Hashcat

Quick example of dictionary and brute force attacks using Hashcat.

Hashcat

This post describes the process to audit password security levels with Hashcat.

I'm going to cover Dictionary Attack and Brute Force Attack.

First things first, hashcat needs to be installed:

sudo dnf install hashcat

The next step is to install seclists to have the complete toolset for a dictionary attack:

sudo snap install seclists

The lists are located in /snap/seclists/current.

[terminator@skynet ~]$ ll /snap/seclists/current/
total 2
drwxr-xr-x.  9 root root  144 Nov 23 10:06 Discovery
drwxr-xr-x.  9 root root 1554 Nov 23 10:06 Fuzzing
drwxr-xr-x.  2 root root  216 Nov 23 10:06 IOCs
-rw-r--r--.  1 root root 1072 Nov 23 10:05 LICENSE
drwxr-xr-x.  3 root root   43 Nov 23 10:06 meta
drwxr-xr-x.  7 root root  587 Nov 23 10:06 Miscellaneous
drwxr-xr-x. 12 root root 1702 Nov 23 10:06 Passwords
drwxr-xr-x.  3 root root  313 Nov 23 10:06 Pattern-Matching
drwxr-xr-x.  8 root root  164 Nov 23 10:06 Payloads
drwxr-xr-x.  3 root root   79 Nov 23 10:06 snap
drwxr-xr-x.  4 root root  333 Nov 23 10:06 Usernames
drwxr-xr-x.  4 root root   39 Nov 23 10:06 usr
drwxr-xr-x. 10 root root  165 Nov 23 10:06 Web-Shells

Dictionary Attack

A dictionary attack consists on hashing every word from a list and comparing the hashes to verify a match. The success of this attack will very much depend on wether or not the audited password is inside the list.

To run the attack create a file called sha1-hashes.txt and copy the following hashes inside, then save and exit:

eacbd5b2f4d7fa8b88337e0fa26bffc89d236006
ba29785aeb6a34f84fc014fc915f9213baeaf564
1f1b64909181c0536147cf6ab808f97ba9de87d0
61b7c8fda6a86524c414bc3e4f27f4b228cc8c47
93b4cf0b3e1e4bbe07796f1bd445ce0f142e1f7f
c8d0d6946b762f44db3ee3be57659bf9b2977bfd
a03071db0f9b3ce153b1f533ed665e1f2e06bf94
c2c87d41614b9ec10b34fc3f861c25664a052c13

The command to perform the attack is:

hashcat -m 100 -a 0 -o <output_filename> <input_filename> <wordlist_filename>

In case of success your output may look similar to this:

[terminator@skynet Hashcat]$ hashcat -m 100 -a 0 -o sha1-cracked.txt sha1-hashes.txt /snap/seclists/current/Passwords/darkc0de.txt
hashcat (v6.2.6) starting

OpenCL API (OpenCL 3.0 PoCL 3.1  Linux, Release, RELOC, SPIR, LLVM 16.0.0, SLEEF, FP16, DISTRO, POCL_DEBUG) - Platform #1 [The pocl project]
============================================================================================================================================
* Device #1: pthread-Intel(R) Core(TM) i3-6100T CPU @ 3.20GHz, 6878/13821 MB (2048 MB allocatable), 4MCU

Minimum password length supported by kernel: 0
Maximum password length supported by kernel: 256

Hashes: 8 digests; 8 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates
Rules: 1

Optimizers applied:
* Zero-Byte
* Early-Skip
* Not-Salted
* Not-Iterated
* Single-Salt
* Raw-Hash

ATTENTION! Pure (unoptimized) backend kernels selected.
Pure kernels can crack longer passwords, but drastically reduce performance.
If you want to switch to optimized kernels, append -O to your commandline.
See the above message to find out about the exact limits.

Watchdog: Temperature abort trigger set to 90c

Host memory required for this attack: 1 MB

Dictionary cache hit:
* Filename..: /snap/seclists/current/Passwords/darkc0de.txt
* Passwords.: 1471056
* Bytes.....: 15069474
* Keyspace..: 1471056

                                                          
Session..........: hashcat
Status...........: Cracked
Hash.Mode........: 100 (SHA1)
Hash.Target......: sha1-hashes.txt
Time.Started.....: Fri May 19 21:08:52 2023 (0 secs)
Time.Estimated...: Fri May 19 21:08:52 2023 (0 secs)
Kernel.Feature...: Pure Kernel
Guess.Base.......: File (/snap/seclists/current/Passwords/darkc0de.txt)
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........:  3152.0 kH/s (0.49ms) @ Accel:1024 Loops:1 Thr:1 Vec:8
Recovered........: 8/8 (100.00%) Digests (total), 8/8 (100.00%) Digests (new)
Progress.........: 1208320/1471056 (82.14%)
Rejected.........: 0/1208320 (0.00%)
Restore.Point....: 1204224/1471056 (81.86%)
Restore.Sub.#1...: Salt:0 Amplifier:0-1 Iteration:0-1
Candidate.Engine.: Device Generator
Candidates.#1....: seven-ply -> sgorbi
Hardware.Mon.#1..: Temp: 62c Util: 36%

Started: Fri May 19 21:08:51 2023
Stopped: Fri May 19 21:08:54 2023

The total time for the attack was 3 seconds. Now just cat the output file to see the resutls:

[terminator@skynet Hashcat]$ cat sha1-cracked.txt 
ba29785aeb6a34f84fc014fc915f9213baeaf564:00c935i5
eacbd5b2f4d7fa8b88337e0fa26bffc89d236006:0ccu12123nc3
1f1b64909181c0536147cf6ab808f97ba9de87d0:10n65h0123
c8d0d6946b762f44db3ee3be57659bf9b2977bfd:Pancakes
a03071db0f9b3ce153b1f533ed665e1f2e06bf94:papagika
c2c87d41614b9ec10b34fc3f861c25664a052c13:PAPAS
61b7c8fda6a86524c414bc3e4f27f4b228cc8c47:readers
93b4cf0b3e1e4bbe07796f1bd445ce0f142e1f7f:sfruttata

Brute Force Attack

A brute force attack is basically trying all possible combinations of characters and hashing them to try to guess which string generates the same hash. The success of this attack will depend on how much computing power is available and the strength of the audited password.

To run the attack create a file called md5-hashes.txt and copy the following hashes inside, then save and exit:

eb61eead90e3b899c6bcbe27ac581660
fbade9e36a3f36d3d676c1b808451dd7
4d186321c1a7f0f354b297e8914ab240
f688ae26e9cfa3ba6235477831d5122e
c6f00988430dbc8e83a7bc7ab5256346

The command to perform the attack is:

hashcat -m 0 -a 3 -i <input_filename> ?a?a?a?a?a -o <output_filename>

In this specific case I specify a mask of 4 characters-length. It could be longer depending on the password you are trying to audit.

In case of success your output may look similar to this:

[terminator@skynet Hashcat]$ hashcat -m 0 -a 3 -i md5-hashes.txt ?a?a?a?a?a -o md5-cracked.txt
hashcat (v6.2.6) starting

OpenCL API (OpenCL 3.0 PoCL 3.1  Linux, Release, RELOC, SPIR, LLVM 16.0.0, SLEEF, FP16, DISTRO, POCL_DEBUG) - Platform #1 [The pocl project]
============================================================================================================================================
* Device #1: pthread-Intel(R) Core(TM) i3-6100T CPU @ 3.20GHz, 6878/13821 MB (2048 MB allocatable), 4MCU

Minimum password length supported by kernel: 0
Maximum password length supported by kernel: 256

Hashes: 5 digests; 5 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates

Optimizers applied:
* Zero-Byte
* Early-Skip
* Not-Salted
* Not-Iterated
* Single-Salt
* Brute-Force
* Raw-Hash

ATTENTION! Pure (unoptimized) backend kernels selected.
Pure kernels can crack longer passwords, but drastically reduce performance.
If you want to switch to optimized kernels, append -O to your commandline.
See the above message to find out about the exact limits.

Watchdog: Temperature abort trigger set to 90c

INFO: Removed 4 hashes found as potfile entries.

Host memory required for this attack: 1 MB

The wordlist or mask that you are using is too small.
This means that hashcat cannot use the full parallel power of your device(s).
Unless you supply more work, your cracking speed will drop.
For tips on supplying more work, see: https://hashcat.net/faq/morework

Approaching final keyspace - workload adjusted.           

                                                          
Session..........: hashcat
Status...........: Exhausted
Hash.Mode........: 0 (MD5)
Hash.Target......: md5-hashes.txt
Time.Started.....: Thu May 18 16:02:18 2023 (0 secs)
Time.Estimated...: Thu May 18 16:02:18 2023 (0 secs)
Kernel.Feature...: Pure Kernel
Guess.Mask.......: ?a [1]
Guess.Queue......: 1/5 (20.00%)
Speed.#1.........:   254.0 kH/s (0.01ms) @ Accel:1024 Loops:95 Thr:1 Vec:8
Recovered........: 4/5 (80.00%) Digests (total), 0/5 (0.00%) Digests (new)
Progress.........: 95/95 (100.00%)
Rejected.........: 0/95 (0.00%)
Restore.Point....: 1/1 (100.00%)
Restore.Sub.#1...: Salt:0 Amplifier:0-95 Iteration:0-95
Candidate.Engine.: Device Generator
Candidates.#1....: s ->  
Hardware.Mon.#1..: Temp: 52c Util: 29%

The wordlist or mask that you are using is too small.
This means that hashcat cannot use the full parallel power of your device(s).
Unless you supply more work, your cracking speed will drop.
For tips on supplying more work, see: https://hashcat.net/faq/morework

Approaching final keyspace - workload adjusted.           

                                                          
Session..........: hashcat
Status...........: Exhausted
Hash.Mode........: 0 (MD5)
Hash.Target......: md5-hashes.txt
Time.Started.....: Thu May 18 16:02:18 2023 (0 secs)
Time.Estimated...: Thu May 18 16:02:18 2023 (0 secs)
Kernel.Feature...: Pure Kernel
Guess.Mask.......: ?a?a [2]
Guess.Queue......: 2/5 (40.00%)
Speed.#1.........: 30181.1 kH/s (0.11ms) @ Accel:1024 Loops:95 Thr:1 Vec:8
Recovered........: 4/5 (80.00%) Digests (total), 0/5 (0.00%) Digests (new)
Progress.........: 9025/9025 (100.00%)
Rejected.........: 0/9025 (0.00%)
Restore.Point....: 95/95 (100.00%)
Restore.Sub.#1...: Salt:0 Amplifier:0-95 Iteration:0-95
Candidate.Engine.: Device Generator
Candidates.#1....: sa ->   
Hardware.Mon.#1..: Temp: 52c Util: 51%

Approaching final keyspace - workload adjusted.           

                                                          
Session..........: hashcat
Status...........: Exhausted
Hash.Mode........: 0 (MD5)
Hash.Target......: md5-hashes.txt
Time.Started.....: Thu May 18 16:02:18 2023 (0 secs)
Time.Estimated...: Thu May 18 16:02:18 2023 (0 secs)
Kernel.Feature...: Pure Kernel
Guess.Mask.......: ?a?a?a [3]
Guess.Queue......: 3/5 (60.00%)
Speed.#1.........: 62085.1 kH/s (3.71ms) @ Accel:1024 Loops:95 Thr:1 Vec:8
Recovered........: 4/5 (80.00%) Digests (total), 0/5 (0.00%) Digests (new)
Progress.........: 857375/857375 (100.00%)
Rejected.........: 0/857375 (0.00%)
Restore.Point....: 9025/9025 (100.00%)
Restore.Sub.#1...: Salt:0 Amplifier:0-95 Iteration:0-95
Candidate.Engine.: Device Generator
Candidates.#1....: st? ->   ~
Hardware.Mon.#1..: Temp: 52c Util: 53%

Approaching final keyspace - workload adjusted.           

                                                          
Session..........: hashcat
Status...........: Exhausted
Hash.Mode........: 0 (MD5)
Hash.Target......: md5-hashes.txt
Time.Started.....: Thu May 18 16:02:18 2023 (1 sec)
Time.Estimated...: Thu May 18 16:02:19 2023 (0 secs)
Kernel.Feature...: Pure Kernel
Guess.Mask.......: ?a?a?a?a [4]
Guess.Queue......: 4/5 (80.00%)
Speed.#1.........: 85936.8 kH/s (4.01ms) @ Accel:1024 Loops:95 Thr:1 Vec:8
Recovered........: 4/5 (80.00%) Digests (total), 0/5 (0.00%) Digests (new)
Progress.........: 81450625/81450625 (100.00%)
Rejected.........: 0/81450625 (0.00%)
Restore.Point....: 857375/857375 (100.00%)
Restore.Sub.#1...: Salt:0 Amplifier:0-95 Iteration:0-95
Candidate.Engine.: Device Generator
Candidates.#1....: ss%~ ->   ~}
Hardware.Mon.#1..: Temp: 53c Util: 93%

                                                          
Session..........: hashcat
Status...........: Cracked
Hash.Mode........: 0 (MD5)
Hash.Target......: md5-hashes.txt
Time.Started.....: Thu May 18 16:02:19 2023 (2 secs)
Time.Estimated...: Thu May 18 16:02:21 2023 (0 secs)
Kernel.Feature...: Pure Kernel
Guess.Mask.......: ?a?a?a?a?a [5]
Guess.Queue......: 5/5 (100.00%)
Speed.#1.........: 82982.3 kH/s (3.97ms) @ Accel:1024 Loops:95 Thr:1 Vec:8
Recovered........: 5/5 (100.00%) Digests (total), 1/5 (20.00%) Digests (new)
Progress.........: 163041280/7737809375 (2.11%)
Rejected.........: 0/163041280 (0.00%)
Restore.Point....: 1712128/81450625 (2.10%)
Restore.Sub.#1...: Salt:0 Amplifier:0-95 Iteration:0-95
Candidate.Engine.: Device Generator
Candidates.#1....: szF}d ->  -hal
Hardware.Mon.#1..: Temp: 54c Util: 93%

Started: Thu May 18 16:02:15 2023
Stopped: Thu May 18 16:02:22 2023

The total time for the attack was 7 seconds. Now just cat the output file to see the resutls:

[terminator@skynet Hashcat]$ cat md5-cracked.txt 
fbade9e36a3f36d3d676c1b808451dd7:z
c6f00988430dbc8e83a7bc7ab5256346:HOLA
4d186321c1a7f0f354b297e8914ab240:hola
f688ae26e9cfa3ba6235477831d5122e:Hola
eb61eead90e3b899c6bcbe27ac581660:HELLO

That's it for the brute force attack demonstration. This is a simple example that can become as complex as you need by just tweaking the command.

I strongly advise you to checkout the documentation because you will be amazed by how much options you can play with.

NOTE: The potfile is located at ~/.local/share/hashcat/hashcat.potfile in my case.

Benchmark

Hashcat allows you to run a benchmark by running hashcat -b on your PC. Here's how that could look like:

[terminator@skynet Hashcat]$ hashcat -b
hashcat (v6.2.6) starting in benchmark mode

Benchmarking uses hand-optimized kernel code by default.
You can use it in your cracking session by setting the -O option.
Note: Using optimized kernel code limits the maximum supported password length.
To disable the optimized kernel code in benchmark mode, use the -w option.

OpenCL API (OpenCL 3.0 PoCL 3.1  Linux, Release, RELOC, SPIR, LLVM 16.0.0, SLEEF, FP16, DISTRO, POCL_DEBUG) - Platform #1 [The pocl project]
============================================================================================================================================
* Device #1: pthread-Intel(R) Core(TM) i3-6100T CPU @ 3.20GHz, 6878/13821 MB (2048 MB allocatable), 4MCU

Benchmark relevant options:
===========================
* --optimized-kernel-enable

-------------------
* Hash-Mode 0 (MD5)
-------------------

Speed.#1.........:   221.0 MH/s (18.73ms) @ Accel:1024 Loops:1024 Thr:1 Vec:8

----------------------
* Hash-Mode 100 (SHA1)
----------------------

Speed.#1.........: 85049.7 kH/s (46.66ms) @ Accel:1024 Loops:1024 Thr:1 Vec:8

---------------------------
* Hash-Mode 1400 (SHA2-256)
---------------------------

Speed.#1.........: 36614.0 kH/s (56.93ms) @ Accel:1024 Loops:512 Thr:1 Vec:8

---------------------------
* Hash-Mode 1700 (SHA2-512)
---------------------------

Speed.#1.........: 12364.8 kH/s (84.41ms) @ Accel:256 Loops:1024 Thr:1 Vec:4

-------------------------------------------------------------
* Hash-Mode 22000 (WPA-PBKDF2-PMKID+EAPOL) [Iterations: 4095]
-------------------------------------------------------------

Speed.#1.........:     3718 H/s (61.76ms) @ Accel:1024 Loops:256 Thr:1 Vec:8

-----------------------
* Hash-Mode 1000 (NTLM)
-----------------------

Speed.#1.........:   351.2 MH/s (11.62ms) @ Accel:1024 Loops:1024 Thr:1 Vec:8

---------------------
* Hash-Mode 3000 (LM)
---------------------

Speed.#1.........: 35494.9 kH/s (57.39ms) @ Accel:512 Loops:1024 Thr:1 Vec:8

--------------------------------------------
* Hash-Mode 5500 (NetNTLMv1 / NetNTLMv1+ESS)
--------------------------------------------

Speed.#1.........:   235.5 MH/s (17.54ms) @ Accel:1024 Loops:1024 Thr:1 Vec:8

----------------------------
* Hash-Mode 5600 (NetNTLMv2)
----------------------------

Speed.#1.........: 16520.3 kH/s (63.19ms) @ Accel:256 Loops:1024 Thr:1 Vec:8

--------------------------------------------------------
* Hash-Mode 1500 (descrypt, DES (Unix), Traditional DES)
--------------------------------------------------------

Speed.#1.........:  1415.9 kH/s (85.89ms) @ Accel:32 Loops:1024 Thr:1 Vec:8

------------------------------------------------------------------------------
* Hash-Mode 500 (md5crypt, MD5 (Unix), Cisco-IOS $1$ (MD5)) [Iterations: 1000]
------------------------------------------------------------------------------

Speed.#1.........:    21679 H/s (93.60ms) @ Accel:1024 Loops:500 Thr:1 Vec:8

----------------------------------------------------------------
* Hash-Mode 3200 (bcrypt $2*$, Blowfish (Unix)) [Iterations: 32]
----------------------------------------------------------------

Speed.#1.........:       53 H/s (11.22ms) @ Accel:4 Loops:32 Thr:1 Vec:1

--------------------------------------------------------------------
* Hash-Mode 1800 (sha512crypt $6$, SHA512 (Unix)) [Iterations: 5000]
--------------------------------------------------------------------

Speed.#1.........:      599 H/s (85.05ms) @ Accel:256 Loops:1024 Thr:1 Vec:4

--------------------------------------------------------
* Hash-Mode 7500 (Kerberos 5, etype 23, AS-REQ Pre-Auth)
--------------------------------------------------------

Speed.#1.........:  1533.0 kH/s (85.23ms) @ Accel:32 Loops:1024 Thr:1 Vec:8

-------------------------------------------------
* Hash-Mode 13100 (Kerberos 5, etype 23, TGS-REP)
-------------------------------------------------

Speed.#1.........:  1471.8 kH/s (88.74ms) @ Accel:32 Loops:1024 Thr:1 Vec:8

---------------------------------------------------------------------------------
* Hash-Mode 15300 (DPAPI masterkey file v1 (context 1 and 2)) [Iterations: 23999]
---------------------------------------------------------------------------------

Speed.#1.........:      728 H/s (58.35ms) @ Accel:256 Loops:1024 Thr:1 Vec:8

---------------------------------------------------------------------------------
* Hash-Mode 15900 (DPAPI masterkey file v2 (context 1 and 2)) [Iterations: 12899]
---------------------------------------------------------------------------------

Speed.#1.........:      489 H/s (80.24ms) @ Accel:128 Loops:1024 Thr:1 Vec:4

------------------------------------------------------------------
* Hash-Mode 7100 (macOS v10.8+ (PBKDF2-SHA512)) [Iterations: 1023]
------------------------------------------------------------------

Speed.#1.........:     6071 H/s (81.50ms) @ Accel:128 Loops:1023 Thr:1 Vec:4

---------------------------------------------
* Hash-Mode 11600 (7-Zip) [Iterations: 16384]
---------------------------------------------

Speed.#1.........:     1061 H/s (59.59ms) @ Accel:64 Loops:4096 Thr:1 Vec:8

------------------------------------------------
* Hash-Mode 12500 (RAR3-hp) [Iterations: 262144]
------------------------------------------------

Speed.#1.........:      134 H/s (59.65ms) @ Accel:32 Loops:16384 Thr:1 Vec:8

--------------------------------------------
* Hash-Mode 13000 (RAR5) [Iterations: 32799]
--------------------------------------------

Speed.#1.........:      475 H/s (67.10ms) @ Accel:512 Loops:512 Thr:1 Vec:8

--------------------------------------------------------------------------------
* Hash-Mode 6211 (TrueCrypt RIPEMD160 + XTS 512 bit (legacy)) [Iterations: 1999]
--------------------------------------------------------------------------------

Speed.#1.........:     3065 H/s (82.18ms) @ Accel:128 Loops:1024 Thr:1 Vec:8

-----------------------------------------------------------------------------------
* Hash-Mode 13400 (KeePass 1 (AES/Twofish) and KeePass 2 (AES)) [Iterations: 24569]
-----------------------------------------------------------------------------------

Speed.#1.........:      346 H/s (61.53ms) @ Accel:256 Loops:512 Thr:1 Vec:8

----------------------------------------------------------------
* Hash-Mode 6800 (LastPass + LastPass sniffed) [Iterations: 499]
----------------------------------------------------------------

Speed.#1.........:    30642 H/s (64.00ms) @ Accel:512 Loops:499 Thr:1 Vec:8

--------------------------------------------------------------------
* Hash-Mode 11300 (Bitcoin/Litecoin wallet.dat) [Iterations: 200459]
--------------------------------------------------------------------

Speed.#1.........:       62 H/s (83.44ms) @ Accel:256 Loops:1024 Thr:1 Vec:4

Started: Fri May 19 19:33:46 2023
Stopped: Fri May 19 19:46:57 2023

Sources: