Shulou(Shulou.com)05/31 Report--

This article is about how to analyze the combination pattern in Hashcat. The editor thinks it is very practical, so I share it with you to learn. I hope you can get something after reading this article.

I. combination mode (- a 1)

In practice, sometimes we will encounter such a problem, for example, the password is abcdabcd mode, and we do not have abcdabcd in our dictionary. If we generate it, it will take up a lot of space. Is there a way to generate abcdabcd through abcd? In hashcat, it is certainly possible, and we will first talk about this pattern, that is, the dictionary combination attack mode (the parameter is expressed as-a 1).

1. The combination mode of the same dictionary

First of all, let's describe the meaning of-a 1 through a simple example, and then take you step by step to the complex application of the pattern.

Hashcat-a 1-m 0 mima.txt-o outfile dic.txt dic.txt

The meaning of this command is to use the dictionary dic.txt to combine and decipher mima.txt, if dic.txt is the dictionary shown in the following figure

Then the new dictionary for deciphering mima.txt formed by the combination of this command is:

Each line in dic.txt is combined with itself to form a new dictionary.

2. The combination mode of different dictionaries

The previous introduction is the combination of the same dictionary, if it is a different dictionary, hashcat also supports, using the command as follows

Indicates that all rows in dic1.txt are combined with all rows in dic2.txt to form a dictionary for solving mima.txt.

Under what circumstances is the combination mode used? In general, the combination mode is obviously divided into two stages in the case of user password, such as abcd1234, asdfasdf, aaa19770101, …... And so on, the password is obviously shown as the former paragraph and the latter paragraph.

3. What should be paid attention to

(1) in combination mode, hashcat can only combine two dictionaries (or the same dictionary twice), and cannot support multiple dictionaries (more than 3 dictionaries) or more than 3 combination attacks of the same dictionary.

In other words, the following command is wrong:

Hashcat-a 1-m 0 mima.txt-ooutfile dic.txt dic.txt

Hashcat-a 1-m 0 mima.txt-ooutfile dic1.txt dic2.txt dic3.txt

(2) in combination mode, the directory is also not supported (in the previous article, the whole directory is supported in-a 0 mode), that is to say, the following two situations are not possible.

Hashcat-a 1-m 0 mima.txt-ooutfile / dic/

Hashcat-a 1-m 0 mima.txt-ooutfile / dic/*.txt

(3) timeliness.

When using combinatorial mode, if the dictionary is very large, for example, the two dictionaries are 10jig000, then the combined space is 100jing000, which is equivalent to an attack of 10000000 dictionaries (each dictionary has 10000000 entries). Then the space is too large, and there may be a large number of repetitions, although the coverage increases, but the timeliness is not high.

II. Brute force cracking mode (- a 3)

Violence cracking, as the name implies, is the exhaustion of violence to a specified plaintext space, which is a solution (because you have no way to reduce the exhaustion space).

Before we officially talk about violent cracking, let's talk about running out of space. Take the common lowercase letters + numbers as an example, if the password length is 4, the space is 36 seconds 4 times 1679616, which seems small and will come out in a minute; if the password length is 8, the space is 36 letters 8 letters 2821109907456, if the solution time is 1000000000 (1 billion times / s), the solving time is about 2820 seconds, about 47 minutes, which seems to be bearable If the password length is 10, the space is 366158440062976, and if the solution time is 1000000000 (1 billion times / s), then the solution time is more than 1000 hours, then there is no way to accept it.

There are many different types of brute force cracking patterns in hashcat (the parameter is expressed as-a 3). Let's talk about them one by one.

1. Simple mode

In hashcat, eight default character sets are built-in, namely l (26 lowercase letters), u (26 uppercase letters), d (10 numbers), h (lowercase hexadecimal characters), H (uppercase hexadecimal characters), s (special characters 31), a (collection of 95 full characters in the collection of ldaginomo dhandlers), and b (binary 0x00-0xFF). As shown in the following figure

Give an example

(1) if you run out of lowercase 6-digit space, the command is as follows:

(2) if the full character 8-bit space is exhausted, the command is as follows:

(3) if the full digital space with an exhaustive range of 4-6 digits is exhausted, the command is as follows:

Here, a parameter-- inrcement-- increment-min 4-- inrcement-- increment-max 6 is added to represent the minimum and maximum values of the exhaustive length.

2. Combination mode

The combination mode here is the organization mode under the exhaustion mode, not the (- a 1) mode.

Give a direct example to illustrate:

(1) if a password is exhausted and the length of the password is presumed to be 6, the first bit is the full character set, the second bit is the lowercase letter, the third bit is the uppercase letter, and the fourth, fifth and sixth bits are the full character set, the command can use the following mode:

(2) several more combination modes are given below.

One: if a password has a range of uppercase and lowercase + numbers and a length of 6, the command is as follows:

-1? l?u?d is used here to denote uppercase and lowercase letters + numbers.

Second: if the exhaustive range is 6 digits, the first and fourth digits are upper and lowercase + numbers, the second digits are uppercase and lowercase, the third and fifth digits are uppercase + numbers, and the sixth digits are numbers, the command is as follows:

Of course, you can also specify the minimum length and the maximum length, as shown in the following figure

3. Custom mode

Earlier, we introduced that hashcat has eight built-in character sets, but what if the character set required by the user is not among these eight? What shall I do? It doesn't matter, hashcat also has a wealth of custom brute force attack patterns for everyone.

Using the hashcat-h command, you can see that the following usage patterns are defined

Next, we will explain it through examples one by one:

(1) if the password length is 8 digits, each of which is composed of "0123456789aqwcfhjcentury." the following command can be used.

You can also write these characters into a file, such as char.txt, using the following command.

(2) if the password length is 8 digits, the first, third and sixth digits are in "43545yt", the second and fourth digits are in "345dfv", the fifth and seventh digits are in "9vjnbbf-brg", and the eighth digit is in "345fkfggh", the following command can be used.

Of course, these characters can also be written into different files, such as char1.txt,. , use the following command

Note: some symbols have a special meaning on the command line, so when there are special symbols in the character set, it is best to write them in file form.

(3) on the basis of (2), increase the minimum length and maximum length, such as 4-8 bits. You can use the following command.

Third, the use of some parameters

In the previous article, we introduced the use of some parameters, and today, we move on to some commonly used parameters. Today, we will focus on the on-screen display parameters.

The previous article introduced the file output-related commands (- o/--outfile-format), through which the results of hashcat password cracking can be output to a file in a certain format. But while hashcat is running, we can't see which passwords hashcat cracked. If in the hashcat work, we can directly decipher the hashcat password, print to the screen, it will be more intuitive and convenient. There are just a few parameters in hashcat to output the results of the hashcat run to the screen.

1.-- show

The Show command outputs the cached hash and password in the pot file to the screen window.

2.-- left

The left command outputs hash values that hashcat has not deciphered to the screen.

3.-- stdout

The stdout command does not crack the password, but it prints the contents of the dictionary used to break the password.

Fourth, summary

There are many commands in Hashcat, and there are great differences in different parameters. In order to give full play to the function and role of hashcat, it is suggested that we should try with different commands so as to be familiar with the combination of different commands in hashcat. For the function of hashcat parameters, you can learn from the hashcat online help (- h). The next article will continue to introduce the hashcat dictionary + mask mode.

The above is how to analyze the combination patterns in Hashcat. The editor believes that there are some knowledge points that we may see or use in our daily work. I hope you can learn more from this article. For more details, please follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.