From 4642dd44fcfef8f99849a34a2a3bd1783e545d45 Mon Sep 17 00:00:00 2001 From: clem9669 <18504086+clem9669@users.noreply.github.com> Date: Wed, 5 Jan 2022 18:25:31 +0000 Subject: [PATCH] Update Hash Cracking.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Hey 👋 Updating content with more information and more accurate resources. --- Methodology and Resources/Hash Cracking.md | 64 +++++++++++++++------- 1 file changed, 43 insertions(+), 21 deletions(-) diff --git a/Methodology and Resources/Hash Cracking.md b/Methodology and Resources/Hash Cracking.md index c720725..c598774 100644 --- a/Methodology and Resources/Hash Cracking.md +++ b/Methodology and Resources/Hash Cracking.md @@ -5,7 +5,7 @@ * [Hashcat](https://hashcat.net/hashcat/) * [Hashcat Example Hashes](https://hashcat.net/wiki/doku.php?id=example_hashes) * [Hashcat Install](#hashcat-install) - * [Brute-Force](#brute-force) + * [Mask attack](#mask-attack) * [Dictionary](#dictionary) * [John](https://github.com/openwall/john) * [Usage](#john-usage) @@ -25,8 +25,40 @@ apt install checkinstall git -y git clone https://github.com/hashcat/hashcat.git && cd hashcat && make -j 8 && make install ``` +1. Extract the hash +2. Get the hash format: https://hashcat.net/wiki/doku.php?id=example_hashes +3. Establish a cracking stratgy based on hash format (ex: wordlist -> wordlist + rules -> mask -> combinator mode -> prince attack -> ...) +4. Enjoy plains +5. Review strategy +6. Start over -### Brute-Force +### Dictionary + +> Every word of a given list (a.k.a. dictionary) is hashed and compared against the target hash. + +```powershell +hashcat --attack-mode 0 --hash-type $number $hashes_file $wordlist_file -r $my_rules +``` + +* Wordlists + * [packetstorm](https://packetstormsecurity.com/Crackers/wordlists/) + * [weakpass_3a](https://download.weakpass.com/wordlists/1948/weakpass_3a.7z) + * [weakpass_3](https://download.weakpass.com/wordlists/1947/weakpass_3.7z) + * [Hashes.org](https://download.weakpass.com/wordlists/1931/Hashes.org.7z) + * [kerberoast_pws](https://gist.github.com/edermi/f8b143b11dc020b854178d3809cf91b5/raw/b7d83af6a8bbb43013e04f78328687d19d0cf9a7/kerberoast_pws.xz) + * [hashmob.net](https://hashmob.net/research/wordlists) + * [clem9669/wordlists](https://github.com/clem9669/wordlists) + +* Rules + * [One Rule to Rule Them All](https://notsosecure.com/one-rule-to-rule-them-all/) + * [nsa-rules](https://github.com/NSAKEY/nsa-rules) + * [hob064](https://raw.githubusercontent.com/praetorian-inc/Hob0Rules/master/hob064.rule) + * [d3adhob0](https://raw.githubusercontent.com/praetorian-inc/Hob0Rules/master/d3adhob0.rule) + * [clem9669/hashcat-rule](https://github.com/clem9669/hashcat-rule) + +### Mask attack + +Mask attack is an attack mode which optimize brute-force. > Every possibility for a given character set and a given length (i.e. aaa, aab, aac, ...) is hashed and compared against the target hash. @@ -71,25 +103,7 @@ hashcat --attack-mode 3 --custom-charset1 "?u" --custom-charset2 "?l?u?d" --cust | ?a | ?l?u?d?s | | ?b | 0x00 - 0xff | -### Dictionary -> Every word of a given list (a.k.a. dictionary) is hashed and compared against the target hash. - -```powershell -hashcat --attack-mode 0 --hash-type $number $hashes_file $wordlist_file -``` - -* Wordlists - * [packetstorm](https://packetstormsecurity.com/Crackers/wordlists/) - * [weakpass_3a](https://download.weakpass.com/wordlists/1948/weakpass_3a.7z) - * [weakpass_3](https://download.weakpass.com/wordlists/1947/weakpass_3.7z) - * [Hashes.org](https://download.weakpass.com/wordlists/1931/Hashes.org.7z) - * [kerberoast_pws](https://gist.github.com/edermi/f8b143b11dc020b854178d3809cf91b5/raw/b7d83af6a8bbb43013e04f78328687d19d0cf9a7/kerberoast_pws.xz) -* Rules - * [One Rule to Rule Them All](https://notsosecure.com/one-rule-to-rule-them-all/) - * [nsa-rules](https://github.com/NSAKEY/nsa-rules) - * [hob064](https://raw.githubusercontent.com/praetorian-inc/Hob0Rules/master/hob064.rule) - * [d3adhob0](https://raw.githubusercontent.com/praetorian-inc/Hob0Rules/master/d3adhob0.rule) ## John @@ -103,6 +117,9 @@ john passwd # Use a specific wordlist john --wordlist= passwd +# Use a specific wordlist with rules +john --wordlist= passwd --rules=Jumbo + # Show cracked passwords john --show passwd @@ -127,16 +144,21 @@ john --restore * [How To Build A Password Cracking Rig - 5000$](https://www.netmux.com/blog/how-to-build-a-password-cracking-rig) * Online cracking * [Hashes.com](https://hashes.com/en/decrypt/hash) + * [hashmob.net](https://hashmob.net/): great community with Discord * Use the `loopback` in combination with rules and dictionary to keep cracking until you don't find new passsword: `hashcat --loopback --attack-mode 0 --rules-file $rules_file --hash-type $number $hashes_file $wordlist_file` ## Online Cracking Resources -* [hashes.com](https://hashes.com) +* ~~[hashes.com](https://hashes.com)~~ * [crackstation](https://crackstation.net) +* [Hashmob](https://hashmob.net/) ## References * [Cracking - The Hacker Recipes](https://www.thehacker.recipes/ad-ds/movement/credentials/cracking) * [Using Hashcat to Crack Hashes on Azure](https://durdle.com/2017/04/23/using-hashcat-to-crack-hashes-on-azure/) +* [miloserdov.org hashcat](https://miloserdov.org/?p=5426&PageSpeed=noscript) +* [digtvbg.com](https://digtvbg.com/files/books-for-hacking/Hash%20Crack%20-%20Password%20Cracking%20Manual%20%28v2.0%29%20by%20Joshua%20Picolet.pdf) +* [miloserdov.org john](https://miloserdov.org/?p=4961&PageSpeed=noscript)