Pentest Book
Search…
/home/six2dez/.pentest-book
Contribute/Donate
Recon
Public info gathering
Root domains
Subdomain Enum
Webs recon
Network Scanning
Host Scanning
Packet Scanning
Enumeration
Files
SSL/TLS
Ports
Web Attacks
Web Technologies
Cloud
Exploitation
Payloads
Reverse Shells
File transfer
Post Exploitation
Linux
Pivoting
Windows
Mobile
General
Android
iOS
Others
Burp Suite
Password cracking
VirtualBox
Code review
Pentesting Web checklist
Internal Pentest
Web fuzzers review
Recon suites review
Subdomain tools review
Random
Master assessment mindmaps
BugBounty
Exploiting
tools everywhere
Powered By GitBook
Password cracking

Identify hash

1
# https://github.com/noraj/haiti
2
haiti [hash]
Copied!

Dictionary creation

1
# Pydictor
2
# https://www.github.com/landgrey/pydictor.git
Copied!

Examples

1
# Numeric dictionary length 4
2
python3 pydictor.py -base d --len 4 4
3
​
4
# Capital letters dictionary length 4
5
python3 pydictor.py -base c --len 4 4
6
​
7
# Prepend word + digits 5 length
8
python3 pydictor.py --len 5 5 --head raj -base d
9
​
10
# Append word after digits 5 length
11
python3 pydictor.py --len 5 5 --tail raj -base d
12
​
13
# Permute chars in word
14
python3 pydictor.py -char raj
15
​
16
# Multiple permutations
17
python3 pydictor.py -chunk abc ABC 666 . _ @ "'"
18
​
19
# Dictionary based in word, added complexity 4 and fixed length
20
python pydictor.py -extend raj --level 4 --len 1 6
21
​
22
# Interactive mode
23
python3 pydictor.py --sedb
Copied!

Options

1
-base dLc # Base digits, Lowercase letters and Capital letters
2
--encode b64 # Encode output
Copied!

jtr

1
john --wordlist=/usr/share/wordlists/rockyou.txt hash
2
john --rules --wordlist=/usr/share/wordlists/rockyou.txt hash
Copied!

Hashcat

Wiki

hashcat [hashcat wiki]

Hashes

Sample password hash encoding strings [Openwall Community Wiki]
example_hashes [hashcat wiki]

Examples

1
# Dictionary
2
hashcat -m 0 -a 0 hashfile dictionary.txt -O --user -o result.txt
3
​
4
# Dictionary + rules
5
hashcat -m 0 -w 3 -a 0 hashfile dictionary.txt -O -r haku34K.rule --user -o result.txt
6
​
7
# Mask bruteforce (length 1-8 A-Z a-z 0-9)
8
hashcat -m 0 -w 3 -a 3 hashfile ?1?1?1?1?1?1?1?1 --increment -1 --user ?l?d?u
9
hashcat -m 0 -w 3 -a 3 hashfile suffix?1?1?1 -i -1 --user ?l?d
10
​
11
# Modes
12
-a 0 = Dictionary (also with rules)
13
-a 3 = Bruteforce with mask
14
​
15
# Max performance options
16
--force -O -w 3 --opencl-device-types 1,2
17
​
18
# Output results
19
-o result.txt
20
​
21
# Ignore usernames in hashfile
22
--user/--username
23
​
24
# Masks
25
?l = abcdefghijklmnopqrstuvwxyz
26
?u = ABCDEFGHIJKLMNOPQRSTUVWXYZ
27
?d = 0123456789
28
?s = «space»!"#$%&'()*+,-./:;<=>[email protected][\]^_`{|}~
29
?a = ?l?u?d?s
30
?b = 0x00 - 0xff
Copied!

Useful hashes

Linux Hashes - /etc/shadow

ID
Description
500
md5crypt $1$, MD5(Unix)
200
bcrypt $2*$, Blowfish(Unix)
400
sha256crypt $5$, SHA256(Unix)
1800
sha512crypt $6$, SHA512(Unix)

Windows Hashes

ID
Description
3000
LM
1000
NTLM

Common Hashes

ID
Description
Type
900
MD4
Raw Hash
0
MD5
Raw Hash
5100
Half MD5
Raw Hash
100
SHA1
Raw Hash
10800
SHA-384
Raw Hash
1400
SHA-256
Raw Hash
1700
SHA-512
Raw Hash

Common Files with password

ID
Description
11600
7-Zip
12500
RAR3-hp
13000
RAR5
13200
AxCrypt
13300
AxCrypt in-memory SHA1
13600
WinZip
9700
MS Office <= 2003 $0/$1, MD5 + RC4
9710
MS Office <= 2003 $0/$1, MD5 + RC4, collider #1
9720
MS Office <= 2003 $0/$1, MD5 + RC4, collider #2
9800
MS Office <= 2003 $3/$4, SHA1 + RC4
9810
MS Office <= 2003 $3, SHA1 + RC4, collider #1
9820
MS Office <= 2003 $3, SHA1 + RC4, collider #2
9400
MS Office 2007
9500
MS Office 2010
9600
MS Office 2013
10400
PDF 1.1 - 1.3 (Acrobat 2 - 4)
10410
PDF 1.1 - 1.3 (Acrobat 2 - 4), collider #1
10420
PDF 1.1 - 1.3 (Acrobat 2 - 4), collider #2
10500
PDF 1.4 - 1.6 (Acrobat 5 - 8)

Database Hashes

ID
Description
Type
Example Hash
12
PostgreSQL
Database Server
a6343a68d964ca596d9752250d54bb8a:postgres
131
MSSQL (2000)
Database Server
0x01002702560500000000000000000000000000000000000000008db43dd9b1972a636ad0c7d4b8c515cb8ce46578
132
MSSQL (2005)
Database Server
0x010018102152f8f28c8499d8ef263c53f8be369d799f931b2fbe
1731
MSSQL (2012, 2014)
Database Server
0x02000102030434ea1b17802fd95ea6316bd61d2c94622ca3812793e8fb1672487b5c904a45a31b2ab4a78890d563d2fcf5663e46fe797d71550494be50cf4915d3f4d55ec375
200
MySQL323
Database Server
7196759210defdc0
300
MySQL4.1/MySQL5
Database Server
fcf7c1b8749cf99d88e5f34271d636178fb5d130
3100
Oracle H: Type (Oracle 7+)
Database Server
7A963A529D2E3229:3682427524
112
Oracle S: Type (Oracle 11+)
Database Server
ac5f1e62d21fd0529428b84d42e8955b04966703:38445748184477378130
12300
Oracle T: Type (Oracle 12+)
Database Server
78281A9C0CF626BD05EFC4F41B515B61D6C4D95A250CD4A605CA0EF97168D670EBCB5673B6F5A2FB9CC4E0C0101E659C0C4E3B9B3BEDA846CD15508E88685A2334141655046766111066420254008225
8000
Sybase ASE
Database Server
0xc00778168388631428230545ed2c976790af96768afa0806fe6c0da3b28f3e132137eac56f9bad027ea2

Kerberos Hashes

ID
Type
Example
13100
Type 23
$krb5tgs$23$
19600
Type 17
$krb5tgs$17$
19700
Type 18
$krb5tgs$18$
18200
ASREP Type 23
$krb5asrep$23$

Files

1
https://github.com/kaonashi-passwords/Kaonashi
2
https://github.com/NotSoSecure/password_cracking_rules
3
https://crackstation.net/files/crackstation-human-only.txt.gz
4
https://crackstation.net/files/crackstation.txt.gz
Copied!
Others - Previous
Burp Suite
Next - Others
VirtualBox
Last modified 7mo ago
Export as PDF
Copy link
Edit on GitHub
Contents
Identify hash
Dictionary creation
Examples
Options
jtr
Hashcat
Wiki
Hashes
Examples
Useful hashes
Files