2020. 3. 3. 01:10ㆍ카테고리 없음
According to hashcat's wiki, you can paste the hash directly into the command line: Usage: hashcat options.hash. hashfile hccapxfile dictionary mask directory.You can also use hash mode 1710 as in: 1710 sha512($pass.$salt) Raw Hash, Salted and/or IteratedPutting it all together, it would be hashcat -m 1410 -a 0 hash:salt -username testuser /usr/share/wordlists/rockyou.txt where the hash contains the password and salt (in that order).If the hash is salt/pass instead of pass/salt, use 1420 instead.
SHA256 is a cryptographic hash function, commonly used to verify data integrity, such as its use in digital signatures. Passwords are frequently hashed and saved, without needing to store a password in plaintext. This provides an extra layer of security as a hash is not ‘reversible.’ It’s a one-way function, and each hash is unique (with the exception of collisions, but that’s out-of-scope for this tutorial.)For this instance, let’s say we’re trying to recover a password (Apples123) that’s been hashed with SHA256 (a5fca64a1ecdce7bbf5cd76cfea0c202ed82d6ef42e37ef3d34479).We want to recover that password because we forgot it. There’s many different types of attacks we can use against a hash, namely dictionary attacks and bruteforce. Let’s say that we have a rough idea of how long the password was, and we know that there are no special characters (!@#$^.).
If we wanted to run a plain bruteforce attack, this would take ages. Because of the data that we know, we are able to optimize a much more efficient attack at calculating the original value of the hash. We are able to set a custom character set, and set a specified range of possible lengths of our password.Using a mask attack (when applicable) can significantly improve your odds at recovering the password. We can reduce the cracking time from thousands of years to a couple hours. Enter Hashcat/OclHashcat (Ocl is the CUDA/OpenCL implementation of hashcat, accelerated by a GPU to utilize it’s parallel processing ability and hundreds-to-thousands of cores.) Hashcat is also able to utilize multi-threading, in addition to certain instruction sets that are advantageous to this type of operation (Intel: AVX/2 and AMD: XOP.)Let’s start out by grabbing a copy of Hashcat from their website.I’ll start out by running a benchmark to get a ballpark idea of how fast we can crack our hashes.
Rainbow Table Generator
/ hashcat - cliAVX2. Bin - bUsing the -b option, hashcat will run a benchmark for various hashing algorithms. We’re only interested in SHA256, which comes out to about 24M attempts a second. In the real world, there are many factors that will slow us down, so realistically, we should not expect this speed.So we have our hash, we have some limited information about our password, and have our tool ready for work.
Let’s begin.Inside the directory you extracted hashcat too, we’ll create a simple plaintext document. I’ll name it hash.txt. I’ll add our hash value calculated earlier to this text file.
Hash Identifier
Cracking the hashWe’ve cut our time down to about three and a half hours to crack our hash. We can optimize our attack even more if you know that specific characters will be in a certain place.
Sha Hash Cracking Song
Let’s say a password only uses the letters ‘A-F’. We can create a custom character set by using -1 ABCDEF and then using?1. We can also throw numbers in there too with -1 ABCDEF?d.
Do you see what I’m doing here? Let’s say we want to do a second custom character set with lowercase and uppercase letters, we’d do -2?u?l and?2.
Since we already used -1, we’ll used -2. Now you can really see the power of this attack.In order to save a bit of time, I optimized my character set to only use ‘pples’ (I’m cheating, but doing so to demonstrate the power of a mask attack.) The end result will look like this.