Password Cracking with Hashcat
Password Cracking with Hashcat
Hi, My name is Amir Shahzad. Welcome to my course. Credential. Access with the hash cut. Hash Cat is the number one offline password used by README members and testers. It supports different password cracking techniques and many hash algorithms. What's more, it supports CPUs, GPS, and other hardware accelerators on Linux windows and macOS. The hash cut is available at hashtag .NET, and in this course, I will demonstrate how you can use hash Cat to launch a dictionary, attack a dictionary attack with a rule, and a dictionary attack with a mask. And I will also demonstrate how you can use hash cut to crack password protection. PDF and the Doctor X Files in the kill chain. Hash cut can be placed either between exploitation and privilege escalation or between exploitation and lateral movement. The question is as follows. What will the attacker do after successful exploitation and cracking of users? Passwords in the hash cut. If the attacker cracks the passwords off high privilege users on the same machine, then the next step will be privileged escalation. If the attacker cracks the passwords of users on other machines, then the next step will be lateral movement. In the context of the Miter Attack framework Hash Cat is related to the credential access tactic, and the corresponding technique is 11 10 brute force passwords, brute force, force or password cracking. This is exactly what hash cut is used for. What's more, hash cut supports different password cracking techniques. That's why you can use hash cut to crack passwords smartly. And in the upcoming demos, I will show you how you can do it step by step. But before I jump to the demos, I will discuss an attack scenario so that you can better understand when the hash cut is used. Here is the story. First, the attacker launches his exploit, gains access to the machine, and dumps hashes off users' passwords from the database. Next hash cut is used by the attacker to crack these passwords. If these passwords belonged to high privilege users on the same machine, then the next step will be privileged escalation and gaining access to the accounts of these users. If these passwords belonged to users on other machines, then the next step will be lateral movement and gaining access to the machines from other people in the organization. Okay, now you understand what hash cut is why it is powerful and when it is used. So let me jump to the demos and let me show you how hash cut works in practice.
Demo 1: Dictionary Attack
[Autogenerated] it's time for the first demo. Let me show you how you can launch a dictionary attack using hash Cat. Here is my testing environment in the file hashes dot txt You can see 10 MD five hash My task is to find 10 passwords in plain text that correspond to these 10 MD five hash for this purpose. I will launch a dictionary attack using cache Cat. First, I have to tell hash cut that the file hashes dot txt includes MD five. Hash is I will use the command hash cut dash help to check the hash mode for MD five hash is, As you can see, the hash mode for MD five hash is zero, and this is what I need to specify in my hash cut command. That's why in the console, I will type hash cut Dash M zero in the next step. I need to specify the attack mode. I will type Dash A Zero, which is used for a straight or standard attack. I will discuss a different attack mode in one of the upcoming demos. After that, I will provide the file with MD five. Hash is hashed dot text. And finally, I will provide a dictionary with my password's dictionary dot text. What will happen is as follows. MD five hash will be calculated for every password from dictionary dot txt. If the calculated MD five hash is SQL to one of the hashes from hashes dot txt, then the password will be cracked. Let me know. Hit, enter and let's check how many passwords will be cracked as a result of this attack. As you can see, four out of 10 passwords have been cracked and you can see these passwords here. I love you. Secure password. Let's have fun and see you later. This is how you can launch a classical dictionary attack in Hash Kat. And in the next demos, I will show you how you can launch more advanced dictionary attacks using hash cat. But before I jump to the next demos, I would like to tell you where you can find password dictionaries. You can go to the module free of this course named resources, and in this module, you will find links to some really good password dictionaries that I recommend you to use in your own password cracking.
Demo 2: Dictionary Attack with a Rule
[Autogenerated] it's time for the second demo. Let's continue our hash cut, password cracking journey and let me show you how you can launch a dictionary attack with a rule. In the previous demo, I launched a classical dictionary attack using Hash Cat and I cracked four passwords. Now let me launch a dictionary attack with a rule and let me show you how you can crack more passwords with this attack. One of the most popular rules is the leet Speak role. Let me briefly explain to you how this rule works. This rural replaces one character in the password with another character, and it happens for every password from Password Dictionary. Once the character has been replaced, the hash of the password is calculated and compared with the hash is in the hashes dot txt file. The exemplary replacement is as follows for the password Michael A is replaced with at character. That's why the hash off the following string is calculated. M. I C H at character E l. And it is compared with the hash is in the file hashes dot txt. The other popular replacements are replacing Oh, with zero and replacing s with dollar sign Okay, Now it's time to show you how you can launch a dictionary attack with a little big role in Hash Cat. The only thing that you have to do is take the command from the previous demo AD DS Azure. Our rules slash elite speak dot rule at the very end off this command and hit. Enter, that's it. But before I hit enter, I want to remind you that a classical dictionary attack presented in the previous demo cracked four out off 10 passwords. Now I will launch a dictionary attack with the lips big role, which is a more advanced dictionary attack. And I will check if this attack results in cracking more passwords. Let me know. Hit, enter and check what's gonna happen. As you can see, hash cat cracked seven out off 10 passwords, please keep in mind that hash Scott remembers the state off password cracking from the very beginning till this moment. So if I cracked four passwords in the first demo using a classical dictionary attack And now in the second demo, I see seven cracked passwords after launching a dictionary attack with the lips. Big role. Then it means that the dictionary attack with the lips Be Groll cracked. Additionally, free passwords and you can see these passwords here. The first password is Michael, where a was replaced with that character. The second password is Spider. Where s was replaced with dollar sign. And the first password is lemon juice where oh was replaced with zero. So as you can see, a dictionary attack with a rule is really powerful. It can help you crack more passwords. And in this demo, you learned how you can launch this attack in practice using hash cat.
Demo 3: Dictionary Attack with a Mask
[Autogenerated] it's time for the first demo. Let's continue our hash cut, password cracking journey and let me show you how you can launch a dictionary. Attack within mask. In the previous demos, I launched a classical dictionary attack and a dictionary attack with a rule, and as a result of these two attacks, I cracked seven passwords. Now let me launch a dictionary attack with a mask, also known as a hybrid attack. And let me show you how you can crack even more passwords with this attack. First, I will briefly explain to you what a mask is and how it can be used in password cracking. Let's assume that we have a password dictionary and secure password is one of the passwords in this dictionary. It turns out that people often upend digits at the very end off their passwords. And then the password is, for example, secure password. 1234 The idea behind a dictionary attack with a mask is to combine the passwords from a dictionary together with a mask. For example, four digits appended at the very end off every password from the password dictionary, and that's the reason why this attack is also known as a hybrid attack. And if our mask is composed off four digits appended at the very end off every password from the password dictionary, then for the password secure password hash cut will check all password combinations. Secure password 0000 Secure password. 0001 Secure password. 0002 and the last combination will be secure. Password. 9999 Okay, Now you understand how a dictionary attack with a mask works. So let me show you how you can launch this attack Using Hash Cat. Here is the hash cut command that I used in the previous demo. What I want to do in this demo is append a mask at the very end off every password from my password, the dictionary. That's why I have to use the attack mode. Dash a six instead off dash a zero. What's more, I will delete the rule that I used in the previous demo and after dictionary dot txt, which is my password dictionary. I will specify the mask question Mark de question, Mark de question, Mark de question. Mark D, The character D SSHD stands for a digit and this way, Hash cat will take every single password from the password dictionary. It will upend a four digit number at the very end. And it will go through all four digit combinations off this number for every single password from the password dictionary. Okay, Now it's time to launch a dictionary attack with a mask. But before I launched this attack, I want to remind you that a classical dictionary attack and a dictionary attack with a rule presented in the two previous demos cracked seven out of 10 passwords. Now I will hit. Enter. I will launch a dictionary attack with a mask, and I will check if this attack results in cracking even more passwords. As you can see, hash cut cracked nine out off 10 passwords. And in the previous demo, you learned that hash got remembers the state off password cracking from the very beginning till this moment. So if I cracked seven passwords in the previous two demos using a classical dictionary attack and a dictionary attack with a rule. And now, in the first demo, I see nine cracked passwords after launching a dictionary attack with a mask. Then it means that the dictionary attack with a mask. Cracked additionally to passwords. And you can see these passwords here. Mark 1975 and New York 1234 So, as you can see, a dictionary attack with a mask also known as a hybrid attack is really powerful. It can help you crack even more passwords. And in this demo, you learned how you can launch this attack in practice using hash cat.
Demo 4: Cracking a Password-protected PDF File
[Autogenerated] it's time for the fourth demo. Let me show you how you can use Hash Kat to crack a password protected. PdF file. Here is my password protected. Pdf file. As you can see the document, crack me dot D f is locked and requires a password before it can be opened. Let's crack this password and read this document. The first thing that we have to do is learn the version off the PDF document because Hash Cat uses different hash modes for different PdF versions. Probably the easiest way off learning the PD aversion is to launch the file program in the console. I will type file. Next. I will type the name off my pdf document. Crack me DOM. PdF and I will hit Enter. As you can see, the version off the PdF file is 1.6. So far, so good. Next, I will type hash cat dash dash help, and I will check the hash mode for this pdf version. As you can see, the hash mode for PdF versions from 1.4 to 1.6 is 10,500. Okay, In the next step, I will extract the hash off the password from this password protected Pdf file for this purpose. I will use the program. Pdf to John DOM pl in module free. Off this course named Resource is you can find more information about this program in the console. I will type pdf to John DOM pl Next, I will type crack me. PdF, which is the name off my pdf document, and I will heat enter. As you can see the hash off the password has been extracted. Let me copy the hash of the password and let me use hash cut to crack this password. I will type hash cat. Next. I will type dash M 10,500. This is a hash mode for pdf version 1.6. After that, I will type dash A zero, which is used for a straight or standard attack. This is what I explained to you in the previous demos. Next, in between the apostrophes, I will paste the hash off the password that was extracted from this pdf document. I will provide a dictionary with passwords dictionary dot txt. And finally I will heat enter. As you can see, Hash cat cracked the password and the password is I love you. Next, I will go to my password protected pdf file and I will enter this password. As you can see, indeed. Hash Cat found the correct password. And now I can read this document. This is how you can use hash cat to crack it. Password protected. Pdf file. Last but not least in this demo, I presented a classical dictionary attack for cracking a password protected pdf file. But you can also use the attacks that I presented in the previous demos. A dictionary attack with a rule or a dictionary attack with a mask. And this is what I would like you to keep in mind.
Demo 5: Cracking a Password-protected DOCX File
[Autogenerated] it's time for the fifth demo. Let me show you how you can use Hash Cat to crack a password protected Docker X file. Here is my password protected Doc X file. As you can see, there is the message. Enter password to open file. Crack me dot Docker X. Let's crack this password and read this document. First, I will type hash cat Dash Dash Help in the console, and I will check the hash mode for Doc. X Files. Doc X file format was introduced in Microsoft Office 2013, and the hash mode for Microsoft Office 2014 is 9600. What's more, cache Cat uses this hash mode for cracking Doc X Files created in all Microsoft office versions, starting from 2014. So you don't have to worry about the version off Microsoft Office, and you can use just one hash mode 9600 for cracking old Doc X files. Okay, in the next step, I will extract the hash off the password from this password protected Doc X file. For this purpose, I will use the program office to John DOM P Y in module free. Off this course named Resource, is you can find more information about this program in the console. I will type office to John DOM P. Y. And next I will type crack me dot Docker X, which is the name off my dock X file and I will hit Enter. As you can see, the hash off the password has been extracted. Let me copy the hash off the password and let me use Hash cat to crack this password. I will type hash cat. Next. I will type dash M 9600. This is a hash mode for Doc X Files. After that, I will type dash A zero, which is used for a straight or standard attack. This is what I explained to you in the previous demos. Next, in between the apostrophes, I will paste the hash off the password that was extracted from this doc X file. I will provide a dictionary with passwords dictionary dot txt. And finally I will hit Enter. As you can see, hash cat cracked the password, and the password is Let's have fun. Next, I will go to my password protected Doc X file and I will enter this password. As you can see. Indeed, hash cut found the correct password. And now I can read this file. This is how you can use hash cat to crack a password protected Docker x file. Last but not least, in this demo, I presented a classical dictionary attack for cracking a password protected doc X file. But you can also use the attacks that I presented in the previous demos a dictionary attack with a rule or a dictionary attack with a mask. And this is what I would like you to keep in mind.
1 Comments
Woow very helpful thanks
ReplyDelete