Getting Started

## Welcome :) This project is a centralized collection of my notes, research, and gathered material that I have found useful over the course of my research on the subject of Passwords. This is a work in progress that serves as a central location for all the things that I use in the activity of password cracking. It will grow as time goes on to reflect the most current and useful information that I need to do the work. Enjoy :) If you are in a hurry and looking for quick statistics that can help you, check out the current [[Password Analysis Findings]] page. Many times I have come across password cracking training that includes only a simplified primer for [[John The Ripper|John]] and/or [[../5. Tools/HashCat|HashCat]]. The [[Basic Approach|Basic workflow]] consists of much more than dump, crack, and profit. Password Analysis and Password Cracking are much more than add-on activities during the post-exploitation phase of an engagement. Following the subject matter outlined in this material will drastically improve your results. These notes are continuously under development and will evolve over time. ## Rules to live by 1. Know target hash types and their origin/function 2. Know your cracking software strengths & weaknesses 3. Study & apply password analysis techniques 4. Be proficient at hash extraction methods 5. Create custom/targeted dictionaries 6. Know your hardware capabilities 7. Understand basic human psychology/behavior 8. Create custom masks, rules, and Markov chains 9. Continually experiment with new techniques 10. Support the cracking community ## Tools ##### Install the following software on your Windows or Linux machine: **[[HashCat|HASHCAT v3.6]]** (or newer) https://hashcat.net/hashcat/ GPU Cracking tool **[[John The Ripper|JOHN THE RIPPER]]** (v1.8.0 JUMBO) http://www.openwall.com/john/ CPU Popular **[[PACK - Password Analysis and Cracking Kit|PACK V0.0.4]]** (Password Analysis and Cracking Toolkit) http://thesprawl.org/projects/pack/ Analysis tools **Hashcat-utils v1.7** https://hashcat.net/wiki/doku.php?id=hashcat_utils Utility suite for advanced users ##### Recommended Wordlists/Dictionary: **Weakpass** https://weakpass.com/ This is a large collection of many great wordlists. Weakpass_3a is the recommended list initially, but it is worth looking around this site as it contains cleartext versions of many lists that you will see referenced throughout this project. **CRACKSTATION DICTIONARY** https://crackstation.net/crackstation-wordlist-password-cracking-dictionary.htm Both variants of this list are productive. **Rockyou.txt https://weakpass.com/wordlist/90 Classic wordlist. ## Key Knowledge ### ENCODING vs HASHING vs ENCRYPTING **Encoding**= transforms data into a publicly known scheme for usability **Hashing**= one-way cryptographic function nearly impossible to reverse **Encrypting**= mapping of input data and output data reversible with a key ### CPU vs GPU **CPU**= 2-72 cores mainly optimized for sequential serial processing **GPU**= 1000's of cores with 1000's of threads for parallel processing ### CRACKING TIME = KEYSPACE / HASHRATE **Keyspace**: charsetAlength (?a?a?a?a= 9SA4 = 81,450,625) **Hashrate**: hashing function / hardware speed **Cracking Time**: keyspace/hashrate *Keyspace displayed and Hashrate vary by tool and hardware used* ### KNOW YOUR CAPABILITY Understanding how your processing machine will perform against different hash types will help you shape your plan of attack, ensure that you benchmark your machine to see your hash rates. Results will differ greatly based on your hardware configuration. Keep in mind, successful password recovery depends on YOUR ability to use resources efficiently and make calculated trade-offs based on the target hash. The amount of processing power is irrelevant if you don't understand how to properly employ your resources. ### DICTIONARY/WORDLIST vs BRUTE-FORCE vs ANALYSIS Dictionaries and brute-force are not the sole methods available to crack hashes. They are merely the beginning and end of an attack plan. True mastery is everything in the middle, where analysis of passwords, patterns, behaviors, and policies affords the ability to recover that last 20%. Experiment with your attacks and research and compile targeted wordlists with your new knowledge. Do not rely heavily on dictionaries because they can only help you with what is known, and not the unknown. #methodology #concepts