HashCat Reference

#reference #### ATTACK MODES ##### DICTIONARY ATTACK ``` hashcat -a 0 -m #type hash.txt dict.txt ``` ##### DICTIONARY+ RULES ATTACK ``` hashcat -a 0 -m #type hash.txt dict.txt -r rule.txt ``` ##### COMBINATION ATTACK ``` hashcat -a 1 -m #type hash.txt dictl.txt dict2.txt ``` ##### MASK ATTACK ``` hashcat -a 3 -m #type hash.txt ?a?a?a?a?a?a ``` ##### HYBRID DICTIONARY+ MASK ``` hashcat -a 6 -m #type hash.txt dict.txt ?a?a?a?a ``` ##### HYBRID MASK+ DICTIONARY ``` hashcat -a 7 -m #type hash.txt ?a?a?a?a dict.txt ``` #### RULES ##### RULEFILE `-r` ``` hashcat -a 0 -m #type hash.txt dict.txt -r rule.txt ``` ##### MANIPULATE LEFT `-j` ``` hashcat -a 1 -m #type hash.txt left_dict.txt right_dict.txt ``` ##### MANIPULATE RIGHT `-k` ``` hashcat -a 1 -m #type hash.txt left_dict.txt right_dict.txt ``` #### INCREMENT ##### DEFAULT INCREMENT ``` hashcat -a 3 -m #type hash.txt ?a?a?a?a?a --increment ``` ##### INCREMENT MINIMUM LENGTH ``` hashcat -a 3 -m #type hash.txt ?a?a?a?a?a --increment-min=4 ``` ##### INCREMENT MAX LENGTH ``` hashcat -a 3 -m #type hash.txt ?a?a?a?a?a?a --increment-max=S ``` #### MISC ##### BENCHMARK TEST (HASH TYPE) ``` hashcat -b -m #type ``` ##### SHOW EXAMPLE HASH ``` hashcat -m #type --example-hashes ``` ##### ENABLE OPTIMIZED KERNELS (Warning! Decreasing max password length) ``` hashcat -a 0 -m #type -0 hash.txt dict.txt ``` ##### ENABLE SLOW CANDIDATES (For fast hashes w/ small dict.txt+ rules) ``` hashcat -a 0 -m #type -s hash.txt dict.txt ``` ##### SESSION NAME ``` hashcat -a 0 -m #type --session <uniq_name> hash.txt dict.txt ``` ##### SESSION RESTORE ``` hashcat -a 0 -m #type --restore --session <uniq_name> hash.txt dict.txt ``` ##### SHOW KEYSPACE ``` hashcat -a 0 -m #type --keyspace hash.txt dict.txt -r rule.txt ``` ##### OUTPUT RESULTS FILE `-o` ``` hashcat -a 0 -m #type -o results.txt hash.txt dict.txt ``` ##### CUSTOM CHARSET `-1 -2 -3 -4` ``` hashcat -a 3 -m #type hash.txt -1 ?l?u -2 ?l?d?s ?1?2?a?d?u?l ``` ##### ADJUST PERFORMANCE `-w` ``` hashcat -a 0 -m #type -w <1-4> hash.txt dict.txt ``` ##### KEYBOARD LAYOUT MAPPING ``` hashcat -a 0 -m #type --keyb=german.hckmap hash.txt dict.txt ``` #### HashCat Brain ##### HASHCAT BRAIN (Local Server & Client) ``` (Terminal #1) hashcat --brain-server (copy password generated) (Terminal #2) hashcat -a 0 -m #type -z --brain-password <password> hash.txt dict.txt ``` #### BASIC ATTACK METHODOLOGY ##### 1- DICTIONARY ATTACK ``` hashcat -a 0 -m #type hash.txt-dict.txt ``` ##### 2- DICTIONARY + RULE ``` hashcat -a 0 -m #type hash.txt dict.txt -r rule.txt ``` ##### 3- HYBRID ATTACKS ``` hashcat -a 6 -m #type hash.txt dict.txt ?a?a?a?a ``` ##### 4- BRUTEFORCE ``` hashcat -a 3 -m #type hash.txt ?a?a?a?a?a?a?a?a ``` ### HASH TYPES (SORTED ALPHABETICAL) ``` 6600 lPassword, agilekeychain 8200 lPassword, cloudkeychain 14100 3DES (PT = $salt, key = $pass) 11600 7-Zip 6300 AIX {smd5} 6400 AIX {ssha256} 6500 AIX {ssha512} 6700 AIX {sshal} 5800 Android PIN 8800 12900 16900 1600 18300 16200 125 12001 13200 13300 3200 600 12400 11300 12700 15200 15400 2410 500 5700 9200 9300 2400 Android FDE < v4.3 Android FDE (Samsung DEK) Ansible Vault Apache $aprl$ Apple File System (APFS) Apple Secure Notes ArubaOS Atlassian (PBKDF2-HMAC-SHA1) AxCrypt AxCrypt in memory SHAl bcrypt $2*$, 8lowfish(Unix) BLAKE2-512 BSDiCrypt, Extended DES Bitcoin/Litecoin wallet.dat Blockchain, My Wallet Blockchain, My Wallet, V2 ChaCha20 Cisco-ASA Cisco-IOS $1$ Cisco-IOS $4$ Cisco-IOS $8$ Cisco-IOS $9$ Cisco-PIX 8100 Citrix Netscaler 12600 ColdFusion 10+ 10200 Cram MD5 16400 CRAM-MD5 Dovecot 11500 CRC32 14000 DES (PT = $salt, key = $pass) 1500 descrypt, DES(Unix), Traditional DES 8300 DNSSEC (NSEC3) 124 Django (SHA-1) 10000 Django (PBKDF2-SHA256) 1100 Domain Cached Credentials (DCC), MS Cache 2100 Domain Cached Credentials 2 (DCC2), MS Cache 2 15300 DPAPI masterkey file vl and v2 7900 Drupal7 12200 eCryptfs 16600 Electrum Wallet (Salt-Type 1-3) 141 EPiServer 6.x < v4 15 1441 EPiServer 6.x> v4 15600 Ethereum Wallet, PBKDF2-HMAC-SHA256 15700 Ethereum Wallet, PBKDF2-SCRYPT 16300 Ethereum Pre-Sale Wallet, PBKDF2-SHA256 16700 FileVault 2 15000 FileZilla Server>; 0.9.55 7000 Fortigate (FortiOS) 6900 GOST R 34.11-94 11700 GOST R 34.11-2012 (Streebog) 256-bit 11800 GOST R 34.11-2012 (Streebog) 512-bit 7200 GRUB 2 50 HMAC-MD5 (key ; $pass) 60 HMAC-MD5 (key ; $salt) 150 HMAC-SHAl (key ; $pass) 160 HMAC-SHAl (key ; $salt) 1450 HMAC-SHA256 (key $pass) 1460 HMAC-SHA256 (key $salt) 1750 HMAC-SHA512 (key $pass) 1760 HMAC-SHA512 (key $salt) 11750 HMAC-Streebog-256 (key $pass),big-endian 11760 HMAC-Streebog-256 (key $salt),big-endian 11850 HMAC-Streebog-512 (key $pass),big-endian 11860 HMAC-Streebog-512 (key $salt),big-endian 5100 Half MD5 5300 IKE-PSK MD5 5400 IKE-PSK SHAl 2811 !PB (Invison Power Board) 7300 IPMI2 RAKP HMAC-SHAl 14700 iTunes Backup< 10.0 14800 iTunes Backup>; 10.0 4800 iSCSI CHAP authentication, MD5(Chap) 15500 JKS Java Key Store Private Keys (SHAl) 11 Joomla< 2.5.18 400 Joomla> 2.5.18 15100 Juniper/NetBSD shalcrypt 22 Juniper Netscreen/SSG (ScreenOS) 501 Juniper IVE 16500 JWT (JSON Web Token) 17700 Keccak-224 17800 Keccak-256 17900 Keccak-384 18000 Keccak-512 13400 Keepass 1 (AES/Twofish) and Keepass 2 (AES) 18200 Kerberos 5 AS-REP Pre-Auth etype 23 7500 Kerberos 5 AS-REQ Pre-Auth etype 23 13100 Kerberos 5 TGS-REP etype 23 6800 Lastpass + Lastpass sniffed 3000 LM 8600 Lotus Notes/Domino 5 8700 Lotus Notes/Domino 6 9100 Lotus Notes/Domino 8 14600 LUKS 900 MD4 0 MD5 10 md5($pass.$salt) 20 md5($salt.$pass) 30 md5(unicode($pass).$salt) 40 md5($salt.unicode($pass)) 3710 md5($salt.md5($pass)) 3800 md5($salt.$pass.$salt) 3910 md5(md5($pass).md5($salt)) 16 4010 md5($salt.md5($salt.$pass)) 4110 md5($salt.md5($pass.$salt)) 2600 md5(md5($pass)) 4400 md5(sha1($pass)) 4300 md5(strtoupper(md5($pass))) 500 md5crypt $1$, MD5(Unix) 9400 MS Office 2007 9500 MS Office 2010 9600 MS Office 2013 9700 $0MS Office <= 2003 9710 $0MS Office <= 2003 9720 $0MS Office <= 2003 9800 $3MS Office <= 2003 9810 $3MS Office <= 2003 9820 MS Office <= 2003 $3 12800 MS-AzureSync PBKDF2-HMAC-SHA256 131 MSSQL(2000) 132 MSSQL(2005) 1731 MSSQL(2012) 1731 MSSQL(2014) 3711 Mediawiki B type 2811 MyBB 11200 MySQL CRAM (SHAl) 200 MySQL323 300 MySQL4.1/MySQL5 1000 NTLM 5500 NetNTLMvl 5500 NetNTLMvl + ESS 5600 NetNTLMv2 101 nsldap, SHA-l(Base64), Netscape LDAP SHA 111 nsldaps, SSHA-l(Base64), Netscape LDAP SSHA 13900 OpenCart 21 osCommerce 122 OSX v10.4, OSX v10.5, OSX v10.6 1722 OSX v10.7 7100 OSX v10.8, OSX v10.9, OSX v10.10 112 Oracle 5: Type (Oracle 11+) 3100 Oracle H: Type (Oracle 7+) 12300 Oracle T: Type (Oracle 12+) 11900 PBKDF2-HMAC-MD5 12000 PBKDF2-HMAC-SHA1 10900 PBKDF2-HMAC-SHA256 12100 PBKDF2-HMAC-SHA512 10400 10410 10420 10500 10600 10700 PDF 1.1 1.3 (Acrobat 2 - 4) PDF 1.1 1.3 (Acrobat 2 - 4), PDF 1.1 1.3 (Acrobat 2 - 4)' PDF 1.4 - 1.6 (Acrobat 5 - 8) 400 400 2612 PDF 1.7 PDF 1.7 phpBB3 phpass PHPS Level 3 (Acrobat Level 8 (Acrobat 5200 v3Password Safe 9000 Password Safe v2 133 PeopleSoft 13500 PeopleSoft Token 99999 Plaintext 12 PostgreSQL 11100 PostgreSQL CRAM (MDS) 11000 PrestaShop 4522 PunBB 9) 10 - collider #1 collider #2 11) 17 8500 RACF 12500 RAR3-hp 13000 RAR5 9900 Radmin2 7600 Redmine 6000 RipeMD160 7700 SAP CODVN B (BCODE) 7800 SAP CODVN F/G (PASSCODE) 10300 SAP CODVN H (PWDSALTEDHASH) iSSHA-1 8900 scrypt 1300 SHA-224 1400 SHA-256 1411 SSHA-256(Base64), LDAP {SSHA256} 10800 SHA-384 1700 SHA-512 100 SHAl 14400 SHAl(CX) 110 sha1($pass.$salt) 120 sha1($salt.$pass) 130 shal(unicode($pass).$salt) 140 sha1($salt.unicode($pass)) 4500 shal(sha1($pass)) 4520 sha1($salt.sha1($pass)) 4700 shal(md5($pass)) 4900 sha1($salt.$pass.$salt) 17300 SHA3-224 17400 SHA3-256 17500 SHA3-384 17600 SHA3-512 1410 sha256($pass.$salt) 1420 sha256($salt.$pass) 1440 sha256($salt.unicode($pass)) 1430 sha256(unicode($pass).$salt) 7400 sha256crypt $5$, SHA256(Unix) 1710 sha512($pass.$salt) 1720 sha512($salt.$pass) 1740 sha512($salt.unicode($pass)) 1730 sha512(unicode($pass).$salt) 1800 sha512crypt $6$, SHA512(Unix) 11400 SIP digest authentication (MD5) 10100 SipHash 14900 Skip32 23 Skype 121 SMF (Simple Machines Forum) 1711 SSHA-512(Base64), LDAP {SSHA512} 11700 Streebog-256 11800 Streebog-512 8000 Sybase ASE 16001 TACACS+ 18100 TOTP (HMAC-SHAl) 16000 Tripcode 62XY TrueCrypt X 1 PBKDF2-HMAC-RipeMD160 X 2 PBKDF2-HMAC-SHA512 X 3 PBKDF2-HMAC-Whirlpool X 4 PBKDF2-HMAC-RipeMD160 + boot-mode Y 1 XTS 512 bit pure AES Y 1 XTS 512 bit pure Serpent Y 1 XTS 512 bit pure Twofish Y 2 XTS 1024 bit pure AES Y 2 XTS 1024 bit pure Serpent 18 Y 2 XTS 1024 bit pure Twofish Y 2 XTS 1024 bit cascaded AES-Twofish Y 2 XTS 1024 bit cascaded Serpent-AES Y 2 XTS 1024 bit cascaded Twofish-Serpent Y 3 = XTS 1536 bit all 2611 vBulletin < v3.8.5 2711 vBulletin > v3.8.5 137XY VeraCrypt X 1 PBKDF2-HMAC-RipeMD160 X 2 PBKDF2-HMAC-SHA512 X 3 PBKDF2-HMAC-Whirlpool X 4 PBKDF2-HMAC-RipeMD160 + boot-mode X 5 PBKDF2-HMAC-SHA256 X 6 = PBKDF2-HMAC-SHA256 + boot-mode X 7 = PBKDF2-HMAC-Streebog-512 Y 1 = XTS 512 bit pure AES Y 1 = XTS 512 bit pure Serpent Y 1 = XTS 512 bit pure Twofish Y 2 = XTS 1024 bit pure AES Y 2 = XTS 1024 bit pure Serpent Y 2 = XTS 1024 bit pure Twofish Y 2 = XTS 1024 bit cascaded AES-Twofish Y 2 = XTS 1024 bit cascaded Serpent-AES Y 2 = XTS 1024 bit cascaded Twofish-Serpent Y 3 = XTS 1536 bit all 8400 WBB3 (Woltlab Burning Board) 2500 WPA/WPA2 2501 WPA/WPA2 PMK 16800 WPA-PMKID-PBKDF2 16801 WPA-PMKID-PMK 6100 Whirlpool 13600 WinZip 13800 Windows 8+ phone PIN/Password 400 Wordpress 21 xt:Commet ``` [[Home]]