hashcat使用教程
巢海
hashcat官网:https://hashcat.net/hashcat/
GitHub项目:https://github.com/hashcat/hashcat
使用语法:
hashcat.exe [选项] <哈希> <密码字典>
Hash id对照表:
因为实在是太多了,所有我就贴一部分常见的hash类型,要想了解所有的参数可到hashcat的Wiki上去看,或者直接hashcat --help查看hash对照表
- [ Hash modes ] -
# | Name | Category
======+==================================================+======================================
900 | MD4 | Raw Hash
0 | MD5 | Raw Hash
5100 | Half MD5 | Raw Hash
100 | SHA1 | Raw Hash
1300 | SHA2-224 | Raw Hash
1400 | SHA2-256 | Raw Hash
10800 | SHA2-384 | Raw Hash
1700 | SHA2-512 | Raw Hash
17300 | SHA3-224 | Raw Hash
17400 | SHA3-256 | Raw Hash
17500 | SHA3-384 | Raw Hash
17600 | SHA3-512 | Raw Hash
10 | md5($pass.$salt) | Raw Hash, Salted and/or Iterated
20 | md5($salt.$pass) | Raw Hash, Salted and/or Iterated
30 | md5(utf16le($pass).$salt) | Raw Hash, Salted and/or Iterated
40 | md5($salt.utf16le($pass)) | Raw Hash, Salted and/or Iterated
3800 | md5($salt.$pass.$salt) | Raw Hash, Salted and/or Iterated
3710 | md5($salt.md5($pass)) | Raw Hash, Salted and/or Iterated
4010 | md5($salt.md5($salt.$pass)) | Raw Hash, Salted and/or Iterated
4110 | md5($salt.md5($pass.$salt)) | Raw Hash, Salted and/or Iterated
2600 | md5(md5($pass)) | Raw Hash, Salted and/or Iterated
3910 | md5(md5($pass).md5($salt)) | Raw Hash, Salted and/or Iterated
4300 | md5(strtoupper(md5($pass))) | Raw Hash, Salted and/or Iterated
4400 | md5(sha1($pass)) | Raw Hash, Salted and/or Iterated
110 | sha1($pass.$salt) | Raw Hash, Salted and/or Iterated
120 | sha1($salt.$pass) | Raw Hash, Salted and/or Iterated
130 | sha1(utf16le($pass).$salt) | Raw Hash, Salted and/or Iterated
140 | sha1($salt.utf16le($pass)) | Raw Hash, Salted and/or Iterated
4500 | sha1(sha1($pass)) | Raw Hash, Salted and/or Iterated
4520 | sha1($salt.sha1($pass)) | Raw Hash, Salted and/or Iterated
4700 | sha1(md5($pass)) | Raw Hash, Salted and/or Iterated
4900 | sha1($salt.$pass.$salt) | Raw Hash, Salted and/or Iterated
14400 | sha1(CX) | Raw Hash, Salted and/or Iterated
1410 | sha256($pass.$salt) | Raw Hash, Salted and/or Iterated
1420 | sha256($salt.$pass) | Raw Hash, Salted and/or Iterated
1430 | sha256(utf16le($pass).$salt) | Raw Hash, Salted and/or Iterated
1440 | sha256($salt.utf16le($pass)) | Raw Hash, Salted and/or Iterated
1710 | sha512($pass.$salt) | Raw Hash, Salted and/or Iterated
1720 | sha512($salt.$pass) | Raw Hash, Salted and/or Iterated
1730 | sha512(utf16le($pass).$salt) | Raw Hash, Salted and/or Iterated
1740 | sha512($salt.utf16le($pass)) | Raw Hash, Salted and/or Iterated
14000 | DES (PT = $salt, key = $pass) | Raw Cipher, Known-Plaintext attack
14100 | 3DES (PT = $salt, key = $pass) | Raw Cipher, Known-Plaintext attack
14900 | Skip32 (PT = $salt, key = $pass) | Raw Cipher, Known-Plaintext attack
15400 | ChaCha20 | Raw Cipher, Known-Plaintext attack
2500 | WPA-EAPOL-PBKDF2 | Network Protocols
2501 | WPA-EAPOL-PMK | Network Protocols
16800 | WPA-PMKID-PBKDF2 | Network Protocols
16801 | WPA-PMKID-PMK | Network Protocols
7300 | IPMI2 RAKP HMAC-SHA1 | Network Protocols
7500 | Kerberos 5 AS-REQ Pre-Auth etype 23 | Network Protocols
8300 | DNSSEC (NSEC3) | Network Protocols
10200 | CRAM-MD5 | Network Protocols
11100 | PostgreSQL CRAM (MD5) | Network Protocols
11200 | MySQL CRAM (SHA1) | Network Protocols
16100 | TACACS+ | Network Protocols
16500 | JWT (JSON Web Token) | Network Protocols
121 | SMF (Simple Machines Forum) > v1.1 | Forums, CMS, E-Commerce, Frameworks
400 | phpBB3 (MD5) | Forums, CMS, E-Commerce, Frameworks
2811 | MyBB 1.2+ | Forums, CMS, E-Commerce, Frameworks
2811 | IPB2+ (Invision Power Board) | Forums, CMS, E-Commerce, Frameworks
8400 | WBB3 (Woltlab Burning Board) | Forums, CMS, E-Commerce, Frameworks
11 | Joomla < 2.5.18 | Forums, CMS, E-Commerce, Frameworks
400 | Joomla >= 2.5.18 (MD5) | Forums, CMS, E-Commerce, Frameworks
400 | WordPress (MD5) | Forums, CMS, E-Commerce, Frameworks
2612 | PHPS | Forums, CMS, E-Commerce, Frameworks
7900 | Drupal7 | Forums, CMS, E-Commerce, Frameworks
21 | osCommerce | Forums, CMS, E-Commerce, Frameworks
21 | xt:Commerce | Forums, CMS, E-Commerce, Frameworks
11000 | PrestaShop | Forums, CMS, E-Commerce, Frameworks
124 | Django (SHA-1) | Forums, CMS, E-Commerce, Frameworks
10000 | Django (PBKDF2-SHA256) | Forums, CMS, E-Commerce, Frameworks
12 | PostgreSQL | Database Server
131 | MSSQL (2000) | Database Server
132 | MSSQL (2005) | Database Server
1731 | MSSQL (2012, 2014) | Database Server
200 | MySQL323 | Database Server
300 | MySQL4.1/MySQL5 | Database Server
3100 | Oracle H: Type (Oracle 7+) | Database Server
112 | Oracle S: Type (Oracle 11+) | Database Server
12300 | Oracle T: Type (Oracle 12+) | Database Server
8000 | Sybase ASE | Database Server
15000 | FileZilla Server >= 0.9.55 | FTP Server
11500 | CRC32 | Checksums
3000 | LM | Operating Systems
1000 | NTLM | Operating Systems
500 | md5crypt, MD5 (Unix), Cisco-IOS $1$ (MD5) | Operating Systems
3200 | bcrypt $2*$, Blowfish (Unix) | Operating Systems
7400 | sha256crypt $5$, SHA256 (Unix) | Operating Systems
1800 | sha512crypt $6$, SHA512 (Unix) | Operating Systems
122 | macOS v10.4, MacOS v10.5, MacOS v10.6 | Operating Systems
1722 | macOS v10.7 | Operating Systems
7100 | macOS v10.8+ (PBKDF2-SHA512) | Operating Systems
11600 | 7-Zip | Archives
12500 | RAR3-hp | Archives
13000 | RAR5 | Archives
13600 | WinZip | Archives
9700 | MS Office <= 2003 $0/$1, MD5 + RC4 | Documents
9710 | MS Office <= 2003 $0/$1, MD5 + RC4, collider #1 | Documents
9720 | MS Office <= 2003 $0/$1, MD5 + RC4, collider #2 | Documents
9800 | MS Office <= 2003 $3/$4, SHA1 + RC4 | Documents
9810 | MS Office <= 2003 $3, SHA1 + RC4, collider #1 | Documents
9820 | MS Office <= 2003 $3, SHA1 + RC4, collider #2 | Documents
9400 | MS Office 2007 | Documents
9500 | MS Office 2010 | Documents
9600 | MS Office 2013 | Documents
10400 | PDF 1.1 - 1.3 (Acrobat 2 - 4) | Documents
10410 | PDF 1.1 - 1.3 (Acrobat 2 - 4), collider #1 | Documents
10420 | PDF 1.1 - 1.3 (Acrobat 2 - 4), collider #2 | Documents
10500 | PDF 1.4 - 1.6 (Acrobat 5 - 8) | Documents
10600 | PDF 1.7 Level 3 (Acrobat 9) | Documents
10700 | PDF 1.7 Level 8 (Acrobat 10 - 11) | Documents
99999 | Plaintext | Plaintext
选项:
-m/--hash-type 哈希类型,如:-m 100 表示SHA-1哈希 -a/--attack-mode 攻击模式,如:-a 0 表示使用密码字典破解
哈希类型:
900 MD4 0 MD5 100 SHA-1 10 md5($pass.$salt) 20 md5($salt.$pass) 3710 md5($salt.md5($pass)) 2600 md5(md5($pass)) 5500 NetNTLMv1 5600 NetNTLMv2 16500 JWT (JSON Web Token) 11 Joomla < 2.5.18 400 Joomla >= 2.5.18 (MD5) 400 WordPress (MD5) 7900 Drupal7 131 MSSQL (2000) 132 MSSQL (2005) 1731 MSSQL (2012, 2014) 300 MySQL4.1/MySQL5 15000 FileZilla Server >= 0.9.55 1000 NTLM 500 MD5 Unix $1$ 7400 SHA256 Unix $5$ 1800 SHA512 Unix $6$
攻击模式:
0 Straight(密码字典) 1 Combination 3 Brute-force(掩码) 6 Hybrid Wordlist + Mask 7 Hybrid Mask + Wordlist
内置掩码:
?l 表示小写字母(abcdefghijklmnopqrstuvwxyz) ?U 表示大写字母(ABCDEFGHIJKLMNOPQRSTUVWXYZ) ?d 表示阿拉伯数字(0123456789) ?s 表示特殊符号(!"#$%&'()*+,-./:;<=>?@[\]^_`{|}~)
案例:
1、使用密码字典破解 MD5 哈希
hashcat64.exe -m 0 -a 0 5ec822debe54b1935f78d9a6ab900a39 password.txt
2、使用密码字典对多个 MD5 哈希进行破解
hashcat64.exe -m 0 -a 0 md5_list.txt password.txt
3、已知明文密码为8位数字,使用掩码进行破解,?d?d?d?d?d?d?d?d 表示8位数字
hashcat64.exe -m 0 -a 3 3d9865a2843dcb59e7a6296c894732a4 ?d?d?d?d?d?d?d?d
4、使用多个密码字典进行破解,只有 -a 0 模式支持多个密码字典
hashcat64.bin -m 0 -a 0 hash_list.txt dict1.txt dict2.txt dict3.txt
5、破解 Linux 系统账号密码
hashcat64.exe -m 500 -a 0 $1$hwMSTWOB$UKQfietZMJquuQq3S5FHe1 password.txt
6、破解 JWT(json web token)
hashcat64.exe -a 0 -m 16500 "E:/jwt.txt" "E:/password.txt" hashcat64.exe -a 3 -m 16500 "E:/jwt.txt" ?h?h?h?h?h?h?h
类似资料: