mirror of
https://github.com/swisskyrepo/PayloadsAllTheThings.git
synced 2024-05-26 12:06:26 +02:00
Swissky
commit
218d557c3d
GPG Key ID:
4AEE18F83AFDEB23
|
|
@ -5,7 +5,7 @@
|
|||
* [Hashcat](https://hashcat.net/hashcat/)
|
||||
* [Hashcat Example Hashes](https://hashcat.net/wiki/doku.php?id=example_hashes)
|
||||
* [Hashcat Install](#hashcat-install)
|
||||
* [Brute-Force](#brute-force)
|
||||
* [Mask attack](#mask-attack)
|
||||
* [Dictionary](#dictionary)
|
||||
* [John](https://github.com/openwall/john)
|
||||
* [Usage](#john-usage)
|
||||
|
|
@ -25,8 +25,40 @@ apt install checkinstall git -y
|
|||
git clone https://github.com/hashcat/hashcat.git && cd hashcat && make -j 8 && make install
|
||||
```
|
||||
|
||||
1. Extract the hash
|
||||
2. Get the hash format: https://hashcat.net/wiki/doku.php?id=example_hashes
|
||||
3. Establish a cracking stratgy based on hash format (ex: wordlist -> wordlist + rules -> mask -> combinator mode -> prince attack -> ...)
|
||||
4. Enjoy plains
|
||||
5. Review strategy
|
||||
6. Start over
|
||||
|
||||
### Brute-Force
|
||||
### Dictionary
|
||||
|
||||
> Every word of a given list (a.k.a. dictionary) is hashed and compared against the target hash.
|
||||
|
||||
```powershell
|
||||
hashcat --attack-mode 0 --hash-type $number $hashes_file $wordlist_file -r $my_rules
|
||||
```
|
||||
|
||||
* Wordlists
|
||||
* [packetstorm](https://packetstormsecurity.com/Crackers/wordlists/)
|
||||
* [weakpass_3a](https://download.weakpass.com/wordlists/1948/weakpass_3a.7z)
|
||||
* [weakpass_3](https://download.weakpass.com/wordlists/1947/weakpass_3.7z)
|
||||
* [Hashes.org](https://download.weakpass.com/wordlists/1931/Hashes.org.7z)
|
||||
* [kerberoast_pws](https://gist.github.com/edermi/f8b143b11dc020b854178d3809cf91b5/raw/b7d83af6a8bbb43013e04f78328687d19d0cf9a7/kerberoast_pws.xz)
|
||||
* [hashmob.net](https://hashmob.net/research/wordlists)
|
||||
* [clem9669/wordlists](https://github.com/clem9669/wordlists)
|
||||
|
||||
* Rules
|
||||
* [One Rule to Rule Them All](https://notsosecure.com/one-rule-to-rule-them-all/)
|
||||
* [nsa-rules](https://github.com/NSAKEY/nsa-rules)
|
||||
* [hob064](https://raw.githubusercontent.com/praetorian-inc/Hob0Rules/master/hob064.rule)
|
||||
* [d3adhob0](https://raw.githubusercontent.com/praetorian-inc/Hob0Rules/master/d3adhob0.rule)
|
||||
* [clem9669/hashcat-rule](https://github.com/clem9669/hashcat-rule)
|
||||
|
||||
### Mask attack
|
||||
|
||||
Mask attack is an attack mode which optimize brute-force.
|
||||
|
||||
> Every possibility for a given character set and a given length (i.e. aaa, aab, aac, ...) is hashed and compared against the target hash.
|
||||
|
||||
|
|
@ -71,25 +103,7 @@ hashcat --attack-mode 3 --custom-charset1 "?u" --custom-charset2 "?l?u?d" --cust
|
|||
| ?a | ?l?u?d?s |
|
||||
| ?b | 0x00 - 0xff |
|
||||
|
||||
### Dictionary
|
||||
|
||||
> Every word of a given list (a.k.a. dictionary) is hashed and compared against the target hash.
|
||||
|
||||
```powershell
|
||||
hashcat --attack-mode 0 --hash-type $number $hashes_file $wordlist_file
|
||||
```
|
||||
|
||||
* Wordlists
|
||||
* [packetstorm](https://packetstormsecurity.com/Crackers/wordlists/)
|
||||
* [weakpass_3a](https://download.weakpass.com/wordlists/1948/weakpass_3a.7z)
|
||||
* [weakpass_3](https://download.weakpass.com/wordlists/1947/weakpass_3.7z)
|
||||
* [Hashes.org](https://download.weakpass.com/wordlists/1931/Hashes.org.7z)
|
||||
* [kerberoast_pws](https://gist.github.com/edermi/f8b143b11dc020b854178d3809cf91b5/raw/b7d83af6a8bbb43013e04f78328687d19d0cf9a7/kerberoast_pws.xz)
|
||||
* Rules
|
||||
* [One Rule to Rule Them All](https://notsosecure.com/one-rule-to-rule-them-all/)
|
||||
* [nsa-rules](https://github.com/NSAKEY/nsa-rules)
|
||||
* [hob064](https://raw.githubusercontent.com/praetorian-inc/Hob0Rules/master/hob064.rule)
|
||||
* [d3adhob0](https://raw.githubusercontent.com/praetorian-inc/Hob0Rules/master/d3adhob0.rule)
|
||||
|
||||
## John
|
||||
|
||||
|
|
@ -103,6 +117,9 @@ john passwd
|
|||
# Use a specific wordlist
|
||||
john --wordlist=<wordlist> passwd
|
||||
|
||||
# Use a specific wordlist with rules
|
||||
john --wordlist=<wordlist> passwd --rules=Jumbo
|
||||
|
||||
# Show cracked passwords
|
||||
john --show passwd
|
||||
|
||||
|
|
@ -127,16 +144,20 @@ john --restore
|
|||
* [How To Build A Password Cracking Rig - 5000$](https://www.netmux.com/blog/how-to-build-a-password-cracking-rig)
|
||||
* Online cracking
|
||||
* [Hashes.com](https://hashes.com/en/decrypt/hash)
|
||||
* [hashmob.net](https://hashmob.net/): great community with Discord
|
||||
* Use the `loopback` in combination with rules and dictionary to keep cracking until you don't find new passsword: `hashcat --loopback --attack-mode 0 --rules-file $rules_file --hash-type $number $hashes_file $wordlist_file`
|
||||
|
||||
|
||||
## Online Cracking Resources
|
||||
|
||||
* [hashes.com](https://hashes.com)
|
||||
* ~~[hashes.com](https://hashes.com)~~
|
||||
* [crackstation](https://crackstation.net)
|
||||
* [Hashmob](https://hashmob.net/)
|
||||
|
||||
|
||||
## References
|
||||
|
||||
* [Cracking - The Hacker Recipes](https://www.thehacker.recipes/ad-ds/movement/credentials/cracking)
|
||||
* [Using Hashcat to Crack Hashes on Azure](https://durdle.com/2017/04/23/using-hashcat-to-crack-hashes-on-azure/)
|
||||
* [miloserdov.org hashcat](https://miloserdov.org/?p=5426&PageSpeed=noscript)
|
||||
* [miloserdov.org john](https://miloserdov.org/?p=4961&PageSpeed=noscript)
|
||||
|
|
|
|||
Loading…
Reference in New Issue