**** Free Rainbow Tables can also be found here (lots of them) For MD5 and SHA1 hashes, there is a 190GB, 15-billion-entry lookup table, and for other hashes, they offer a 19GB 1.5-billion-entry lookup table. Rockyou contains 14 million unique passwords. The 2 major cracking dictionaries are Rockyou, and CrackStation. The Rockyou database has several million passwords, but if it’s not in there, then it won’t be cracked. The hashes are shown – with the plain text password given next to it. (a straight through attack is super fast on simple passwords) Or hashcat -m 0 -a 0 /root/hashes/hashes.txt /root/rockyou.txt (to launch a combination attack against MD5 password hashes) ***** Step 4 – the REAL ATTACK code hashcat -m 0 -a 1 /root/hashes/hashes.txt /root/rockyou.txt that’s a great way to learn more about hashcat 🙂 You can gedit each rule file to read it if you wish…. To locate Hashcat Rules files cd /usr/share/hashcat/rules ls -l ***** Step 3 – Locate password database for the attack To locate the Rockyou password database in KALI type: locate *rock* Unix = MD5 hash Kali = SHA512 hash Windows XP = LM Hash Windows 7 = NTLM Hash -m 0 (Each number is a different Hash Type) 0 = MD5 hash…. ****** Hash Type – Just for reference The operating system determines the hash used. ********* Attack Modes – just for reference -a 0 (Each number is a DIFFERENT attack mode) 0 = Straight 1 = Combination 2 = Toggle case 3 = Brute Force I’ve found that straight or -a 0 is ridiculously fast on simple passwords. hashcat -m 0 -a 0 /root/hashes/hashes.txt /root/rockyou.txt ****** ATTACK CODE: (Carries out a straight through attack against MD5 hashes using the rockyou dictionary).
hashcat –help -m = hash type (the hash varies by operating system) -a = Attack Mode (we’ll use both Straight and Combination Attack) -r = rules file (look for xyz.rule)
This is background information so that you can adapt your attack for windows hashes or unix hashes etc. Next, hash a second password ie “password1”, paste the md5 hashes into hashes.txt.įill up your hashes.txt with five test md5 hashes. To generate hashes, use: Enter the word “password” – and the site will return the MD5 hash, paste it into the hashes.txt ***** Step 2 – Generate hashes for you to crack Hashes.txt is the file of password hashes to be cracked – we’ll create hashes to paste into this file. This organises a hashes directory for you, and a hashes.txt file which will contain the hashes to be cracked. Step 1 – Root terminal mkdir hashes cd /hashes gedit hashes.txt There is a Windows 10 password hacking version here: Windows passwords are stored as MD5 hashes, that can be cracked using Hashcat.
0 kommentar(er)
