Added hashcat

2025-10-29 16:59:26 +00:00 · 2014-05-24 12:07:45 -04:00 · 2014-05-24 12:07:45 -04:00 · 2514a17cab
commit 2514a17cab
parent d1f102ceaa
1 changed files with 248 additions and 0 deletions
--- a/tools/hashcat.md
+++ b/tools/hashcat.md
@ -0,0 +1,248 @@
+# Tool Name
+
+Notes
+-------
+General information about the tool.
+
+What would you use this tool for?
+Why would you use it?
+
+
+Help Text
+-------
+```
+hashcat, advanced password recovery
+
+Usage: hashcat [options] hashfile [mask|wordfiles|directories]
+
+=======
+Options
+=======
+
+* General:
+
+  -m,  --hash-type=NUM               Hash-type, see references below
+  -a,  --attack-mode=NUM             Attack-mode, see references below
+  -V,  --version                     Print version
+  -h,  --help                        Print help
+       --eula                        Print EULA
+       --expire                      Print expiration date
+       --quiet                       Suppress output
+
+* Misc:
+
+       --hex-salt                    Assume salt is given in hex
+       --hex-charset                 Assume charset is given in hex
+
+* Files:
+
+  -o,  --outfile=FILE                Define outfile for recovered hash
+       --outfile-format=NUM          Define outfile-format for recovered hash, see references below
+  -p,  --separator=CHAR              Define separator char for hashlists/outfile
+       --show                        Show cracked passwords only (see also --username)
+       --left                        Show un-cracked passwords only (see also --username)
+       --username                    Enable ignoring of usernames in hashfile (recommended: also use --show)
+       --remove                      Enable remove of hash once it is cracked
+       --stdout                      stdout mode
+       --disable-potfile             do not write potfile
+       --debug-file=FILE             debug-file
+       --debug-mode=NUM              Defines the debug mode (hybrid only by using rules), see references below
+  -e,  --salt-file=FILE              salts-file for unsalted hashlists
+
+* Resources:
+
+  -c,  --segment-size=NUM            Size in MB to cache from the wordfile
+  -n,  --threads=NUM                 number of threads
+  -s,  --words-skip=NUM              skip number of words (for resume)
+  -l,  --words-limit=NUM             limit number of words (for distributed)
+
+* Rules:
+
+  -r,  --rules-file=FILE             Rules-file use: -r 1.rule
+  -g,  --generate-rules=NUM          Generate NUM random rules
+       --generate-rules-func-min=NUM Force NUM functions per random rule min
+       --generate-rules-func-max=NUM Force NUM functions per random rule max
+       --generate-rules-seed=NUM     Force RNG seed to NUM
+
+* Custom charsets:
+
+  -1,  --custom-charset1=CS          User-defined charsets
+  -2,  --custom-charset2=CS          Example:
+  -3,  --custom-charset3=CS          --custom-charset1=?dabcdef : sets charset ?1 to 0123456789abcdef
+  -4,  --custom-charset4=CS          -2 mycharset.hcchr : sets charset ?2 to chars contained in file
+
+* Toggle-Case attack-mode specific:
+
+       --toggle-min=NUM              number of alphas in dictionary minimum
+       --toggle-max=NUM              number of alphas in dictionary maximum
+
+* Mask-attack attack-mode specific:
+
+       --pw-min=NUM                  Password-length minimum
+       --pw-max=NUM                  Password-length maximum
+
+* Permutation attack-mode specific:
+
+       --perm-min=NUM                Filter words shorter than NUM
+       --perm-max=NUM                Filter words larger than NUM
+
+* Table-Lookup attack-mode specific:
+
+  -t,  --table-file=FILE             table file
+       --table-min=NUM               number of chars in dictionary minimum
+       --table-max=NUM               number of chars in dictionary maximum
+
+==========
+References
+==========
+
+* Outfile formats:
+
+    1 = hash[:salt]
+    2 = plain
+    3 = hash[:salt]:plain
+    4 = hex_plain
+    5 = hash[:salt]:hex_plain
+    6 = plain:hex_plain
+    7 = hash[:salt]:plain:hex_plain
+    8 = plain:position
+
+* Debug mode output formats (for hybrid mode only, by using rules):
+
+    1 = save finding rule
+    2 = save original word
+    3 = save original word and finding rule
+
+* Built-in charsets:
+
+   ?l = abcdefghijklmnopqrstuvwxyz
+   ?u = ABCDEFGHIJKLMNOPQRSTUVWXYZ
+   ?d = 0123456789
+   ?s =  !"#$%&'()*+,-./:;<=>?@[\]^_`{|}~
+   ?a = ?l?u?d?s
+
+* Attack modes:
+
+    0 = Straight
+    1 = Combination
+    2 = Toggle-Case
+    3 = Brute-force
+    4 = Permutation
+    5 = Table-Lookup
+
+* Hash types:
+
+    0 = MD5
+   10 = md5($pass.$salt)
+   20 = md5($salt.$pass)
+   30 = md5(unicode($pass).$salt)
+   40 = md5($salt.unicode($pass))
+   50 = HMAC-MD5 (key = $pass)
+   60 = HMAC-MD5 (key = $salt)
+  100 = SHA1
+  110 = sha1($pass.$salt)
+  120 = sha1($salt.$pass)
+  130 = sha1(unicode($pass).$salt)
+  140 = sha1($salt.unicode($pass))
+  150 = HMAC-SHA1 (key = $pass)
+  160 = HMAC-SHA1 (key = $salt)
+  200 = MySQL
+  300 = MySQL4.1/MySQL5
+  400 = phpass, MD5(Wordpress), MD5(phpBB3)
+  500 = md5crypt, MD5(Unix), FreeBSD MD5, Cisco-IOS MD5
+  800 = SHA-1(Django)
+  900 = MD4
+ 1000 = NTLM
+ 1100 = Domain Cached Credentials, mscash
+ 1400 = SHA256
+ 1410 = sha256($pass.$salt)
+ 1420 = sha256($salt.$pass)
+ 1430 = sha256(unicode($pass).$salt)
+ 1440 = sha256($salt.unicode($pass))
+ 1450 = HMAC-SHA256 (key = $pass)
+ 1460 = HMAC-SHA256 (key = $salt)
+ 1600 = md5apr1, MD5(APR), Apache MD5
+ 1700 = SHA512
+ 1710 = sha512($pass.$salt)
+ 1720 = sha512($salt.$pass)
+ 1730 = sha512(unicode($pass).$salt)
+ 1740 = sha512($salt.unicode($pass))
+ 1750 = HMAC-SHA512 (key = $pass)
+ 1760 = HMAC-SHA512 (key = $salt)
+ 1800 = SHA-512(Unix)
+ 2400 = Cisco-PIX MD5
+ 2500 = WPA/WPA2
+ 2600 = Double MD5
+ 3200 = bcrypt, Blowfish(OpenBSD)
+ 3300 = MD5(Sun)
+ 3500 = md5(md5(md5($pass)))
+ 3610 = md5(md5($salt).$pass)
+ 3710 = md5($salt.md5($pass))
+ 3720 = md5($pass.md5($salt))
+ 3810 = md5($salt.$pass.$salt)
+ 3910 = md5(md5($pass).md5($salt))
+ 4010 = md5($salt.md5($salt.$pass))
+ 4110 = md5($salt.md5($pass.$salt))
+ 4210 = md5($username.0.$pass)
+ 4300 = md5(strtoupper(md5($pass)))
+ 4400 = md5(sha1($pass))
+ 4500 = sha1(sha1($pass))
+ 4600 = sha1(sha1(sha1($pass)))
+ 4700 = sha1(md5($pass))
+ 4800 = MD5(Chap)
+ 5000 = SHA-3(Keccak)
+ 5100 = Half MD5
+ 5200 = Password Safe SHA-256
+ 5300 = IKE-PSK MD5
+ 5400 = IKE-PSK SHA1
+ 5500 = NetNTLMv1-VANILLA / NetNTLMv1-ESS
+ 5600 = NetNTLMv2
+ 5700 = Cisco-IOS SHA256
+ 5800 = Samsung Android Password/PIN
+ 6300 = AIX {smd5}
+ 6400 = AIX {ssha256}
+ 6500 = AIX {ssha512}
+ 6700 = AIX {ssha1}
+ 6900 = GOST, GOST R 34.11-94
+ 7000 = Fortigate (FortiOS)
+ 7100 = OS X v10.8
+ 7200 = GRUB 2
+ 7300 = IPMI2 RAKP HMAC-SHA1
+ 7400 = sha256crypt, SHA256(Unix)
+ 9999 = Plaintext
+
+* Specific hash types:
+
+   11 = Joomla
+   21 = osCommerce, xt:Commerce
+  101 = nsldap, SHA-1(Base64), Netscape LDAP SHA
+  111 = nsldaps, SSHA-1(Base64), Netscape LDAP SSHA
+  112 = Oracle 11g
+  121 = SMF > v1.1
+  122 = OS X v10.4, v10.5, v10.6
+  123 = EPi
+  131 = MSSQL(2000)
+  132 = MSSQL(2005)
+  141 = EPiServer 6.x < v4
+ 1441 = EPiServer 6.x > v4
+ 1711 = SSHA-512(Base64), LDAP {SSHA512}
+ 1722 = OS X v10.7
+ 1731 = MSSQL(2012)
+ 2611 = vBulletin < v3.8.5
+ 2711 = vBulletin > v3.8.5
+ 2811 = IPB2+, MyBB1.2+
+ 3721 = WebEdition CMS
+ 7600 = Redmine Project Management Web App
+
+```
+
+Example Usage
+-------
+There is a wiki [here](http://hashcat.net/wiki/doku.php?id=start)
+
+
+Links
+-------
+1. [hashcat](http://hashcat.net/hashcat/)
+1. [youtube](https://www.youtube.com/watch?v=fCNOIheD-Is)
+1. [Cracking WPA and WPA2](http://www.blackmoreops.com/2014/03/27/cracking-wpa-wpa2-with-hashcat-kali-linux/#)