Hash破解神器-hashcat详细使用

Hashcat系列软件是比较牛逼的密码破解软件，系列软件包含Hashcat、oclHashcat；还有一个单独新出的oclRausscrack。其区别为Hashcat只支持cpu破解；oclHashcat和oclGausscrack则支持gpu加速。oclHashcat则分为AMD版和NIVDA版。

安装
wget https://hashcat.net/files_legacy/hashcat-4.2.1.7z
7z e hashcat-4.2.1.7z

查看版本
./hashcat-cli64.bin -V ./hashcat-cli32.bin -V

查看 hash (/etc/shadow)
tail /etc/shadow
这里写图片描述
找到salt值
比如 jose后面 $6$ ,6表示hash加密类型, $6$ 后面到下一个$之间的字符就是salt值
jose 的salt:CqiOcwyE
hash类型要根据不同系统来得到,你可以从/etc/login.defs中ENCRYPT_METHOD中得到 SHA512
grep -A 18 ENCRYPT_METHOD /etc/login.defs

生成hash文件
tail -n 1 /etc/shadow > crack1.hash
nano crack1.hash
只留下 $6$ ~salt~$并保存.

下载字典文件或生成字典文件

破解hash文件

./hashcat-cli64.bin -m 1800 -a 0 -o found1.txt --remove crack1.hash 500_passwords.txt
cat found1.txt  (已经完成的破解文件)

-m 1800 hash类型这里是SHA512
-a 0 破解类型字典破解
-O found1.txt 输出破解密码
–remove 如果已经破解过,就删掉
crack1.hash 待破解的hash文件
500_passwords.txt 字典文件

hashcat项目地址
在此重申字典的重要性.

附hash类型

* Generic hash types:

0 = MD5
10 = md5($pass.$salt)
20 = md5($salt.$pass)   =》 Serv-U FTP
30 = md5(unicode($pass).$salt)
40 = md5($salt.unicode($pass))
100 = SHA1
110 = sha1($pass.$salt)
120 = sha1($salt.$pass)
130 = sha1(unicode($pass).$salt)
140 = sha1($salt.unicode($pass))
300 = MySQL
400 = phpass, MD5(WordPress), MD5(phpBB3)
500 = md5crypt, MD5(Unix), FreeBSD MD5, Cisco-IOS MD5
900 = MD4
1000 = NTLM
1100 = Domain Cached Credentials, mscash
1400 = SHA256
1410 = sha256($pass.$salt)
1420 = sha256($salt.$pass)
1500 = descrypt, DES(Unix), Traditional DES    => .htpasswd
1600 = md5apr1, MD5(APR), Apache MD5
1700 = SHA512
1710 = sha512($pass.$salt)
1720 = sha512($salt.$pass)
1800 = sha512crypt, SHA512(Unix)
2100 = Domain Cached Credentials2, mscash2
2400 = Cisco-PIX MD5
2500 = WPA/WPA2
2600 = Double MD5
3000 = LM
3100 = Oracle 7-10g, DES(Oracle)
3200 = bcrypt, Blowfish(OpenBSD)
5000 = SHA-3(Keccak)

* Specific hash types:

11 = Joomla
21 = osCommerce, xt:Commerce
101 = nsldap, SHA-1(Base64), Netscape LDAP SHA
111 = nsldaps, SSHA-1(Base64), Netscape LDAP SSHA
112 = Oracle 11g
121 = SMF > v1.1
122 = OSX v10.4, v10.5, v10.6
  131 = MSSQL(2000)
132 = MSSQL(2005)
141 = EPiServer 6.x
1722 = OSX v10.7
2611 = vBulletin < v3.8.5   => Discuz   Xiuno  ECshop 等等
2711 = vBulletin > v3.8.5
2811 = IPB2+, MyBB1.2+

Hash破解神器-hashcat详细使用

猜你喜欢