๐Ÿ•ธ๏ธ
Th4ntis CyberSec
  • ๐Ÿ•ท๏ธ>whoami_
  • ๐Ÿ–ฅ๏ธGeneral Info
    • CyberSec News
    • Getting Started and other Resources
      • CompTIA Certs
        • Security+
        • Pentest+
    • MITRE ATT&CK
    • Cyber Kill Chain
    • Docker
  • ๐Ÿ’ปNetworking
    • General Networking
    • Common Ports and Protocols
    • TCP/IP Model
    • OSI Model
    • Subnetting
    • Wireshark
    • NMap
    • Wireless
      • Wardriving/WiFi Sniffing
    • 3-Way Handshake
  • ๐ŸงLinux
    • Common commands
    • Sudo
    • Files and File contents
    • Sed Awk and Grep
    • Permissions
  • ๐ŸชŸWindows
    • Event Codes
    • Powershell
    • Internals
    • Active Directory
  • ๐Ÿ”ŽOSINT
    • OSINT Tools
    • IP/Domain OSINT
    • Email/Username OSINT
    • URL OSINT and Sandboxing
    • Social Media OSINT
    • Website OSINT
    • Password OSINT
    • Physical Location OSINT
    • Image OSINT
    • People OSINT
    • Phone Number OSINT
    • Shodan
    • Google Dorking
  • ๐Ÿ› ๏ธTools
    • Brute Force
      • Hydra
    • Credential Dumping
      • Mimikatz
    • Enumeration
      • Bloodhound
      • Certipy
      • Dirb/Dirbuster
      • Enum4Linux
      • GoBuster
    • Exploitation Framework
      • Metasploit
      • Sliver
      • Cobalt Strike
    • Hash Cracking
      • Hashcat
      • JohnTheRipper
    • Methods
      • Powershell Obfuscation
      • Privilege Escalation
      • Pass-The-Hash
      • Kerberos and Kerberoasting
    • Vulnerability Scanners
      • Nessus
      • OpenVAS
    • Web App
      • BurpSuite
      • OWASP Zap
    • Wireless
      • Aircrack-ng
      • Kismet
      • Bettercap
      • HCXDumptool
      • Wifite
    • Impacket
    • Social-Engineer Toolkit (SET)
  • ๐Ÿ“”Guides and How-To's
    • Lab Setup
      • Ubuntu VM
      • Kali VM
      • Windows User VM
      • Windows Server VM
    • Wardriving
      • Pwnagotchi
    • Wireless Pentesting
      • WiFi Pineapple Basics
      • Evil-Twin Attack
    • Over The Wire
      • Bandit
      • Natas
      • Leviathan
      • Krypton
      • Narnia
      • Behemoth
      • Utumno
      • Maze
      • Vortex
      • Manpage
    • Docker and Kali Linux
    • Staying Private and goin Dark Online
  • ๐Ÿ“•Quick References
    • Tools
      • Tmux
      • NMap
      • Ffuf
      • NetExec
      • CrackMapExec
      • Proxychains
      • OneDriveUser Enum
      • Hashcat
    • One-liners
    • Reverse Shells
    • Post Exploitation
    • Enumeration
      • Google
      • Sublist3r
      • NMap
      • DNSDumpster
    • Hashcracking
    • Wireless
  • ๐Ÿ““Courses
    • PNPT
      • Practical Ethical Hacking
      • Windows Privilege Escalation
      • Linux Privilege Escalation
      • OSINT Fundamentals
      • External Pentest Playbook
  • โ˜๏ธTryHackMe
    • Attacking Kerberos
    • Hacking with Powershell
    • Powershell for Pentesters
    • Linux PrivEsc
    • Windows PrivEsc
    • Blue
    • Kenobi
  • ๐Ÿ“ฆHackTheBox
    • Starting Point
      • Tier 0
        • Meow
        • Fawn
        • Dancing
        • Redeemer
        • Explosion
        • Preignition
        • Mongod
        • Synced
      • Tier 1
        • Appointment
        • Sequel
        • Crocodile
        • Responder
        • Three
        • Ignition
        • Bike
        • Funnel
        • Pennyworth
        • Tactics
      • Tier 2
        • Archetype
        • Oopsie
        • Vaccine
        • Unified
        • Included
        • Markup
        • Base
    • Walkthroughs
      • Lame
      • Analytics
      • Manager
      • Codify
Powered by GitBook
On this page
  • About
  • HCXTools
  • Install
  • Hashcat
  • Hashcat-Utils
  • HCXTools
  • Usage
  • General
  • Dictionary
  • Brute Force
Edit on GitHub
  1. Tools
  2. Hash Cracking

Hashcat

Last updated 1 year ago

About

Hashcat is a free powerful open-source hash cracking tool. From their github "hashcat is the world's fastest and most advanced password recovery utility, supporting five unique modes of attack for over 300 highly-optimized hashing algorithms. hashcat currently supports CPUs, GPUs, and other hardware accelerators on Linux, Windows, and macOS, and has facilities to help enable distributed password cracking."

hashcat has a lot of additional and helpful tools as well as ZerBea has made some helpful tools as well.

HCXTools

From their github "Small set of tools convert packets from captures (h = hash, c = capture, convert and calculate candidates, x = different hashtypes) for the use with latest hashcat or John the Ripper. The tools are 100% compatible to hashcat and John the Ripper and recommended by hashcat. This branch is pretty closely synced to hashcat git and John the Ripper git."

Install

You can download their binaries or sources from their homepage or compile from source on linux.

Hashcat

cd /opt/

sudo git clone https://github.com/hashcat/hashcat && cd hashcat

sudo make

sudo make install

Hashcat-Utils

cd /opt/

sudo git clone https://github.com/hashcat/hashcat-utils.git && cd hashcat-utils/src

sudo make

sudo cp *bin ../bin

HCXTools

sudo apt install libcurl4-openssl-dev libssl-dev zlib1g-dev

cd /opt/

sudo git clone https://github.com/ZerBea/hcxtools.git && cd hcxtools

sudo make

sudo make install

Usage

General

hashcat can be used in many forms but the usual format I follow is:

hashcat (attackmode) (hashtype) (workload profile) (hashfile)

Example: hashcat -a # -m # -w # CrackMe.txt

The types of attackmodes are:

#
Mode

0

Straight

1

Combination

3

Brute-Force

6

Hybrid Wordlist+Mask

7

Hyrbid Mask+Wordlist

9

Association

  • Straight - Tries the exact words that are in your chosen wordlist(s), with no modifications other than rules.

  • Combination(Combinator) - Combines the current word with the rest of the words in the wordlist.

If your wordlist was:

aa

bb

cc

dd

It woud generate hashes for the keys: aabb, aacc, aadd, bbcc, bbdd, ccdd, with no modifications other than rules.

  • Brute-Force - Tries all combinations from a given Keyspace. It is the easiest of all the attacks.

  • Hybrid Mask+Wordlist - Same as "Hybrid Mask+Wordlist" above but swapped.

There are a lot of hashtypes so I won't try to list them here but these can be found with hashcat --help | less and running down till we find the list. We can also grep for specific hash types as well. hashcat --help | grep NTLM.

The workload profile is something we use to speed up the process but can make it so the rest of the computer is slow as it uses much more processing power. Workload Profile types are:

#
Performance
Runtime
Power Consumption
Impact

1

Low

2ms

Low

Minimal

2

Default

12ms

Economic

Noticeable

3

High

96ms

High

Unresponsive

4

Nightmare

480ms

Insane

Headless

Dictionary

If we want to use a dictionary attack, like using rockyou.txt for example

hashcat -a 0 -w 3 -m 22000 -w 3(hash file) (wordlist)

Depending on your hardware, the dictionary you chose, and the password, this may take some time. You can press S for a status to see the time time estimated on finishing, as well as the updated "Recovered.Total" to see the recovered keys"

We can run the same command again with --show appended to the end to see our cracked passwords.

Brute Force

If we wanted to run a brute force attack rather than a dictionary attack, it's a similar command

hashcat -a 3 -w 3 -m 22000 -w 3 (hash file) '?l?l?l?l?l?l?l'

Replace the ?l with whatever we deem fit.

  • ?l = a-z

  • ?u = A-Z

  • ?d = 0-9

  • ?h = 0-9a-f

  • ?H = 0-9A-F

  • ?s = !"#$%&'()*+,-./:;<=>?@[]^_`{|}~

  • ?a = ?l?u?d?s

  • ?b = 0x00 - 0xff

This will cover the basics of the hash cracking with hashcat but it can get SO much more advanced with hashcat.

Hybrid Wordlist+Mask - "The hybrid attack is just a . One side is simply a dictionary, the other is the result of a . In other words, the full Brute-Force keyspace is either appended or prepended to each of the words from the dictionary. Hence the name, โ€œhybridโ€."

Association - This attack is not yet ready. More info can be found .

๐Ÿ› ๏ธ
Hashcat Homepage
Hashcat Github
HCXTools Github
Combinator attack
Brute-Force attack
here