Hashcat

Usage

#https get - basic auth
hashcat -m 0 -a 0 /root/hashes/hashes.txt /root/rockyou.txt
hashcat64.exe -m 3200 -a 0 C:\Users\user1\Documents\hash.txt C:\Users\user1\Documents\rockyou.txt

#keepass 
Hashcat64.exe -m 13400 -a 0 /root/hashes/hashes.txt /root/rockyou.txt

# benchmark tests
hashcat -b

simple dictionary

# MD5, straight mode, simple dictonary attack
hashcat -m 0 -a 0 -D2 example.hash example.dict

Rule-based attack

Specify certain habit or behavior when processing a wordlist. Can design rules.

# custom.rule
cat custom.rule
l
u
c
r
$1
$2
$3
[
]
^1


# providing custom rule
hashcat -m 0 -a 0 -D2 example.hash example.dict -r custom.rule

Statistics to show which rule is more effective when cracking against a leaked database of huge passwords.

One Rule to Rule Them AllNotSoSecure

Mask Attack

Try all combinations from a given keyspace just like brute-force attack, but more specific.

eg. if im cracking 5 letter password, I have to provide 5 masks

# use a mask of 8 lower case characters '?l' and finally from all character '?a'
hashcat -m 0 -a 3 example.hash ?l?l?l?l?l?l?l?a