diff --git a/docs/Password Attacks, Cracking & Decoding/Hashcat.md b/docs/Password Attacks, Cracking & Decoding/Hashcat.md index b66697ab5..b7ad8dd21 100644 --- a/docs/Password Attacks, Cracking & Decoding/Hashcat.md +++ b/docs/Password Attacks, Cracking & Decoding/Hashcat.md @@ -3,6 +3,7 @@ [hashcat hash list](https://hashcat.net/wiki/doku.php?id=example_hashes) [Offensive Security Cheatsheet](https://cheatsheet.haax.fr/passcracking-hashfiles/hashcat_cheatsheet/) +## switches ```shell #attack modes -a 0 # Straight : hash dict @@ -42,56 +43,87 @@ -i # Increment (bruteforce) --increment-min # Start increment at X chars --increment-max # Stop increment at X charset +``` ------------------------------------------------------------------------- - -#Examples +## commands -# Hashcat SHA512 $6$ shadow file +#### Hashcat SHA512 $6$ shadow file +```bash hashcat -m 1800 -a 0 hash.txt rockyou.txt --username +``` -# Hashcat MD5 $1$ shadow file +#### Hashcat MD5 $1$ shadow file +```bash hashcat -m 500 -a 0 hash.txt rockyou.txt --username +``` -# Hashcat MD5 Apache webdav file +#### Hashcat MD5 Apache webdav file +```bash hashcat -m 1600 -a 0 hash.txt rockyou.txt +``` -# Hashcat SHA1 +#### Hashcat SHA1 +```bash hashcat -m 100 -a 0 hash.txt rockyou.txt --force +``` -# Hashcat Wordpress +#### Hashcat Wordpress +```bash hashcat -m 400 -a 0 --remove hash.txt rockyou.txt +``` -# Benchmark MD4 hashes +#### Benchmark MD4 hashes +```bash hashcat -b -m 900 +``` -# Create a hashcat session to hash Kerberos 5 tickets using wordlist +#### Create a hashcat session to hash Kerberos 5 tickets using wordlist +```bash hashcat -m 13100 -a 0 --session crackin1 hashes.txt wordlist.txt -o output.pot +``` -# Crack MD5 hashes using all char in 7 char passwords +#### Crack MD5 hashes using all char in 7 char passwords +```bash hashcat -m 0 -a 3 -i hashes.txt ?a?a?a?a?a?a?a -o output.pot +``` -# Crack SHA1 by using wordlist with 2 char at the end +#### Crack SHA1 by using wordlist with 2 char at the end +```bash hashcat -m 100 -a 6 hashes.txt wordlist.txt ?a?a -o output.pot +``` -# Crack WinZip hash using mask (Summer2018!) +#### Crack WinZip hash using mask (Summer2018!) +```bash hashcat -m 13600 -a 3 hashes.txt ?u?l?l?l?l?l?l?d?d?d?d! -o output.pot +``` -# Crack MD5 hashes using dictionnary and rules +#### Crack MD5 hashes using dictionnary and rules +```bash hashcat -a 0 -m 0 example0.hash example.dict -r rules/best64.rules +``` -# Crack MD5 using combinator function with 2 dictionnaries +#### Crack MD5 using combinator function with 2 dictionnaries +```bash hashcat -a 1 -m 0 example0.hash example.dict example.dict +``` -# Cracking NTLM hashes +#### Cracking NTLM hashes +```bash hashcat64 -m 1000 -a 0 -w 4 --force --opencl-device-types 1,2 -O d:\hashsample.hash "d:\WORDLISTS\realuniq.lst" -r OneRuleToRuleThemAll.rule +``` -# Cracking hashes from kerberoasting +#### Cracking hashes from kerberoasting +```bash hashcat64 -m 13100 -a 0 -w 4 --force --opencl-device-types 1,2 -O d:\krb5tgs.hash d:\WORDLISTS\realhuman_phill.txt -r OneRuleToRuleThemAll.rule -# You can use hashcat to perform combined attacks +``` + +#### You can use hashcat to perform combined attacks +```bash # For example by using wordlist + mask + rules hashcat -a 6 -m 0 prenoms.txt ?d?d?d?d -r rules/yourule.rule +``` -# Single rule used to uppercase first letter --> Marie2018 +#### Single rule used to uppercase first letter --> Marie2018 +```bash hashcat -a 6 -m 0 prenoms.txt ?d?d?d?d -j 'c' ``` diff --git a/docs/Password Attacks, Cracking & Decoding/Password Attacks, Cracking & Decoding.md b/docs/Password Attacks, Cracking & Decoding/Password Attacks, Cracking & Decoding.md deleted file mode 100644 index 8318c86b3..000000000 --- a/docs/Password Attacks, Cracking & Decoding/Password Attacks, Cracking & Decoding.md +++ /dev/null @@ -1 +0,0 @@ -Test \ No newline at end of file diff --git a/docs/Password Attacks, Cracking & Decoding/Wordlists.md b/docs/Password Attacks, Cracking & Decoding/Wordlists.md index e4d459293..a4cb5ea39 100644 --- a/docs/Password Attacks, Cracking & Decoding/Wordlists.md +++ b/docs/Password Attacks, Cracking & Decoding/Wordlists.md @@ -1,13 +1,13 @@ #### Wordlists references -[Kaonashi](https://github.com/kaonashi-passwords/Kaonashi) -[richelieu](https://github.com/tarraschk/richelieu) -[rockyou](https://github.com/brannondorsey/naive-hashcat/releases/download/data/rockyou.txt) -[packetstormsecurity](https://packetstormsecurity.com/Crackers/wordlists/page4/) -[gwicks dictionaries](http://www.gwicks.net/dictionaries.htm) -[FlameOfIgnis](https://github.com/FlameOfIgnis/Pwdb-Public) -[critifence](http://www.critifence.com/default-password-database/) -[weakpass](https://weakpass.com/) -[berzerk0](https://github.com/berzerk0/Probable-Wordlists) +- [Kaonashi](https://github.com/kaonashi-passwords/Kaonashi) +- [richelieu](https://github.com/tarraschk/richelieu) +- [rockyou](https://github.com/brannondorsey/naive-hashcat/releases/download/data/rockyou.-txt) +- [packetstormsecurity](https://packetstormsecurity.com/Crackers/wordlists/page4/) +- [gwicks dictionaries](http://www.gwicks.net/dictionaries.htm) +- [FlameOfIgnis](https://github.com/FlameOfIgnis/Pwdb-Public) +- [critifence](http://www.critifence.com/default-password-database/) +- [weakpass](https://weakpass.com/) +- [berzerk0](https://github.com/berzerk0/Probable-Wordlists) #### seclist