Password cracking

Search…
Password cracking
Identify hash
# https://github.com/noraj/haiti
haiti [hash]
Dictionary creation
# Pydictor
# https://www.github.com/landgrey/pydictor.git
pydictor.py -extend TERM --leet 0 1 2 11 21 --len 4 20
​
# Username generator
# https://github.com/benbusby/namebuster
namebuster https://example.com
namebuster "term1, term2"
Examples
# Numeric dictionary length 4
python3 pydictor.py -base d --len 4 4
​
# Capital letters dictionary length 4
python3 pydictor.py -base c --len 4 4
​
# Prepend word + digits 5 length
python3 pydictor.py --len 5 5 --head raj -base d
​
# Append word after digits 5 length
python3 pydictor.py --len 5 5 --tail raj -base d
​
# Permute chars in word
python3 pydictor.py -char raj
​
# Multiple permutations
python3 pydictor.py -chunk abc ABC 666 . _ @ "'"
​
# Dictionary based in word, added complexity 4 and fixed length
python pydictor.py -extend raj --level 4 --len 1 6
​
# Interactive mode
python3 pydictor.py --sedb
Options
-base dLc # Base digits, Lowercase letters and Capital letters
--encode b64 # Encode output
jtr
john --wordlist=/usr/share/wordlists/rockyou.txt hash
john --rules --wordlist=/usr/share/wordlists/rockyou.txt hash
Hashcat
Wiki
hashcat    [hashcat wiki]
Hashes
Sample password hash encoding strings    [Openwall Community Wiki]
example_hashes    [hashcat wiki]
Examples
# Dictionary
hashcat -m 0 -a 0 hashfile dictionary.txt -O --user -o result.txt
​
# Dictionary + rules
hashcat -m 0 -w 3 -a 0 hashfile dictionary.txt -O -r haku34K.rule --user -o result.txt
​
# Mask bruteforce (length 1-8 A-Z a-z 0-9)
hashcat -m 0 -w 3 -a 3 hashfile ?1?1?1?1?1?1?1?1 --increment -1 --user ?l?d?u
hashcat -m 0 -w 3 -a 3 hashfile suffix?1?1?1 -i -1 --user ?l?d
​
# Modes
-a 0 = Dictionary (also with rules)
-a 3 = Bruteforce with mask 
​
# Max performance options
--force -O -w 3 --opencl-device-types 1,2
​
# Output results
-o result.txt
​
# Ignore usernames in hashfile
--user/--username
​
# Masks
?l = abcdefghijklmnopqrstuvwxyz
?u = ABCDEFGHIJKLMNOPQRSTUVWXYZ
?d = 0123456789
?s = «space»!"#$%&'()*+,-./:;<=>[email protected][\]^_`{|}~
?a = ?l?u?d?s
?b = 0x00 - 0xff
Useful hashes
Linux Hashes - /etc/shadow
ID
Description
500
md5crypt $1$, MD5(Unix)
200
bcrypt $2*$, Blowfish(Unix)
400
sha256crypt $5$, SHA256(Unix)
1800
sha512crypt $6$, SHA512(Unix)
Windows Hashes
ID
Description
3000
LM
1000
NTLM
Common Hashes
ID
Description
Type
900
MD4
Raw Hash
0
MD5
Raw Hash
5100
Half MD5
Raw Hash
100
SHA1
Raw Hash
10800
SHA-384
Raw Hash
1400
SHA-256
Raw Hash
1700
SHA-512
Raw Hash
Common Files with password
ID
Description
11600
7-Zip
12500
RAR3-hp
13000
RAR5
13200
AxCrypt
13300
AxCrypt in-memory SHA1
13600
WinZip
9700
MS Office <= 2003 $0/$1, MD5 + RC4
9710
MS Office <= 2003 $0/$1, MD5 + RC4, collider #1
9720
MS Office <= 2003 $0/$1, MD5 + RC4, collider #2
9800
MS Office <= 2003 $3/$4, SHA1 + RC4
9810
MS Office <= 2003 $3, SHA1 + RC4, collider #1
9820
MS Office <= 2003 $3, SHA1 + RC4, collider #2
9400
MS Office 2007
9500
MS Office 2010
9600
MS Office 2013
10400
PDF 1.1 - 1.3 (Acrobat 2 - 4)
10410
PDF 1.1 - 1.3 (Acrobat 2 - 4), collider #1
10420
PDF 1.1 - 1.3 (Acrobat 2 - 4), collider #2
10500
PDF 1.4 - 1.6 (Acrobat 5 - 8)
Database Hashes
ID
Description
Type
Example Hash
12
PostgreSQL
Database Server
a6343a68d964ca596d9752250d54bb8a:postgres
131
MSSQL (2000)
Database Server
0x01002702560500000000000000000000000000000000000000008db43dd9b1972a636ad0c7d4b8c515cb8ce46578
132
MSSQL (2005)
Database Server
0x010018102152f8f28c8499d8ef263c53f8be369d799f931b2fbe
1731
MSSQL (2012, 2014)
Database Server
0x02000102030434ea1b17802fd95ea6316bd61d2c94622ca3812793e8fb1672487b5c904a45a31b2ab4a78890d563d2fcf5663e46fe797d71550494be50cf4915d3f4d55ec375
200
MySQL323
Database Server
7196759210defdc0
300
MySQL4.1/MySQL5
Database Server
fcf7c1b8749cf99d88e5f34271d636178fb5d130
3100
Oracle H: Type (Oracle 7+)
Database Server
7A963A529D2E3229:3682427524
112
Oracle S: Type (Oracle 11+)
Database Server
ac5f1e62d21fd0529428b84d42e8955b04966703:38445748184477378130
12300
Oracle T: Type (Oracle 12+)
Database Server
78281A9C0CF626BD05EFC4F41B515B61D6C4D95A250CD4A605CA0EF97168D670EBCB5673B6F5A2FB9CC4E0C0101E659C0C4E3B9B3BEDA846CD15508E88685A2334141655046766111066420254008225
8000
Sybase ASE
Database Server
0xc00778168388631428230545ed2c976790af96768afa0806fe6c0da3b28f3e132137eac56f9bad027ea2
Kerberos Hashes
ID
Type
Example
13100
Type 23
$krb5tgs$23$
19600
Type 17
$krb5tgs$17$
19700
Type 18
$krb5tgs$18$
18200
ASREP Type 23
$krb5asrep$23$
Files
https://github.com/kaonashi-passwords/Kaonashi
https://github.com/NotSoSecure/password_cracking_rules
https://crackstation.net/files/crackstation-human-only.txt.gz
https://crackstation.net/files/crackstation.txt.gz