https://hashcat.net/hashcat/ and https://github.com/hashcat
It’s a tool that let’s you bruteforce hashes. Hashcat 6.0 is the latest version and support around 208 different hash types ! You can use the CPU or the GPU to compute the hashes.
examples of hashtype NTLM, Kerberos, WPA2, MD5, SHA, Cisco, 7zip, Blowfish …
Hashcat 6 which has been lately release had a lot of work done on it and there is a nice performances increase .
On my fearly old GTX1060 stats or a newer 2080Ti stats
MD5 from 10136MH/s => 12567MH/s = 20% increase between version 5.1 and 6.0
WPA2 189KH/s => 219KH/s = 13% increase between version 5.1 and 6.0
Which dictionnaries to use
Kali comes with rockyou.txt (data-breach in 2009) which led to the 1st creation of a wordlist of people’s password (for more information I invite people to listen to the episode of Darknet Diaries on this topic ( https://darknetdiaries.com/episode/33/ )
Here is a few other ones which I have found to completing nicely to the standard rockyou
https://github.com/FlameOfIgnis/Pwdb-Public
https://wpa-sec.stanev.org/?dicts
https://github.com/danielmiessler/SecLists/tree/master/Passwords
https://github.com/duyetdev/bruteforce-database
Cracking rules
And off course you can crack with rules (you can use the given best64.rule). This enables for example to do combination between a wordlist and a combination.
hashcat -m 13100 spn.txt rockyou.txt -r rules/best64.ruleExample, in best64 you have the simple number adding $0
so if you take the example of rockyou 4th word = ‘password’, then the combination would be ‘password0’
0
Recent Comments