One minute
How To Get Started with Password Cracking
Hashcat is an industry standard tool for password cracking. It receives updates on a regular basis and supports a large number of hash types. Plus it’s fast, and is often getting new optimizations for different hashing algorithms. A simple and effective method for using hashcat is with a dictionary and ruleset. The ruleset defines mutations which will be applied to each dictionary word. Sample CLI input is:
hashcat -m <hashtype> -r <path_to_rules> <path_to_hashes> <path_to_wordlist>
From the above command we see that we need four things (in this order):
- hashtype
- rules file
- hash file
- dictionary
Some dictionaries and rulesets that are effective are:
dicationaries
rulesets
Play around with combinations of wordlist + ruleset to get your desired results. To run an increasingly exhaustive cracking job we can do the following:
hashcat -m 1000 -r rules/best64.rule rockyou.txt
hashcat -m 1000 -r rules/d3adhob0.rule rockyou.txt
hashcat -m 1000 -r rules/_NSAKEY.v2.dive.rule rockyou.txt
hashcat -m 1000 -r rules/best64.rule crackstation-human-only.txt
hashcat -m 1000 -r rules/d3adhob0.rule crackstation-human-only.txt
hashcat -m 1000 -r rules/_NSAKEY.rule crackstation-human-only.txt
You might want to combine some rulesets to avoid any duplicate cracking attempts. Advanced hashcat users should consider developing their own rulesets and masks for higher priority cracking jobs.