A guide to password cracking with Hashcat --- 使用Hashcat破解密码的指南
type
status
date
slug
summary
tags
category
icon
password
Tweet Link
Author
Add Date
It seems like everyone wants to get on the password-cracking band-wagon these days, but no one wants to read. Well, too bad! There’s a wealth of information out there on the subject, and people are going to have to be willing to help themselves before others will be willing to help them out. That being said, if you feel like you can read a few pages worth of material (and of course the manual pages), then you should be in good shape.
这些天似乎每个人都想加入密码破解的潮流,但没有人愿意阅读。好吧,太糟糕了!关于这个主题有很多信息,人们必须愿意在别人愿意帮助他们之前帮助自己。话虽如此,如果你觉得你可以阅读几页的材料(当然还有手册页),那么你应该处于良好的状态。
First thing is first; I can’t stress enough how important it is to refer to the documentation on http://hashcat.net/wiki. If you haven’t read through that material yet, you may want to familiarize yourself with it quickly. There’s a lot of good information there, so you may want to refer back to it from time to time when you have questions.
第一件事是第一位的;我怎么强调都不为过 参考 http://hashcat.net/wiki 上的文档是多么重要。如果您还没有通读该材料,您可能需要快速熟悉它。那里有很多好的信息,所以当你有问题时,你可能想不时参考它。
Secondly, Hashcat is a Command Line Interface (CLI) application. If you aren’t very comfortable using the command-line, you are really going to want to brush up on that first. It’s absolutely key here. Sure, there’s the unofficial hashcat-gui package, but you definitely won’t get any official support for it, and it’s not the best way to go about cracking with Hashcat.
其次,Hashcat是一个命令行界面(CLI)应用程序。如果你不太习惯使用命令行,你真的想先复习一下。这绝对是这里的关键。当然,有非官方的hashcat-gui软件包,但你绝对不会得到任何官方支持,这不是破解Hashcat的最佳方式。
NOTE This article is written using the Hashcat utility, however, the same principles will also apply to oclHashcat. Unfortunately, oclHashcat (as of this writing) does not have the examples subfolder, but all of the commands should still be applicable.注意:本文是使用 Hashcat 实用程序编写的,但是,相同的原则也适用于 oclHashcat。不幸的是,oclHashcat(在撰写本文时)没有示例子文件夹,但所有命令仍然适用。
On the matter of ethics…关于道德问题…
It seems like in today’s day and age, this needs to be stated, but if you are a blackhat or looking to use this kind of information for illegal/immoral purposes, look elsewhere. This information is intended to direct those on the path of information security. There are a lot of ways to learn things, but unless you have a deep understanding of the problems you are trying to protect against, there is little you can do to successfully protect from them. For that reason, I prefer the deep and dirty, hands-on approach.
在当今时代,这似乎需要说明,但如果您是黑帽或希望将此类信息用于非法/不道德的目的,请寻找其他地方。此信息旨在指导那些走上信息安全道路的人。有很多方法可以学习东西,但除非你对你试图防止的问题有深刻的理解,否则你几乎无法成功地防止它们。出于这个原因,我更喜欢深入而肮脏的动手方法。
On to the basics!上身子!
So why do I need to crack passwords anyway?
那么为什么我仍然需要破解密码呢? ————————————————————–
Hopefully, when your passwords are being stored by some sort of application or service, they are not going to be stored in plaintext for everyone to look at. (Unfortunately, this is not always the case, but for any slightly conscientious / security-minded product, this is going to be true. The rest of them deserve what they get.) “If they’re not in plaintext, then how are they stored?” Well, there are two options, really.
希望当您的密码由某种应用程序或服务存储时,它们不会以明文形式存储供所有人查看。(不幸的是,情况并非总是如此,但对于任何稍微认真/注重安全的产品,这将是真的。其余的人应该得到他们得到的。“如果它们不是明文,那么它们是如何存储的?”嗯,真的有两种选择。
You could encrypt the passwords and store the resulting ciphertext somewhere. However, this is generally thought to be a very bad idea! By its nature, anything that can be encrypted can be decrypted. All you need are the algorithm, and the keys. If an attacker gets a hold of this information, it’s game over.
您可以加密密码并将生成的密文存储在某个地方。但是,这通常被认为是一个非常糟糕的主意!就其性质而言,任何可以加密的东西都可以解密。您所需要的只是算法和密钥。如果攻击者掌握了这些信息,游戏就结束了。
Alternatively, you could use a hashing algorithm to create a hash of the password. Unlike encryption, hashing applies a mathematical algorithm to your password that is not reversible. Once you create a hash, is theoretically impossible to get the original plaintext from it. For an attacker, this means they will need to start generating various combinations of hashes from plain-texts they choose until they eventually find the one that matches your hash.
或者,您可以使用哈希算法来创建密码的哈希。与加密不同,哈希将数学算法应用于您的密码,该算法不可逆。一旦你创建了一个哈希,理论上不可能从中获取原始明文。对于攻击者来说,这意味着他们需要开始从他们选择的纯文本中生成各种哈希组合,直到他们最终找到与您的哈希匹配的哈希。
Alright, but how do you make all of these guesses to find a matching hash?
好的,但是您如何进行所有这些猜测以找到匹配的哈希值? ——————————————————————————————————-
This is where tools like Hashcat come in. You can use Hashcat to automate this guessing process and compare the results for you. There are two main flavours of Hashcat to worry about:
这就是像Hashcat这样的工具进来的地方。您可以使用 Hashcat 自动执行此猜测过程并为您比较结果。Hashcat有两种主要版本需要担心:
- Hashcat (standard CPU-based cracking software) Hashcat(基于CPU的标准破解软件)
- oclHashcat (accelerated GPU-based cracking software) oclHashcat(基于GPU的加速破解软件)
Depending on the algorithms you are trying to attack, oclHashcat can be orders of magnitude faster to use than standard Hashcat. Operationally, however, they are pretty much the same. For the sake of learning, I will be explaining how to use the CPU version of Hashcat as it is much easier for the novice to setup and start experimenting with. Even so, this should all still be pretty applicable to oclHashcat.
根据您尝试攻击的算法,oclHashcat的使用速度可能比标准Hashcat快几个数量级。然而,在操作上,它们几乎相同。为了学习,我将解释如何使用 Hashcat 的 CPU 版本,因为新手更容易设置和开始试验。即便如此,这一切应该仍然非常适用于oclHashcat。
Additionally, I am going to use 64-bit Linux in the examples here. Hashcat is also available for Windows and OSX, and oclHashcat is also available for Windows. If you decide to use Windows, the hashcat command switches and parameters will be the same, but you may have to use alternate shell tools if you aren’t using cygwin (I won’t go into that detail here.)
此外,我将在此处的示例中使用 64 位 Linux。Hashcat也可用于Windows和OSX,oclHashcat也可用于Windows。如果您决定使用 Windows,hashcat 命令开关和参数将是相同的,但如果您不使用 cygwin,您可能必须使用备用 shell 工具(我不会在这里详细介绍。
Let’s Begin…
The latest version of Hashcat as of this writing is Hashcat 0.47. Using any modern Linux distribution, you can just download the file from the Hashcat website using the command-line:
在撰写本文时,最新版本的Hashcat是Hashcat 0.47。使用任何现代Linux发行版,您可以使用命令行从Hashcat网站下载文件:
$ wget http://hashcat.net/files/hashcat-0.47.7zNow that you have the archive, you need to unpack it. A lot of people throw the wrong flag to 7z, so please make sure you use “x” instead of “e”. Otherwise your Hashcat install may fail to work properly. For example:
现在您已经有了存档,您需要解压缩它。很多人把错误的标志扔给7z,所以请确保使用“x”而不是“e”。否则,您的 Hashcat 安装可能无法正常工作。例如:
$ 7za x hashcat-0.47.7zNow you can change into the Hashcat directory and take a look at the help. It should ask you to agree to the EULA, so just type in “YES” as it asks. (As a note, I always recommend trying to examine a program’s help before you start to try and use it.)
现在您可以切换到 Hashcat 目录并查看帮助。它应该要求您同意 EULA,因此只需在询问时输入“是”。(请注意,我总是建议您在开始尝试使用它之前尝试检查程序的帮助。
cd hashcat-0.47/ ./hashcat-cli64.bin --helpWeee!! Lot’s of information! :) Always remember to refer back to this when you have questions. Help should be your FIRST stop.
哗啦啦!!很多信息!:)当您有问题时,请始终记住要参考此内容。帮助应该是你的第一站。
Since we’ve seen how to start hashcat, we should make a quick link to the binary. This is just going to give us less to type later on (why not make our lives easier, right?).
既然我们已经看到了如何启动hashcat,我们应该建立一个快速链接到二进制文件。这只会让我们以后打字更少(为什么不让我们的生活更轻松,对吧?
$ ln -s hashcat-cli64.bin hcGreat! From now on, just type hc whenever you want to use Hashcat, like this:
伟大!从现在开始,只要你想使用Hashcat,只需输入hc,就像这样:
$ ./hc --helpOn to something more interesting继续一些更有趣的事情
Hashcat comes with a host of examples in the examples subfolder. You can see a quick listing of them like this:
Hashcat在example子文件夹中提供了许多示例。您可以看到它们的快速列表,如下所示:
$ ls examples/They are all arranged by the attack mode (A) and the hash mode, aka hash type, (M). We are going to do a quick test with MD5. Keeping it simple, we will use the standard attack mode (mode 0) to attack these hashes. This is known as a dictionary attack. In order to use it, you just need to specify the file with your hashes, and the file for your dictionary (also known as a word-list.)
它们都是按攻击模式(A)和哈希模式(又称哈希类型(M)排列的。我们将对MD5进行快速测试。为了简单起见,我们将使用标准攻击模式(模式 0)来攻击这些哈希值。这称为字典攻击。为了使用它,您只需要指定带有哈希的文件,以及字典的文件(也称为单词列表)。
For the sake of experimentation, let’s see what happens when we load the wrong example dictionary into this attack:
为了实验,让我们看看当我们加载错误的示例字典到这个攻击中时会发生什么:
Notice the bold line. 0 our of 102 hashes recovered.
请注意粗体行。恢复了 102 个哈希中的 0 个。
Now let’s use the correct dictionary and see the difference.
现在让我们使用正确的字典并查看差异。
Notice that the recovery line now has 100% of the passwords recovered. Fantastic! Of course, cracking hashes in the wild won’t be this simple, but this is a great first step.
请注意,恢复行现在已恢复 100% 的密码。匪夷所思!当然,在野外破解哈希不会这么简单,但这是一个很好的第一步。