至尊宝 - null

Hashcat -- Crack Passwords in Minutes --- 哈希猫 - 在几分钟内破解密码

type
status
date
slug
summary
tags
category
icon
password
Tweet Link
Author
Add Date
Hashcat is an advanced free (License: MIT) multi-threaded password recovery tool and it is world’s fastest password cracker and recovery utility, which supports multiple unique attack modes of attacks for more than 200 highly optimized hashing algorithms. Hashcat currently supports CPUs and GPUs and other hardware accelerators on Linux, Windows, and OSX, and has facilities to help enable distributed password cracking.
Hashcat 是一款先进的免费(许可证:MIT)多线程密码恢复工具,它是世界上最快的密码破解程序和恢复实用程序,它支持 200 多种高度优化的哈希算法的多种独特攻击攻击模式。Hashcat目前支持Linux,Windows和OSX上的CPU和GPU以及其他硬件加速器,并且具有帮助实现分布式密码破解的功能。
notion image
Hashcat comes pre-installed on our Kali Linux system, So we don’t need to install it, but if installation is required we can use sudo apt install hashcat command.
Hashcat预装在我们的Kali Linux系统上,所以我们不需要安装它,但是如果需要安装,我们可以使用sudo apt install hashcat命令。
  • World’s fastest password cracker. 世界上最快的密码破解程序。
  • World’s first and only in-kernel rule engine. 世界上第一个也是唯一一个内核内规则引擎。
  • Free and open source.免费和开源。
  • Multi-OS (Linux, Windows and macOS). 多操作系统(Linux,Windows和macOS)。
  • Multi-Platform (CPU, GPU, APU, etc., everything that comes with an OpenCL runtime). 多平台(CPU,GPU,APU等,OpenCL运行时附带的所有内容)。
  • Multi-Hash (Cracking multiple hashes at the same time). 多哈希(同时破解多个哈希)。
  • Multi-Devices (Utilizing multiple devices in same system). 多设备(在同一系统中使用多个设备)。
  • Multi-Device-Types (Utilizing mixed device types in same system). 多设备类型(在同一系统中使用混合设备类型)。
  • Supports password candidate brain functionality. 支持密码候选大脑功能。
  • Supports distributed cracking networks (using overlay). 支持分布式破解网络(使用叠加)。
  • Supports interactive pause / resume. 支持交互式暂停/恢复。
  • Supports sessions.支持会话。
  • Supports restore.支持还原。
  • Supports reading password candidates from file and stdin. 支持从文件和标准输入中读取候选密码。
  • Supports hex-salt and hex-charset. 支持十六进制盐和十六进制字符集。
  • Supports automatic performance tuning. 支持自动性能调优。
  • Supports automatic keyspace ordering markov-chains. 支持自动键空间排序马尔可夫链。
  • Built-in benchmarking system.内置基准测试系统。
  • Integrated thermal watchdog.集成热看门狗。
  • 350+ Hash-types implemented with performance in mind. 350+ 哈希类型在实现时考虑了性能。
  • … and much more. …等等。
Hashcat offers multiple unique attack modes for cracking passwords. Those are following:
Hashcat提供了多种独特的攻击模式来破解密码。具体如下:
  • Brute-Force attack暴力攻击
  • Combinator attack组合器攻击
  • Dictionary attack字典攻击
  • Fingerprint attack指纹攻击
  • Hybrid attack混合攻击
  • Mask attack面具攻击
  • Permutation attack排列攻击
  • Rule-based attack基于规则的攻击
  • Table-Lookup attack表查找攻击
  • Toggle-Case attack切换案例攻击
  • PRINCE attack王子袭击
Now without wasting any more time lets dive into Hashcat.
现在不要再浪费时间了,让我们潜入Hashcat。
As we told Hashcat comes pre-installed with a Kali Linux and it is multi-threaded so first let we benchmark our system by using following command:
正如我们所说,Hashcat预装了Kali Linux,它是多线程的,所以首先让我们使用以下命令对系统进行基准测试:
hashcat -b
In the following screenshot we can see the benchmark of our system and get an idea how it can perform while cracking various types of hashes.
在下面的屏幕截图中,我们可以看到系统的基准测试,并了解它在破解各种类型的哈希时如何执行。
notion image
Here we can get an idea about the performance of our system. Let’s run this tool to crack some hashes. Here we have collected some hashed on a text file. For educational purposes we just generated these hashed not collected from any website’s database.
在这里,我们可以了解系统的性能。让我们运行此工具来破解一些哈希值。在这里,我们收集了一些文本文件上的哈希处理。出于教育目的,我们只是生成了这些哈希,而不是从任何网站的数据库中收集的。
notion image
Now we can crack these using Hashcat, and store the output in a craced.txt file by applying following command:
现在我们可以使用 Hashcat 破解这些,并通过应用以下命令将输出存储在带括号.txt文件中:
hashcat -m 0 -a 0 -o cracked.txt hashes.txt /usr/share/seclists/Passwords/Common-Credentials/10k-most-common.txt
Let’s discuss about the above command, in this command we have used -m flag to specify the hash type, -a for attack mode and -o for output file, here we named our output file ‘cracked.txt’, then we give the target hash file to crack named ‘hashes.txt’, at last we specify the wordlist file to be used. In the following screenshot we can see that hashcat finishes the cracking job.
让我们讨论一下上面的命令,在这个命令中我们使用 -m 标志来指定哈希类型,-a 表示攻击模式,-o 表示输出文件,这里我们将输出文件命名为“cracked.txt”,然后我们将目标哈希文件命名为“hashes.txt”,最后我们指定要使用的单词列表文件。在下面的屏幕截图中,我们可以看到hashcat完成了破解工作。
notion image
Let’s see our output file (cracked.txt).
让我们看看我们的输出文件(破解.txt)。
notion image
In the above screenshot we can see that hashcat cracked the hashes. Here for the new readers, in this attack mode we can crack those password hashes if the plaintext of the hashes is available in the wordlist file. Using bigger wordlist file will increase the chance to crack hashes.
在上面的屏幕截图中,我们可以看到hashcat破解了哈希。对于新读者来说,在这种攻击模式下,如果单词列表文件中提供了哈希的明文,我们可以破解这些密码哈希。使用更大的单词列表文件将增加破解哈希的机会。
In the above we saw that we need to specify our attack modes and type of hashes we want to crack. These attack modes and hashes are refereed by numbers. Here we are giving hashcat supported all numbers that referees to the attack modes and the type of hashes (as Sep 2021, update of Hashcat tool may include some new things).
在上面我们看到我们需要指定我们的攻击模式和我们想要破解的哈希类型。这些攻击模式和哈希值由数字来判断。在这里,我们为 hashcat 提供了支持攻击模式和哈希类型的所有数字(截至 2021 年 9 月,Hashcat 工具的更新可能包括一些新内容)。

Attack Types of Hashcat哈希猫的攻击类型

0 | Straight0 |直
1 | Combination1 |组合
3 | Brute-force3 |蛮力
6 | Hybrid Wordlist + Mask
6 |混合词表+掩码
7 | Hybrid Mask + Wordlist
7 |混合面具+单词列表

Hash types in Hashcat哈希猫中的哈希类型

Hashcat supports so much types of hashes if we include all them here then this article will very lengthy. We encourage to use hashcat - h command on our Kali Linux system to get all the numbers corresponding to the hash type (Uff.. It’s really large 😫).
Hashcat 支持如此多类型的哈希,如果我们在此处包含所有这些哈希,那么本文将非常冗长。我们鼓励在我们的 Kali Linux 系统上使用 hashcat - h 命令来获取与哈希类型(Uff..它真的很大😫)。
notion image
Whenever we are trying to crack a hash we have to know the type of the hash. We can use hash-id tool to know the type of hash. Then we need to choose our attack type and wordlist. That’s all it’s not hard.
每当我们试图破解哈希时,我们都必须知道哈希的类型。我们可以使用哈希ID工具来知道哈希的类型。然后我们需要选择我们的攻击类型和词表。仅此而已,这并不难。
This is all about Hashcat, and how we can use Hashcat to crack passwords on our Kali Linux. Hashcat (#🐈) is really a very widely used tool for cracking passwords.
这就是关于Hashcat的全部内容,以及我们如何使用Hashcat破解Kali Linux上的密码。Hashcat(#🐈)确实是一种非常广泛使用的破解密码的工具。
Love our articles? Make sure to follow us on Twitter and GitHub, we post article updates there. To join our KaliLinuxIn family, join our Telegram Group. We are trying to build a community for Linux and Cybersecurity. For anything we always happy to help everyone on the comment section. As we know our comment section is always open to everyone. We read each and every comment and we always reply.
喜欢我们的文章吗?请务必在Twitter和GitHub上关注我们,我们在那里发布文章更新。要加入我们的KaliLinuxIn大家庭,请加入我们的Telegram Group。我们正在努力为Linux和网络安全建立一个社区。对于任何事情,我们总是很乐意在评论部分帮助每个人。众所周知,我们的评论部分始终向所有人开放。我们阅读每条评论,我们总是回复。

没有找到文章