Hashcat

Hashcat
Developer(s)	Jens 'atom' Steube, Gabriele 'matrix' Gristina
Stable release	6.2.6 / 3 September 2022;23 months ago
Repository	github.com/hashcat/hashcat
Operating system	Cross-platform
Type	Password cracking
License	MIT License
Website	www.hashcat.net

Last updated August 24, 2024

Hashcat is a password recovery tool. It had a proprietary code base until 2015, but was then released as open source software. Versions are available for Linux, macOS, and Windows. Examples of hashcat-supported hashing algorithms are LM hashes, MD4, MD5, SHA-family and Unix Crypt formats as well as algorithms used in MySQL and Cisco PIX.

Hashcat has received publicity because it is partly based on flaws in other software discovered by the creator of hashcat. An example was a flaw in 1Password's password manager hashing scheme.^[1] It has also been compared to similar software in a Usenix publication^[2] and been described on Ars Technica.^[3]

Variants

Previously, two variants of hashcat existed:

hashcat - CPU-based password recovery tool
oclHashcat/cudaHashcat - GPU-accelerated tool (OpenCL or CUDA)

With the release of hashcat v3.00, the GPU and CPU tools were merged into a single tool called hashcat. The CPU-only version became hashcat-legacy.^[4] Both CPU and GPU now require OpenCL.

Many of the algorithms supported by hashcat-legacy (such as MD5, SHA1, and others) can be cracked in a shorter time with the GPU-based hashcat.^[5] However, not all algorithms can be accelerated by GPUs. Bcrypt is an example of this. Due to factors such as data-dependent branching, serialization, and memory (and more), oclHashcat/cudaHashcat weren't catchall replacements for hashcat-legacy.

hashcat-legacy is available for Linux, OSX and Windows. hashcat is available for macOS, Windows, and Linux with GPU, CPU and generic OpenCL support which allows for FPGAs and other accelerator cards.

Sample output

$ hashcat-d2-a0-m400-O-w4example400.hashexample.dict  hashcat (v5.1.0) starting...OpenCL Platform #1: Intel(R) Corporation========================================* Device #1: Intel(R) Core(TM) i5-2500K CPU @ 3.30GHz, skipped.OpenCL Platform #2: NVIDIA Corporation======================================* Device #2: GeForce GTX 970, 1010/4041 MB allocatable, 13MCU* Device #3: GeForce GTX 750 Ti, skipped.Hashes: 1 digests; 1 unique digests, 1 unique saltsBitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotatesRules: 1Applicable optimizers:* Optimized-Kernel* Zero-Byte* Single-Hash* Single-SaltMinimum password length supported by kernel: 0Maximum password length supported by kernel: 55Watchdog: Temperature abort trigger set to 90cDictionary cache hit:* Filename..: example.dict* Passwords.: 128416* Bytes.....: 1069601* Keyspace..: 128416The wordlist or mask that you are using is too small.This means that hashcat cannot use the full parallel power of your device(s).Unless you supply more work, your cracking speed will drop.For tips on supplying more work, see: https://hashcat.net/faq/moreworkApproaching final keyspace - workload adjusted.$H$9y5boZ2wsUlgl2tI6b5PrRoADzYfXD1:hash234Session..........: hashcatStatus...........: CrackedHash.Type........: phpass, WordPress (MD5), phpBB3 (MD5), Joomla (MD5)Hash.Target......: $H$9y5boZ2wsUlgl2tI6b5PrRoADzYfXD1Time.Started.....: Thu Apr 25 05:10:35 2019 (0 secs)Time.Estimated...: Thu Apr 25 05:10:35 2019 (0 secs)Guess.Base.......: File (example.dict)Guess.Queue......: 1/1 (100.00%)Speed.#2.........:  2654.9 kH/s (22.24ms) @ Accel:128 Loops:1024 Thr:1024 Vec:1Recovered........: 1/1 (100.00%) Digests, 1/1 (100.00%) SaltsProgress.........: 128416/128416 (100.00%)Rejected.........: 0/128416 (0.00%)Restore.Point....: 0/128416 (0.00%)Restore.Sub.#2...: Salt:0 Amplifier:0-1 Iteration:1024-2048Candidates.#2....: 0 -> zzzzzzzzzzzHardware.Mon.#2..: Temp: 44c Fan: 40% Util: 50% Core:1265MHz Mem:3004MHz Bus:8Started: Thu Apr 25 05:10:32 2019Stopped: Thu Apr 25 05:10:37 2019

Attack types

Hashcat offers multiple attack modes for obtaining effective and complex coverage over a hash's keyspace. These modes are:

Brute-force attack ^[6]
Combinator attack^[6]
Dictionary attack ^[6]
Fingerprint attack
Hybrid attack^[6]
Mask attack ^[6]
Permutation attack
Rule-based attack^[6]
Table-Lookup attack (CPU only)
Toggle-Case attack^[6]
PRINCE attack^[7] (in CPU version 0.48 and higher only)

The traditional bruteforce attack is considered outdated, and the Hashcat core team recommends the Mask-Attack as a full replacement.

Competitions

Team Hashcat^[8] (the official team of the Hashcat software composed of core Hashcat members) won first place in the KoreLogic "Crack Me If you Can" Competitions at DefCon in 2010,^[9] 2012, 2014,^[10] 2015,^[11] and 2018, and at DerbyCon in 2017.

Related Research Articles

In cryptography, SHA-1 is a hash function which takes an input and produces a 160-bit (20-byte) hash value known as a message digest – typically rendered as 40 hexadecimal digits. It was designed by the United States National Security Agency, and is a U.S. Federal Information Processing Standard. The algorithm has been cryptographically broken but is still widely used.

In cryptography, a brute-force attack consists of an attacker submitting many passwords or passphrases with the hope of eventually guessing correctly. The attacker systematically checks all possible passwords and passphrases until the correct one is found. Alternatively, the attacker can attempt to guess the key which is typically created from the password using a key derivation function. This is known as an exhaustive key search. This approach doesn't depend on intellectual tactics; rather, it relies on making several attempts.

In cryptanalysis and computer security, a dictionary attack is an attack using a restricted subset of a keyspace to defeat a cipher or authentication mechanism by trying to determine its decryption key or passphrase, sometimes trying thousands or millions of likely possibilities often obtained from lists of past security breaches.

John the Ripper is a free password cracking software tool. Originally developed for the Unix operating system, it can run on fifteen different platforms. It is among the most frequently used password testing and breaking programs as it combines a number of password crackers into one package, automatically detects password hash types, and includes a customizable cracker. It can be run against various encrypted password formats including several crypt password hash types most commonly found on various Unix versions, Kerberos AFS, and Windows NT/2000/XP/2003 LM hash. Additional modules have extended its ability to include MD4-based password hashes and passwords stored in LDAP, MySQL, and others.

A cryptographic hash function (CHF) is a hash algorithm that has special properties desirable for a cryptographic application:

In cryptography, a key derivation function (KDF) is a cryptographic algorithm that derives one or more secret keys from a secret value such as a master key, a password, or a passphrase using a pseudorandom function. KDFs can be used to stretch keys into longer keys or to obtain keys of a required format, such as converting a group element that is the result of a Diffie–Hellman key exchange into a symmetric key for use with AES. Keyed cryptographic hash functions are popular examples of pseudorandom functions used for key derivation.

In cryptanalysis and computer security, password cracking is the process of guessing passwords protecting a computer system. A common approach is to repeatedly try guesses for the password and to check them against an available cryptographic hash of the password. Another type of approach is password spraying, which is often automated and occurs slowly over time in order to remain undetected, using a list of common passwords.

The Security Account Manager (SAM) is a database file in Windows XP, Windows Vista, Windows 7, 8.1, 10 and 11 that stores users' passwords. It can be used to authenticate local and remote users. Beginning with Windows 2000 SP4, Active Directory authenticates remote users. SAM uses cryptographic measures to prevent unauthenticated users accessing the system.

In cryptography, a preimage attack on cryptographic hash functions tries to find a message that has a specific hash value. A cryptographic hash function should resist attacks on its preimage.

LAN Manager was a network operating system (NOS) available from multiple vendors and developed by Microsoft in cooperation with 3Com Corporation. It was designed to succeed 3Com's 3+Share network server software which ran atop a heavily modified version of MS-DOS.

Gravatar is a service for providing globally unique avatars and was created by Tom Preston-Werner. Since 2007, it has been owned by Automattic, having integrated it into their WordPress.com blogging platform.

A rainbow table is a precomputed table for caching the outputs of a cryptographic hash function, usually for cracking password hashes. Passwords are typically stored not in plain text form, but as hash values. If such a database of hashed passwords falls into the hands of attackers, they can use a precomputed rainbow table to recover the plaintext passwords. A common defense against this attack is to compute the hashes using a key derivation function that adds a "salt" to each password before hashing it, with different passwords receiving different salts, which are stored in plain text along with the hash.

In cryptography, CRAM-MD5 is a challenge–response authentication mechanism (CRAM) based on the HMAC-MD5 algorithm. As one of the mechanisms supported by the Simple Authentication and Security Layer (SASL), it is often used in email software as part of SMTP Authentication and for the authentication of POP and IMAP users, as well as in applications implementing LDAP, XMPP, BEEP, and other protocols.

In a Windows network, NT LAN Manager (NTLM) is a suite of Microsoft security protocols intended to provide authentication, integrity, and confidentiality to users. NTLM is the successor to the authentication protocol in Microsoft LAN Manager (LANMAN), an older Microsoft product. The NTLM protocol suite is implemented in a Security Support Provider, which combines the LAN Manager authentication protocol, NTLMv1, NTLMv2 and NTLM2 Session protocols in a single package. Whether these protocols are used or can be used on a system which is governed by Group Policy settings, for which different versions of Windows have different default settings.

<span class="mw-page-title-main">Cain and Abel (software)</span> Password recovery software

Cain and Abel was a password recovery tool for Microsoft Windows. It could recover many kinds of passwords using methods such as network packet sniffing, cracking various password hashes by using methods such as dictionary attacks, brute force and cryptanalysis attacks. Cryptanalysis attacks were done via rainbow tables which could be generated with the winrtgen.exe program provided with Cain and Abel. Cain and Abel was maintained by Massimiliano Montoro and Sean Babcock.

In cryptography, key stretching techniques are used to make a possibly weak key, typically a password or passphrase, more secure against a brute-force attack by increasing the resources it takes to test each possible key. Passwords or passphrases created by humans are often short or predictable enough to allow password cracking, and key stretching is intended to make such attacks more difficult by complicating a basic step of trying a single password candidate. Key stretching also improves security in some real-world applications where the key length has been constrained, by mimicking a longer key length from the perspective of a brute-force attacker.

Crack is a Unix password cracking program designed to allow system administrators to locate users who may have weak passwords vulnerable to a dictionary attack. Crack was the first standalone password cracker for Unix systems and the first to introduce programmable dictionary generation as well.

bcrypt is a password-hashing function designed by Niels Provos and David Mazières, based on the Blowfish cipher and presented at USENIX in 1999. Besides incorporating a salt to protect against rainbow table attacks, bcrypt is an adaptive function: over time, the iteration count can be increased to make it slower, so it remains resistant to brute-force search attacks even with increasing computation power.

In cryptography, scrypt is a password-based key derivation function created by Colin Percival in March 2009, originally for the Tarsnap online backup service. The algorithm was specifically designed to make it costly to perform large-scale custom hardware attacks by requiring large amounts of memory. In 2016, the scrypt algorithm was published by IETF as RFC 7914. A simplified version of scrypt is used as a proof-of-work scheme by a number of cryptocurrencies, first implemented by an anonymous programmer called ArtForz in Tenebrix and followed by Fairbrix and Litecoin soon after.

Microsoft Office password protection is a security feature that allows Microsoft Office documents to be protected with a user-provided password.

References

↑ "On hashcat and strong Master Passwords as your best protection". Passwords. Agile Bits. 16 April 2013.
↑ Ur, Blase (12 August 2015). "Measuring Real-World Accuracies and Biases in Modeling Password Guessability" (PDF). Proceedings of the 24th USENIX Security Symposium.
↑ Goodin, Dan (26 August 2013). ""thereisnofatebutwhatwemake" - Turbo-charged cracking comes to long passwords". Ars Technica . Retrieved 21 July 2020.
↑ "hashcat v3.00". Hashcat. Hashcat project. 29 June 2016.
↑ "Recent Developments in Password Cracking". Passwords. Bruce Schneier. 19 September 2012.
1 2 3 4 5 6 7 "Hashcat [hashcat wiki]".
↑ "PRINCE: modern password guessing algorithm" (PDF). Hashcat site. Hashcat. 8 December 2014.
↑ Team Hashcat
↑ ""Crack Me If You Can" - DEFCON 2010". contest-2010.korelogic.com. Retrieved 21 July 2020.
↑ "Crack Me If You Can 2014 Contest". KoreLogic Security.
↑ "Another trophy in the Pocket! Win @ CMIYC contest 2015". hashcat.net. Retrieved 21 July 2020.

External links

Official website
A guide to password cracking with Hashcat
Talk: Confessions of a crypto cluster operator based on oclHashcat at Derbycon 2015
Talk: Hashcat state of the union at Derbycon 2016

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[AB1-1] "On hashcat and strong Master Passwords as your best protection". Passwords. Agile Bits. 16 April 2013.

[2] Ur, Blase (12 August 2015). "Measuring Real-World Accuracies and Biases in Modeling Password Guessability" (PDF). Proceedings of the 24th USENIX Security Symposium.

[3] Goodin, Dan (26 August 2013). ""thereisnofatebutwhatwemake" - Turbo-charged cracking comes to long passwords". Ars Technica . Retrieved 21 July 2020.

[hashcat300-4] "hashcat v3.00". Hashcat. Hashcat project. 29 June 2016.

[BS1-5] "Recent Developments in Password Cracking". Passwords. Bruce Schneier. 19 September 2012.

[hashcat_SAM-6] 1 2 3 4 5 6 7 "Hashcat [hashcat wiki]".

[PRINCE-7] "PRINCE: modern password guessing algorithm" (PDF). Hashcat site. Hashcat. 8 December 2014.

[8] Team Hashcat

[9] ""Crack Me If You Can" - DEFCON 2010". contest-2010.korelogic.com. Retrieved 21 July 2020.

[10] "Crack Me If You Can 2014 Contest". KoreLogic Security.

[11] "Another trophy in the Pocket! Win @ CMIYC contest 2015". hashcat.net. Retrieved 21 July 2020.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]

[10]

[11]