Basic-cracking

This is only meant as a basic guide to processing hashes and each scenario will obviously be unique
based on external circumstances.For this attack plan we will assume we know the password hashes are
raw MD5 and assume we have already captured some plain text passwords of users.If we had no
knowledge of plain text passwords we would most likely skip to DICTIONARY/WORDLIST attacks.
Lastly,since MD5 is a “Fast” hash we can be more liberal with our attack plan.

1 – CUSTOM WORDLIST

First compile your known plain text passwords into a custom wordlist file.Pass this to your tool of
choice as a straight dictionary attack.

hashcat -a 0 -m 0 -w 4 hash.txt custom_list.txt
hashcat -a 0 -m 0 -w 4 hash.txt pass.txt --force

This will work only for MD5 hash where:-

-a 0 designates a dictionary attack
-m 0 designates the type of hash we are cracking (MD5)
-w 4 workload profile
-o cracked.txt is the output file for the cracked passwords.
hash.txt is our input file of hashes.
custom_list.txt is the wordlist file for this dictionary attack.

Hashcat approach of cracking

After cracking the output file will show you the passwords of cracked hashes like down below…

2 – CUSTOM WORDLIST + RULES

Run your custom wordlist with permutation rules to crack slight variations.Rules will help you to get password sooner as you have the information about victim hash.follow this link to know more about rule based attack.after all this is rockyou.txt not custom wordlist you can use according to your victim.

hashcat -a 0 -m 0 target_hash/mayhem.hash  /usr/share/wordlists/rockyou.txt -r rules --debug-mode=1 --debug-file=matched.rule --force

3 – DICTIONARY/WORDLIST

Perform a broad dictionary attack, looking for common passwords and leaked passwords in well known
dictionaries/wordlists.I’m using best64.rule of hashcat and rockyou.txt to crack.

hashcat -a 0 -m 0 target_hash/mayhem.hash /usr/share/wordlists/rockyou.txt -r best64.rule --debug-mode=1 --debug-file=matched.rule --force

4 – DICTIONARY/WORDLIST + RULES

Add rule permutations to the broad dictionary attack, looking for subtle changes to common words/phrases and leaked passwords.

hashcat -a 0 -m 0 -w 4 target_hash/mayhem.hash /usr/share/wordlists/rockyou.txt -r /usr/share/hashcat/rules/best64.rule --debug-mode=1 --debug-file=matched.rule --force

5 – CUSTOM WORDLIST + RULES

Add any newly discovered passwords to your custom wordlist and run an attack again with permutation
rules, looking any other variations,just by hitting the echo or awk to append the new rule.and then use the above command.
:: awk -F “:” ‘{print $2}’ hashcat.potfile >> custom_list.txt

6 – MASK

Now we will use mask attacks included with Hashcat to search the keyspace for common password
lengths and patterns, based on the RockYou dataset.there’s many pattern of passwords inside the rockyou-1-6-.hcmask like our rule based attack.go to the link to find all paths of hashcat https://centos.pkgs.org/6/forensics-i386/hashcat-3.00-1.el6.i686.rpm.html Already stored masks of hashcat.(note: attack mode will be change -a 0 to -a 3)

hashcat -a 3 -m 0 -w 4 target_hash/mayhem.hash  /usr/share/hashcat/masks/rockyou-1-60.hcmask --force

hashcat mask attack

hashcat output mask attack

The list of all recovered passwords of given hashes.

Hash Crackers/Bit Coin Miners

Bitcoin mining is done by specialized computers.

The role of miners is to secure the network and to process every Bitcoin transaction.

Miners achieve this by solving a computational problem which allows them to chain together blocks of transactions (hence Bitcoin’s famous “blockchain”).

Fast Hash One

• 1.536TH/s – Cost 3-5,000 dollars.

25 GPU Hash Cracker

• An eight character NTLM password
cracked in 5.5 hours. 14 character LM
hash cracked in six minutes.350 billion
hashes per second.