Installation and use of password blasting tool HashCat

1. Installation

Project address: hashcat
downloads the compressed package and decompresses it, then open cmd in the folder where it is located

Two. Use

1. Basic parameters

-m, —hash-type=NUM           哈希类别，其NUM值参考其帮助信息下面的哈希类别值，其值为数字。如果不指定m值则默认指md5，例如-m 1800是sha512 Linux加密。

-a, –attack-mode=NUM         攻击模式，其值参考后面对参数。“-a 0”字典攻击，“-a 1” 组合攻击；“-a 3”掩码攻击。

-V, —version                 版本信息

-h, –help                    帮助信息。

–quiet                       安静的模式, 抑制输出

2. character set

?l = abcdefghijklmnopqrstuvwxyz 代表小写字母

?u = ABCDEFGHIJKLMNOPQRSTUVWXYZ 代表大写字母

?d = 0123456789 代表数字

?s = !”#$%&’()*+,-./:;<=>?@[\]^_`{|}~  代表特殊字符

?a = ?l?u?d?s 大小写数字及特殊字符的组合

?b = 0×00 – 0xff

3. attack mode

0 = Straight （字典破解）

1 = Combination （组合破解）

2 = Toggle-Case （大小写转换）

3 = Brute-force（掩码暴力破解）

4 = Permutation（序列破解）

5 = Table-Lookup（查表破解）

6 = Hybrid dict + mask 字典加掩码破解

7 = Hybrid mask + dict 掩码+字典破解

8 = Prince（王子破解）

4. hash type

  0 = MD5

  10 = md5($pass.$salt)

  20 = md5($salt.$pass)

  30 = md5(unicode($pass).$salt)

  40 = md5($salt.unicode($pass))

  50 = HMAC-MD5 (key = $pass)

  60 = HMAC-MD5 (key = $salt)

  100 = SHA1

  110 = sha1($pass.$salt)

  120 = sha1($salt.$pass)

  130 = sha1(unicode($pass).$salt)

  140 = sha1($salt.unicode($pass))

  150 = HMAC-SHA1 (key = $pass)

  160 = HMAC-SHA1 (key = $salt)

  200 = MySQL323

  300 = MySQL4.1/MySQL5

  400 = phpass, MD5(WordPress), MD5(phpBB3),MD5(Joomla)

  500 = md5crypt, MD5(Unix), FreeBSD MD5,Cisco-IOS MD5

  900 = MD4

  1000 = NTLM

  1100 = Domain Cached Credentials (DCC), MSCache

  1400 = SHA256

  1410 = sha256($pass.$salt)

  1420 = sha256($salt.$pass)

  1430 = sha256(unicode($pass).$salt)

  1431 = base64(sha256(unicode($pass)))

  1440 = sha256($salt.unicode($pass))

  1450 = HMAC-SHA256 (key = $pass)

  1460 = HMAC-SHA256 (key = $salt)

  1600 = md5apr1, MD5(APR), Apache MD5

  1700 = SHA512

  1710 = sha512($pass.$salt)

  1720 = sha512($salt.$pass)

  1730 = sha512(unicode($pass).$salt)

  1740 = sha512($salt.unicode($pass))

  1750 = HMAC-SHA512 (key = $pass)

  1760 = HMAC-SHA512 (key = $salt)

  1800 = SHA-512(Unix)

  2400 = Cisco-PIX MD5

  2410 = Cisco-ASA MD5

  2500 = WPA/WPA2

  2600 = Double MD5

  3200 = bcrypt, Blowfish(OpenBSD)

  3300 = MD5(Sun)

  3500 = md5(md5(md5($pass)))

  3610 = md5(md5($salt).$pass)

  3710 = md5($salt.md5($pass))

  3720 = md5($pass.md5($salt))

  3800 = md5($salt.$pass.$salt)

  3910 = md5(md5($pass).md5($salt))

  4010 = md5($salt.md5($salt.$pass))

  4110 = md5($salt.md5($pass.$salt))

  4210 = md5($username.0.$pass)

  4300 = md5(strtoupper(md5($pass)))

  4400 = md5(sha1($pass))

  4500 = Double SHA1

  4600 = sha1(sha1(sha1($pass)))

  4700 = sha1(md5($pass))

  4800 = MD5(Chap), iSCSI CHAP authentication

  4900 = sha1($salt.$pass.$salt)

  5000 = SHA-3(Keccak)

  5100 = Half MD5

  5200 = Password Safe SHA-256

  5300 = IKE-PSK MD5

  5400 = IKE-PSK SHA1

  5500 = NetNTLMv1-VANILLA / NetNTLMv1-ESS

  5600 = NetNTLMv2

  5700 = Cisco-IOS SHA256

  5800 = Android PIN

  6300 = AIX {smd5}

  6400 = AIX {ssha256}

  6500 = AIX {ssha512}

  6700 = AIX {ssha1}

  6900 = GOST, GOST R 34.11-94

  7000 = Fortigate (FortiOS)

  7100 = OS X v10.8+

  7200 = GRUB 2

  7300 = IPMI2 RAKP HMAC-SHA1

  7400 = sha256crypt, SHA256(Unix)

  7900 = Drupal7

  8400 = WBB3, Woltlab Burning Board 3

  8900 = scrypt

  9200 = Cisco $8$

  9300 = Cisco $9$

  9800 = Radmin2

 10000 = Django (PBKDF2-SHA256)

 10200 = Cram MD5

 10300 = SAP CODVN H (PWDSALTEDHASH) iSSHA-1

 11000 = PrestaShop

 11100 = PostgreSQL Challenge-ResponseAuthentication (MD5)

 11200 = MySQL Challenge-Response Authentication(SHA1)

 11400 = SIP digest authentication (MD5)

 99999 = Plaintext

特殊哈希类型

   11 = Joomla < 2.5.18

   12 = PostgreSQL

   21 = osCommerce, xt:Commerce

   23 = Skype

  101 = nsldap, SHA-1(Base64), Netscape LDAPSHA

  111 = nsldaps, SSHA-1(Base64), Netscape LDAPSSHA

  112 = Oracle S: Type (Oracle 11+)

  121 = SMF > v1.1

  122 = OS X v10.4, v10.5, v10.6

  123 = EPi

  124 = Django (SHA-1)

  131 = MSSQL(2000)

  132 = MSSQL(2005)

  133 = PeopleSoft

  141 = EPiServer 6.x < v4

 1421 = hMailServer

 1441 = EPiServer 6.x > v4

 1711 = SSHA-512(Base64), LDAP {SSHA512}

 1722 = OS X v10.7

 1731 = MSSQL(2012 & 2014)

 2611 = vBulletin < v3.8.5

 2612 = PHPS

 2711 = vBulletin > v3.8.5

 2811 = IPB2+, MyBB1.2+

 3711 = Mediawiki B type

 3721 = WebEdition CMS

 7600 = Redmine Project Management Web App

3. Blasting method

1. Mask blasting Mask
   blasting means that some characters are known, and another part of characters needs to be blasted, or known character type, length and other information brute force cracking

hashcat -m 0 -a 3 7f9e80abddc1e8f5b3418cd28a8ad322 ?l?l?l?l?l?l?l?l

successfully blasted

2. custom character set

hashcat -m 0 -a 3 -2 ?u?l 8b1a9953c4611296a827abf8c47804d7 ?2?2?2?2?

successfully blasted