Hashcat is a
password recovery
In cryptanalysis and computer security, password cracking is the process of recovering passwords from data that has been stored in or transmitted by a computer system in scrambled form. A common approach (brute-force attack) is to repeatedly tr ...
tool. It had a proprietary code base until 2015, but was then released as open source software. Versions are available for Linux, OS X, and Windows. Examples of hashcat-supported hashing algorithms are
LM hash
LAN Manager is a discontinued network operating system (NOS) available from multiple vendors and developed by Microsoft in cooperation with 3Com Corporation. It was designed to succeed 3Com's 3+Share network server software which ran atop a he ...
es,
MD4
The MD4 Message-Digest Algorithm is a cryptographic hash function developed by Ronald Rivest in 1990. The digest length is 128 bits. The algorithm has influenced later designs, such as the MD5, SHA-1 and RIPEMD algorithms. The initialism "MD" s ...
,
MD5,
SHA-family and
Unix Crypt formats as well as algorithms used in
MySQL
MySQL () is an open-source relational database management system (RDBMS). Its name is a combination of "My", the name of co-founder Michael Widenius's daughter My, and "SQL", the acronym for Structured Query Language. A relational database o ...
and
Cisco PIX
Cisco PIX (Private Internet eXchange) was a popular IP firewall and network address translation (NAT) appliance. It was one of the first products in this market segment.
In 2005, Cisco introduced the neweCisco Adaptive Security Appliance( Cisc ...
.
Hashcat has been publicly noticed because of its optimizations; partly based on flaws in other software discovered by the creator of hashcat. An example was a flaw in
1Password's password manager hashing scheme.
It has also been compared to similar software in a
Usenix publication and been described on
Ars technica
''Ars Technica'' is a website covering news and opinions in technology, science, politics, and society, created by Ken Fisher and Jon Stokes in 1998. It publishes news, reviews, and guides on issues such as computer hardware and software, sci ...
.
Variants
Previously, two variants of hashcat existed:
* hashcat - CPU-based password recovery tool
* oclHashcat/cudaHashcat -
GPU-accelerated tool (OpenCL or CUDA)
With the release of hashcat v3.00, the GPU and CPU tools were merged into a single tool called hashcat. The CPU-only version became hashcat-legacy.
Both CPU and GPU now require
OpenCL
OpenCL (Open Computing Language) is a framework for writing programs that execute across heterogeneous platforms consisting of central processing units (CPUs), graphics processing units (GPUs), digital signal processors (DSPs), field-progra ...
.
Many of the algorithms supported by hashcat-legacy (such as MD5, SHA1, and others) can be cracked in a shorter time with the GPU-based hashcat.
However, not all algorithms can be accelerated by GPUs.
Bcrypt
bcrypt is a password-hashing function designed by Niels Provos and David Mazières, based on the Blowfish cipher and presented at USENIX in 1999. Besides incorporating a salt to protect against rainbow table attacks, bcrypt is an adaptive fu ...
is an example of this. Due to factors such as data-dependent branching, serialization, and memory (and more), oclHashcat/cudaHashcat weren't catchall replacements for hashcat-legacy.
hashcat-legacy is available for Linux, OSX and Windows.
hashcat is available for macOS, Windows, and Linux with GPU, CPU and generic OpenCL support which allows for FPGAs and other accelerator cards.
Sample output
$ hashcat -d 2 -a 0 -m 400 -O -w 4 example400.hash example.dict
hashcat (v5.1.0) starting...
OpenCL Platform #1: Intel(R) Corporation
* Device #1: Intel(R) Core(TM) i5-2500K CPU @ 3.30GHz, skipped.
OpenCL Platform #2: NVIDIA Corporation
* Device #2: GeForce GTX 970, 1010/4041 MB allocatable, 13MCU
* Device #3: GeForce GTX 750 Ti, skipped.
Hashes: 1 digests; 1 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates
Rules: 1
Applicable optimizers:
* Optimized-Kernel
* Zero-Byte
* Single-Hash
* Single-Salt
Minimum password length supported by kernel: 0
Maximum password length supported by kernel: 55
Watchdog: Temperature abort trigger set to 90c
Dictionary cache hit:
* Filename..: example.dict
* Passwords.: 128416
* Bytes.....: 1069601
* Keyspace..: 128416
The wordlist or mask that you are using is too small.
This means that hashcat cannot use the full parallel power of your device(s).
Unless you supply more work, your cracking speed will drop.
For tips on supplying more work, see: https://hashcat.net/faq/morework
Approaching final keyspace - workload adjusted.
$H$9y5boZ2wsUlgl2tI6b5PrRoADzYfXD1:hash234
Session..........: hashcat
Status...........: Cracked
Hash.Type........: phpass, WordPress (MD5), phpBB3 (MD5), Joomla (MD5)
Hash.Target......: $H$9y5boZ2wsUlgl2tI6b5PrRoADzYfXD1
Time.Started.....: Thu Apr 25 05:10:35 2019 (0 secs)
Time.Estimated...: Thu Apr 25 05:10:35 2019 (0 secs)
Guess.Base.......: File (example.dict)
Guess.Queue......: 1/1 (100.00%)
Speed.#2.........: 2654.9 kH/s (22.24ms) @ Accel:128 Loops:1024 Thr:1024 Vec:1
Recovered........: 1/1 (100.00%) Digests, 1/1 (100.00%) Salts
Progress.........: 128416/128416 (100.00%)
Rejected.........: 0/128416 (0.00%)
Restore.Point....: 0/128416 (0.00%)
Restore.Sub.#2...: Salt:0 Amplifier:0-1 Iteration:1024-2048
Candidates.#2....: 0 -> zzzzzzzzzzz
Hardware.Mon.#2..: Temp: 44c Fan: 40% Util: 50% Core:1265MHz Mem:3004MHz Bus:8
Started: Thu Apr 25 05:10:32 2019
Stopped: Thu Apr 25 05:10:37 2019
Attack types
Hashcat offers multiple attack modes for obtaining effective and complex coverage over a hash's keyspace. These modes are:
*
Brute-force attack
In cryptography, a brute-force attack consists of an attacker submitting many passwords or passphrases with the hope of eventually guessing correctly. The attacker systematically checks all possible passwords and passphrases until the correc ...
* Combinator attack
*
Dictionary attack
In cryptanalysis and computer security, a dictionary attack is an attack using a restricted subset of a keyspace to defeat a cipher or authentication mechanism by trying to determine its decryption key or passphrase, sometimes trying thousands o ...
* Fingerprint attack
* Hybrid attack
*
Mask attack
* Permutation attack
* Rule-based attack
* Table-Lookup attack (CPU only)
* Toggle-Case attack
* PRINCE attack
(in CPU version 0.48 and higher only)
The traditional bruteforce attack is considered outdated, and the Hashcat core team recommends the Mask-Attack as a full replacement.
Competitions
Team Hashcat (the official team of the Hashcat software composed of core Hashcat members) won first place in the KoreLogic "Crack Me If you Can" Competitions at
DefCon
The defense readiness condition (DEFCON) is an alert state used by the United States Armed Forces. (DEFCON is not mentioned in the 2010 and newer document)
The DEFCON system was developed by the Joint Chiefs of Staff (JCS) and unified and spe ...
in 2010, 2012, 2014, 2015,
and 2018, and at
DerbyCon
DerbyCon was a computer security conference based in Louisville, Kentucky. The first DerbyCon took place in 2011 and was founded by Martin Bos, Dave Kennedy, Alex Kah and Adrian Crenshaw. The conference has been held at the Hyatt Regency Louisvil ...
in 2017.
See also
*
Brute-force attack
In cryptography, a brute-force attack consists of an attacker submitting many passwords or passphrases with the hope of eventually guessing correctly. The attacker systematically checks all possible passwords and passphrases until the correc ...
*
Brute-force search
In computer science, brute-force search or exhaustive search, also known as generate and test, is a very general problem-solving technique and algorithmic paradigm that consists of systematically enumerating all possible candidates for the soluti ...
*
Hacker (computer security)
A security hacker is someone who explores methods for breaching defenses and exploiting weaknesses in a computer system or network. Hackers may be motivated by a multitude of reasons, such as profit, protest, information gathering, challenge ...
*
Hacking tool
A security hacker is someone who explores methods for breaching defenses and exploiting weaknesses in a computer system or network. Hackers may be motivated by a multitude of reasons, such as profit, protest, information gathering, challenge ...
*
Openwall Project
The Openwall Project is a source for various software, including Openwall GNU/*/Linux (Owl), a security-enhanced Linux distribution designed for servers. Openwall patches and security extensions have been included into many major Linux distribut ...
*
Password cracking
In cryptanalysis and computer security, password cracking is the process of recovering passwords from data that has been stored in or transmitted by a computer system in scrambled form. A common approach (brute-force attack) is to repeatedly try ...
References
External links
*
A guide to password cracking with HashcatTalk: Confessions of a crypto cluster operatorbased on oclHashcat at
Derbycon
DerbyCon was a computer security conference based in Louisville, Kentucky. The first DerbyCon took place in 2011 and was founded by Martin Bos, Dave Kennedy, Alex Kah and Adrian Crenshaw. The conference has been held at the Hyatt Regency Louisvil ...
2015
Talk: Hashcat state of the unionat Derbycon 2016
{{Use dmy dates, date=September 2017
Password cracking software
Free security software
Formerly proprietary software