Using Hashcat
- author:: Nathan Acks
- date:: 2021-10-12
hashcat -m $TYPE -O $HASHFILE $WORDLIST
Here $TYPE is the hash type (check man hashcat
), and -O requests that hashcat use an optimized kernel (faster, but limited in the password length that can be cracked).
Some values of -m:
- 0 - md5
- 100 - sha1
- 900 - md4
- 1000 - NTLM (Windows)
- 1400 - sha256
- 1800 - UNIX SHA-512 passwords (
$6$
) - 3000 - LANMAN (Windows)
- 3200 - bcrypt
- 13100 - Kerberos 5 hashes (TGS-REP)
- 18200 - Kerberos 5 hashes (AS-REP)
There are a large number of “Raw Hash, Salted and/or Iterated” modes That allow raw salted hashes (i.e., those not specific to a particular password type) to be processed; for these, specify the hashes as $HASH:$SALT
.
Passwords are output as HASH:PLAINTEXT tuples.
Hashcat can accept the output of hashdump from Metasploit (use -m 1000), as well as raw hashes from /etc/shadow (assuming that they’re all the same type).
A “token length exception” means that the provided hash format is of the wrong length (probably because an additional character got accidentally added).
- Kali Hashcat and John the Ripper Crack Windows Password hashdump
- Cracking Linux Password Hashes with Hashcat
- hashcat - cracking a salted sha256
Combinator
The Hashcat combinator.bin
utility combines two wordlists such that every entry of the first list is concatenated with every entry from the second list.
/usr/lib/hashcat-utils/combinator.bin \
$WORDLIST1 $WORDLIST2 > $COMBINED_WORDLIST