Hashcat
Hashcat is probably the most popular hash cracker. It is really performant and support a lot of hash types. Multiple options allow the user to perform brute force or dictionary attacks.
Note: Adding the --force
flag can help.
Hashcat Hashes Examples
Hashcat Dictionary Attack
Formating trick
Adding the --user
flag allows us keep the username in front of the hash. This is very handy as we can know what hash is associated to what user. Hashcat will take what comes after the first :
as the hash to crack.
Then, once the hashes are cracked we can add the flag --shows to see what hash is own by what user.
-a 0
: dictionary attack
Apache
Example: $apr1$gUBRwnSI$XJMOlBNl00dvACkIf6xrH0
NTLM
Example: aad3b435b51404eeaad3b435b51404ee:b74242f37e47371aff835a6ebcac4ffe:::
NTLMv2
What we get from Responder
Example: anirudh::VAULT:9def1316e1c05550:0AF01C475AFD7AD30 [...]
Kerberos 5
What we get from ASREP-R
Example: $krb5asrep$23$fsmith@EGOTISTICAL-BANK.LOCAL:a89b6e7874
Shadow password
Kerberoast hash
Example: $krb5tgs$23$*SQLService$THROWBACK.LO
Hashcat Brute Force Attack
-a 3
: Brute force attack
Perform a brute force attack on the specified hash. The password is 4 digit.
Hashcat with rules
Popular passwords cracking rule:
-r
: to specify the rule file
Last updated