Edit

hashcat

Hashcat: a high-performance password cracking tool that uses brute-force and dictionary attacks to handle various hashing algorithms and encryption protocols.

Hashcat is a highly powerful and efficient security tool designed to crack passwords and other cryptographic hash functions. With its state-of-the-art technology and unmatched processing speed, Hashcat has become a popular tool for security professionals, ethical hackers, and penetration testers who are looking to test the strength of their system's security.

At its core, Hashcat uses brute-force techniques to crack passwords, meaning it works by trying all possible combinations of characters until the correct password is found. Hashcat can also utilize dictionary attacks, which involve running through a list of known passwords and phrases to see if they match the password being targeted. This feature alone can save significant time and processing power, as many users tend to use easily guessed passwords.

One of the key features of Hashcat is its ability to handle a wide range of hashing algorithms and encryption protocols. From simple MD5 hashes to complex SHA-512 hashes, Hashcat is equipped to handle them all. Additionally, it can handle common encryption protocols like WPA2, which are used to secure wireless networks.

What makes Hashcat stand out among other password cracking tools is its speed. The software can utilize the computing power of multiple GPUs, allowing it to process billions of hashes per second. This speed advantage is what makes Hashcat so popular among professional security testers, as it significantly reduces the time needed to crack passwords and discover vulnerabilities in a system's security.

Hashcat's user interface is also very user-friendly, with intuitive menus and clear instructions that make it easy to navigate even for those with little to no experience in password cracking. The software can also be customized to fit the needs of a particular project or user, allowing them to tailor the tool to their specific needs.

Overall, Hashcat is a highly effective and efficient security tool that provides users with unparalleled speed and power when cracking passwords and testing system security. Its ability to handle a wide range of hashing algorithms, encryption protocols, and customization options make it an essential tool for any security professional or ethical hacker. With its intuitive interface and unmatched processing speed, Hashcat is the go-to tool for those looking to test the strength of their security systems.

hashcat Usage Examples

Run a benchmark test on all supported hash types to determine cracking speed:

:~# hashcat -b
hashcat (v5.0.0) starting in benchmark mode...

Benchmarking uses hand-optimized kernel code by default.
You can use it in your cracking session by setting the -O option.
Note: Using optimized kernel code limits the maximum supported password length.
To disable the optimized kernel code in benchmark mode, use the -w option.

* Device #1: Not a native Intel OpenCL runtime. Expect massive speed loss.
             You can use --force to override, but do not report related errors.
OpenCL Platform #1: The pocl project
====================================
* Device #1: pthread-Intel(R) Xeon(R) CPU E5-2676 v3 @ 2.40GHz, skipped.

OpenCL Platform #2: Intel(R) Corporation
========================================
* Device #2: Intel(R) Xeon(R) CPU E5-2676 v3 @ 2.40GHz, 986/3946 MB allocatable, 2MCU

Benchmark relevant options:
===========================
* --optimized-kernel-enable

Hashmode: 0 - MD5

Speed.#2.........:   134.9 MH/s (15.41ms) @ Accel:1024 Loops:1024 Thr:1 Vec:8

Hashmode: 100 - SHA1

Speed.#2.........: 98899.4 kH/s (21.04ms) @ Accel:1024 Loops:1024 Thr:1 Vec:8

Hashmode: 1400 - SHA2-256

Speed.#2.........: 42768.3 kH/s (48.86ms) @ Accel:1024 Loops:1024 Thr:1 Vec:8
[...]

Use md5crypt mode (-m 500) to cracking the sample hash (example500.hash) with the provided wordlist (/usr/share/wordlists/sqlmap.txt):

Packages and Binaries:

hashcat

Hashcat supports five unique modes of attack for over 300 highly-optimized hashing algorithms. hashcat currently supports CPUs, GPUs, and other hardware accelerators on Linux, and has facilities to help enable distributed password cracking.

Examples of hashcat supported hashing algorithms are: MD5, HMAC-MD5, SHA1, HMAC-SHA1, MySQL323, MySQL4.1/MySQL5, phpass, MD5(Wordpress), MD5(phpBB3), MD5(Joomla), md5crypt, MD5(Unix), FreeBSD MD5, Cisco-IOS, MD4, NTLM, Domain Cached Credentials (DCC), MS Cache, SHA256, HMAC-SHA256, md5apr1, MD5(APR), Apache MD5, SHA512, HMAC-SHA512, Cisco-PIX, Cisco-ASA, WPA/WPA2, Double MD5, bcrypt, Blowfish(OpenBSD), MD5(Sun), Double SHA1, SHA-3(Keccak),Half MD5, Password Safe SHA-256, IKE-PSK MD5, IKE-PSK SHA1, NetNTLMv1-VANILLA/NetNTLMv1-ESS, NetNTLMv2, Cisco-IOS SHA256, Android PIN, AIX {smd5}, AIX {ssha256}, AIX {ssha512}, AIX {ssha1}, GOST, GOST R 34, Fortigate (FortiOS), OS X v10.8+, GRUB 2, IPMI2, RAKP, HMAC-SHA1, sha256crypt, SHA256(Unix), Drupal7, WBB3, scrypt, Cisco $8$, Cisco $9$, Radmin2, Django (PBKDF2-SHA256), Cram MD5, SAP, iSSHA-1, PrestaShop, PostgreSQL, Challenge-Response Authentication (MD5), MySQL Challenge-Response, Authentication (SHA1), SIP digest authentication (MD5), Plaintext, Joomla < 2.5.18, PostgreSQL, osCommerce, xt:Commerce, Skype, nsldap, Netscape, LDAP, nsldaps, SSHA-1(Base64), Oracle S: Type (Oracle 11+), SMF > v1.1, OS X v10.4, v10.5, v10.6, EPi, Django (SHA-1), MSSQL(2000), MSSQL(2005), PeopleSoft, EPiServer 6.x < v4, hMailServer, SSHA-512(Base64), LDAP {SSHA512}, OS X v10.7, MSSQL(2012 & 2014), vBulletin < v3.8.5, PHPS, vBulletin > v3.8.5, IPB2+, MyBB1.2+, Mediawiki B type, WebEdition CMS, Redmine.

Hashcat offers multiple attack modes for obtaining effective and complex coverage over a hash’s keyspace. These modes are:

  • Brute-Force attack

  • Combinator attack

  • Dictionary attack

  • Fingerprint attack

  • Hybrid attack

  • Mask attack

  • Permutation attack

  • Rule-based attack

  • Table-Lookup attack

  • Toggle-Case attack

  • PRINCE attack

Installed size: 80.48 MB How to install: sudo apt install hashcat

Dependencies:

  • hashcat-data

  • libc6

  • libgcc-s1

  • libminizip1

  • libstdc++6

  • libxxhash0

  • pocl-opencl-icd | opencl-icd

  • zlib1g

hashcat

Advanced CPU-based password recovery utility

hashcat-data

Hashcat is an advanced CPU/GPU-based password recovery utility supporting seven unique modes of attack for over 100 optimized hashing algorithms.

This package contains the data files for hashcat, including charsets, rules, salts, tables and Python tools.

Installed size: 28.25 MB How to install: sudo apt install hashcat-data

Dependencies:

  • python3

Updated on: 2022-Nov-16

PreviousjohnNexthydra

Last updated

Was this helpful?