UNDERCODE COMMUNITY

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Hashcat command structure:

In its most general form, the command to start Hashcat looks like (in it, the | symbol means "OR"):

1) hashcat
In subsequent commands, HASH, FILE-WITH-HASHEM and hccapxfile will be designated as simply "HASH" - remember that this can be either a hash string or the path to the file in which the hash is stored.

General view of the command for launching a dictionary attack:

hashcat -m 0

If the hash is placed in a file, then the command:

2) hashcat -m -a 0 /dir
General view of the command to launch a mask attack:

3) hashcat -m -a 3 'МАСКА'
If the hash is placed in a file, then the command:

4) hashcat -m -a 3 /
With the -m option, you need to specify the TYPE of the hash to crack, which is indicated by a number. The hash numbers are given below when describing the hash extraction process.

🦑Examples of Hashcat masks
Dictionary attack
I’ll first start with a dictionary attack against the list of MD5 hashes:

hashcat64.exe -a 0 -m 0 example_md5_hashes.txt combined_seclists_password_list.txt -O
The result of the command cracked zero hashes. Bummer.

You may have noticed I added the -O flag to the end of the command. The -O will greatly increase the cracking speed, but will limit the password length that you’ll be able to crack. This is usually fine, unless you are cracking passwords greater than 27 characters.

Dictionary attack with rules
Let’s try a rule. As mentioned earlier, hashcat ships with several rules located in the rules directory. You use the -r <rulefile.rule> option to apply a rule. For example, I’ll use the d3ad0ne.rule:

hashcat64.exe -a 0 -m 0 example_md5_hashes.txt combined_seclists_password_list.txt -r rules\d3ad0ne.rule -O
Within a few seconds hashes will start to crack. You can press the ‘s’ key to get an estimated time of completion, as well as see other data about the session. For me, this ran for 8 minutes and recovered 26 of the passwords.

Not bad! And that is just one rule! Cycling through the rules will recover new passwords, but I’m just going to skip to a different attack. More on rules in a follow-on post (eventually), but you can take a look at my follow-on post about rule writing, or the hashcat wiki to get started with writing your own rules.

🦑Combinator attack
A combinator attack is an attack that combines two dictionaries. To perform this attack I’ll first create a copy of my wordlist with a few modifications. First I’ll use a script, wordlist_cleaner.py to lowercase all letters, and remove any numbers and special characters from each word. Then I’ll use another script, capitalize_letters.py, to capitalize the first letter of each word.

C:\Users\Jake\hashcat-4.2.1>python3 wordlist_cleaner.py -f combined_seclists_password_list.txt -o combined_seclists_password_list_clean.txt

[*] Reading file: combined_seclists_password_list.txt
[*] Processing 13272929 words.
[*] Changing all words to lowercase...
[*] Removing numbers and special characters...
[*] Removing duplicate words...
[*] Printing cleaned words to combined_seclists_password_list_clean.txt

C:\Users\Jake\hashcat-4.2.1>python3 capitalize_letters.py -f combined_seclists_password_list_clean.txt -o combined_seclists_password_list_caps.txt
[*] Reading file: combined_seclists_password_list_clean.txt...
[*] Processing 7243374 words...
[*] Changing all words to lowercase...
[*] Capitalizing first letter of each word...
[*] Writing to combined_seclists_password_list_caps.txt…
Now I’ll try an attack:

hashcat64.exe -a 1 -m 0 example_md5_hashes.txt combined_seclists_password_list_caps.txt combined_seclists_password_list_caps.txt -k "$!" -O

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

361 views16:31