Introduction to Hashcat
Hashcat is known as the strongest password cracking tool in the universe. It is an open source software available for Windows, Mac and Linux. It supports multiple computing cores such as CPU, GPU, APU, DSP and FPGA, and supports multiple hashing algorithms. Supports the cracking of various passwords such as rar, office, pdf, windows account, wifi, etc. This article introduces the installation and configuration of Hashcat under Windows 10 system, specific password cracking methods and password protection techniques.
Installation configuration
First, go to Hashcat official website to download the software package. The version I downloaded is v6.1.1. Here you need to pay attention to downloading the software package behind the hashcat binaries name. It has been compiled to generate an exe executable file that can be run directly, and the hashcat sources need to use similar The MinGW compilation tool compiles the Hashcat source code to generate an executable file. After downloading the Hashcat software package, you can directly run Hashcat through the command line in the home directory (Hashcat works in command line mode). Note that you must enter the host of the Hashcat software package. Directory to run hashcat, here is a recommended method to directly enter cmd in the address bar of the package home directory to make the command line window directly jump the address to the Hashcat home directory. Finally, the configuration of the test computer I used is as follows, and we can start right away Hashcat's journey of discovery. 
At the same time, when using Hashcat for password cracking, auxiliary tools are needed to obtain the Hash of the encrypted file. Here, John the Ripper is used to obtain the Hash of the encrypted file (specific version john-1.9.0), which is also run through the command line. In the summary of password cracking and protection, we will introduce how to use it. To run John the Ripper, you need to install python and perl to run the corresponding script file, and you need to configure the corresponding environment variables.
Hashcat use
First of all, we can use the hashcat --help command to view the commonly used command lines of Hashcat, which is also the most practical technique when learning any language or method.
-a 指定要使用的破解模式,其值参考后面对参数。“-a 0”字典攻击,“-a 1” 组合攻击;“-a 3”掩码攻击。
-m 指定要破解的hash类型,如果不指定类型,则默认是MD5
-o 指定破解成功后的hash及所对应的明文密码的存放位置,可以用它把破解成功的hash写到指定的文件中
--force 忽略破解过程中的警告信息,跑单条hash可能需要加上此选项
--show 显示已经破解的hash及该hash所对应的明文
--increment 启用增量破解模式,你可以利用此模式让hashcat在指定的密码长度范围内执行破解过程
--increment-min 密码最小长度,后面直接等于一个整数即可,配置increment模式一起使用
--increment-max 密码最大长度,同上
--outfile-format 指定破解结果的输出格式id,默认是3
--username 忽略hash文件中的指定的用户名,在破解linux系统用户密码hash可能会用到
--remove 删除已被破解成功的hash
-r 使用自定义破解规则
At the same time, you can also check the Hashcat wiki. The above includes the common attack types of Hashcat, the comparison table of common Hash types, the mask setting method, the supported platform types, etc. All have detailed descriptions, and I will not elaborate here. If you have any questions, you can go to the background contact.
I still want to recommend the Python learning group I built by myself : 705933274 , all of whom are learning Python. If you want to learn or are learning Python, you are welcome to join. Everyone is a software development party and share dry goods from time to time (only Python software development related), including a copy of the latest Python advanced materials and zero-based teaching compiled by myself in 2021. Welcome friends who are in advanced and interested in Python to join!
Password cracking and protection
First of all, I tested the computing power of the configuration notebook used. Through the instruction hashcat -b, you can see that it targets various hash types of discrete graphics cards GeForce 940MX, core graphics 630 and CPU Intel Core(TM) i7-7700HQ (corresponding to the device in the figure). 1, 2 and 3) The respective computing power. 
The following is to compare the efficiency of password cracking by using mask attack methods for rar, office, and pdf encrypted files and dictionary attack methods for zip encrypted files.
Create a new test rar encrypted file "test.rar", run the command line in the run directory of john-1.9.0, and enter the command
rar2john.exe test.rar
got the answer
test.rar:$rar5$16$17ef7a950b46655b9885e6cdade46948$15$d132b6edad975688f01a00df22ef20c1$8$6b4b7c0213e56414
In the Hashcat wiki, click to enter Example hashes and search for "rar5" to find out that the corresponding ID is 13000, then enter the Hashcat command line, enter the command as follows, where -m corresponds to the ID of the checked Hash, and 3 corresponds to -a For a mask attack, ?d corresponds to a number.
hashcat.exe -m 13000 -a 3 $rar5$16$17ef7a950b46655b9885e6cdade46948$15$d132b6edad975688f01a00df22ef20c1$8$6b4b7c0213e56414 ?d?d?d?d -o out.txt
The final running result is shown in the figure. Import the cracked password into the out.txt file. During the running process, you can press the S key to view the real-time cracking status. 
The subsequent instructions and output for cracking the word encrypted file are as follows:
python office2john.py test.docx 获取word加密文件的Hash指令(此处需要安装python并配置环境变量)
test.docx:$office$*2013*100000*256*16*561f4dcaaac333e7c06d150f9ea5aea2*ef4e7b026217124561ecb865b324eac4*e9ef4a859f2c81581db0e27d9ce48e6451b82cd1641941e8adc10dc5600969cb 所得Hash返回结果
hashcat.exe -m 9600 -a 3 $office$*2013*100000*256*16*561f4dcaaac333e7c06d150f9ea5aea2*ef4e7b026217124561ecb865b324eac4*e9ef4a859f2c81581db0e27d9ce48e6451b82cd1641941e8adc10dc5600969cb ?d?d?d?d -o out.txt Hashcat破解对应hash
The instructions and output for cracking pdf encrypted files are as follows:
perl pdf2john.pl test.pdf 获取pdf加密文件的Hash指令(此处需要安装perl并配置环境变量)
test.pdf:$pdf$4*4*128*-3904*0*16*55f913d20e34724fd70d3004f5e43166*32*7a29310ea5dc0276d34c1bef24595d61984a08eb759eaba56bd4887a260bbcce*32*de0c200bbe6887a980dc429edbdabc40f39a368841d804afefa726b2bd7c7b24 所得Hash返回结果
hashcat.exe -m 10500 -a 3 $pdf$4*4*128*-3904*0*16*55f913d20e34724fd70d3004f5e43166*32*7a29310ea5dc0276d34c1bef24595d61984a08eb759eaba56bd4887a260bbcce*32*de0c200bbe6887a980dc429edbdabc40f39a368841d804afefa726b2bd7c7b24 ?l?l?l?l?l?l -o out.txt Hashcat破解对应hash,此处?l对应一个小写字母
The instructions and output of using the dictionary to crack the zip encrypted file are as follows:
zip2john.exe test.zip 获取zip加密文件的Hash指令
test.zip/test.txt:$pkzip2$1*1*2*0*15*9*4aac42f3*0*26*0*15*4aac*470b*6fa72c2bc69e5738181cb7f406187f8084ce07cf5f*$/pkzip2$:test.txt:test.zip::test.zip 所得Hash返回结果
hashcat -a 0 -m 17210 $pkzip2$1*1*2*0*15*9*4aac42f3*0*26*0*15*4aac*470b*6fa72c2bc69e5738181cb7f406187f8084ce07cf5f*$/pkzip2$ password.txt --force
password.txt中存放密码字典
The above uses Hashcat to crack the encrypted files of rar, zip, pdf, and word. The selected methods are mainly dictionary cracking and mask cracking. The examples selected here are relatively simple passwords for the convenience of demonstration. The actual situation may encounter various For various types of passwords, when the length and type of the password are unknown, it is best to use the dictionary cracking method first, and then we will share some collected dictionaries and dictionary download links. If you cannot get the password out of the existing dictionary, You can only use brute force cracking or mask combination brute force cracking methods. At this time, the requirements for computer performance are particularly high, and the more complex the password (for example, the password includes letters, numbers, special characters, Chinese characters, etc.), the difficulty of cracking becomes It has increased exponentially. In the follow-up, we will dig deeper into hashcat, a password cracking artifact, and share some cracking skills and password setting skills.
Reprint statement: If you want to reprint, please contact the background. Please keep the original author and source information when reprinting. Reprinting the article prohibits the statement original
Disclaimer: The content involved in this official account is for safety research and teaching use only. If there are other risks, you will be responsible for the consequences.
Interested friends can apply for QQ group: 705933274