November 3, 2020
HashCat - известный и самый быстрый в мире инструмент для взлома паролей.
Данный инструмент имеет 7 режимов атаки для 200+ высоко оптимизированных алгоритмов хеширования (MD4, MD5, семейство SHA, Unix Crypt, MySQL, Cisco Pix и т. Д.). В настоящее время он поддерживает: процессоры, графические процессоры и другие аппаратные ускорители в Linux, Windows и macOS, а также имеет средства, позволяющие включить распределенный взлом паролей.
Инструкция по установке:
Устанавливаем Kali Linux и прописываем в нем данную команду, для скачивания Hashcat:
$ wget https://hashcat.net/files/hashcat-5.1.0.7z
Чтобы установить на Kali Linux, запустите:
$ sudo apt-get install hashca
Распакуйте архив с помощью установленной утилиты 7zip:
$ 7za x hashcat-5.1.0.7z
Ubuntu/Debian:
$ p7zip -d hashcat-5.1.0.7z
Перейдите в каталог HashCat:
$ cd hashcat-5.1.0
Использование
Для просмотра списка доступных опций используйте --help.
Usage: hashcat [options]… hash|hashfile|hccapxfile
[dictionary|mask|directory]…
[ Options ] -
Options Short / Long | Type | Description | Example
================================+======+======================================================+=======================
-m, --hash-type | Num | Hash-type, see references below | -m 1000
-a, --attack-mode | Num | Attack-mode, see references below | -a 3
-V, --version | | Print version |
-h, --help | | Print help |
-t, --markov-threshold | Num | Threshold X when to stop accepting new markov-chains | -t 50
-o, --outfile | File | Define outfile for recovered hash | -o outfile.txt
-p, --separator | Char | Separator char for hashlists and outfile | -p :
-b, --benchmark | | Run benchmark of selected hash-modes |
-c, --segment-size | Num | Sets size in MB to cache from the wordfile to X | -c 32
-I, --opencl-info | | Show info about detected OpenCL platforms/devices | -I
-d, --opencl-devices | Str | OpenCL devices to use, separated with commas | -d 1
-D, --opencl-device-types | Str | OpenCL device-types to use, separated with commas | -D 1
-O, --optimized-kernel-enable | | Enable optimized kernels (limits password length) |
-w, --workload-profile | Num | Enable a specific workload profile, see pool below | -w 3
-n, --kernel-accel | Num | Manual workload tuning, set outerloop step size to X | -n 64
-u, --kernel-loops | Num | Manual workload tuning, set innerloop step size to X | -u 256
-T, --kernel-threads | Num | Manual workload tuning, set thread count to X | -T 64
-s, --skip | Num | Skip X words from the start | -s 1000000
-l, --limit | Num | Limit X words from the start + skipped words | -l 1000000
-j, --rule-left | Rule | Single rule applied to each word from left wordlist | -j 'c'
-k, --rule-right | Rule | Single rule applied to each word from right wordlist | -k '^-'
-r, --rules-file | File | Multiple rules applied to each word from wordlists | -r rules/best64.rule
-g, --generate-rules | Num | Generate X random rules | -g 10000
-1, --custom-charset1 | CS | User-defined charset ?1 | -1 ?l?d?u
-2, --custom-charset2 | CS | User-defined charset ?2 | -2 ?l?d?s
-3, --custom-charset3 | CS | User-defined charset ?3 |
-4, --custom-charset4 | CS | User-defined charset ?4 |
-i, --increment | | Enable mask increment mode |
-S, --slow-candidates | | Enable slower (but advanced) candidate generators |
-z, --brain-client | | Enable brain client, activates -S |
[ Hash modes ] -
# | Name | Category
======+==================================================+======================================
900 | MD4 | Raw Hash
0 | MD5 | Raw Hash
5100 | Half MD5 | Raw Hash
100 | SHA1 | Raw Hash
...
16900 | Ansible Vault | Password Managers
18100 | TOTP (HMAC-SHA1) | One-Time Passwords
99999 | Plaintext | Plaintext
[ Brain Client Features ] -
| Features
===+========
1 | Send hashed passwords
2 | Send attack positions
3 | Send hashed passwords and attack positions
[ Outfile Formats ] -
| Format
===+========
1 | hash[:salt]
2 | plain
3 | hash[:salt]:plain
4 | hex_plain
5 | hash[:salt]:hex_plain
6 | plain:hex_plain
7 | hash[:salt]:plain:hex_plain
8 | crackpos
9 | hash[:salt]:crack_pos
10 | plain:crack_pos
11 | hash[:salt]:plain:crack_pos
12 | hex_plain:crack_pos
13 | hash[:salt]:hex_plain:crack_pos
14 | plain:hex_plain:crack_pos
15 | hash[:salt]:plain:hex_plain:crack_pos
[ Rule Debugging Modes ] -
| Format
===+========
1 | Finding-Rule
2 | Original-Word
3 | Original-Word:Finding-Rule
4 | Original-Word:Finding-Rule:Processed-Word
[ Attack Modes ] -
| Mode
===+======
0 | Straight
1 | Combination
3 | Brute-force
6 | Hybrid Wordlist + Mask
7 | Hybrid Mask + Wordlist
[ Built-in Charsets ] -
? | Charset
===+=========
l | abcdefghijklmnopqrstuvwxyz
u | ABCDEFGHIJKLMNOPQRSTUVWXYZ
d | 0123456789
h | 0123456789abcdef
H | 0123456789ABCDEF
s | !"#$%&'()*+,-./:;<=>?@[]^_`{|}~
a | ?l?u?d?s
b | 0x00 - 0xff
[ OpenCL Device Types ] -
| Device Type
===+=============
1 | CPU
2 | GPU
3 | FPGA, DSP, Co-Processor
[ Workload Profiles ] -
| Performance | Runtime | Power Consumption | Desktop Impact
===+=============+=========+===================+=================
1 | Low | 2 ms | Low | Minimal
2 | Default | 12 ms | Economic | Noticeable
3 | High | 96 ms | High | Unresponsive
4 | Nightmare | 480 ms | Insane | Headless
[ Basic Examples ] -
Attack- | Hash- |
Mode | Type | Example command
==================+=======+==================================================================
Wordlist | $P$ | hashcat -a 0 -m 400 example400.hash example.dict
Wordlist + Rules | MD5 | hashcat -a 0 -m 0 example0.hash example.dict -r rules/best64.rule
Brute-Force | MD5 | hashcat -a 3 -m 0 example0.hash ?a?a?a?a?a?a
Combinator | MD5 | hashcat -a 1 -m 0 example0.hash example.dict example.dict
If you stil