Hashcat64 mining
Publish: 2021-04-06 04:13:08
1. The difference is that hashcat runs on CPU and oclhashcat runs on GPU, that is, graphics card. I have a simpler way to get the bun. Please don't compress it and send it to XXX area code. Cap directly [email protected] The program will automatically run the package for you, and the result will be sent to the contract email
2. Prepare a PE U disk in Bois, use the U disk to start, the SAM file, use saminside to get nthash, and then use hashcat to calculate the password
3. Hashcat is mainly divided into three versions: hashcat, oclhashcat plus and oclhashcat Lite. The main difference between the three versions is that hashcat only supports CPU cracking. Oclhashcat plus supports the use of GPU to crack multiple hashes, and supports up to 77 kinds of algorithms. Oclhashcat Lite only supports the use of GPU to crack a single hash, only 32 kinds of hash are supported, but the algorithm is optimized to achieve the highest speed of GPU cracking. If only a single ciphertext is cracked, oclhashcat Lite is recommended
at present, the latest software versions are hashcat v0.46, oclhashcat plus v0.15 and oclhashcat Lite v0.15. But after a period of testing, we found that sometimes the higher the version, the slower the speed. Therefore, it is recommended that there is no need to upgrade to the latest version without any problems. According to the test, the operation speed of oclhashcat Lite v0.10 is 20% faster than that of v0.15, so oclhashcat Lite v0.10 is recommended for single ciphertext cracking<
0x03 hashcat software use
the hashcat series software has very flexible cracking methods, which can meet the vast majority of cracking needs. Now I will give you a brief introction
1. Specify hash type
in hashcat -- hash type? Parameter can specify the hash type to be cracked. Run the hashcat main program with the -- help parameter. You can see the codes of various hash types in * generic hash types: as shown in the figure: &65532
different versions of hashcat support different hash types. If the -- hash type parameter is not specified, the program defaults to MD5 type
2. Specify cracking mode
in hashcat -- attack mode? Parameters can specify cracking modes. The software supports five cracking modes, They are
0 straight
1 combination
3 brute force
6 hybrid dict + mask
7 hybrid mask + dict
here are the two most commonly used ways of cracking: Dictionary cracking and mask brute force cracking<
use dictionary to crack MD5:
oclhashcat-plus64.exe -- hash type 0 -- attack mode 0 {hash file} [Dictionary 1] [dictionary 2] [dictionary 3]...
for example:
oclhashcat-plus64.exe -- hash type 0 -- attack mode 0 D: md5.txt D: dict1.txt D: dict2.txt
e to the influence of disk and memory speed, dictionary cracking is difficult, The speed can't reach the maximum operation speed of GPU. Basically, a 5GB dictionary can run in 10 minutes for MD5 cracking
brute force cracking SHA1 with mask:
oclhashcat-plus64.exe -- hash type 100 -- attack mode 3 {hash file} [mask]
{mask setting}
for mask, we need to make a little explanation here. There are nine default masks for hashcat, as shown in the figure:
? L is A-Z,? U is A-Z,? D is 0-9,? A represents all the special characters on the keyboard,? S represents all the visible characters on the keyboard,? H is the hexadecimal of 8bit 0xc0-0xff,? D is an 8 bit German character,? F is an 8bit French character,? R is an 8-bit Russian character.
at present, the latest software versions are hashcat v0.46, oclhashcat plus v0.15 and oclhashcat Lite v0.15. But after a period of testing, we found that sometimes the higher the version, the slower the speed. Therefore, it is recommended that there is no need to upgrade to the latest version without any problems. According to the test, the operation speed of oclhashcat Lite v0.10 is 20% faster than that of v0.15, so oclhashcat Lite v0.10 is recommended for single ciphertext cracking<
0x03 hashcat software use
the hashcat series software has very flexible cracking methods, which can meet the vast majority of cracking needs. Now I will give you a brief introction
1. Specify hash type
in hashcat -- hash type? Parameter can specify the hash type to be cracked. Run the hashcat main program with the -- help parameter. You can see the codes of various hash types in * generic hash types: as shown in the figure: &65532
different versions of hashcat support different hash types. If the -- hash type parameter is not specified, the program defaults to MD5 type
2. Specify cracking mode
in hashcat -- attack mode? Parameters can specify cracking modes. The software supports five cracking modes, They are
0 straight
1 combination
3 brute force
6 hybrid dict + mask
7 hybrid mask + dict
here are the two most commonly used ways of cracking: Dictionary cracking and mask brute force cracking<
use dictionary to crack MD5:
oclhashcat-plus64.exe -- hash type 0 -- attack mode 0 {hash file} [Dictionary 1] [dictionary 2] [dictionary 3]...
for example:
oclhashcat-plus64.exe -- hash type 0 -- attack mode 0 D: md5.txt D: dict1.txt D: dict2.txt
e to the influence of disk and memory speed, dictionary cracking is difficult, The speed can't reach the maximum operation speed of GPU. Basically, a 5GB dictionary can run in 10 minutes for MD5 cracking
brute force cracking SHA1 with mask:
oclhashcat-plus64.exe -- hash type 100 -- attack mode 3 {hash file} [mask]
{mask setting}
for mask, we need to make a little explanation here. There are nine default masks for hashcat, as shown in the figure:
? L is A-Z,? U is A-Z,? D is 0-9,? A represents all the special characters on the keyboard,? S represents all the visible characters on the keyboard,? H is the hexadecimal of 8bit 0xc0-0xff,? D is an 8 bit German character,? F is an 8bit French character,? R is an 8-bit Russian character.
4. When we enter the account and password to log in to a website, if the website allows you to use HTTP (clear text) for authentication, it is very simple to capture the traffic at this time, and then we can analyze the captured traffic to obtain the login account and password. This method is not only suitable for LAN, but also for Internet. This means that the attacker will be able to crack any website password that uses HTTP protocol for authentication
it's easy to do this in a LAN, which makes you wonder how insecure HTTP is. You can try this cracking method in dormitory network, work network and even campus network, but campus network needs to allow broadcast traffic function, and requires that your LAN card can be set to hybrid mode
let's experiment with this method on a simple website. I did this experiment on the same computer. In practice, you can do it between virtual machine and physical machine
note that some routers do not support broadcast traffic, so they may fail on such routers
Step 1: run Wireshark and capture traffic
in Kali Linux, you can run Wireshark as follows:
Application & gt; Kali Linux > Top 10Security Tools > Wireshark
Click capture & gt; In my example, I used a USB wireless network card, so I chose WLAN 0
if all goes well, then you can press the start button, and Wireshark will start capturing traffic. If you miss this step, you can do it by going back to capture & gt; Interface > Start starts capturing traffic<
Step 2: filter post data traffic
at this time, Wireshark starts to monitor and capture all network traffic. Then I open my browser and log in to a website with my user name and password. When the authentication process ends and I log in successfully, I return and stop Wireshark's traffic capture
usually, a lot of traffic data will be captured, but we are only interested in post data. Why post data
when you enter the user name and password and click the login button, a post method will be generated to send the data you entered to the remote server
to filter and filter out post data, you can enter the following command in the filter input box:
http. Request. Method = = & quot; POST"
a post event is shown in the figure below<
Step 3: analyze the post data to obtain the user name and password
next, click the post event line, and then right-click to select "follow tcpsteam"
at this time, a new window will be opened, which contains the following contents:
http / 1.1 302 found
date: Mon, 10 Nov 2014 23:52:21 GMT
server: Apache / 2.2.15 (CentOS)
x-powered-by: PHP / 5.3.3
P3P: CP = & quot; NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" < br />Set-Cookie: non=non; expires=Thu, 07-Nov-2024 23:52:21 GMT; path=/
Set-Cookie: password=; expires=Thu, 07-Nov-2024 23:52:21 GMT; path=/
Set-Cookie: scifuser=sampleuser; expires=Thu, 07-Nov-2024 23:52:21 GMT; path=/
Location: loggedin.php
Content-Length: 0
Connection: close
Content-Type: text/html; Charset = UTF-8
in this example:
1. User name: sampleuser
2. Password:
from the above password value, we can guess that "" is definitely not a real password value, but a hash value
it should be noted that some websites that do not pay attention to security do not calculate the hash value of the password value sent by users, but directly send the password plaintext to the server. For this kind of website, you can get the user name and password information at this step. In the example I analyzed, we need to further identify the password value corresponding to the hash value
Step 4: determine the hash type
in this step, I will use the hash identifier tool to determine what type of hash the above password hash value is. Open the terminal, then input "hash identifier" and paste the above hash value to the terminal. After entering, hash identifier will give the possible matching value
one thing is certain, that is, the above hash value is not a domain cached credential, so it must be an MD5 hash value. Then, you can use hashcat or cudahashcat to crack the MD5 hash value. Click here to learn more
Step 5: crack the MD5 hash password
you can use hashcat or similar tools to crack the password easily< br /> root@kali :~# hashcat -m 0 -a 0 /root/wireshark-hash.lf /root/rockyou.txt
(or)
root@kali :~# cudahashcat -m 0 -a 0 /root/wireshark-hash.lf /root/rockyou.txt
(or)
root@kali :~# cudahashcat32 -m 0 -a 0 /root/wireshark-hash.lf /root/rockyou.txt
(or)
root@kali :~# cudahashcat64 -m 0 -a 0 /root/wireshark-hash.lf /root/roc Kyou. TXT
because the password I tested exists in my password dictionary, hashcat can be easily cracked
conclusion
in fact, it is impossible to ensure that every website uses SSL to ensure the security of the password, because for every URL, it costs money to use SSL service. However, website owners (public websites that can be registered by anyone) should at least solve the hash value in the login phase, so that at least one more barrier can be set when attackers break the website password.
it's easy to do this in a LAN, which makes you wonder how insecure HTTP is. You can try this cracking method in dormitory network, work network and even campus network, but campus network needs to allow broadcast traffic function, and requires that your LAN card can be set to hybrid mode
let's experiment with this method on a simple website. I did this experiment on the same computer. In practice, you can do it between virtual machine and physical machine
note that some routers do not support broadcast traffic, so they may fail on such routers
Step 1: run Wireshark and capture traffic
in Kali Linux, you can run Wireshark as follows:
Application & gt; Kali Linux > Top 10Security Tools > Wireshark
Click capture & gt; In my example, I used a USB wireless network card, so I chose WLAN 0
if all goes well, then you can press the start button, and Wireshark will start capturing traffic. If you miss this step, you can do it by going back to capture & gt; Interface > Start starts capturing traffic<
Step 2: filter post data traffic
at this time, Wireshark starts to monitor and capture all network traffic. Then I open my browser and log in to a website with my user name and password. When the authentication process ends and I log in successfully, I return and stop Wireshark's traffic capture
usually, a lot of traffic data will be captured, but we are only interested in post data. Why post data
when you enter the user name and password and click the login button, a post method will be generated to send the data you entered to the remote server
to filter and filter out post data, you can enter the following command in the filter input box:
http. Request. Method = = & quot; POST"
a post event is shown in the figure below<
Step 3: analyze the post data to obtain the user name and password
next, click the post event line, and then right-click to select "follow tcpsteam"
at this time, a new window will be opened, which contains the following contents:
http / 1.1 302 found
date: Mon, 10 Nov 2014 23:52:21 GMT
server: Apache / 2.2.15 (CentOS)
x-powered-by: PHP / 5.3.3
P3P: CP = & quot; NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" < br />Set-Cookie: non=non; expires=Thu, 07-Nov-2024 23:52:21 GMT; path=/
Set-Cookie: password=; expires=Thu, 07-Nov-2024 23:52:21 GMT; path=/
Set-Cookie: scifuser=sampleuser; expires=Thu, 07-Nov-2024 23:52:21 GMT; path=/
Location: loggedin.php
Content-Length: 0
Connection: close
Content-Type: text/html; Charset = UTF-8
in this example:
1. User name: sampleuser
2. Password:
from the above password value, we can guess that "" is definitely not a real password value, but a hash value
it should be noted that some websites that do not pay attention to security do not calculate the hash value of the password value sent by users, but directly send the password plaintext to the server. For this kind of website, you can get the user name and password information at this step. In the example I analyzed, we need to further identify the password value corresponding to the hash value
Step 4: determine the hash type
in this step, I will use the hash identifier tool to determine what type of hash the above password hash value is. Open the terminal, then input "hash identifier" and paste the above hash value to the terminal. After entering, hash identifier will give the possible matching value
one thing is certain, that is, the above hash value is not a domain cached credential, so it must be an MD5 hash value. Then, you can use hashcat or cudahashcat to crack the MD5 hash value. Click here to learn more
Step 5: crack the MD5 hash password
you can use hashcat or similar tools to crack the password easily< br /> root@kali :~# hashcat -m 0 -a 0 /root/wireshark-hash.lf /root/rockyou.txt
(or)
root@kali :~# cudahashcat -m 0 -a 0 /root/wireshark-hash.lf /root/rockyou.txt
(or)
root@kali :~# cudahashcat32 -m 0 -a 0 /root/wireshark-hash.lf /root/rockyou.txt
(or)
root@kali :~# cudahashcat64 -m 0 -a 0 /root/wireshark-hash.lf /root/roc Kyou. TXT
because the password I tested exists in my password dictionary, hashcat can be easily cracked
conclusion
in fact, it is impossible to ensure that every website uses SSL to ensure the security of the password, because for every URL, it costs money to use SSL service. However, website owners (public websites that can be registered by anyone) should at least solve the hash value in the login phase, so that at least one more barrier can be set when attackers break the website password.
Hot content