Hash cracking

Table of contents

1. Hash cracking
   1. Hash identification
      1. Hashid
      2. Cyberchef
   2. Hash cracking
      1. Hashcat
      2. John the Ripper
      3. Ophcrack

---

Hash identification

Hashid

You can identify what type of hash you are dealing with using the hashid tool. It is a Python script that can identify over 200 different types of hashes.

hashid <hash>

You can also use the -m flag to show the corresponding Hashcat mode for the hash.

hashid -m '$1$sAdr$A419uwu583q743wllMkpo2'

Or you can use the -j flag to show the corresponding John the Ripper format for the hash.

hashid -j '$1$sAdr$A419uwu583q743wllMkpo2'

Cyberchef

You can also use CyberChef, whether it is online or self-hosted to identify your hash’s type. Just paste the hash into the input box and select the “Analyse hash” operation. CyberChef will try to identify the hash type and display it in the output box. CyberChef can also be used to create hashes of different types.

Hash cracking

Hashcat

Hashcat is a password recovery tool that can crack hashes using various methods, including brute force, dictionary attacks, and rule-based attacks. It supports a wide range of hash types and is highly optimized for performance.

hashcat -m <hash_type> -a <attack_mode> <hash_file> [wordlist]

Additionally, you can use different flags and options to customize the attack. For example, you can use the -r flag to specify a rule file (only works with the dictionary attack), or the -w flag to set the workload profile (up to 4, where 4 is the highest and most aggressive). You can also use the -O flag to enable optimized kernel, which can speed up the cracking process for certain hash types but has limits with bigger passwords and can sometimes slow the cracking down. Finally, you can also use --opencl-device-types 1,2 to use both your CPU and your GPU for cracking.

Below is an example of a command to crack a hash (from hashcat’s example hashes) using Hashcat and with various arguments:

hashcat -m 500 -o result.txt --remove --potfile-disable -r /tmp/OneRuleToRuleThemStill/OneRuleToRuleThemStill.rule --username "administrator:\$1\$28772684\$iEwNOgGugqO9.bIz5sk8k/" /tmp/wordlists/passwords/password.txt -w 4 --opencl-device-types 1,2 

What’s best to do is to test different combinations of arguments in the first running seconds to see how you can get the best performance out of your machine for this specific hash type.

• Bruteforce example:

hashcat -m 500 hash.txt -a  3  ?1?1?1?1?1?1?1?1 --increment -1 ?l?d?u

John the Ripper

John the Ripper is another popular password recovery tool that can crack hashes using various methods, including brute force and dictionary attacks. It supports a wide range of hash types and is highly optimized for performance.

john --format=<hash_type> --wordlist=<wordlist> <hash_file>

• Examples :

john --mask="?d?d?d?d" passwords.txt

This command will try to crack the password using a mask attack with 4 digits.

john --format=md5 --wordlist=rockyou.txt --rules passwords.txt

This command will try to crack the password (which is md5 hash) using the rockyou.txt wordlist and applying rules to modify the words in the list.

Ophcrack