SHA512 + XTS 1536 bit | Full-Disk Encryption (FDE)
13771 | VeraCrypt Streebog-512 + XTS 512 bit (legacy) | Full-Disk Encryption (FDE)
13772 | VeraCrypt Streebog-512 + XTS 1024 bit (legacy) | Full-Disk Encryption (FDE)
13773 | VeraCrypt Streebog-512 + XTS 1536 bit (legacy) | Full-Disk Encryption (FDE)
13781 | VeraCrypt Streebog-512 + XTS 512 bit + boot-mode (legacy) | Full-Disk Encryption (FDE)
13782 | VeraCrypt Streebog-512 + XTS 1024 bit + boot-mode (legacy) | Full-Disk Encryption (FDE)
13783 | VeraCrypt Streebog-512 + XTS 1536 bit + boot-mode (legacy) | Full-Disk Encryption (FDE)
29471 | VeraCrypt Streebog-512 + XTS 512 bit | Full-Disk Encryption (FDE)
29472 | VeraCrypt Streebog-512 + XTS 1024 bit | Full-Disk Encryption (FDE)
29473 | VeraCrypt Streebog-512 + XTS 1536 bit | Full-Disk Encryption (FDE)
29481 | VeraCrypt Streebog-512 + XTS 512 bit + boot-mode | Full-Disk Encryption (FDE)
29482 | VeraCrypt Streebog-512 + XTS 1024 bit + boot-mode | Full-Disk Encryption (FDE)
29483 | VeraCrypt Streebog-512 + XTS 1536 bit + boot-mode | Full-Disk Encryption (FDE)
13731 | VeraCrypt Whirlpool + XTS 512 bit (legacy) | Full-Disk Encryption (FDE)
13732 | VeraCrypt Whirlpool + XTS 1024 bit (legacy) | Full-Disk Encryption (FDE)
13733 | VeraCrypt Whirlpool + XTS 1536 bit (legacy) | Full-Disk Encryption (FDE)
29431 | VeraCrypt Whirlpool + XTS 512 bit | Full-Disk Encryption (FDE)
29432 | VeraCrypt Whirlpool + XTS 1024 bit | Full-Disk Encryption (FDE)
29433 | VeraCrypt Whirlpool + XTS 1536 bit | Full-Disk Encryption (FDE)
23900 | BestCrypt v3 Volume Encryption | Full-Disk Encryption (FDE)
16700 | FileVault 2 | Full-Disk Encryption (FDE)
27500 | VirtualBox (PBKDF2-HMAC-SHA256 & AES-128-XTS) | Full-Disk Encryption (FDE)
27600 | VirtualBox (PBKDF2-HMAC-SHA256 & AES-256-XTS) | Full-Disk Encryption (FDE)
20011 | DiskCryptor SHA512 + XTS 512 bit | Full-Disk Encryption (FDE)
20012 | DiskCryptor SHA512 + XTS 1024 bit | Full-Disk Encryption (FDE)
20013 | DiskCryptor SHA512 + XTS 1536 bit | Full-Disk Encryption (FDE)
22100 | BitLocker | Full-Disk Encryption (FDE)
12900 | Android FDE (Samsung DEK) | Full-Disk Encryption (FDE)
8800 | Android FDE <= 4.3 | Full-Disk Encryption (FDE)
18300 | Apple File System (APFS) | Full-Disk Encryption (FDE)
6211 | TrueCrypt RIPEMD160 + XTS 512 bit (legacy) | Full-Disk Encryption (FDE)
6212 | TrueCrypt RIPEMD160 + XTS 1024 bit (legacy) | Full-Disk Encryption (FDE)
6213 | TrueCrypt RIPEMD160 + XTS 1536 bit (legacy) | Full-Disk Encryption (FDE)
6241 | TrueCrypt RIPEMD160 + XTS 512 bit + boot-mode (legacy) | Full-Disk Encryption (FDE)
6242 | TrueCrypt RIPEMD160 + XTS 1024 bit + boot-mode (legacy) | Full-Disk Encryption (FDE)
6243 | TrueCrypt RIPEMD160 + XTS 1536 bit + boot-mode (legacy) | Full-Disk Encryption (FDE)
29311 | TrueCrypt RIPEMD160 + XTS 512 bit | Full-Disk Encryption (FDE)
29312 | TrueCrypt RIPEMD160 + XTS 1024 bit | Full-Disk Encryption (FDE)
29313 | TrueCrypt RIPEMD160 + XTS 1536 bit | Full-Disk Encryption (FDE)
29341 | TrueCrypt RIPEMD160 + XTS 512 bit + boot-mode | Full-Disk Encryption (FDE)
29342 | TrueCrypt RIPEMD160 + XTS 1024 bit + boot-mode | Full-Disk Encryption (FDE)
29343 | TrueCrypt RIPEMD160 + XTS 1536 bit + boot-mode | Full-Disk Encryption (FDE)
6221 | TrueCrypt SHA512 + XTS 512 bit (legacy) | Full-Disk Encryption (FDE)
6222 | TrueCrypt SHA512 + XTS 1024 bit (legacy) | Full-Disk Encryption (FDE)
6223 | TrueCrypt SHA512 + XTS 1536 bit (legacy) | Full-Disk Encryption (FDE)
29321 | TrueCrypt SHA512 + XTS 512 bit | Full-Disk Encryption (FDE)
29322 | TrueCrypt SHA512 + XTS 1024 bit | Full-Disk Encryption (FDE)
29323 | TrueCrypt SHA512 + XTS 1536 bit | Full-Disk Encryption (FDE)
6231 | TrueCrypt Whirlpool + XTS 512 bit (legacy) | Full-Disk Encryption (FDE)
6232 | TrueCrypt Whirlpool + XTS 1024 bit (legacy) | Full-Disk Encryption (FDE)
6233 | TrueCrypt Whirlpool + XTS 1536 bit (legacy) | Full-Disk Encryption (FDE)
29331 | TrueCrypt Whirlpool + XTS 512 bit | Full-Disk Encryption (FDE)
29332 | TrueCrypt Whirlpool + XTS 1024 bit | Full-Disk Encryption (FDE)
29333 | TrueCrypt Whirlpool + XTS 1536 bit | Full-Disk Encryption (FDE)
12200 | eCryptfs | Full-Disk Encryption (FDE)
10400 | PDF 1.1 - 1.3 (Acrobat 2 - 4) | Document
10410 | PDF 1.1 - 1.3 (Acrobat 2 - 4), collider #1 | Document
10420 | PDF 1.1 - 1.3 (Acrobat 2 - 4), collider #2 | Document
10500 | PDF 1.4 - 1.6 (Acrobat 5 - 8) | Document
25400 | PDF 1.4 - 1.6 (Acrobat 5 - 8) - user and owner pass | Document
10600 | PDF 1.7 Level 3 (Acrobat 9) | Document
10700 | PDF 1.7 Level 8 (Acrobat 10 - 11) | Document
9400 | MS Office 2007 | Document
9500 | MS Office 2010 | Document
9600 | MS Office 2013 | Document
25300 | MS Office 2016 - SheetProtection | Document
9700 | MS Office <= 2003 $0/$1, MD5 + RC4 | Document
9710 | MS Office <= 2003 $0/$1, MD5 + RC4, collider #1 | Document
9720 | MS Office <= 2003 $0/$1, MD5 + RC4, collider #2 | Document
9810 | MS Office <= 2003 $3, SHA1 + RC4, collider #1 | Document
9820 | MS Office <= 2003 $3, SHA1 + RC4, collider #2 | Document
9800 | MS Office <= 2003 $3/$4, SHA1 + RC4 | Document
18400 | Open Document Format (ODF) 1.2 (SHA-256, AES) | Document
18600 | Open Document Format (ODF) 1.1 (SHA-1, Blowfish) | Document
16200 | Apple Secure Notes | Document
23300 | Apple iWork | Document
6600 | 1Password, agilekeychain | Password Manager
8200 | 1Password, cloudkeychain | Password Manager
9000 | Password Safe v2 | Password Manager
5200 | Password Safe v3 | Password Manager
6800 | LastPass + LastPass sniffed | Password Manager
13400 | KeePass 1 (AES/Twofish) and KeePass 2 (AES) | Password Manager
29700 | KeePass 1 (AES/Twofish) and KeePass 2 (AES) - keyfile only mode | Password Manager
23400 | Bitwarden | Password Manager
16900 | Ansible Vault | Password Manager
26000 | Mozilla key3.db | Password Manager
26100 | Mozilla key4.db | Password Manager
23100 | Apple Keychain | Password Manager
11600 | 7-Zip | Archive
12500 | RAR3-hp | Archive
23800 | RAR3-p (Compressed) | Archive
23700 | RAR3-p (Uncompressed) | Archive
13000 | RAR5 | Archive
17220 | PKZIP (Compressed Multi-File) | Archive
17200 | PKZIP (Compressed) | Archive
17225 | PKZIP (Mixed Multi-File) | Archive
17230 | PKZIP (Mixed Multi-File Checksum-Only) | Archive
17210 | PKZIP (Uncompressed) | Archive
20500 | PKZIP Master Key | Archive
20510 | PKZIP Master Key (6 byte optimization) | Archive
23001 | SecureZIP AES-128 | Archive
23002 | SecureZIP AES-192 | Archive
23003 | SecureZIP AES-256 | Archive
13600 | WinZip | Archive
18900 | Android Backup | Archive
24700 | Stuffit5 | Archive
13200 | AxCrypt 1 | Archive
13300 | AxCrypt 1 in-memory SHA1 | Archive
23500 | AxCrypt 2 AES-128 | Archive
23600 | AxCrypt 2 AES-256 | Archive
14700 | iTunes backup < 10.0 | Archive
14800 | iTunes backup >= 10.0 | Archive
8400 | WBB3 (Woltlab Burning Board) | Forums, CMS, E-Commerce
2612 | PHPS | Forums, CMS, E-Commerce
121 | SMF (Simple Machines Forum) > v1.1 | Forums, CMS, E-Commerce
3711 | MediaWiki B type | Forums, CMS, E-Commerce
4521 | Redmine | Forums, CMS, E-Commerce
24800 | Umbraco HMAC-SHA1 | Forums, CMS, E-Commerce
11 | Joomla < 2.5.18 | Forums, CMS, E-Commerce
13900 | OpenCart | Forums, CMS, E-Commerce
11000 | PrestaShop | Forums, CMS, E-Commerce
16000 | Tripcode | Forums, CMS, E-Commerce
7900 | Drupal7 | Forums, CMS, E-Commerce
4522 | PunBB | Forums, CMS, E-Commerce
2811 | MyBB 1.2+, IPB2+ (Invision Power Board) | Forums, CMS, E-Commerce
2611 | vBulletin < v3.8.5 | Forums, CMS, E-Commerce
2711 | vBulletin >= v3.8.5 | Forums, CMS, E-Commerce
25600 | bcrypt(md5($pass)) / bcryptmd5 | Forums, CMS, E-Commerce
25800 | bcrypt(sha1($pass)) / bcryptsha1 | Forums, CMS, E-Commerce
28400 | bcrypt(sha512($pass)) / bcryptsha512 | Forums, CMS, E-Commerce
21 | osCommerce, xt:Commerce | Forums, CMS, E-Commerce
18100 | TOTP (HMAC-SHA1) | One-Time Password
2000 | STDOUT | Plaintext
99999 | Plaintext | Plaintext
21600 | Web2py pbkdf2-sha512 | Framework
10000 | Django (PBKDF2-SHA256) | Framework
124 | Django (SHA-1) | Framework
12001 | Atlassian (PBKDF2-HMAC-SHA1) | Framework
19500 | Ruby on Rails Restful-Authentication | Framework
27200 | Ruby on Rails Restful Auth (one round, no sitekey) | Framework
30000 | Python Werkzeug MD5 (HMAC-MD5 (key = $salt)) | Framework
30120 | Python Werkzeug SHA256 (HMAC-SHA256 (key = $salt)) | Framework
20200 | Python passlib pbkdf2-sha512 | Framework
20300 | Python passlib pbkdf2-sha256 | Framework
20400 | Python passlib pbkdf2-sha1 | Framework
24410 | PKCS#8 Private Keys (PBKDF2-HMAC-SHA1 + 3DES/AES) | Private Key
24420 | PKCS#8 Private Keys (PBKDF2-HMAC-SHA256 + 3DES/AES) | Private Key
15500 | JKS Java Key Store Private Keys (SHA1) | Private Key
22911 | RSA/DSA/EC/OpenSSH Private Keys ($0$) | Private Key
22921 | RSA/DSA/EC/OpenSSH Private Keys ($6$) | Private Key
22931 | RSA/DSA/EC/OpenSSH Private Keys ($1, $3$) | Private Key
22941 | RSA/DSA/EC/OpenSSH Private Keys ($4$) | Private Key
22951 | RSA/DSA/EC/OpenSSH Private Keys ($5$) | Private Key
23200 | XMPP SCRAM PBKDF2-SHA1 | Instant Messaging Service
28300 | Teamspeak 3 (channel hash) | Instant Messaging Service
22600 | Telegram Desktop < v2.1.14 (PBKDF2-HMAC-SHA1) | Instant Messaging Service
24500 | Telegram Desktop >= v2.1.14 (PBKDF2-HMAC-SHA512) | Instant Messaging Service
22301 | Telegram Mobile App Passcode (SHA256) | Instant Messaging Service
23 | Skype | Instant Messaging Service
29600 | Terra Station Wallet (AES256-CBC(PBKDF2($pass))) | Cryptocurrency Wallet
26600 | MetaMask Wallet | Cryptocurrency Wallet
21000 | BitShares v0.x - sha512(sha512_bin(pass)) | Cryptocurrency Wallet
28501 | Bitcoin WIF private key (P2PKH), compressed | Cryptocurrency Wallet
28502 | Bitcoin WIF private key (P2PKH), uncompressed | Cryptocurrency Wallet
28503 | Bitcoin WIF private key (P2WPKH, Bech32), compressed | Cryptocurrency Wallet
28504 | Bitcoin WIF private key (P2WPKH, Bech32), uncompressed | Cryptocurrency Wallet
28505 | Bitcoin WIF private key (P2SH(P2WPKH)), compressed | Cryptocurrency Wallet
28506 | Bitcoin WIF private key (P2SH(P2WPKH)), uncompressed | Cryptocurrency Wallet
11300 | Bitcoin/Litecoin wallet.dat | Cryptocurrency Wallet
16600 | Electrum Wallet (Salt-Type 1-3) | Cryptocurrency Wallet
21700 | Electrum Wallet (Salt-Type 4) | Cryptocurrency Wallet
21800 | Electrum Wallet (Salt-Type 5) | Cryptocurrency Wallet
12700 | Blockchain, My Wallet | Cryptocurrency Wallet
15200 | Blockchain, My Wallet, V2 | Cryptocurrency Wallet
18800 | Blockchain, My Wallet, Second Password (SHA256) | Cryptocurrency Wallet
25500 | Stargazer Stellar Wallet XLM | Cryptocurrency Wallet
16300 | Ethereum Pre-Sale Wallet, PBKDF2-HMAC-SHA256 | Cryptocurrency Wallet
15600 | Ethereum Wallet, PBKDF2-HMAC-SHA256 | Cryptocurrency Wallet
15700 | Ethereum Wallet, SCRYPT | Cryptocurrency Wallet
22500 | MultiBit Classic .key (MD5) | Cryptocurrency Wallet
27700 | MultiBit Classic .wallet (scrypt) | Cryptocurrency Wallet
22700 | MultiBit HD (scrypt) | Cryptocurrency Wallet
28200 | Exodus Desktop Wallet (scrypt) | Cryptocurrency Wallet
- [ Brain Client Features ] -
# | Features
===+========
1 | Send hashed passwords
2 | Send attack positions
3 | Send hashed passwords and attack positions
- [ Outfile Formats ] -
# | Format
===+========
1 | hash[:salt]
2 | plain
3 | hex_plain
4 | crack_pos
5 | timestamp absolute
6 | timestamp relative
- [ Rule Debugging Modes ] -
# | Format
===+========
1 | Finding-Rule
2 | Original-Word
3 | Original-Word:Finding-Rule
4 | Original-Word:Finding-Rule:Processed-Word
5 | Original-Word:Finding-Rule:Processed-Word:Wordlist
- [ Attack Modes ] -
# | Mode
===+======
0 | Straight
1 | Combination
3 | Brute-force
6 | Hybrid Wordlist + Mask
7 | Hybrid Mask + Wordlist
9 | Association
- [ Built-in Charsets ] -
? | Charset
===+=========
l | abcdefghijklmnopqrstuvwxyz [a-z]
u | ABCDEFGHIJKLMNOPQRSTUVWXYZ [A-Z]
d | 0123456789 [0-9]
h | 0123456789abcdef [0-9a-f]
H | 0123456789ABCDEF [0-9A-F]
s | !"#$%&'()*+,-./:;<=>?@[\]^_`{|}~
a | ?l?u?d?s
b | 0x00 - 0xff
- [ OpenCL Device Types ] -
# | Device Type
===+=============
1 | CPU
2 | GPU
3 | FPGA, DSP, Co-Processor
- [ Workload Profiles ] -
# | Performance | Runtime | Power Consumption | Desktop Impact
===+=============+=========+===================+=================
1 | Low | 2 ms | Low | Minimal
2 | Default | 12 ms | Economic | Noticeable
3 | High | 96 ms | High | Unresponsive
4 | Nightmare | 480 ms | Insane | Headless
- [ License ] -
hashcat is licensed under the MIT license
Copyright and license terms are listed in docs/license.txt
- [ Basic Examples ] -
Attack- | Hash- |
Mode | Type | Example command
==================+=======+==================================================================
Wordlist | $P$ | hashcat -a 0 -m 400 example400.hash example.dict
Wordlist + Rules | MD5 | hashcat -a 0 -m 0 example0.hash example.dict -r rules/best64.rule
Brute-Force | MD5 | hashcat -a 3 -m 0 example0.hash ?a?a?a?a?a?a
Combinator | MD5 | hashcat -a 1 -m 0 example0.hash example.dict example.dict
Association | $1$ | hashcat -a 9 -m 500 example500.hash 1word.dict -r rules/best64.rule
If you still have no idea what just happened, try the following pages:
* https://hashcat.net/wiki/#howtos_videos_papers_articles_etc_in_the_wild
* https://hashcat.net/faq/
If you think you need help by a real human come to the hashcat Discord:
* https://hashcat.net/discordMódy útoku
Hashcat lze použít pro několik typů útoků:
- Slovník (-a 0) – Načte hodnotu z textového souboru a každý řádek použije jako kandidáta na heslo.
- Kombinace (-a 1) – Stejně jako slovníkový útok s tím rozdílem, že používá dva slovníky. Každé slovo slovníku je připojeno ke každému slovu druhého slovníku.
- Bruteforce a Maska (-a 3) – Vyzkouší všechny kombinace v daném prostoru. Jedná se o efektivní hrubou sílu v uživatelsky zadaných sadách znaků.
- Hybridní (-a 6 a -a 7) – Kombinace slovníkového útoku a útoku maskou.
Příklady útoku
Slovníkový útok
Zobrazení dostupných slovníků
Bash
wordlists -h
> wordlists ~ Contains the rockyou wordlist
/usr/share/wordlists
├── amass -> /usr/share/amass/wordlists
├── dirb -> /usr/share/dirb/wordlists
├── dirbuster -> /usr/share/dirbuster/wordlists
├── dnsmap.txt -> /usr/share/dnsmap/wordlist_TLAs.txt
├── fasttrack.txt -> /usr/share/set/src/fasttrack/wordlist.txt
├── fern-wifi -> /usr/share/fern-wifi-cracker/extras/wordlists
├── john.lst -> /usr/share/john/password.lst
├── legion -> /usr/share/legion/wordlists
├── metasploit -> /usr/share/metasploit-framework/data/wordlists
├── nmap.lst -> /usr/share/nmap/nselib/data/passwords.lst
├── rockyou.txt
├── rockyou.txt.gz
├── sqlmap.txt -> /usr/share/sqlmap/data/txt/wordlist.txt
├── wfuzz -> /usr/share/wfuzz/wordlist
└── wifite.txt -> /usr/share/dict/wordlist-probable.txtPříklad 1: MD5
Pro slovníkový útok jsme zvolili jednoduchá hesla, které jsme převedli na hashe přes MD5 online generátor. Tyto hashe jsme uložili do souboru hesla_md5.txt, ukázka viz níže.
42f749ade7f9e195bf475f37a44cafcb
21232f297a57a5a743894a0e4a801fc3
c8205c7636e728d448c2774e6a4a944bParametry:
- -a, určuje typ/mód útoku
- -m určuje hash, který byl použit. V našem případě 0 pro MD5.
- -o specifikuje kde se má uložit výstup
- -O výrazně zvýší rychlost prolamování, ale omezí délku hesla na 27 znaků
Následně jsme spustili tento příkaz:
Bash
hashcat -m 0 -a 0 -o vystup_md5_desifrovani.txt hesla_md5.txt /usr/share/wordlists/rockyou.txt -O
hashcat (v6.2.6) starting
OpenCL API (OpenCL 3.0 PoCL 5.0+debian Linux, None+Asserts, RELOC, SPIR, LLVM 16.0.6, SLEEF, DISTRO, POCL_DEBUG) - Platform #1 [The pocl project]
==================================================================================================================================================
* Device #1: cpu-penryn-Intel(R) Pentium(R) CPU G620 @ 2.60GHz, 1536/3137 MB (512 MB allocatable), 2MCU
Minimum password length supported by kernel: 0
Maximum password length supported by kernel: 31
Hashes: 3 digests; 3 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates
Rules: 1
Optimizers applied:
* Optimized-Kernel
* Zero-Byte
* Precompute-Init
* Meet-In-The-Middle
* Early-Skip
* Not-Salted
* Not-Iterated
* Single-Salt
* Raw-Hash
Watchdog: Temperature abort trigger set to 90c
Host memory required for this attack: 0 MB
Dictionary cache built:
* Filename..: /usr/share/wordlists/rockyou.txt
* Passwords.: 14344392
* Bytes.....: 139921507
* Keyspace..: 14344385
* Runtime...: 3 secs
Session..........: hashcat
Status...........: Cracked
Hash.Mode........: 0 (MD5)
Hash.Target......: hesla_md5.txt
Time.Started.....: Fri Apr 12 19:41:22 2024 (0 secs)
Time.Estimated...: Fri Apr 12 19:41:22 2024 (0 secs)
Kernel.Feature...: Optimized Kernel
Guess.Base.......: File (/usr/share/wordlists/rockyou.txt)
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........: 261.2 kH/s (0.14ms) @ Accel:256 Loops:1 Thr:1 Vec:4
Recovered........: 3/3 (100.00%) Digests (total), 3/3 (100.00%) Digests (new)
Progress.........: 41473/14344385 (0.29%)
Rejected.........: 1/41473 (0.00%)
Restore.Point....: 40961/14344385 (0.29%)
Restore.Sub.#1...: Salt:0 Amplifier:0-1 Iteration:0-1
Candidate.Engine.: Device Generator
Candidates.#1....: loool -> 180893
Hardware.Mon.#1..: Util: 51%
Started: Fri Apr 12 19:40:44 2024
Stopped: Fri Apr 12 19:41:23 2024
Výsledný soubor s prolomenými hašy:
21232f297a57a5a743894a0e4a801fc3:admin
42f749ade7f9e195bf475f37a44cafcb:Password123
c8205c7636e728d448c2774e6a4a944b:InternetPříklad 2: SHA-1
Stejné hesla, ale s zaheshované pomocí SHA-1:
d033e22ae348aeb5660fc2140aec35850c4da997
b2e98ad6f6eb8508dd6a14cfa704bad7f05f6fb1
66c06c11d179e39c42e5e800f99b57865822cf68Příkaz pro hashcat, nyní s parametrem -m 100 (SHA-1):
Bash
hashcat -m 100 -a 0 -o vystup_sha1_desifrovani.txt sha1_hesla.txt /usr/share/wordlists/rockyou.txt -O
hashcat (v6.2.6) starting
OpenCL API (OpenCL 3.0 PoCL 5.0+debian Linux, None+Asserts, RELOC, SPIR, LLVM 16.0.6, SLEEF, DISTRO, POCL_DEBUG) - Platform #1 [The pocl project]
==================================================================================================================================================
* Device #1: cpu-penryn-Intel(R) Pentium(R) CPU G620 @ 2.60GHz, 1536/3137 MB (512 MB allocatable), 2MCU
Minimum password length supported by kernel: 0
Maximum password length supported by kernel: 31
Hashes: 3 digests; 3 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates
Rules: 1
Optimizers applied:
* Optimized-Kernel
* Zero-Byte
* Precompute-Init
* Early-Skip
* Not-Salted
* Not-Iterated
* Single-Salt
* Raw-Hash
Watchdog: Temperature abort trigger set to 90c
Host memory required for this attack: 0 MB
Dictionary cache hit:
* Filename..: /usr/share/wordlists/rockyou.txt
* Passwords.: 14344385
* Bytes.....: 139921507
* Keyspace..: 14344385
Session..........: hashcat
Status...........: Cracked
Hash.Mode........: 100 (SHA1)
Hash.Target......: sha1_hesla.txt
Time.Started.....: Fri Apr 12 20:15:46 2024 (0 secs)
Time.Estimated...: Fri Apr 12 20:15:46 2024 (0 secs)
Kernel.Feature...: Optimized Kernel
Guess.Base.......: File (/usr/share/wordlists/rockyou.txt)
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........: 617.1 kH/s (0.21ms) @ Accel:256 Loops:1 Thr:1 Vec:4
Recovered........: 3/3 (100.00%) Digests (total), 3/3 (100.00%) Digests (new)
Progress.........: 41473/14344385 (0.29%)
Rejected.........: 1/41473 (0.00%)
Restore.Point....: 40961/14344385 (0.29%)
Restore.Sub.#1...: Salt:0 Amplifier:0-1 Iteration:0-1
Candidate.Engine.: Device Generator
Candidates.#1....: loool -> 180893
Hardware.Mon.#1..: Util: 43%
Started: Fri Apr 12 20:15:10 2024
Stopped: Fri Apr 12 20:15:47 2024Výsledný soubor s prolomenými hašy:
d033e22ae348aeb5660fc2140aec35850c4da997:admin
b2e98ad6f6eb8508dd6a14cfa704bad7f05f6fb1:Password123
66c06c11d179e39c42e5e800f99b57865822cf68:InternetPříklad 3: SHA2-256
Stejné hesla, ale s zahešované pomocí SHA2-256:
8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918
008c70392e3abfbd0fa47bbc2ed96aa99bd49e159727fcba0f2e6abeb3a9d601
57e8a431deec0d70da0a26ea3392e59688b11b79edfd04e9da823b16bcd1d4d7Příkaz pro Hashcat, nyní s parametrem -m 1400 (SHA2-256):
Bash
hashcat -m 1400 -a 0 -o vystup_sha256_desifrovani.txt hesla_sha256.txt /usr/share/wordlists/rockyou.txt -O
hashcat (v6.2.6) starting
OpenCL API (OpenCL 3.0 PoCL 5.0+debian Linux, None+Asserts, RELOC, SPIR, LLVM 16.0.6, SLEEF, DISTRO, POCL_DEBUG) - Platform #1 [The pocl project]
==================================================================================================================================================
* Device #1: cpu-penryn-Intel(R) Pentium(R) CPU G620 @ 2.60GHz, 1536/3137 MB (512 MB allocatable), 2MCU
Minimum password length supported by kernel: 0
Maximum password length supported by kernel: 31
Hashes: 3 digests; 3 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates
Rules: 1
Optimizers applied:
* Optimized-Kernel
* Zero-Byte
* Precompute-Init
* Early-Skip
* Not-Salted
* Not-Iterated
* Single-Salt
* Raw-Hash
Watchdog: Temperature abort trigger set to 90c
Host memory required for this attack: 0 MB
Dictionary cache hit:
* Filename..: /usr/share/wordlists/rockyou.txt
* Passwords.: 14344385
* Bytes.....: 139921507
* Keyspace..: 14344385
Session..........: hashcat
Status...........: Cracked
Hash.Mode........: 1400 (SHA2-256)
Hash.Target......: hesla_sha256.tx
Time.Started.....: Thu Apr 25 11:13:48 2024 (0 secs)
Time.Estimated...: Thu Apr 25 11:13:48 2024 (0 secs)
Kernel.Feature...: Optimized Kernel
Guess.Base.......: File (/usr/share/wordlists/rockyou.txt)
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........: 436.5 kH/s (0.47ms) @ Accel:256 Loops:1 Thr:1 Vec:4
Recovered........: 3/3 (100.00%) Digests (total), 3/3 (100.00%) Digests (new)
Progress.........: 41473/14344385 (0.29%)
Rejected.........: 1/41473 (0.00%)
Restore.Point....: 40961/14344385 (0.29%)
Restore.Sub.#1...: Salt:0 Amplifier:0-1 Iteration:0-1
Candidate.Engine.: Device Generator
Candidates.#1....: loool -> 180893
Hardware.Mon.#1..: Util: 50%
Started: Thu Apr 25 11:13:05 2024
Stopped: Thu Apr 25 11:13:50 2024Výsledný soubor s prolomenými hašy:
8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918:admin
008c70392e3abfbd0fa47bbc2ed96aa99bd49e159727fcba0f2e6abeb3a9d601:Password123
57e8a431deec0d70da0a26ea3392e59688b11b79edfd04e9da823b16bcd1d4d7:InternetPříklad 4: BLAKE2b – 512
Stejné hesla, ale s zahešované pomocí BLAKE2b – 512. Pro tento typ hashe je u Hashcatu potřeba přidat předznamení $BLAKE2$. Bez tohoto totiž Hashcat nedokáže Blake2 identifikovat a hlásí chybu.
$BLAKE2$bfcce2c19c8563fd4aa66f6ec607341ff25e5f6fe7fa520d7d1242d871385f23a3e8e80093120b4877d79535e10b182ae2ec8937d1f72f091e7178c9e4ff0f11
$BLAKE2$41efa2ee765dac718e8122c20caa1d5a8157bbdbcd1445d7273e5d0be9e79e16f6e8c127ab384d83c8fc70233138b0ccc59469c1e2ef3704f46740ee688a7396
$BLAKE2$9e27d871fa2561e2dc0e07dca66cf00ea597894e39db627ba611ca480b9edcdc4e15c8226a7ecf08c8c54953f6c45c68a5745b9724350228727fcb518531ef46Příkaz pro Hashcat, nyní s parametrem -m 600 (BLAKE2b – 512):
Bash
hashcat -m 600 -a 0 -o vystup_blake2b_desifrovani.txt hesla_blake2b.txt /usr/share/wordlists/rockyou.txt -O
hashcat (v6.2.6) starting
OpenCL API (OpenCL 3.0 PoCL 5.0+debian Linux, None+Asserts, RELOC, SPIR, LLVM 16.0.6, SLEEF, DISTRO, POCL_DEBUG) - Platform #1 [The pocl project]
==================================================================================================================================================
* Device #1: cpu-penryn-Intel(R) Pentium(R) CPU G620 @ 2.60GHz, 1536/3137 MB (512 MB allocatable), 2MCU
Minimum password length supported by kernel: 0
Maximum password length supported by kernel: 31
Hashes: 3 digests; 3 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates
Rules: 1
Optimizers applied:
* Optimized-Kernel
* Zero-Byte
* Not-Iterated
* Single-Salt
* Raw-Hash
* Uses-64-Bit
Watchdog: Temperature abort trigger set to 90c
Host memory required for this attack: 0 MB
Dictionary cache hit:
* Filename..: /usr/share/wordlists/rockyou.txt
* Passwords.: 14344385
* Bytes.....: 139921507
* Keyspace..: 14344385
Session..........: hashcat
Status...........: Cracked
Hash.Mode........: 600 (BLAKE2b-512)
Hash.Target......: hesla_blake2b.txt
Time.Started.....: Tue Apr 30 20:47:24 2024 (0 secs)
Time.Estimated...: Tue Apr 30 20:47:25 2024 (1 secs)
Kernel.Feature...: Optimized Kernel
Guess.Base.......: File (/usr/share/wordlists/rockyou.txt)
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........: 848.5 kH/s (0.34ms) @ Accel:256 Loops:1 Thr:1 Vec:2
Recovered........: 3/3 (100.00%) Digests (total), 3/3 (100.00%) Digests (new)
Progress.........: 41473/14344385 (0.29%)
Rejected.........: 1/41473 (0.00%)
Restore.Point....: 40961/14344385 (0.29%)
Restore.Sub.#1...: Salt:0 Amplifier:0-1 Iteration:0-1
Candidate.Engine.: Device Generator
Candidates.#1....: loool -> 180893
Hardware.Mon.#1..: Util: 47%
Started: Tue Apr 30 20:47:22 2024
Stopped: Tue Apr 30 20:47:26 2024Výsledný soubor s prolomenými hašy:
$BLAKE2$bfcce2c19c8563fd4aa66f6ec607341ff25e5f6fe7fa520d7d1242d871385f23a3e8e80093120b4877d79535e10b182ae2ec8937d1f72f091e7178c9e4ff0f11:admin
$BLAKE2$41efa2ee765dac718e8122c20caa1d5a8157bbdbcd1445d7273e5d0be9e79e16f6e8c127ab384d83c8fc70233138b0ccc59469c1e2ef3704f46740ee688a7396:Password123
$BLAKE2$9e27d871fa2561e2dc0e07dca66cf00ea597894e39db627ba611ca480b9edcdc4e15c8226a7ecf08c8c54953f6c45c68a5745b9724350228727fcb518531ef46:InternetSrovnání rychlostí prolomení
Slovníkový útok s pravidly
Zobrazení seznamu dostupných pravidel
Bash
┌──(kali㉿kali)-[/usr/share/hashcat/rules]
└─$ ls -l
total 2852
-rw-r--r-- 1 root root 933 Oct 6 2022 best64.rule
-rw-r--r-- 1 root root 754 Oct 6 2022 combinator.rule
-rw-r--r-- 1 root root 200739 Oct 6 2022 d3ad0ne.rule
-rw-r--r-- 1 root root 788063 Oct 6 2022 dive.rule
-rw-r--r-- 1 root root 483425 Oct 6 2022 generated2.rule
-rw-r--r-- 1 root root 78068 Oct 6 2022 generated.rule
drwxr-xr-x 2 root root 4096 Feb 25 16:46 hybrid
-rw-r--r-- 1 root root 309439 Oct 6 2022 Incisive-leetspeak.rule
-rw-r--r-- 1 root root 35802 Oct 6 2022 InsidePro-HashManager.rule
-rw-r--r-- 1 root root 20580 Oct 6 2022 InsidePro-PasswordsPro.rule
-rw-r--r-- 1 root root 298 Oct 6 2022 leetspeak.rule
-rw-r--r-- 1 root root 1280 Oct 6 2022 oscommerce.rule
-rw-r--r-- 1 root root 301161 Oct 6 2022 rockyou-30000.rule
-rw-r--r-- 1 root root 1563 Oct 6 2022 specific.rule
-rw-r--r-- 1 root root 1289 Oct 6 2022 T0XlC_3_rule.rule
-rw-r--r-- 1 root root 64068 Oct 6 2022 T0XlC-insert_00-99_1950-2050_toprules_0_F.rule
-rw-r--r-- 1 root root 168700 Oct 6 2022 T0XlC_insert_HTML_entities_0_Z.rule
-rw-r--r-- 1 root root 2027 Oct 6 2022 T0XlC-insert_space_and_special_0_F.rule
-rw-r--r-- 1 root root 34437 Oct 6 2022 T0XlC-insert_top_100_passwords_1_G.rule
-rw-r--r-- 1 root root 34813 Oct 6 2022 T0XlC.rule
-rw-r--r-- 1 root root 197418 Oct 6 2022 T0XlCv2.rule
-rw-r--r-- 1 root root 45 Oct 6 2022 toggles1.rule
-rw-r--r-- 1 root root 570 Oct 6 2022 toggles2.rule
-rw-r--r-- 1 root root 3755 Oct 6 2022 toggles3.rule
-rw-r--r-- 1 root root 16040 Oct 6 2022 toggles4.rule
-rw-r--r-- 1 root root 49073 Oct 6 2022 toggles5.rule
-rw-r--r-- 1 root root 55346 Oct 6 2022 unix-ninja-leetspeak.ruleSeznam vstupních hašů:
Příklad 1: MD5 s pravidly best64
db69efb2fe9de7ae3268d7ee520f28d0
47a21a434edabe1abea6e6ec4d2f20cb
00793e65eb29ec261f525ee086ee693a
bb961d424fe90b99303c83d819014f01Příkaz pro slovníkový útoku s pravidlem best64:
Bash
hashcat -m 0 -a 0 -o vystup_md5_desifrovani_slovnik_pravidla.txt hesla_md5_slovnik.txt /usr/share/wordlists/rockyou.txt -r /usr/share/hashcat/rules/best64.rule -O
hashcat (v6.2.6) starting
OpenCL API (OpenCL 3.0 PoCL 5.0+debian Linux, None+Asserts, RELOC, SPIR, LLVM 16.0.6, SLEEF, DISTRO, POCL_DEBUG) - Platform #1 [The pocl project]
==================================================================================================================================================
* Device #1: cpu-penryn-Intel(R) Pentium(R) CPU G620 @ 2.60GHz, 1536/3137 MB (512 MB allocatable), 2MCU
Minimum password length supported by kernel: 0
Maximum password length supported by kernel: 31
Hashes: 4 digests; 4 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates
Rules: 77
Optimizers applied:
* Optimized-Kernel
* Zero-Byte
* Precompute-Init
* Meet-In-The-Middle
* Early-Skip
* Not-Salted
* Not-Iterated
* Single-Salt
* Raw-Hash
Watchdog: Temperature abort trigger set to 90c
Host memory required for this attack: 0 MB
Dictionary cache hit:
* Filename..: /usr/share/wordlists/rockyou.txt
* Passwords.: 14344385
* Bytes.....: 139921507
* Keyspace..: 1104517645
Session..........: hashcat
Status...........: Exhausted
Hash.Mode........: 0 (MD5)
Hash.Target......: hesla_md5_slovnik.txt
Time.Started.....: Thu Apr 25 13:54:58 2024 (1 min, 39 secs)
Time.Estimated...: Thu Apr 25 13:56:37 2024 (0 secs)
Kernel.Feature...: Optimized Kernel
Guess.Base.......: File (/usr/share/wordlists/rockyou.txt)
Guess.Mod........: Rules (/usr/share/hashcat/rules/best64.rule)
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........: 11148.2 kH/s (3.14ms) @ Accel:256 Loops:77 Thr:1 Vec:4
Recovered........: 3/4 (75.00%) Digests (total), 3/4 (75.00%) Digests (new)
Progress.........: 1104517645/1104517645 (100.00%)
Rejected.........: 238238/1104517645 (0.02%)
Restore.Point....: 14344385/14344385 (100.00%)
Restore.Sub.#1...: Salt:0 Amplifier:0-77 Iteration:0-77
Candidate.Engine.: Device Generator
Candidates.#1....: $HEX[20687071313233] -> $HEX[04a156616d6f]
Hardware.Mon.#1..: Util: 94%
Started: Thu Apr 25 13:54:56 2024
Stopped: Thu Apr 25 13:56:39 2024Výsledný soubor s prolomenými hashy:
47a21a434edabe1abea6e6ec4d2f20cb:mojeheslo
00793e65eb29ec261f525ee086ee693a:tajneheslo
bb961d424fe90b99303c83d819014f01:PassWord1234Ve výsledném souboru jsou 3 prolomená hesla ze 4. Chybí zde první hašh, který obsahoval heslo: !nterNet
Příklad 2: SHA-1 s pravidly best64
5e358da5261ab5d984ab0c914f86861a8f1bcc9c
66d30c93619758b4fd14eb88a7c7b9ff1d4c4b6e
56ac2821246eb2d132df130db19aa9da25850fd3
50a8371455bbc2aeed297b411edd9ea6411b6188Příkaz pro slovníkový útoku s pravidlem best64:
Bash
hashcat -m 100 -a 0 -o vystup_sha1_desifrovani_pravidla_slovnik.txt hesla_sha1_slovnik_pravidla.txt /usr/share/wordlists/rockyou.txt -r /usr/share/hashcat/rules/best64.rule -O
hashcat (v6.2.6) starting
OpenCL API (OpenCL 3.0 PoCL 5.0+debian Linux, None+Asserts, RELOC, SPIR, LLVM 16.0.6, SLEEF, DISTRO, POCL_DEBUG) - Platform #1 [The pocl project]
==================================================================================================================================================
* Device #1: cpu-penryn-Intel(R) Pentium(R) CPU G620 @ 2.60GHz, 1536/3137 MB (512 MB allocatable), 2MCU
Minimum password length supported by kernel: 0
Maximum password length supported by kernel: 31
Hashes: 4 digests; 4 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates
Rules: 77
Optimizers applied:
* Optimized-Kernel
* Zero-Byte
* Precompute-Init
* Early-Skip
* Not-Salted
* Not-Iterated
* Single-Salt
* Raw-Hash
Watchdog: Temperature abort trigger set to 90c
Host memory required for this attack: 0 MB
Dictionary cache hit:
* Filename..: /usr/share/wordlists/rockyou.txt
* Passwords.: 14344385
* Bytes.....: 139921507
* Keyspace..: 1104517645
Session..........: hashcat
Status...........: Exhausted
Hash.Mode........: 100 (SHA1)
Hash.Target......: hesla_sha1_slovnik_pravidla.txt
Time.Started.....: Thu Apr 25 14:48:08 2024 (1 min, 44 secs)
Time.Estimated...: Thu Apr 25 14:49:52 2024 (0 secs)
Kernel.Feature...: Optimized Kernel
Guess.Base.......: File (/usr/share/wordlists/rockyou.txt)
Guess.Mod........: Rules (/usr/share/hashcat/rules/best64.rule)
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........: 10556.3 kH/s (3.45ms) @ Accel:256 Loops:77 Thr:1 Vec:4
Recovered........: 3/4 (75.00%) Digests (total), 3/4 (75.00%) Digests (new)
Progress.........: 1104517645/1104517645 (100.00%)
Rejected.........: 238238/1104517645 (0.02%)
Restore.Point....: 14344385/14344385 (100.00%)
Restore.Sub.#1...: Salt:0 Amplifier:0-77 Iteration:0-77
Candidate.Engine.: Device Generator
Candidates.#1....: $HEX[20687071313233] -> $HEX[04a156616d6f]
Hardware.Mon.#1..: Util: 95%
Started: Thu Apr 25 14:48:07 2024
Stopped: Thu Apr 25 14:49:53 2024Výsledný soubor s prolomenými hashy:
66d30c93619758b4fd14eb88a7c7b9ff1d4c4b6e:mojeheslo
56ac2821246eb2d132df130db19aa9da25850fd3:tajneheslo
50a8371455bbc2aeed297b411edd9ea6411b6188:PassWord1234Ve výsledném souboru jsou 3 prolomená hesla ze 4. Chybí zde první hašh, který obsahoval heslo: !nterNet
Příklad 3: SHA-256 s pravidly best64
597868cff006a3faeb434cb9f9fd76f268254802a342804d72fb26ad63077962
3d472d1b85f55b8fbaa0bb9bddf9e91dd070ca23a8db6cac0c58be0a7a9521b6
7e2677c4c788b2ca0c378c4824dd4928e5fcdd43b504050e2eaec22984762c78
8c9d4263460a78452eaab5a90f938c71d1c38700d7de2d0325fdd1daa08e9d23Příkaz pro slovníkový útoku s pravidlem best64:
Bash
hashcat -m 1400 -a 0 -o vystup_sha256_desifrovani_pravidla_slovnik.txt hesla_sha256_slovnik_pravidla.txt /usr/share/wordlists/rockyou.txt -r /usr/share/hashcat/rules/best64.rule -O
hashcat (v6.2.6) starting
OpenCL API (OpenCL 3.0 PoCL 5.0+debian Linux, None+Asserts, RELOC, SPIR, LLVM 16.0.6, SLEEF, DISTRO, POCL_DEBUG) - Platform #1 [The pocl project]
==================================================================================================================================================
* Device #1: cpu-penryn-Intel(R) Pentium(R) CPU G620 @ 2.60GHz, 1536/3137 MB (512 MB allocatable), 2MCU
Minimum password length supported by kernel: 0
Maximum password length supported by kernel: 31
Hashes: 4 digests; 4 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates
Rules: 77
Optimizers applied:
* Optimized-Kernel
* Zero-Byte
* Precompute-Init
* Early-Skip
* Not-Salted
* Not-Iterated
* Single-Salt
* Raw-Hash
Watchdog: Temperature abort trigger set to 90c
Host memory required for this attack: 0 MB
Dictionary cache hit:
* Filename..: /usr/share/wordlists/rockyou.txt
* Passwords.: 14344385
* Bytes.....: 139921507
* Keyspace..: 1104517645
Session..........: hashcat
Status...........: Exhausted
Hash.Mode........: 1400 (SHA2-256)
Hash.Target......: hesla_sha256_slovnik_pravidla.txt
Time.Started.....: Thu Apr 25 14:58:24 2024 (2 mins, 49 secs)
Time.Estimated...: Thu Apr 25 15:01:13 2024 (0 secs)
Kernel.Feature...: Optimized Kernel
Guess.Base.......: File (/usr/share/wordlists/rockyou.txt)
Guess.Mod........: Rules (/usr/share/hashcat/rules/best64.rule)
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........: 6546.3 kH/s (5.60ms) @ Accel:256 Loops:77 Thr:1 Vec:4
Recovered........: 3/4 (75.00%) Digests (total), 3/4 (75.00%) Digests (new)
Progress.........: 1104517645/1104517645 (100.00%)
Rejected.........: 238238/1104517645 (0.02%)
Restore.Point....: 14344385/14344385 (100.00%)
Restore.Sub.#1...: Salt:0 Amplifier:0-77 Iteration:0-77
Candidate.Engine.: Device Generator
Candidates.#1....: $HEX[20687071313233] -> $HEX[04a156616d6f]
Hardware.Mon.#1..: Util: 98%
Started: Thu Apr 25 14:58:23 2024
Stopped: Thu Apr 25 15:01:15 2024Výsledný soubor s prolomenými hashy:
3d472d1b85f55b8fbaa0bb9bddf9e91dd070ca23a8db6cac0c58be0a7a9521b6:mojeheslo
7e2677c4c788b2ca0c378c4824dd4928e5fcdd43b504050e2eaec22984762c78:tajneheslo
8c9d4263460a78452eaab5a90f938c71d1c38700d7de2d0325fdd1daa08e9d23:PassWord12Ve výsledném souboru jsou 3 prolomená hesla ze 4. Chybí zde první hašh, který obsahoval heslo: !nterNet
Příklad 4: BLAKE2b – 512 s pravidly best64
$BLAKE2$6e76262972afcd43205cfeb1cbca28f35d7764f6f9786937aacc26726a0ec1ff26965798d4a54f315d2eb0a01df77c1092c82f16df21d8642384ef7f37f0e6c5
$BLAKE2$2087c7c1e3f732cebf8c3a85d080515fb5ef49033b316c813e06bc779f3ba6c508afb05672f5c048d5104b5994dfcdb13a66760998af062f4015b02c4e830d85
$BLAKE2$f6fbd3bea8608a5621efbad1a615ad968b8da92f0c6632c9cb12378536a50cbc8347782092a0a8e30ce4224c05194263e3b95e30954d55b6ddbd8cb45e09a7e9
$BLAKE2$44ff6dcfc067b5f29c88b0577df922e806dcfbae33a08dd16ef4d534e180d35c147c1cfb8e7032ed8cd2b631dbceb309472cc0f13456149b904cbcefc735d845Příkaz pro slovníkový útoku s pravidlem best64:
Bash
hashcat -m 600 -a 0 -o vystup_blake2b_desifrovani_pravidla_slovnik.txt hesla_blake2_slovnik_pravidla.txt /usr/share/wordlists/rockyou.txt -r /usr/share/hashcat/rules/best64.rule -O
hashcat (v6.2.6) starting
OpenCL API (OpenCL 3.0 PoCL 5.0+debian Linux, None+Asserts, RELOC, SPIR, LLVM 16.0.6, SLEEF, DISTRO, POCL_DEBUG) - Platform #1 [The pocl project]
==================================================================================================================================================
* Device #1: cpu-penryn-Intel(R) Pentium(R) CPU G620 @ 2.60GHz, 1536/3137 MB (512 MB allocatable), 2MCU
Minimum password length supported by kernel: 0
Maximum password length supported by kernel: 31
Hashes: 4 digests; 4 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates
Rules: 77
Optimizers applied:
* Optimized-Kernel
* Zero-Byte
* Not-Iterated
* Single-Salt
* Raw-Hash
* Uses-64-Bit
Watchdog: Temperature abort trigger set to 90c
Host memory required for this attack: 0 MB
Dictionary cache hit:
* Filename..: /usr/share/wordlists/rockyou.txt
* Passwords.: 14344385
* Bytes.....: 139921507
* Keyspace..: 1104517645
Session..........: hashcat
Status...........: Exhausted
Hash.Mode........: 600 (BLAKE2b-512)
Hash.Target......: hesla_blake2_slovnik_pravidla.txt
Time.Started.....: Tue Apr 30 20:39:15 2024 (4 mins, 53 secs)
Time.Estimated...: Tue Apr 30 20:44:08 2024 (0 secs)
Kernel.Feature...: Optimized Kernel
Guess.Base.......: File (/usr/share/wordlists/rockyou.txt)
Guess.Mod........: Rules (/usr/share/hashcat/rules/best64.rule)
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........: 3773.5 kH/s (10.06ms) @ Accel:256 Loops:77 Thr:1 Vec:2
Recovered........: 3/4 (75.00%) Digests (total), 3/4 (75.00%) Digests (new)
Progress.........: 1104517645/1104517645 (100.00%)
Rejected.........: 238238/1104517645 (0.02%)
Restore.Point....: 14344385/14344385 (100.00%)
Restore.Sub.#1...: Salt:0 Amplifier:0-77 Iteration:0-77
Candidate.Engine.: Device Generator
Candidates.#1....: $HEX[20687071313233] -> $HEX[04a156616d6f]
Hardware.Mon.#1..: Util: 98%
Started: Tue Apr 30 20:39:12 2024
Stopped: Tue Apr 30 20:44:09 2024
Výsledný soubor s prolomenými hashy:
$BLAKE2$44ff6dcfc067b5f29c88b0577df922e806dcfbae33a08dd16ef4d534e180d35c147c1cfb8e7032ed8cd2b631dbceb309472cc0f13456149b904cbcefc735d845:PassWord12
$BLAKE2$2087c7c1e3f732cebf8c3a85d080515fb5ef49033b316c813e06bc779f3ba6c508afb05672f5c048d5104b5994dfcdb13a66760998af062f4015b02c4e830d85:mojeheslo
$BLAKE2$f6fbd3bea8608a5621efbad1a615ad968b8da92f0c6632c9cb12378536a50cbc8347782092a0a8e30ce4224c05194263e3b95e30954d55b6ddbd8cb45e09a7e9:tajnehesloVe výsledném souboru jsou 3 prolomená hesla ze 4. Chybí zde první hašh, který obsahoval heslo: !nterNet
Srovnání rychlostí prolomení
Kombinovaný útok
Pro kombinovaný útok byl vytvořen nový slovník slovnik.txt pro zkombinování se slovníkem rockyou.txt. Slovnik.txt:
123456789
987654321
heslo
Heslo
hesloheslo
HesloHesloPříklad 1: MD5 kombinovaný útok
Seznam vstupních hashů pro kombinovaný útok:
5c8297c81245b5380b321dd9bf8cc29b
6ebe76c9fb411be97b3b0d48b791a7c9
955db0b81ef1989b4a4dfeae8061a9a6
3ea4db050dfd4daa3a93e9434c468776
e26256d0d2e39dc4fc5f5a28c593fcae
8c61ad09293001885517547926004decPříkaz kombinovaného útoku s využitím dvou slovníků rockyou.txt a slovnik.txt
Bash
hashcat -m 0 -a 1 hesla_md5_kombi.txt /usr/share/wordlists/rockyou.txt /usr/share/wordlists/slovnik.txt -o vystup_md5_kombinovany.txt -O
hashcat (v6.2.6) starting
OpenCL API (OpenCL 3.0 PoCL 5.0+debian Linux, None+Asserts, RELOC, SPIR, LLVM 16.0.6, SLEEF, DISTRO, POCL_DEBUG) - Platform #1 [The pocl project]
==================================================================================================================================================
* Device #1: cpu-sandybridge-Intel(R) Core(TM) i5-8300H CPU @ 2.30GHz, 1085/2235 MB (512 MB allocatable), 4MCU
Minimum password length supported by kernel: 0
Maximum password length supported by kernel: 31
Dictionary cache hit:
* Filename..: rockyou.txt
* Passwords.: 14344385
* Bytes.....: 139921507
* Keyspace..: 14344385
Dictionary cache built:
* Filename..: slovnik.txt
* Passwords.: 6
* Bytes.....: 54
* Keyspace..: 6
* Runtime...: 0 secs
Hashes: 8 digests; 8 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates
Optimizers applied:
* Optimized-Kernel
* Zero-Byte
* Precompute-Init
* Meet-In-The-Middle
* Early-Skip
* Not-Salted
* Not-Iterated
* Single-Salt
* Raw-Hash
Watchdog: Temperature abort trigger set to 90c
INFO: Removed 5 hashes found as potfile entries.
Host memory required for this attack: 0 MB
Dictionary cache hit:
* Filename..: rockyou.txt
* Passwords.: 14344385
* Bytes.....: 139921507
* Keyspace..: 86066310
Session..........: hashcat
Status...........: Cracked
Hash.Mode........: 0 (MD5)
Hash.Target......: hesla_md5_kombi.txt
Time.Started.....: Fri Apr 19 15:54:21 2024 (0 secs)
Time.Estimated...: Fri Apr 19 15:54:21 2024 (0 secs)
Kernel.Feature...: Optimized Kernel
Guess.Base.......: File (rockyou.txt), Left Side
Guess.Mod........: File (slovnik.txt), Right Side
Speed.#1.........: 7223.2 kH/s (0.20ms) @ Accel:256 Loops:6 Thr:1 Vec:8
Recovered........: 8/8 (100.00%) Digests (total), 3/8 (37.50%) Digests (new)
Progress.........: 30720/86066310 (0.04%)
Rejected.........: 0/30720 (0.00%)
Restore.Point....: 4096/14344385 (0.03%)
Restore.Sub.#1...: Salt:0 Amplifier:0-6 Iteration:0-6
Candidate.Engine.: Device Generator
Candidates.#1....: newzealandHeslo -> babygrlHesloHeslo
Hardware.Mon.#1..: Util: 27%
Started: Fri Apr 19 15:54:20 2024
Stopped: Fri Apr 19 15:54:23 2024Výsledný soubor s prolomenými hashy:
5c8297c81245b5380b321dd9bf8cc29b:123456789
6ebe76c9fb411be97b3b0d48b791a7c9:987654321
955db0b81ef1989b4a4dfeae8061a9a6:heslo
3ea4db050dfd4daa3a93e9434c468776:Heslo
e26256d0d2e39dc4fc5f5a28c593fcae:hesloheslo
8c61ad09293001885517547926004dec:HesloHesloPříklad 2: SHA-1 kombinovaný útok
Seznam vstupních hashů pro kombinovaný útok:
f7c3bc1d808e04732adf679965ccc34ca7ae3441
bfe54caa6d483cc3887dce9d1b8eb91408f1ea7a
6e017b5464f820a6c1bb5e9f6d711a667a80d8ea
894f36e5fe639267301de83d341819acc0a14d4b
d89082db4a519a5f3c4a4b46269c5333e4000fb7
f5af3142a33a54e1d2228ee7e9af31c832a24855Příkaz kombinovaného útoku s využitím dvou slovníků rockyou.txt a slovnik.txt
Bash
hashcat -m 100 -a 1 -o vystup_sha1_kombi.txt hesla_sha1_kombi.txt /usr/share/wordlists/rockyou.txt /usr/share/wordlists/slovnik.txt -O
hashcat (v6.2.6) starting
OpenCL API (OpenCL 3.0 PoCL 5.0+debian Linux, None+Asserts, RELOC, SPIR, LLVM 16.0.6, SLEEF, DISTRO, POCL_DEBUG) - Platform #1 [The pocl project]
==================================================================================================================================================
* Device #1: cpu-sandybridge-Intel(R) Core(TM) i5-8300H CPU @ 2.30GHz, 1085/2235 MB (512 MB allocatable), 4MCU
Minimum password length supported by kernel: 0
Maximum password length supported by kernel: 31
Dictionary cache hit:
* Filename..: /usr/share/wordlists/rockyou.txt
* Passwords.: 14344385
* Bytes.....: 139921507
* Keyspace..: 14344385
Dictionary cache built:
* Filename..: /usr/share/wordlists/slovnik.txt
* Passwords.: 6
* Bytes.....: 54
* Keyspace..: 6
* Runtime...: 0 secs
Hashes: 6 digests; 6 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates
Optimizers applied:
* Optimized-Kernel
* Zero-Byte
* Precompute-Init
* Early-Skip
* Not-Salted
* Not-Iterated
* Single-Salt
* Raw-Hash
Watchdog: Temperature abort trigger set to 90c
Host memory required for this attack: 0 MB
Dictionary cache hit:
* Filename..: /usr/share/wordlists/rockyou.txt
* Passwords.: 14344385
* Bytes.....: 139921507
* Keyspace..: 86066310
Session..........: hashcat
Status...........: Cracked
Hash.Mode........: 100 (SHA1)
Hash.Target......: hesla_sha1_kombi.txt
Time.Started.....: Wed May 1 17:34:26 2024 (7 secs)
Time.Estimated...: Wed May 1 17:34:33 2024 (0 secs)
Kernel.Feature...: Optimized Kernel
Guess.Base.......: File (/usr/share/wordlists/rockyou.txt), Left Side
Guess.Mod........: File (/usr/share/wordlists/slovnik.txt), Right Side
Speed.#1.........: 589.0 kH/s (0.37ms) @ Accel:256 Loops:6 Thr:1 Vec:8
Recovered........: 6/6 (100.00%) Digests (total), 6/6 (100.00%) Digests (new)
Progress.........: 30720/86066310 (0.04%)
Rejected.........: 0/30720 (0.00%)
Restore.Point....: 4096/14344385 (0.03%)
Restore.Sub.#1...: Salt:0 Amplifier:0-6 Iteration:0-6
Candidate.Engine.: Device Generator
Candidates.#1....: newzealandHeslo -> babygrlHesloHeslo
Hardware.Mon.#1..: Util: 19%
Started: Wed May 1 17:34:24 2024
Stopped: Wed May 1 17:34:34 2024Výsledný soubor s prolomenými hashy:
894f36e5fe639267301de83d341819acc0a14d4b:Heslo
6e017b5464f820a6c1bb5e9f6d711a667a80d8ea:heslo
f7c3bc1d808e04732adf679965ccc34ca7ae3441:123456789
bfe54caa6d483cc3887dce9d1b8eb91408f1ea7a:987654321
d89082db4a519a5f3c4a4b46269c5333e4000fb7:hesloheslo
f5af3142a33a54e1d2228ee7e9af31c832a24855:HesloHesloPříklad 3: SHA-256 kombinovaný útok
Seznam vstupních hashů pro kombinovaný útok:
15e2b0d3c33891ebb0f1ef609ec419420c20e320ce94c65fbc8c3312448eb225
8a9bcf1e51e812d0af8465a8dbcc9f741064bf0af3b3d08e6b0246437c19f7fb
56b1db8133d9eb398aabd376f07bf8ab5fc584ea0b8bd6a1770200cb613ca005
a522b2e58855d49bf2ca3754f625ff84613c5328421b29907ac6254b2380f97b
6de8ead8f2590b0437f137eafa3c03d145952e32bfe54a0525eb9371f72053f1
f10053ecd2e9e03327ac1ca371f1a10f9b0d990d8d0968a46dab9584c0d10ff9Příkaz kombinovaného útoku s využitím dvou slovníků rockyou.txt a slovnik.txt
Bash
hashcat -m 1400 -a 1 -o vystup_sha256_kombi.txt hesla_sha256_kombi.txt /usr/share/wordlists/rockyou.txt /usr/share/wordlists/slovnik.txt -O
hashcat (v6.2.6) starting
OpenCL API (OpenCL 3.0 PoCL 5.0+debian Linux, None+Asserts, RELOC, SPIR, LLVM 16.0.6, SLEEF, DISTRO, POCL_DEBUG) - Platform #1 [The pocl project]
==================================================================================================================================================
* Device #1: cpu-sandybridge-Intel(R) Core(TM) i5-8300H CPU @ 2.30GHz, 1085/2235 MB (512 MB allocatable), 4MCU
Minimum password length supported by kernel: 0
Maximum password length supported by kernel: 31
Dictionary cache hit:
* Filename..: /usr/share/wordlists/rockyou.txt
* Passwords.: 14344385
* Bytes.....: 139921507
* Keyspace..: 14344385
Dictionary cache hit:
* Filename..: /usr/share/wordlists/slovnik.txt
* Passwords.: 6
* Bytes.....: 54
* Keyspace..: 6
Hashes: 6 digests; 6 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates
Optimizers applied:
* Optimized-Kernel
* Zero-Byte
* Precompute-Init
* Early-Skip
* Not-Salted
* Not-Iterated
* Single-Salt
* Raw-Hash
Watchdog: Temperature abort trigger set to 90c
Host memory required for this attack: 0 MB
Dictionary cache hit:
* Filename..: /usr/share/wordlists/rockyou.txt
* Passwords.: 14344385
* Bytes.....: 139921507
* Keyspace..: 86066310
Session..........: hashcat
Status...........: Cracked
Hash.Mode........: 1400 (SHA2-256)
Hash.Target......: hesla_sha256_kombi.txt
Time.Started.....: Wed May 1 17:36:34 2024 (22 secs)
Time.Estimated...: Wed May 1 17:36:56 2024 (0 secs)
Kernel.Feature...: Optimized Kernel
Guess.Base.......: File (/usr/share/wordlists/rockyou.txt), Left Side
Guess.Mod........: File (/usr/share/wordlists/slovnik.txt), Right Side
Speed.#1.........: 4684.7 kH/s (0.57ms) @ Accel:256 Loops:6 Thr:1 Vec:8
Recovered........: 6/6 (100.00%) Digests (total), 6/6 (100.00%) Digests (new)
Progress.........: 30720/86066310 (0.04%)
Rejected.........: 0/30720 (0.00%)
Restore.Point....: 4096/14344385 (0.03%)
Restore.Sub.#1...: Salt:0 Amplifier:0-6 Iteration:0-6
Candidate.Engine.: Device Generator
Candidates.#1....: newzealandHeslo -> babygrlHesloHeslo
Hardware.Mon.#1..: Util: 24%
Started: Wed May 1 17:36:32 2024
Stopped: Wed May 1 17:36:56 2024Výsledný soubor s prolomenými hashy:
a522b2e58855d49bf2ca3754f625ff84613c5328421b29907ac6254b2380f97b:Heslo
56b1db8133d9eb398aabd376f07bf8ab5fc584ea0b8bd6a1770200cb613ca005:heslo
15e2b0d3c33891ebb0f1ef609ec419420c20e320ce94c65fbc8c3312448eb225:123456789
8a9bcf1e51e812d0af8465a8dbcc9f741064bf0af3b3d08e6b0246437c19f7fb:987654321
6de8ead8f2590b0437f137eafa3c03d145952e32bfe54a0525eb9371f72053f1:hesloheslo
f10053ecd2e9e03327ac1ca371f1a10f9b0d990d8d0968a46dab9584c0d10ff9:HesloHesloPříklad 4: BLAKE2b kombinovaný útok
Seznam vstupních hashů pro kombinovaný útok:
$BLAKE2$f5ab8bafa6f2f72b431188ac38ae2de7bb618fb3d38b6cbf639defcdd5e10a86b22fccff571da37e42b23b80b657ee4d936478f582280a87d6dbb1da73f5c47d
$BLAKE2$5f9b2deed8e02e62ff916f0b14095a7f94a5ee5a6fdaebe5a6ac101e094c83c93ba7ca3a28caaa4ad3876b5b628493f2f64ba55d64a3f02f3ca0e831ae862442
$BLAKE2$17dece361c74fe55cc73d9f2237161c99798078b1d7ee33f6d15fbde4a34ea7dddc62ab0c648ad1922ba5b364aef22b5caa0d32cdeadb7890d9c2c3be9bf1e99
$BLAKE2$6a96922a70a610cf34e7985e84422bfd32d7bfa9ae86ad10889209b39bda4104f1d26e5bb1c0bb6946f608c7c4aa66166373756ef6605dc9ff1786133f9f1dfa
$BLAKE2$6965b0e7d117b7de9a36d8443164edd7a4d15ca90bcdfcc9cd41b902a816922b21c2cee64f779983d365809a9d4c051c27f484c783b6245280266fdd667751bd
$BLAKE2$8ab82afd6c0a4b3ca0d98c434f74cbf48996255af5974af41ae8fb39b55e175a7cbb2838dce68dc191311785906fda35f33c9e4479cd39d0c32da875bd626965Příkaz kombinovaného útoku s využitím dvou slovníků rockyou.txt a slovnik.txt
Bash
hashcat -m 600 -a 1 -o vystup_blake2b_kombi.txt hesla_blake2b_kombi.txt /usr/share/wordlists/rockyou.txt /usr/share/wordlists/slovnik.txt -O
hashcat (v6.2.6) starting
OpenCL API (OpenCL 3.0 PoCL 5.0+debian Linux, None+Asserts, RELOC, SPIR, LLVM 16.0.6, SLEEF, DISTRO, POCL_DEBUG) - Platform #1 [The pocl project]
==================================================================================================================================================
* Device #1: cpu-sandybridge-Intel(R) Core(TM) i5-8300H CPU @ 2.30GHz, 1085/2235 MB (512 MB allocatable), 4MCU
Minimum password length supported by kernel: 0
Maximum password length supported by kernel: 31
Dictionary cache hit:
* Filename..: /usr/share/wordlists/rockyou.txt
* Passwords.: 14344385
* Bytes.....: 139921507
* Keyspace..: 14344385
Dictionary cache hit:
* Filename..: /usr/share/wordlists/slovnik.txt
* Passwords.: 6
* Bytes.....: 54
* Keyspace..: 6
Hashes: 6 digests; 6 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates
Optimizers applied:
* Optimized-Kernel
* Zero-Byte
* Not-Iterated
* Single-Salt
* Raw-Hash
* Uses-64-Bit
Watchdog: Temperature abort trigger set to 90c
Host memory required for this attack: 0 MB
Dictionary cache hit:
* Filename..: /usr/share/wordlists/rockyou.txt
* Passwords.: 14344385
* Bytes.....: 139921507
* Keyspace..: 86066310
Session..........: hashcat
Status...........: Cracked
Hash.Mode........: 600 (BLAKE2b-512)
Hash.Target......: hesla_blake2b_kombi.txt
Time.Started.....: Wed May 1 17:38:43 2024 (17 secs)
Time.Estimated...: Wed May 1 17:39:00 2024 (0 secs)
Kernel.Feature...: Optimized Kernel
Guess.Base.......: File (/usr/share/wordlists/rockyou.txt), Left Side
Guess.Mod........: File (/usr/share/wordlists/slovnik.txt), Right Side
Speed.#1.........: 3899.5 kH/s (0.79ms) @ Accel:256 Loops:6 Thr:1 Vec:4
Recovered........: 6/6 (100.00%) Digests (total), 6/6 (100.00%) Digests (new)
Progress.........: 30720/86066310 (0.04%)
Rejected.........: 0/30720 (0.00%)
Restore.Point....: 4096/14344385 (0.03%)
Restore.Sub.#1...: Salt:0 Amplifier:0-6 Iteration:0-6
Candidate.Engine.: Device Generator
Candidates.#1....: newzealandHeslo -> babygrlHesloHeslo
Hardware.Mon.#1..: Util: 27%
Started: Wed May 1 17:38:39 2024
Stopped: Wed May 1 17:39:02 2024Výsledný soubor s prolomenými hashy:
$BLAKE2$6a96922a70a610cf34e7985e84422bfd32d7bfa9ae86ad10889209b39bda4104f1d26e5bb1c0bb6946f608c7c4aa66166373756ef6605dc9ff1786133f9f1dfa:Heslo
$BLAKE2$17dece361c74fe55cc73d9f2237161c99798078b1d7ee33f6d15fbde4a34ea7dddc62ab0c648ad1922ba5b364aef22b5caa0d32cdeadb7890d9c2c3be9bf1e99:heslo
$BLAKE2$f5ab8bafa6f2f72b431188ac38ae2de7bb618fb3d38b6cbf639defcdd5e10a86b22fccff571da37e42b23b80b657ee4d936478f582280a87d6dbb1da73f5c47d:123456789
$BLAKE2$5f9b2deed8e02e62ff916f0b14095a7f94a5ee5a6fdaebe5a6ac101e094c83c93ba7ca3a28caaa4ad3876b5b628493f2f64ba55d64a3f02f3ca0e831ae862442:987654321
$BLAKE2$6965b0e7d117b7de9a36d8443164edd7a4d15ca90bcdfcc9cd41b902a816922b21c2cee64f779983d365809a9d4c051c27f484c783b6245280266fdd667751bd:hesloheslo
$BLAKE2$8ab82afd6c0a4b3ca0d98c434f74cbf48996255af5974af41ae8fb39b55e175a7cbb2838dce68dc191311785906fda35f33c9e4479cd39d0c32da875bd626965:HesloHesloSrovnání rychlostí prolomení
Útok s maskou
V těchto útocích se používá tzv. maska. Pokud máme informace týkající se hesla, můžeme provést tento typ útoku a masku přidat. Informace jako délka hesla, či zda se vyskytuje v hesle písmeno, číslo, speciální znak, apod. Hashcat má zabudované následující znakové sady, které se dají použít jako maska:
- ?l = abcdefghijklmnopqrstuvwxyz
- ?u = ABCDEFGHIJKLMNOPQRSTUVWXYZ
- ?d = 0123456789
- ?h = 0123456789abcdef
- ?H = 0123456789ABCDEF
- ?s = „mezera“!“#$%&'()*+,-./:;<=>?@[\]^_`{|}~
- ?a = ?l?u?d?s
- ?b = 0x00 – 0xff
Hashcat rovněž umožňuje vytvořit si vlastní znakovou sadu. Taktéž umožňuje zaznamenat masky do souboru a při útoku se pak na něj odkazovat. Hashcat přichází s několika předgenerovanými maskami, které jsou uloženy v adresáři masks. Pokud se ovšem pracuje s maskou delší, než 8 znaků, může se čas k prolomení hesla velmi zvýšit.
Příklad 1: MD5 útok s maskou
Seznam vstupních hashů pro útok s maskou:
0192023a7bbd73250516f069df18b500
b5eb89b5b55d851cc721fe62a18dedab
d41a83379cf8e7573679073a52e29f1bPříkaz útoku maskou. V útoku je použita maska dlouhá 8 znaků, 5 znaků jsou malá písmena a 3 znaky jsou číslo od 0 do 9 nebo malé písmeno. Neboli se hledá heslo, které je 8 znaků dlouhé, obsahuje 5 malých písmen, po kterých následujou 3 čísla nebo malá písmena od a do f.
Bash
hashcat -m 0 -a 3 -o vystup_md5_mask.txt hesla_md5_mask.txt ?l?l?l?l?l?h?h?h -O
hashcat (v6.2.6) starting
OpenCL API (OpenCL 3.0 PoCL 5.0+debian Linux, None+Asserts, RELOC, SPIR, LLVM 16.0.6, SLEEF, DISTRO, POCL_DEBUG) - Platform #1 [The pocl project]
==================================================================================================================================================
* Device #1: cpu-sandybridge-Intel(R) Core(TM) i5-8300H CPU @ 2.30GHz, 1085/2235 MB (512 MB allocatable), 4MCU
Minimum password length supported by kernel: 0
Maximum password length supported by kernel: 55
Hashes: 3 digests; 3 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates
Optimizers applied:
* Optimized-Kernel
* Zero-Byte
* Precompute-Init
* Meet-In-The-Middle
* Early-Skip
* Not-Salted
* Not-Iterated
* Single-Salt
* Brute-Force
* Raw-Hash
Watchdog: Temperature abort trigger set to 90c
INFO: Removed 2 hashes found as potfile entries.
Host memory required for this attack: 0 MB
Session..........: hashcat
Status...........: Cracked
Hash.Mode........: 0 (MD5)
Hash.Target......: hesla_md5_mask.txt
Time.Started.....: Wed May 1 21:07:52 2024 (2 mins, 32 secs)
Time.Estimated...: Wed May 1 21:10:24 2024 (0 secs)
Kernel.Feature...: Optimized Kernel
Guess.Mask.......: ?l?l?l?l?l?h?h?h [8]
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........: 109.4 MH/s (1.12ms) @ Accel:256 Loops:128 Thr:1 Vec:8
Recovered........: 3/3 (100.00%) Digests (total), 1/3 (33.33%) Digests (new)
Progress.........: 16362905600/48666116096 (33.62%)
Rejected.........: 0/16362905600 (0.00%)
Restore.Point....: 930816/2768896 (33.62%)
Restore.Sub.#1...: Salt:0 Amplifier:2688-2816 Iteration:0-128
Candidate.Engine.: Device Generator
Candidates.#1....: rqmvx185 -> jigqd185
Hardware.Mon.#1..: Util: 86%
Started: Wed May 1 21:07:49 2024
Stopped: Wed May 1 21:10:26 2024
Výsledný soubor s prolomenými hashy:
0192023a7bbd73250516f069df18b500:admin123
b5eb89b5b55d851cc721fe62a18dedab:vwxyz000
d41a83379cf8e7573679073a52e29f1b:passabcdPříklad 2: SHA-1 útok s maskou
Seznam vstupních hashů pro útok s maskou:
f865b53623b121fd34ee5426c792e5c33af8c227
8e4c60189118fd1a9c9867e982084086afaa74ab
f376297e4403832d40029dfcc113ffd207252b46Příkaz útoku maskou. V útoku je použita maska dlouhá 8 znaků, 5 znaků jsou malá písmena a 3 znaky jsou číslo od 0 do 9 nebo malé písmeno. Neboli se hledá heslo, které je 8 znaků dlouhé, obsahuje 5 malých písmen, po kterých následujou 3 čísla nebo malá písmena od a do f.
Bash
hashcat -m 100 -a 3 -o vystup_sha1_mask.txt hesla_sha1_mask.txt ?l?l?l?l?l?h?h?h -O
hashcat (v6.2.6) starting
OpenCL API (OpenCL 3.0 PoCL 5.0+debian Linux, None+Asserts, RELOC, SPIR, LLVM 16.0.6, SLEEF, DISTRO, POCL_DEBUG) - Platform #1 [The pocl project]
==================================================================================================================================================
* Device #1: cpu-sandybridge-Intel(R) Core(TM) i5-8300H CPU @ 2.30GHz, 1085/2235 MB (512 MB allocatable), 4MCU
Minimum password length supported by kernel: 0
Maximum password length supported by kernel: 55
Hashes: 3 digests; 3 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates
Optimizers applied:
* Optimized-Kernel
* Zero-Byte
* Precompute-Init
* Early-Skip
* Not-Salted
* Not-Iterated
* Single-Salt
* Brute-Force
* Raw-Hash
Watchdog: Temperature abort trigger set to 90c
INFO: Removed 2 hashes found as potfile entries.
Host memory required for this attack: 0 MB
Session..........: hashcat
Status...........: Cracked
Hash.Mode........: 100 (SHA1)
Hash.Target......: hesla_sha1_mask.txt
Time.Started.....: Wed May 1 21:12:39 2024 (2 mins, 33 secs)
Time.Estimated...: Wed May 1 21:15:12 2024 (0 secs)
Kernel.Feature...: Optimized Kernel
Guess.Mask.......: ?l?l?l?l?l?h?h?h [8]
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........: 105.1 MH/s (9.52ms) @ Accel:256 Loops:1024 Thr:1 Vec:8
Recovered........: 3/3 (100.00%) Digests (total), 1/3 (33.33%) Digests (new)
Progress.........: 16363167744/48666116096 (33.62%)
Rejected.........: 0/16363167744 (0.00%)
Restore.Point....: 930816/2768896 (33.62%)
Restore.Sub.#1...: Salt:0 Amplifier:2048-3072 Iteration:0-1024
Candidate.Engine.: Device Generator
Candidates.#1....: orovx185 -> bctqd185
Hardware.Mon.#1..: Util: 95%
Started: Wed May 1 21:12:35 2024
Stopped: Wed May 1 21:15:14 2024Výsledný soubor s prolomenými hashy:
f865b53623b121fd34ee5426c792e5c33af8c227:admin123
8e4c60189118fd1a9c9867e982084086afaa74ab:vwxyz000
f376297e4403832d40029dfcc113ffd207252b46:passabcdPříklad 3: SHA-256 útok s maskou
Seznam vstupních hashů pro útok s maskou:
240be518fabd2724ddb6f04eeb1da5967448d7e831c08c8fa822809f74c720a9
0504d2f9eb5de1cdd46e6c6444ec85e0978d03bd72918e38527679bd3be0c809
71f155919a20ed11274dac375f8a0cf4d7c4e4c38cb35f79cd509c21e75e4c2ePříkaz útoku maskou. V útoku je použita maska dlouhá 8 znaků, 5 znaků jsou malá písmena a 3 znaky jsou číslo od 0 do 9 nebo malé písmeno. Neboli se hledá heslo, které je 8 znaků dlouhé, obsahuje 5 malých písmen, po kterých následujou 3 čísla nebo malá písmena od a do f.
Bash
hashcat -m 1400 -a 3 -o vystup_sha256_mask.txt hesla_sha256_mask.txt ?l?l?l?l?l?h?h?h -O
hashcat (v6.2.6) starting
OpenCL API (OpenCL 3.0 PoCL 5.0+debian Linux, None+Asserts, RELOC, SPIR, LLVM 16.0.6, SLEEF, DISTRO, POCL_DEBUG) - Platform #1 [The pocl project]
==================================================================================================================================================
* Device #1: cpu-sandybridge-Intel(R) Core(TM) i5-8300H CPU @ 2.30GHz, 1085/2235 MB (512 MB allocatable), 4MCU
Minimum password length supported by kernel: 0
Maximum password length supported by kernel: 55
Hashes: 3 digests; 3 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates
Optimizers applied:
* Optimized-Kernel
* Zero-Byte
* Precompute-Init
* Early-Skip
* Not-Salted
* Not-Iterated
* Single-Salt
* Brute-Force
* Raw-Hash
Watchdog: Temperature abort trigger set to 90c
INFO: Removed 2 hashes found as potfile entries.
Host memory required for this attack: 0 MB
Session..........: hashcat
Status...........: Cracked
Hash.Mode........: 1400 (SHA2-256)
Hash.Target......: hesla_sha256_mask.txt
Time.Started.....: Wed May 1 21:17:34 2024 (6 mins, 37 secs)
Time.Estimated...: Wed May 1 21:24:11 2024 (0 secs)
Kernel.Feature...: Optimized Kernel
Guess.Mask.......: ?l?l?l?l?l?h?h?h [8]
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........: 41317.5 kH/s (11.43ms) @ Accel:256 Loops:512 Thr:1 Vec:8
Recovered........: 3/3 (100.00%) Digests (total), 1/3 (33.33%) Digests (new)
Progress.........: 16363167744/48666116096 (33.62%)
Rejected.........: 0/16363167744 (0.00%)
Restore.Point....: 930816/2768896 (33.62%)
Restore.Sub.#1...: Salt:0 Amplifier:2560-3072 Iteration:0-512
Candidate.Engine.: Device Generator
Candidates.#1....: hwovx185 -> bctqd185
Hardware.Mon.#1..: Util: 96%
Started: Wed May 1 21:17:31 2024
Stopped: Wed May 1 21:24:12 2024Výsledný soubor s prolomenými hashy:
240be518fabd2724ddb6f04eeb1da5967448d7e831c08c8fa822809f74c720a9:admin123
0504d2f9eb5de1cdd46e6c6444ec85e0978d03bd72918e38527679bd3be0c809:vwxyz000
71f155919a20ed11274dac375f8a0cf4d7c4e4c38cb35f79cd509c21e75e4c2e:passabcdPříklad 4: BLAKE2b útok s maskou
Seznam vstupních hashů pro útok s maskou:
$BLAKE2$eba34065a1d45b3bfd700926b250ee119b42b331977b43b61f6c9d383fcb8f2d898d2b003253796e0eda3a37d3fdffd131758ad348e94dfe9685f787c7911a42
$BLAKE2$76e3745fd2f0a03573531a2f6c11bbc28f10456bb64da87be9f7dcf0c19f5143abd33007531cf93b740d5db602bb4343c3b1286294ce9c767e4f8fa992b9c2fa
$BLAKE2$c96677741b3d258a80ce784e3e24625cd1c3f281f9f0ea70d108333859961556534d8f36a4a95cec8359c169576f3aa28b776387372455a87ccc8582d6d534cePříkaz útoku maskou. V útoku je použita maska dlouhá 8 znaků, 5 znaků jsou malá písmena a 3 znaky jsou číslo od 0 do 9 nebo malé písmeno. Neboli se hledá heslo, které je 8 znaků dlouhé, obsahuje 5 malých písmen, po kterých následujou 3 čísla nebo malá písmena od a do f.
Bash
hashcat -m 600 -a 3 -o vystup_blake2b_mask.txt hesla_blake2b_mask.txt ?l?l?l?l?l?h?h?h -O
hashcat (v6.2.6) starting
OpenCL API (OpenCL 3.0 PoCL 5.0+debian Linux, None+Asserts, RELOC, SPIR, LLVM 16.0.6, SLEEF, DISTRO, POCL_DEBUG) - Platform #1 [The pocl project]
==================================================================================================================================================
* Device #1: cpu-sandybridge-Intel(R) Core(TM) i5-8300H CPU @ 2.30GHz, 1085/2235 MB (512 MB allocatable), 4MCU
Minimum password length supported by kernel: 0
Maximum password length supported by kernel: 55
Hashes: 3 digests; 3 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates
Optimizers applied:
* Optimized-Kernel
* Zero-Byte
* Not-Iterated
* Single-Salt
* Brute-Force
* Raw-Hash
* Uses-64-Bit
Watchdog: Temperature abort trigger set to 90c
Host memory required for this attack: 0 MB
Approaching final keyspace - workload adjusted.
Session..........: hashcat
Status...........: Exhausted
Hash.Mode........: 600 (BLAKE2b-512)
Hash.Target......: hesla_blake2b_mask.txt
Time.Started.....: Wed May 1 19:17:34 2024 (1 hour, 7 mins)
Time.Estimated...: Wed May 1 20:24:43 2024 (0 secs)
Kernel.Feature...: Optimized Kernel
Guess.Mask.......: ?l?l?l?l?l?h?h?h [8]
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........: 12360.3 kH/s (9.06ms) @ Accel:72 Loops:512 Thr:1 Vec:4
Recovered........: 2/3 (66.67%) Digests (total), 2/3 (66.67%) Digests (new)
Progress.........: 48666116096/48666116096 (100.00%)
Rejected.........: 0/48666116096 (0.00%)
Restore.Point....: 2768896/2768896 (100.00%)
Restore.Sub.#1...: Salt:0 Amplifier:17408-17576 Iteration:0-512
Candidate.Engine.: Device Generator
Candidates.#1....: fkxhzf6e -> xqxqxf6e
Hardware.Mon.#1..: Util: 88%
Started: Wed May 1 19:17:09 2024
Stopped: Wed May 1 20:24:45 2024Výsledný soubor s prolomenými hashy:
$BLAKE2$eba34065a1d45b3bfd700926b250ee119b42b331977b43b61f6c9d383fcb8f2d898d2b003253796e0eda3a37d3fdffd131758ad348e94dfe9685f787c7911a42:admin123
$BLAKE2$76e3745fd2f0a03573531a2f6c11bbc28f10456bb64da87be9f7dcf0c19f5143abd33007531cf93b740d5db602bb4343c3b1286294ce9c767e4f8fa992b9c2fa:passabcd
$BLAKE2$c96677741b3d258a80ce784e3e24625cd1c3f281f9f0ea70d108333859961556534d8f36a4a95cec8359c169576f3aa28b776387372455a87ccc8582d6d534ce:vwxyz000Srovnání rychlostí prolomení
Hybridní útok
Hybridní útok kombinuje slovníkový útok a útok maskou. Tento typ útoku zdokonaluje nedostatky obou typů útoků. U hybridních útoků se určuje umístění použití masky, jestli před slovem hledaným slovníkem (-a 7) nebo za slovem (-a 6). Nelze použít obě umístění současně.
Příklad 1: MD5 hybridní útok
Seznam vstupních hashů pro hybridní útok.
1f61b744f2c9e8f49ae4c4965f39963f
69a9da126e60768f5d294051ce9069e3
261e5e7e83ae4b142f6684e87540cd57Příkaz hybridního útoku. Nejprve se vyhledává slovo pomocí slovníku rockyou.txt, a poté se použije maska dlouhá 2 znaky a obsahuje buď 2 čísla nebo 2 velká písmena od A do F.
Bash
hashcat -m 0 -a 6 -o vystup_md5_hybrid.txt hesla_md5_hybrid.txt /usr/share/wordlists/rockyou.txt ?H?H -O
hashcat (v6.2.6) starting
OpenCL API (OpenCL 3.0 PoCL 5.0+debian Linux, None+Asserts, RELOC, SPIR, LLVM 16.0.6, SLEEF, DISTRO, POCL_DEBUG) - Platform #1 [The pocl project]
==================================================================================================================================================
* Device #1: cpu-sandybridge-Intel(R) Core(TM) i5-8300H CPU @ 2.30GHz, 1085/2235 MB (512 MB allocatable), 4MCU
Minimum password length supported by kernel: 0
Maximum password length supported by kernel: 31
Hashes: 3 digests; 3 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates
Optimizers applied:
* Optimized-Kernel
* Zero-Byte
* Precompute-Init
* Meet-In-The-Middle
* Early-Skip
* Not-Salted
* Not-Iterated
* Single-Salt
* Raw-Hash
Watchdog: Temperature abort trigger set to 90c
INFO: Removed 2 hashes found as potfile entries.
Host memory required for this attack: 0 MB
Dictionary cache hit:
* Filename..: /usr/share/wordlists/rockyou.txt
* Passwords.: 14344385
* Bytes.....: 139921507
* Keyspace..: 3672162560
Session..........: hashcat
Status...........: Cracked
Hash.Mode........: 0 (MD5)
Hash.Target......: hesla_md5_hybrid.txt
Time.Started.....: Wed May 1 21:54:06 2024 (1 sec)
Time.Estimated...: Wed May 1 21:54:07 2024 (0 secs)
Kernel.Feature...: Optimized Kernel
Guess.Base.......: File (/usr/share/wordlists/rockyou.txt), Left Side
Guess.Mod........: Mask (?H?H) [2], Right Side
Guess.Queue.Base.: 1/1 (100.00%)
Guess.Queue.Mod..: 1/1 (100.00%)
Speed.#1.........: 57473.5 kH/s (3.66ms) @ Accel:256 Loops:256 Thr:1 Vec:8
Recovered........: 3/3 (100.00%) Digests (total), 1/3 (33.33%) Digests (new)
Progress.........: 30146816/3672162560 (0.82%)
Rejected.........: 256/30146816 (0.00%)
Restore.Point....: 116737/14344385 (0.81%)
Restore.Sub.#1...: Salt:0 Amplifier:0-256 Iteration:0-256
Candidate.Engine.: Device Generator
Candidates.#1....: luckystar112 -> gloriatreviE8
Hardware.Mon.#1..: Util: 30%
Started: Wed May 1 21:54:03 2024
Stopped: Wed May 1 21:54:08 2024
Výsledný soubor s prolomenými hashy:
1f61b744f2c9e8f49ae4c4965f39963f:pass19
69a9da126e60768f5d294051ce9069e3:word28
261e5e7e83ae4b142f6684e87540cd57:kaliFFPříklad 2: SHA-1 hybridní útok
Seznam vstupních hashů pro hybridní útok.
7c816708ff015453787c83c4d0c00ddf93357fd3
7e17878fcbb5701b0b9bc79fc74fe3219aa9c3f0
2f61f0ac3a4c764c45290029acacfbaa953a1140Příkaz hybridního útoku. Nejprve se vyhledává slovo pomocí slovníku rockyou.txt, a poté se použije maska dlouhá 2 znaky a obsahuje buď 2 čísla nebo 2 velká písmena od A do F.
Bash
hashcat -m 100 -a 6 -o vystup_sha1_hybrid.txt hesla_sha1_hybrid.txt /usr/share/wordlists/rockyou.txt ?H?H -O
hashcat (v6.2.6) starting
OpenCL API (OpenCL 3.0 PoCL 5.0+debian Linux, None+Asserts, RELOC, SPIR, LLVM 16.0.6, SLEEF, DISTRO, POCL_DEBUG) - Platform #1 [The pocl project]
==================================================================================================================================================
* Device #1: cpu-sandybridge-Intel(R) Core(TM) i5-8300H CPU @ 2.30GHz, 1085/2235 MB (512 MB allocatable), 4MCU
Minimum password length supported by kernel: 0
Maximum password length supported by kernel: 31
Hashes: 3 digests; 3 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates
Optimizers applied:
* Optimized-Kernel
* Zero-Byte
* Precompute-Init
* Early-Skip
* Not-Salted
* Not-Iterated
* Single-Salt
* Raw-Hash
Watchdog: Temperature abort trigger set to 90c
Initializing backend runtime for device #1. Please be patient...
Host memory required for this attack: 0 MB
Dictionary cache hit:
* Filename..: /usr/share/wordlists/rockyou.txt
* Passwords.: 14344385
* Bytes.....: 139921507
* Keyspace..: 3672162560
Session..........: hashcat
Status...........: Cracked
Hash.Mode........: 100 (SHA1)
Hash.Target......: hesla_sha1_hybrid.txt
Time.Started.....: Wed May 1 21:56:23 2024 (0 secs)
Time.Estimated...: Wed May 1 21:56:23 2024 (0 secs)
Kernel.Feature...: Optimized Kernel
Guess.Base.......: File (/usr/share/wordlists/rockyou.txt), Left Side
Guess.Mod........: Mask (?H?H) [2], Right Side
Guess.Queue.Base.: 1/1 (100.00%)
Guess.Queue.Mod..: 1/1 (100.00%)
Speed.#1.........: 48745.0 kH/s (4.67ms) @ Accel:256 Loops:256 Thr:1 Vec:8
Recovered........: 3/3 (100.00%) Digests (total), 3/3 (100.00%) Digests (new)
Progress.........: 30146816/3672162560 (0.82%)
Rejected.........: 256/30146816 (0.00%)
Restore.Point....: 116737/14344385 (0.81%)
Restore.Sub.#1...: Salt:0 Amplifier:0-256 Iteration:0-256
Candidate.Engine.: Device Generator
Candidates.#1....: luckystar112 -> gloriatreviE8
Hardware.Mon.#1..: Util: 28%
Started: Wed May 1 21:55:55 2024
Stopped: Wed May 1 21:56:24 2024Výsledný soubor s prolomenými hashy:
7c816708ff015453787c83c4d0c00ddf93357fd3:pass19
7e17878fcbb5701b0b9bc79fc74fe3219aa9c3f0:word28
2f61f0ac3a4c764c45290029acacfbaa953a1140:kaliFFPříklad 3: SHA-256 hybridní útok
Seznam vstupních hashů pro hybridní útok.
871431053023291d24b403f1f9d761c6f01b3050a0a83cd9d9759a970f8d4d92
f064d2d3afa4f7b89eee81b033a8cb927564866793bc59031525ca776c10a6fc
34207f580ff5026b7c5686c314aa52114674ea1ae57b5ddf7a775151a131de04Příkaz hybridního útoku. Nejprve se vyhledává slovo pomocí slovníku rockyou.txt, a poté se použije maska dlouhá 2 znaky a obsahuje buď 2 čísla nebo 2 velká písmena od A do F.
Bash
hashcat -m 1400 -a 6 -o vystup_sha256_hybrid.txt hesla_sha256_hybrid.txt /usr/share/wordlists/rockyou.txt ?H?H -O
hashcat (v6.2.6) starting
OpenCL API (OpenCL 3.0 PoCL 5.0+debian Linux, None+Asserts, RELOC, SPIR, LLVM 16.0.6, SLEEF, DISTRO, POCL_DEBUG) - Platform #1 [The pocl project]
==================================================================================================================================================
* Device #1: cpu-sandybridge-Intel(R) Core(TM) i5-8300H CPU @ 2.30GHz, 1085/2235 MB (512 MB allocatable), 4MCU
Minimum password length supported by kernel: 0
Maximum password length supported by kernel: 31
Hashes: 3 digests; 3 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates
Optimizers applied:
* Optimized-Kernel
* Zero-Byte
* Precompute-Init
* Early-Skip
* Not-Salted
* Not-Iterated
* Single-Salt
* Raw-Hash
Watchdog: Temperature abort trigger set to 90c
Host memory required for this attack: 0 MB
Dictionary cache hit:
* Filename..: /usr/share/wordlists/rockyou.txt
* Passwords.: 14344385
* Bytes.....: 139921507
* Keyspace..: 3672162560
Session..........: hashcat
Status...........: Cracked
Hash.Mode........: 1400 (SHA2-256)
Hash.Target......: hesla_sha256_hybrid.txt
Time.Started.....: Wed May 1 21:58:22 2024 (1 sec)
Time.Estimated...: Wed May 1 21:58:23 2024 (0 secs)
Kernel.Feature...: Optimized Kernel
Guess.Base.......: File (/usr/share/wordlists/rockyou.txt), Left Side
Guess.Mod........: Mask (?H?H) [2], Right Side
Guess.Queue.Base.: 1/1 (100.00%)
Guess.Queue.Mod..: 1/1 (100.00%)
Speed.#1.........: 24835.0 kH/s (9.38ms) @ Accel:256 Loops:256 Thr:1 Vec:8
Recovered........: 3/3 (100.00%) Digests (total), 3/3 (100.00%) Digests (new)
Progress.........: 30146816/3672162560 (0.82%)
Rejected.........: 256/30146816 (0.00%)
Restore.Point....: 116737/14344385 (0.81%)
Restore.Sub.#1...: Salt:0 Amplifier:0-256 Iteration:0-256
Candidate.Engine.: Device Generator
Candidates.#1....: luckystar112 -> gloriatreviE8
Hardware.Mon.#1..: Util: 94%
Started: Wed May 1 21:57:50 2024
Stopped: Wed May 1 21:58:25 2024Výsledný soubor s prolomenými hashy:
871431053023291d24b403f1f9d761c6f01b3050a0a83cd9d9759a970f8d4d92:pass19
f064d2d3afa4f7b89eee81b033a8cb927564866793bc59031525ca776c10a6fc:word28
34207f580ff5026b7c5686c314aa52114674ea1ae57b5ddf7a775151a131de04:kaliFFPříklad 4: BLAKE2b hybridní útok
Seznam vstupních hashů pro hybridní útok.
$BLAKE2$f3701b37a18c7723dfc7672c7c6d1d27252220c849579eb568484d38fcc0e5c2de4e6ab5ce3955c4e3d84c43db2f2c0f5b204a42e9c52cad1115a941497c3865
$BLAKE2$1690910baa271a409e223b51922fe28237360cfbed9418ad79f210c864eeb1a731f6114bf4ce83da20cfe7b4a8636001f7155c1f1d471d2e35a93ad3c063d287
$BLAKE2$b53b59ed631b415d31d5dee718d9ab2a904a8c8c3c1580ad3cf2b819cecc1d0eae8771b55295909b3e1491e82f2575a51cab450909f24c0451dee5222bb32e16Příkaz hybridního útoku. Nejprve se vyhledává slovo pomocí slovníku rockyou.txt, a poté se použije maska dlouhá 2 znaky a obsahuje buď 2 čísla nebo 2 velká písmena od A do F.
Bash
hashcat -m 600 -a 6 -o vystup_blake2b_hybrid.txt hesla_blake2b_hybrid.txt /usr/share/wordlists/rockyou.txt ?H?H -O
hashcat (v6.2.6) starting
OpenCL API (OpenCL 3.0 PoCL 5.0+debian Linux, None+Asserts, RELOC, SPIR, LLVM 16.0.6, SLEEF, DISTRO, POCL_DEBUG) - Platform #1 [The pocl project]
==================================================================================================================================================
* Device #1: cpu-sandybridge-Intel(R) Core(TM) i5-8300H CPU @ 2.30GHz, 1085/2235 MB (512 MB allocatable), 4MCU
Minimum password length supported by kernel: 0
Maximum password length supported by kernel: 31
Hashes: 3 digests; 3 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates
Optimizers applied:
* Optimized-Kernel
* Zero-Byte
* Not-Iterated
* Single-Salt
* Raw-Hash
* Uses-64-Bit
Watchdog: Temperature abort trigger set to 90c
Host memory required for this attack: 0 MB
Dictionary cache hit:
* Filename..: /usr/share/wordlists/rockyou.txt
* Passwords.: 14344385
* Bytes.....: 139921507
* Keyspace..: 3672162560
Session..........: hashcat
Status...........: Cracked
Hash.Mode........: 600 (BLAKE2b-512)
Hash.Target......: hesla_blake2b_hybrid.txt
Time.Started.....: Wed May 1 22:00:14 2024 (3 secs)
Time.Estimated...: Wed May 1 22:00:17 2024 (0 secs)
Kernel.Feature...: Optimized Kernel
Guess.Base.......: File (/usr/share/wordlists/rockyou.txt), Left Side
Guess.Mod........: Mask (?H?H) [2], Right Side
Guess.Queue.Base.: 1/1 (100.00%)
Guess.Queue.Mod..: 1/1 (100.00%)
Speed.#1.........: 10093.9 kH/s (0.68ms) @ Accel:256 Loops:8 Thr:1 Vec:4
Recovered........: 3/3 (100.00%) Digests (total), 3/3 (100.00%) Digests (new)
Progress.........: 29966592/3672162560 (0.82%)
Rejected.........: 256/29966592 (0.00%)
Restore.Point....: 116737/14344385 (0.81%)
Restore.Sub.#1...: Salt:0 Amplifier:72-80 Iteration:0-8
Candidate.Engine.: Device Generator
Candidates.#1....: luckystar175 -> gloriatreviEE
Hardware.Mon.#1..: Util: 86%
Started: Wed May 1 21:59:50 2024
Stopped: Wed May 1 22:00:19 2024Výsledný soubor s prolomenými hashy:
$BLAKE2$f3701b37a18c7723dfc7672c7c6d1d27252220c849579eb568484d38fcc0e5c2de4e6ab5ce3955c4e3d84c43db2f2c0f5b204a42e9c52cad1115a941497c3865:pass19
$BLAKE2$1690910baa271a409e223b51922fe28237360cfbed9418ad79f210c864eeb1a731f6114bf4ce83da20cfe7b4a8636001f7155c1f1d471d2e35a93ad3c063d287:word28
$BLAKE2$b53b59ed631b415d31d5dee718d9ab2a904a8c8c3c1580ad3cf2b819cecc1d0eae8771b55295909b3e1491e82f2575a51cab450909f24c0451dee5222bb32e16:kaliFFSrovnání rychlostí prolomení
Bruteforce útok
Hashcat může být použit k hrubému prolomení hesel pomocí systematického zkoušení všech možných kombinací znaků. Časově velmi náročné ! Tento typ útoku byl testován na dvou strojích pro srovnání výkonů mezi virtuálem Kali Linux a železem stolním počítačem.
Seznam vstupních hashu MD5 pro bruteforce útok.
dc647eb65e6711e155375218212b3964
eb61eead90e3b899c6bcbe27ac581660
958152288f2d2303ae045cffc43a02cd
2c9341ca4cf3d87b9e4eb905d6a3ec45
75b71aa6842e450f12aca00fdf54c51d
031cbcccd3ba6bd4d1556330995b8d08
b5af0b804ff7238bce48adef1e0c213fPříkaz pro bruteforce útok:
Poznámka: ?a = ?l?u?d?s (malá a velká písmena, čísla, speciální znaky)
Bash
hashcat -m 0 -a 3 -o vystup_bruteforce.txt hesla_bruteforce.txt ?a?a?a?a?a?a?a?a -O -S
hashcat (v6.2.6) starting
OpenCL API (OpenCL 3.0 PoCL 5.0+debian Linux, None+Asserts, RELOC, SPIR, LLVM 16.0.6, SLEEF, DISTRO, POCL_DEBUG) - Platform #1 [The pocl project]
==================================================================================================================================================
* Device #1: cpu-sandybridge-Intel(R) Core(TM) i5-8300H CPU @ 2.30GHz, 1085/2235 MB (512 MB allocatable), 4MCU
Minimum password length supported by kernel: 0
Maximum password length supported by kernel: 31
Hashes: 7 digests; 7 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates
Optimizers applied:
* Optimized-Kernel
* Zero-Byte
* Precompute-Init
* Meet-In-The-Middle
* Early-Skip
* Not-Salted
* Not-Iterated
* Single-Salt
* Brute-Force
* Raw-Hash
Watchdog: Temperature abort trigger set to 90c
Host memory required for this attack: 2 MB
Session..........: hashcat
Status...........: Quit
Hash.Mode........: 0 (MD5)
Hash.Target......: hesla_bruteforce.txt
Time.Started.....: Thu May 2 17:53:27 2024 (2 hours, 0 mins)
Time.Estimated...: Tue Nov 18 21:04:16 2121 (97 years, 199 days)
Kernel.Feature...: Optimized Kernel
Guess.Mask.......: ?a?a?a?a?a?a?a?a [8]
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........: 2155.2 kH/s (0.11ms) @ Accel:256 Loops:1 Thr:1 Vec:8
Recovered........: 1/7 (14.29%) Digests (total), 1/7 (14.29%) Digests (new)
Progress.........: 15045824512/6634204312890625 (0.00%)
Rejected.........: 0/15045824512 (0.00%)
Restore.Point....: 15045824512/6634204312890625 (0.00%)
Restore.Sub.#1...: Salt:0 Amplifier:0-1 Iteration:0-1
Candidate.Engine.: Host Generator + PCIe
Candidates.#1....: r9Of.san -> ^S&:wane
Hardware.Mon.#1..: Util: 37%
Started: Thu May 2 17:52:59 2024
Stopped: Thu May 2 19:53:41 2024Bash
hashcat.exe -m 0 -a 3 -o vystup_bruteforce.txt hesla_bruteforce.txt ?a?a?a?a?a?a?a?a -O -S
hashcat (v6.2.6) starting
Successfully initialized the NVIDIA main driver CUDA runtime library.
Failed to initialize NVIDIA RTC library.
* Device #1: CUDA SDK Toolkit not installed or incorrectly installed.
CUDA SDK Toolkit required for proper device support and utilization.
Falling back to OpenCL runtime.
* Device #1: WARNING! Kernel exec timeout is not disabled.
This may cause "CL_OUT_OF_RESOURCES" or related errors.
To disable the timeout, see: https://hashcat.net/q/timeoutpatch
OpenCL API (OpenCL 3.0 CUDA 12.4.131) - Platform #1 [NVIDIA Corporation]
========================================================================
* Device #1: NVIDIA GeForce RTX 2060, 6016/6143 MB (1535 MB allocatable), 30MCU
Minimum password length supported by kernel: 0
Maximum password length supported by kernel: 31
Hashes: 7 digests; 7 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates
Optimizers applied:
* Optimized-Kernel
* Zero-Byte
* Precompute-Init
* Meet-In-The-Middle
* Early-Skip
* Not-Salted
* Not-Iterated
* Single-Salt
* Brute-Force
* Raw-Hash
Watchdog: Temperature abort trigger set to 90c
Host memory required for this attack: 856 MB
Session..........: hashcat
Status...........: Quit
Hash.Mode........: 0 (MD5)
Hash.Target......: hesla_bruteforce.txt
Time.Started.....: Thu May 02 17:30:35 2024 (2 hours, 0 mins)
Time.Estimated...: Fri Nov 04 21:38:27 2146 (122 years, 185 days)
Kernel.Feature...: Optimized Kernel
Guess.Mask.......: ?a?a?a?a?a?a?a?a [8]
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........: 1716.0 kH/s (1.22ms) @ Accel:128 Loops:1 Thr:32 Vec:1
Recovered........: 1/7 (14.29%) Digests (total), 1/7 (14.29%) Digests (new)
Progress.........: 12380528640/6634204312890625 (0.00%)
Rejected.........: 0/12380528640 (0.00%)
Restore.Point....: 12380528640/6634204312890625 (0.00%)
Restore.Sub.#1...: Salt:0 Amplifier:0-1 Iteration:0-1
Candidate.Engine.: Host Generator + PCIe
Candidates.#1....: dG12FESS -> WwbyCANA
Hardware.Mon.#1..: Temp: 49c Fan: 26% Util: 21% Core: 375MHz Mem: 405MHz Bus:16
Started: Thu May 02 17:30:29 2024
Stopped: Thu May 02 19:30:58 2024Výstup prolomených hesle po 2. hodinách útoku.
Bash
cat hesla_bruteforce.txt
2c9341ca4cf3d87b9e4eb905d6a3ec45:Test1234V obou bruteforce útocích byl výsledek 1 prolomené heslo ze 7 možných.
Vstupní soubor obsahoval tyto hesla:
Password --> dc647eb65e6711e155375218212b3964
HELLO --> eb61eead90e3b899c6bcbe27ac581660
MYSECRET --> 958152288f2d2303ae045cffc43a02cd
Test1234 --> 2c9341ca4cf3d87b9e4eb905d6a3ec45
P455w0rd --> 75b71aa6842e450f12aca00fdf54c51d
GuessMe --> 031cbcccd3ba6bd4d1556330995b8d08
S3CuReP455Word --> b5af0b804ff7238bce48adef1e0c213fBenchmark testy
Porovnání výkonů při hashbreakingu dvou strojů, virtuálu Kali Linux, který pro hashbreaking využíval procesor Intel Core i5-8300H @ 2.30GHz omezen na 4 jádra a stolního počítače, který pro hashbreaking využíval grafickou kartu Nvidia GeForce RTX 2060 s 30 jádry. Pro toto porovnání bylo využito benchmark testů pomocí příkazu hashcat -b.
Bash
hashcat -b
hashcat (v6.2.6) starting in benchmark mode
Benchmarking uses hand-optimized kernel code by default.
You can use it in your cracking session by setting the -O option.
Note: Using optimized kernel code limits the maximum supported password length.
To disable the optimized kernel code in benchmark mode, use the -w option.
OpenCL API (OpenCL 3.0 CUDA 12.4.131) - Platform #1 [NVIDIA Corporation]
==================================================================================================================================================
* Device #1: NVIDIA GeForce RTX 2060, 6016/6143 MB (1535 MB allocatable), 30MCU
Benchmark relevant options:
===========================
* --optimized-kernel-enable
-------------------
* Hash-Mode 0 (MD5)
-------------------
Speed.#1.........: 24985.7 MH/s (39.99ms) @ Accel:256 Loops:1024 Thr:128 Vec:8
----------------------
* Hash-Mode 100 (SHA1)
----------------------
Speed.#1.........: 7772.9 MH/s (64.36ms) @ Accel:512 Loops:512 Thr:64 Vec:1
---------------------------
* Hash-Mode 1400 (SHA2-256)
---------------------------
Speed.#1.........: 3410.8 MH/s (73.46ms) @ Accel:32 Loops:1024 Thr:256 Vec:1
---------------------------
* Hash-Mode 1700 (SHA2-512)
---------------------------
Speed.#1.........: 997.4 MH/s (62.79ms) @ Accel:8 Loops:1024 Thr:256 Vec:1
-------------------------------------------------------------
* Hash-Mode 22000 (WPA-PBKDF2-PMKID+EAPOL) [Iterations: 4095]
-------------------------------------------------------------
Speed.#1.........: 396.0 kH/s (76.79ms) @ Accel:128 Loops:128 Thr:256 Vec:1
-----------------------
* Hash-Mode 1000 (NTLM)
-----------------------
Speed.#1.........: 45297.9 MH/s (21.86ms) @ Accel:256 Loops:1024 Thr:128 Vec:8
---------------------
* Hash-Mode 3000 (LM)
---------------------
Speed.#1.........: 23269.8 MH/s (42.90ms) @ Accel:256 Loops:1024 Thr:128 Vec:1
--------------------------------------------
* Hash-Mode 5500 (NetNTLMv1 / NetNTLMv1+ESS)
--------------------------------------------
Speed.#1.........: 24257.2 MH/s (41.15ms) @ Accel:128 Loops:1024 Thr:256 Vec:2
----------------------------
* Hash-Mode 5600 (NetNTLMv2)
----------------------------
Speed.#1.........: 1766.8 MH/s (70.89ms) @ Accel:32 Loops:512 Thr:256 Vec:1
--------------------------------------------------------
* Hash-Mode 1500 (descrypt, DES (Unix), Traditional DES)
--------------------------------------------------------
Speed.#1.........: 944.6 MH/s (66.26ms) @ Accel:16 Loops:1024 Thr:128 Vec:1
------------------------------------------------------------------------------
* Hash-Mode 500 (md5crypt, MD5 (Unix), Cisco-IOS $1$ (MD5)) [Iterations: 1000]
------------------------------------------------------------------------------
Speed.#1.........: 9514.7 kH/s (86.99ms) @ Accel:128 Loops:1000 Thr:256 Vec:1
----------------------------------------------------------------
* Hash-Mode 3200 (bcrypt $2*$, Blowfish (Unix)) [Iterations: 32]
----------------------------------------------------------------
Speed.#1.........: 16800 H/s (72.46ms) @ Accel:4 Loops:32 Thr:11 Vec:1
--------------------------------------------------------------------
* Hash-Mode 1800 (sha512crypt $6$, SHA512 (Unix)) [Iterations: 5000]
--------------------------------------------------------------------
Speed.#1.........: 156.1 kH/s (41.32ms) @ Accel:4096 Loops:256 Thr:32 Vec:1
--------------------------------------------------------
* Hash-Mode 7500 (Kerberos 5, etype 23, AS-REQ Pre-Auth)
--------------------------------------------------------
Speed.#1.........: 390.5 MH/s (80.31ms) @ Accel:256 Loops:128 Thr:32 Vec:1
-------------------------------------------------
* Hash-Mode 13100 (Kerberos 5, etype 23, TGS-REP)
-------------------------------------------------
Speed.#1.........: 374.9 MH/s (83.66ms) @ Accel:256 Loops:128 Thr:32 Vec:1
---------------------------------------------------------------------------------
* Hash-Mode 15300 (DPAPI masterkey file v1 (context 1 and 2)) [Iterations: 23999]
---------------------------------------------------------------------------------
Speed.#1.........: 68504 H/s (75.85ms) @ Accel:32 Loops:512 Thr:256 Vec:1
---------------------------------------------------------------------------------
* Hash-Mode 15900 (DPAPI masterkey file v2 (context 1 and 2)) [Iterations: 12899]
---------------------------------------------------------------------------------
Speed.#1.........: 38924 H/s (60.08ms) @ Accel:64 Loops:512 Thr:32 Vec:1
------------------------------------------------------------------
* Hash-Mode 7100 (macOS v10.8+ (PBKDF2-SHA512)) [Iterations: 1023]
------------------------------------------------------------------
Speed.#1.........: 418.0 kH/s (62.31ms) @ Accel:32 Loops:1023 Thr:32 Vec:1
---------------------------------------------
* Hash-Mode 11600 (7-Zip) [Iterations: 16384]
---------------------------------------------
Speed.#1.........: 381.9 kH/s (75.79ms) @ Accel:128 Loops:4096 Thr:32 Vec:1
------------------------------------------------
* Hash-Mode 12500 (RAR3-hp) [Iterations: 262144]
------------------------------------------------
Speed.#1.........: 37319 H/s (101.94ms) @ Accel:8 Loops:16384 Thr:256 Vec:1
--------------------------------------------
* Hash-Mode 13000 (RAR5) [Iterations: 32799]
--------------------------------------------
Speed.#1.........: 42224 H/s (90.40ms) @ Accel:32 Loops:512 Thr:256 Vec:1
--------------------------------------------------------------------------------
* Hash-Mode 6211 (TrueCrypt RIPEMD160 + XTS 512 bit (legacy)) [Iterations: 1999]
--------------------------------------------------------------------------------
Speed.#1.........: 294.3 kH/s (93.76ms) @ Accel:16 Loops:512 Thr:256 Vec:1
-----------------------------------------------------------------------------------
* Hash-Mode 13400 (KeePass 1 (AES/Twofish) and KeePass 2 (AES)) [Iterations: 24569]
-----------------------------------------------------------------------------------
Speed.#1.........: 25459 H/s (50.02ms) @ Accel:8 Loops:512 Thr:256 Vec:1
----------------------------------------------------------------
* Hash-Mode 6800 (LastPass + LastPass sniffed) [Iterations: 499]
----------------------------------------------------------------
Speed.#1.........: 2549.0 kH/s (58.38ms) @ Accel:64 Loops:249 Thr:256 Vec:1
--------------------------------------------------------------------
* Hash-Mode 11300 (Bitcoin/Litecoin wallet.dat) [Iterations: 200459]
--------------------------------------------------------------------
Speed.#1.........: 5147 H/s (60.69ms) @ Accel:32 Loops:256 Thr:256 Vec:1
Started: Thu May 02 19:35:17 2024
Stopped: Thu May 02 19:40:28 2024Bash
hashcat -b
hashcat (v6.2.6) starting in benchmark mode
Benchmarking uses hand-optimized kernel code by default.
You can use it in your cracking session by setting the -O option.
Note: Using optimized kernel code limits the maximum supported password length.
To disable the optimized kernel code in benchmark mode, use the -w option.
OpenCL API (OpenCL 3.0 PoCL 5.0+debian Linux, None+Asserts, RELOC, SPIR, LLVM 16.0.6, SLEEF, DISTRO, POCL_DEBUG) - Platform #1 [The pocl project]
==================================================================================================================================================
* Device #1: cpu-sandybridge-Intel(R) Core(TM) i5-8300H CPU @ 2.30GHz, 1085/2235 MB (512 MB allocatable), 4MCU
Benchmark relevant options:
===========================
* --optimized-kernel-enable
-------------------
* Hash-Mode 0 (MD5)
-------------------
Speed.#1.........: 224.8 MH/s (4.43ms) @ Accel:256 Loops:1024 Thr:1 Vec:8
----------------------
* Hash-Mode 100 (SHA1)
----------------------
Speed.#1.........: 127.2 MH/s (7.81ms) @ Accel:256 Loops:1024 Thr:1 Vec:8
---------------------------
* Hash-Mode 1400 (SHA2-256)
---------------------------
Speed.#1.........: 52024.3 kH/s (20.16ms) @ Accel:256 Loops:1024 Thr:1 Vec:8
---------------------------
* Hash-Mode 1700 (SHA2-512)
---------------------------
Speed.#1.........: 15772.8 kH/s (8.14ms) @ Accel:256 Loops:128 Thr:1 Vec:4
-------------------------------------------------------------
* Hash-Mode 22000 (WPA-PBKDF2-PMKID+EAPOL) [Iterations: 4095]
-------------------------------------------------------------
Speed.#1.........: 4950 H/s (41.44ms) @ Accel:256 Loops:1024 Thr:1 Vec:8
-----------------------
* Hash-Mode 1000 (NTLM)
-----------------------
Speed.#1.........: 332.7 MH/s (2.90ms) @ Accel:256 Loops:1024 Thr:1 Vec:8
---------------------
* Hash-Mode 3000 (LM)
---------------------
Speed.#1.........: 95105.1 kH/s (10.37ms) @ Accel:256 Loops:1024 Thr:1 Vec:8
--------------------------------------------
* Hash-Mode 5500 (NetNTLMv1 / NetNTLMv1+ESS)
--------------------------------------------
Speed.#1.........: 233.1 MH/s (4.23ms) @ Accel:256 Loops:1024 Thr:1 Vec:8
----------------------------
* Hash-Mode 5600 (NetNTLMv2)
----------------------------
Speed.#1.........: 20566.1 kH/s (50.72ms) @ Accel:256 Loops:1024 Thr:1 Vec:8
--------------------------------------------------------
* Hash-Mode 1500 (descrypt, DES (Unix), Traditional DES)
--------------------------------------------------------
Speed.#1.........: 3996.8 kH/s (60.51ms) @ Accel:64 Loops:1024 Thr:1 Vec:8
------------------------------------------------------------------------------
* Hash-Mode 500 (md5crypt, MD5 (Unix), Cisco-IOS $1$ (MD5)) [Iterations: 1000]
------------------------------------------------------------------------------
Speed.#1.........: 27786 H/s (35.99ms) @ Accel:256 Loops:1000 Thr:1 Vec:8
----------------------------------------------------------------
* Hash-Mode 3200 (bcrypt $2*$, Blowfish (Unix)) [Iterations: 32]
----------------------------------------------------------------
Speed.#1.........: 69 H/s (9.11ms) @ Accel:4 Loops:32 Thr:1 Vec:1
--------------------------------------------------------------------
* Hash-Mode 1800 (sha512crypt $6$, SHA512 (Unix)) [Iterations: 5000]
--------------------------------------------------------------------
Speed.#1.........: 2173 H/s (23.17ms) @ Accel:256 Loops:1024 Thr:1 Vec:4
--------------------------------------------------------
* Hash-Mode 7500 (Kerberos 5, etype 23, AS-REQ Pre-Auth)
--------------------------------------------------------
Speed.#1.........: 2518.9 kH/s (51.76ms) @ Accel:32 Loops:1024 Thr:1 Vec:8
-------------------------------------------------
* Hash-Mode 13100 (Kerberos 5, etype 23, TGS-REP)
-------------------------------------------------
Speed.#1.........: 2038.8 kH/s (63.41ms) @ Accel:64 Loops:512 Thr:1 Vec:8
---------------------------------------------------------------------------------
* Hash-Mode 15300 (DPAPI masterkey file v1 (context 1 and 2)) [Iterations: 23999]
---------------------------------------------------------------------------------
Speed.#1.........: 965 H/s (43.94ms) @ Accel:256 Loops:1024 Thr:1 Vec:8
---------------------------------------------------------------------------------
* Hash-Mode 15900 (DPAPI masterkey file v2 (context 1 and 2)) [Iterations: 12899]
---------------------------------------------------------------------------------
Speed.#1.........: 572 H/s (68.49ms) @ Accel:128 Loops:1024 Thr:1 Vec:4
------------------------------------------------------------------
* Hash-Mode 7100 (macOS v10.8+ (PBKDF2-SHA512)) [Iterations: 1023]
------------------------------------------------------------------
Speed.#1.........: 6975 H/s (48.26ms) @ Accel:256 Loops:511 Thr:1 Vec:4
---------------------------------------------
* Hash-Mode 11600 (7-Zip) [Iterations: 16384]
---------------------------------------------
Speed.#1.........: 2699 H/s (94.44ms) @ Accel:256 Loops:4096 Thr:1 Vec:8
------------------------------------------------
* Hash-Mode 12500 (RAR3-hp) [Iterations: 262144]
------------------------------------------------
Speed.#1.........: 337 H/s (94.81ms) @ Accel:128 Loops:16384 Thr:1 Vec:8
--------------------------------------------
* Hash-Mode 13000 (RAR5) [Iterations: 32799]
--------------------------------------------
Speed.#1.........: 688 H/s (44.94ms) @ Accel:256 Loops:1024 Thr:1 Vec:8
--------------------------------------------------------------------------------
* Hash-Mode 6211 (TrueCrypt RIPEMD160 + XTS 512 bit (legacy)) [Iterations: 1999]
--------------------------------------------------------------------------------
Speed.#1.........: 4326 H/s (58.61ms) @ Accel:256 Loops:512 Thr:1 Vec:8
-----------------------------------------------------------------------------------
* Hash-Mode 13400 (KeePass 1 (AES/Twofish) and KeePass 2 (AES)) [Iterations: 24569]
-----------------------------------------------------------------------------------
Speed.#1.........: 1068 H/s (39.78ms) @ Accel:256 Loops:1024 Thr:1 Vec:8
----------------------------------------------------------------
* Hash-Mode 6800 (LastPass + LastPass sniffed) [Iterations: 499]
----------------------------------------------------------------
Speed.#1.........: 45574 H/s (20.90ms) @ Accel:256 Loops:499 Thr:1 Vec:8
--------------------------------------------------------------------
* Hash-Mode 11300 (Bitcoin/Litecoin wallet.dat) [Iterations: 200459]
--------------------------------------------------------------------
Speed.#1.........: 70 H/s (74.11ms) @ Accel:256 Loops:1024 Thr:1 Vec:4
Started: Thu May 2 19:57:53 2024
Stopped: Thu May 2 20:09:16 2024Známe útoky, které nejspíš byly provedeny pomocí nástroje Hashcat
Mall.cz
V období od 27. července do 25. srpna 2017 došlo k úniků osobních údajů (jméno, příjmení, e-mailová adresa, heslo, případně telefonní číslo) z domény Mall.cz. Tato hesla byla poté dostupná v plaintextu na serveru Ulož.to. Poškozených bylo nejméně 735 tisíc uživatelů. Teoretickým důvodem prolomení hesel bylo použití hashovacího algoritmu MD5 do roku 2012 a poté přechod na algoritmus SHA1. Společnost začala od října 2016 používat algoritmus bcrypt. Úřad pro ochranu osobních údajů ohodnotil únik dat pokutou 1,5 milionu Kč.
V roce 2012 došlo k několika únikům přihlašovacích údajů z platfomy LinekdIn. Celkový počet uniklých účtů v roce 2012 se odhaduje na 117 milionů účtů. Z těchto účtů unikly informace o e-mailové adrese a hesel, které byly zašifrované v algoritmu SHA1 bez použití Saltu.
Adobe
Od 11. do 17. září došlo k útoku do interní sítě společnosti Adobe, kde byly ukradeny informace o nejméně 38 milionech užvatelích Adobe. Byly odcizeny informace o e-mailové adrese, hesel a detailech o kreditních kartách. Hesla nebyly zahashovány, ale byly zašifrovány pomocí šifry 3DES.
Yahoo
V letech 2013 a 2014 byla společnost Yahoo vystavena dvěma největším únikům dat v historii. Společnost zveřejnila informace o těchto útocích až v září 2016. Únik v srpnu 2013 se týkal všech 3 miliard uživatelských účtů na platformě. V prosinci 2014 bylo ukradeno přes 500 milionů uživatelských účtů. Při prvním útoku nebyl nalezen použitý typ zabezpečení ani algoritmus hesla, ovšem při druhém byla většina hesel zašifrována pomocí algoritmu bcrypt a zbytek pomocí algoritmu MD5.
Budoucnost Rainbow Tables
V minulosti byly Rainbow tables populární metodou pro rychlé lámání hesel. V současné době již mají několik omezení a jsou méně účinné.
- Prvním příkladem je zvýšená délka hesel, kdy uživatelé používají delší a komplexnější hesla, kdy na tak dlouhá a složitá hesla je vytvořit obrovské tabulky pro pokrytí všech možných kombinací. To rovněž zabírá velké množství místa.
- Druhým příkladem je použití Saltu, které po přidání k původním heslům vytváří hash, který neodpovídá samotnému heslu.
- Třetím příkladem je vývoj nových hashovacích algoritmů, kdy jsou novější hashovací algoritmy odolnější právě proti Rainbow Tables.
- Čtvrtým příkladem jsou alternativní metody lámání hesel, kdy jsou útoky s maskou, brute-force útoky, či útoky spojené se sociálním inženýrstvím efektivnější, než Rainbow Tables. Útoky s maskou a brute-force útoky jsou s dnešním pokročilým výpočetním výkonem snažší a rychlejší, než Rainbow Tables.
Zdroje:
[1] How to Crack Hashes with Hashcat — a Practical Pentesting Guide. FreeCodeCamp [online]. [cit. 2024-04-01]. Dostupné z: https://www.freecodecamp.org/news/hacking-with-hashcat-a-practical-guide/
[2] Prolamování hesel pomocí nástroje Hashcat [online]. HACKINGLAB. [cit. 2024-04-01]. Dostupné z: https://hackinglab.cz/cs/blog/prolamovani-hesel-pomoci-nastroje-hashcat/
[3] What is a Rainbow Table Attack? How To Protect Against It? [online]. 1Kosmos. [cit. 2024-05-06]. Dostupné z: https://www.1kosmos.com/authentication/rainbow-table-attack/
[4] Understanding Rainbow Table Attack [online]. GeeksforGeeks. [cit. 2024-05-06]. Dostupné z: https://www.geeksforgeeks.org/understanding-rainbow-table-attack/
[5] Rainbow table. Online. In: Wikipedia: the free encyclopedia. San Francisco (CA): Wikimedia Foundation, 2001-. Dostupné z: https://en.wikipedia.org/wiki/Rainbow_table. [cit. 2024-05-06].
[6] hashcat | Kali Linux Tools [online]. Kali. [cit. 2024-05-06]. Dostupné z: https://www.kali.org/tools/hashcat/
[7] How to Use Hashcat for Password Cracking (2024 Guide) [online]. StationX. [cit. 2024-05-06]. Dostupné z: https://www.stationx.net/how-to-use-hashcat/
[8] MD5. Online. In: Wikipedia: the free encyclopedia. San Francisco (CA): Wikimedia Foundation, 2001-. Dostupné z: https://en.wikipedia.org/wiki/MD5. [cit. 2024-05-06].
[9] SHA-1. Online. In: Wikipedia: the free encyclopedia. San Francisco (CA): Wikimedia Foundation, 2001-. Dostupné z: https://en.wikipedia.org/wiki/SHA-1. [cit. 2024-05-06].
[10] SHA-2. Online. In: Wikipedia: the free encyclopedia. San Francisco (CA): Wikimedia Foundation, 2001-. Dostupné z: https://en.wikipedia.org/wiki/SHA-2. [cit. 2024-05-06].
[11] BLAKE (hash function). Online. In: Wikipedia: the free encyclopedia. San Francisco (CA): Wikimedia Foundation, 2001-. Dostupné z: https://en.wikipedia.org/wiki/BLAKE_(hash_function). [cit. 2024-05-06].
[12] Salt (cryptography). Online. In: Wikipedia: the free encyclopedia. San Francisco (CA): Wikimedia Foundation, 2001-. Dostupné z: https://en.wikipedia.org/wiki/Salt_(cryptography). [cit. 2024-05-06].
[13] Adding Salt to Hashing: A Better Way to Store Passwords [online]. Auth0 Blog. [cit. 2024-05-06]. Dostupné z: https://auth0.com/blog/adding-salt-to-hashing-a-better-way-to-store-passwords/
[14] What is Salted Password Hashing? [online]. GeeksforGeeks. [cit. 2024-05-06]. Dostupné z: https://www.geeksforgeeks.org/what-is-salted-password-hashing/
[15] V úniku z Mallu je přes tři čtvrtě milionu jmen, hesel a telefonních čísel v čitelné podobě [online]. Lupa.cz. [cit. 2024-05-05]. Dostupné z: https://www.lupa.cz/clanky/v-uniku-z-mallu-je-pres-tri-ctvrte-milionu-jmen-hesel-a-telefonnich-cisel-v-citelne-podobe/
[16] Mall.cz dostal za obří únik dat svých uživatelů pokutu 1,5 milionu Kč [online]. Lupa.cz. [cit. 2024-05-05]. Dostupné z: https://www.lupa.cz/aktuality/mall-cz-dostal-za-obri-unik-dat-svych-uzivatelu-pokutu-1-5-milionu-kc
[17] Gigantický únik dat z Mall.cz [online]. KYBEZ. [cit. 2024-05-05]. Dostupné z: https://kybez.cz/giganticky-unik-dat-z-mall-cz/
[18] Na prodej je 117 milionů hesel z LinkedIn, za 2 200 dolarů [online]. Lupa.cz. [cit. 2024-05-05]. Dostupné z: https://www.lupa.cz/clanky/na-prodej-je-117-mlionu-hesel-z-linkedin-za-2-200-dolaru/
[19] Nejčastější hesla 130 milionů uživatelů Adobe? 12346 i password [online]. Živě.cz. [cit. 2024-05-05]. Dostupné z: https://www.zive.cz/bleskovky/nejcastejsi-hesla-130-milionu-uzivatelu-adobe-12346-i-password/sc-4-a-171170/default.aspx
[20] Adobe napadeno: Hacker získal tři miliony účtů uživatelů i zdrojové kódy [online]. Živě.cz. [cit. 2024-05-05]. Dostupné z: https://www.zive.cz/bleskovky/adobe-napadeno-hacker-ziskal-tri-miliony-uctu-uzivatelu-i-zdrojove-kody/sc-4-a-170810/default.aspx
[21] 2012 LinkedIn hack. Online. In: Wikipedia: the free encyclopedia. San Francisco (CA): Wikimedia Foundation, 2001-. Dostupné z: https://en.wikipedia.org/wiki/2012_LinkedIn_hack. [cit. 2024-05-05].
[22] Yahoo! data breaches. Online. In: Wikipedia: the free encyclopedia. San Francisco (CA): Wikimedia Foundation, 2001-. Dostupné z: https://en.wikipedia.org/wiki/Yahoo!_data_breaches. [cit. 2024-05-05].