Skip to main content

hashcat


Unleashing the Power of Hashcat for Password Cracking
In the realm of ethical hacking and penetration testing, a robust understanding of password security is paramount. Among the myriad tools available, Hashcat stands out as a powerful weapon in the ethical hacker's arsenal. This article delves into the various modes of Hashcat, exploring common hashing algorithms and custom rule sets to crack passwords effectively.

Common Modes
Hashcat excels at cracking hashed passwords using different attack modes. Let's explore its capabilities with various hashing algorithms.
  • MD5 - The Classic Hash
hashcat -a 0 -m 0 hash.md5 /usr/share/wordlists/rockyou.txt
  • SHA1 - Evolving Security
hashcat -a 0 -m 100 hash.sha1 /usr/share/wordlists/rockyou.txt
  • SHA256 - Robust Encryption
hashcat -a 0 -m 1400 hash.sha256 /usr/share/wordlists/rockyou.txt
  • NTLM - Microsoft's Hash
hashcat -a 0 -m 1000 hash.ntlm /usr/share/wordlists/rockyou.txt
  • SHA512CRYPT - Strong Cryptographic Hash
hashcat -a 0 -m 1800 hash.sha512crypt /usr/share/wordlists/rockyou.txt
  • Kerberoast - Hunting Ticket-Granting Tickets
hashcat -m 13100 --force -a 0 hashes.kerberoast /usr/share/wordlists/rockyou.txt
  • Net-NTLMv2 - Microsoft Network Hash
hashcat -m 5600 hash.net-ntlm.v2 /usr/share/wordlists/rockyou.txt --force
  • Atlassian - Confluence Hashes
hashcat -m 12001 hash.atlassian /usr/share/wordlists/rockyou.txt --force
  • AS-REP - Attacking Kerberos Pre-Authentication
sudo hashcat \
-m 18200 hash.asreproast /usr/share/wordlists/rockyou.txt \
-r /usr/share/hashcat/rules/best64.rule --force

Custom Rules
Beyond its predefined modes, Hashcat allows for custom rule sets to enhance password cracking efficiency.
  • Rule File - demo.txt
lion
love<3
f00tb@ll
dogs
  • Rule Function - Append "1" to All Passwords
echo \$1 > demo.rule
  • Debugging Mode - Displaying Mutated Passwords
hashcat -r demo.rule --stdout demo.txt
  • Rule:
$1 c

Lion1
Love<31
F00tb@ll1
Dogs1
  • Rule:
$1 c

lion1
Lion
love<31
Love<3
f00tb@ll1
F00tb@ll
dogs1
Dogs

Converting PCAP to HCCAPX for Hashcat
Hashcat extends its prowess to cracking Wi-Fi passwords by converting PCAP files to the HCCAPX format.

/usr/lib/hashcat-utils/cap2hccapx.bin wifu-01.cap output.hccapx

hashcat -m 2500 output.hccapx /usr/share/john/password.lst