Never Ending Security

It starts all here

OclHashCat – Is Worlds Fastest Password Cracker

OclHashcat is a GPGPU-based multi-hash cracker using a brute-force attack (implemented as mask attack), combinator attack, dictionary attack, hybrid attack, mask attack, and rule-based attack. This tool is available for all Windows and Linux versions should work on both 32 and 64 bit.

GPU Driver requirements:
1. NV users require ForceWare 331.67 or later
2. AMD users require Catalyst 14.4 or later

This GPU cracker is a fusioned version of oclHashcat-plus and oclHashcat-lite, both very well-known suites at that time, but now deprecated. There also existed a now very old oclHashcat GPU cracker that was replaced w/ plus and lite, which – as said – were then merged into oclHashcat 1.00 again.

Features:
Worlds fastest password cracker
Worlds first and only GPGPU based rule engine
Free
Multi-GPU (up to 128 gpus)
Multi-Hash (up to 100 million hashes)
Multi-OS (Linux & Windows native binaries)
Multi-Platform (OpenCL & CUDA support)
Multi-Algo (see below)
Low resource utilization, you can still watch movies or play games while cracking
Focuses highly iterated modern hashes
Focuses dictionary based attacks
Supports distributed cracking
Supports pause / resume while cracking
Supports sessions
Supports restore
Supports reading words from file
Supports reading words from stdin
Supports hex-salt
Supports hex-charset
Built-in benchmarking system
Integrated thermal watchdog
100+ Algorithms implemented with performance in mind
… and much more

Attack-Modes

Straight *
Combination
Brute-force
Hybrid dict + mask
Hybrid mask + dict
* accept Rules

Algorithms

MD4
MD5
SHA1
SHA-256
SHA-512
SHA-3 (Keccak)
RipeMD160
Whirlpool
GOST R 34.11-94
HMAC-MD5 (key = $pass)
HMAC-MD5 (key = $salt)
HMAC-SHA1 (key = $pass)
HMAC-SHA1 (key = $salt)
HMAC-SHA256 (key = $pass)
HMAC-SHA256 (key = $salt)
HMAC-SHA512 (key = $pass)
HMAC-SHA512 (key = $salt)
LM
NTLM
DCC
DCC2
NetNTLMv1
NetNTLMv1 + ESS
NetNTLMv2
Kerberos 5 AS-REQ Pre-Auth etype 23
AIX {smd5}
AIX {ssha1}
AIX {ssha256}
AIX {ssha512}
FreeBSD MD5
OpenBSD Blowfish
descrypt
md5crypt
bcrypt
sha256crypt
sha512crypt
DES(Unix)
MD5(Unix)
SHA256(Unix)
SHA512(Unix)
OSX v10.4
OSX v10.5
OSX v10.6
OSX v10.7
OSX v10.8
OSX v10.9
Cisco-ASA
Cisco-IOS
Cisco-PIX
GRUB 2
Juniper Netscreen/SSG (ScreenOS)
RACF
Samsung Android Password/PIN
MSSQL
MySQL
Oracle
Postgres
Sybase
DNSSEC (NSEC3)
IKE-PSK
IPMI2 RAKP
iSCSI CHAP
WPA
WPA2
1Password, cloudkeychain
1Password, agilekeychain
Lastpass
Password Safe SHA-256
TrueCrypt 5.0+ PBKDF2 HMAC-RipeMD160 + AES
TrueCrypt 5.0+ PBKDF2 HMAC-SHA512 + AES
TrueCrypt 5.0+ PBKDF2 HMAC-Whirlpool + AES
TrueCrypt 5.0+ PBKDF2 HMAC-RipeMD160 + AES + boot-mode
TrueCrypt 5.0+ PBKDF2 HMAC-RipeMD160 + AES + hidden-volume
TrueCrypt 5.0+ PBKDF2 HMAC-SHA512 + AES + hidden-volume
TrueCrypt 5.0+ PBKDF2 HMAC-Whirlpool + AES + hidden-volume
TrueCrypt 5.0+ PBKDF2 HMAC-RipeMD160 + AES + hidden-volume + boot-mode
SAP CODVN B (BCODE)
SAP CODVN F/G (PASSCODE)
Citrix Netscaler
Netscape LDAP SHA/SSHA
Apache MD5-APR
hMailServer
EPiServer
Drupal
IPB
Joomla
MyBB
osCommerce
Redmine
SMF
vBulletin
Woltlab Burning Board
xt:Commerce
Wordpress
phpBB3
Half MD5 (left, mid, right)
Double MD5
Double SHA1
md5($pass.$salt)
md5($salt.$pass)
md5(unicode($pass).$salt)
md5($salt.unicode($pass))
md5(sha1($pass))
sha1($pass.$salt)
sha1($salt.$pass)
sha1(unicode($pass).$salt)
sha1($salt.unicode($pass))
sha1(md5($pass))
sha256($pass.$salt)
sha256($salt.$pass)
sha256(unicode($pass).$salt)
sha256($salt.unicode($pass))
sha512($pass.$salt)
sha512($salt.$pass)
sha512(unicode($pass).$salt)
sha512($salt.unicode($pass))

OCL Hashcat options:

oclHashcat, advanced password recovery

Usage: oclHashcat [options]... hash|hashfile|hccapfile [dictionary|mask|directory]...

=======
Options
=======

* General:

  -m,  --hash-type=NUM               Hash-type, see references below
  -a,  --attack-mode=NUM             Attack-mode, see references below
  -V,  --version                     Print version
  -h,  --help                        Print help
       --eula                        Print EULA
       --quiet                       Suppress output

* Benchmark:

  -b,  --benchmark                   Run benchmark
       --benchmark-mode=NUM          Benchmark-mode, see references below

* Misc:

       --hex-salt                    Assume salt is given in hex
       --hex-charset                 Assume charset is given in hex
       --force                       Ignore warnings
       --status                      Enable automatic update of the status-screen
       --status-timer=NUM            Seconds between status-screen update

* Markov:

       --markov-hcstat=FILE          Specify hcstat file to use, default is hashcat.hcstat
       --markov-disable              Disables markov-chains, emulates classic brute-force
       --markov-classic              Enables classic markov-chains, no per-position enhancement
  -t,  --markov-threshold=NUM        Threshold when to stop accepting new markov-chains

* Session:

       --runtime=NUM                 Abort session after NUM seconds of runtime
       --session=STR                 Define specific session name
       --restore                     Restore session from --session
       --restore-timer=NUM           Save restore file each NUM seconds
       --disable-restore             Do not write restore file

* Files:

  -o,  --outfile=FILE                Define outfile for recovered hash
       --outfile-format=NUM          Define outfile-format for recovered hash, see references below
  -p,  --separator=CHAR              Define separator char for hashlists and outfile
       --show                        Show cracked passwords only
       --left                        Show un-cracked passwords only
       --username                    Enable ignoring of usernames in hashfile (recommended: also use --show)
       --remove                      Enable remove of hash once it is cracked
       --disable-potfile             Do not write potfile

* Resources:

  -c,  --segment-size=NUM            Size in MB to cache from the wordfile
       --cpu-affinity=STR            Locks to CPU devices, seperate with comma
       --gpu-async                   Use non-blocking async calls (NV only)
  -d,  --gpu-devices=STR             Devices to use, separate with comma
  -n,  --gpu-accel=NUM               Workload tuning: 1, 8, 40, 80, 160
  -u,  --gpu-loops=NUM               Workload fine-tuning: 8 - 1024
       --gpu-temp-disable            Disable temperature and fanspeed readings and triggers
       --gpu-temp-abort=NUM          Abort session if GPU temperature reaches NUM degrees celsius
       --gpu-temp-retain=NUM         Try to retain GPU temperature at NUM degrees celsius (AMD only)

* Rules:

  -j,  --rule-left=RULE              Single rule applied to each word from left dict
  -k,  --rule-right=RULE             Single rule applied to each word from right dict
  -r,  --rules-file=FILE             Rules-file, multi use: -r 1.rule -r 2.rule
  -g,  --generate-rules=NUM          Generate NUM random rules
       --generate-rules-func-min=NUM Force NUM functions per random rule min
       --generate-rules-func-max=NUM Force NUM functions per random rule max
       --cleanup-rules               Saves all working rules to disk and removes the others, while creating a backup file

* Custom charsets:

  -1,  --custom-charset1=CS          User-defined charsets
  -2,  --custom-charset2=CS          Example:
  -3,  --custom-charset3=CS          --custom-charset1=?dabcdef : sets charset ?1 to 0123456789abcdef
  -4,  --custom-charset4=CS          -2 mycharset.hcchr : sets charset ?2 to chars contained in file

* Increment:

  -i,  --increment                   Enable increment mode
       --increment-min=NUM           Start incrementing at NUM
       --increment-max=NUM           Stop incrementing at NUM

==========
References
==========

* Benchmark Settings:

    0 = Manual Tuning
    1 = Performance Tuning, default

* Outfile Formats:

    1 = hash[:salt]
    2 = plain
    3 = hash[:salt]:plain
    4 = hex_plain
    5 = hash[:salt]:hex_plain
    6 = plain:hex_plain
    7 = hash[:salt]:plain:hex_plain

* Built-in charsets:

   ?l = abcdefghijklmnopqrstuvwxyz
   ?u = ABCDEFGHIJKLMNOPQRSTUVWXYZ
   ?d = 0123456789
   ?a = ?l?u?d?s
   ?s =  !"#$%&'()*+,-./:;<=>?@[\]^_`{|}~

* Attack modes:

    0 = Straight
    1 = Combination
    3 = Brute-force
    6 = Hybrid dict + mask
    7 = Hybrid mask + dict

* Generic hash types:

    0 = MD5
   10 = md5($pass.$salt)
   20 = md5($salt.$pass)
   30 = md5(unicode($pass).$salt)
   40 = md5($salt.unicode($pass))
   50 = HMAC-MD5 (key = $pass)
   60 = HMAC-MD5 (key = $salt)
  100 = SHA1
  110 = sha1($pass.$salt)
  120 = sha1($salt.$pass)
  130 = sha1(unicode($pass).$salt)
  140 = sha1($salt.unicode($pass))
  150 = HMAC-SHA1 (key = $pass)
  160 = HMAC-SHA1 (key = $salt)
  190 = sha1(LinkedIn)
  300 = MySQL
  400 = phpass, MD5(WordPress), MD5(phpBB3)
  500 = md5crypt, MD5(Unix), FreeBSD MD5, Cisco-IOS MD5
  900 = MD4
 1000 = NTLM
 1100 = Domain Cached Credentials, mscash
 1400 = SHA256
 1410 = sha256($pass.$salt)
 1420 = sha256($salt.$pass)
 1430 = sha256(unicode($pass).$salt)
 1440 = sha256($salt.unicode($pass))
 1450 = HMAC-SHA256 (key = $pass)
 1460 = HMAC-SHA256 (key = $salt)
 1500 = descrypt, DES(Unix), Traditional DES
 1600 = md5apr1, MD5(APR), Apache MD5
 1700 = SHA512
 1710 = sha512($pass.$salt)
 1720 = sha512($salt.$pass)
 1730 = sha512(unicode($pass).$salt)
 1740 = sha512($salt.unicode($pass))
 1750 = HMAC-SHA512 (key = $pass)
 1760 = HMAC-SHA512 (key = $salt)
 1800 = sha512crypt, SHA512(Unix)
 2100 = Domain Cached Credentials2, mscash2
 2400 = Cisco-PIX MD5
 2500 = WPA/WPA2
 2600 = Double MD5
 3000 = LM
 3100 = Oracle 7-10g, DES(Oracle)
 3200 = bcrypt, Blowfish(OpenBSD)
 5000 = SHA-3(Keccak)
 5100 = Half MD5
 5200 = Password Safe SHA-256
 5300 = IKE-PSK MD5
 5400 = IKE-PSK SHA1
 5500 = NetNTLMv1-VANILLA / NetNTLMv1+ESS
 5600 = NetNTLMv2
 5700 = Cisco-IOS SHA256
 5800 = Samsung Android Password/PIN
 6000 = RipeMD160
 6100 = Whirlpool
 621Y = TrueCrypt 5.0+ PBKDF2-HMAC-RipeMD160
 622Y = TrueCrypt 5.0+ PBKDF2-HMAC-SHA512
 623Y = TrueCrypt 5.0+ PBKDF2-HMAC-Whirlpool
 624Y = TrueCrypt 5.0+ PBKDF2-HMAC-RipeMD160 boot-mode
 6300 = AIX {smd5}
 6400 = AIX {ssha256}
 6500 = AIX {ssha512}
 6600 = 1Password
 6700 = AIX {ssha1}
 6800 = Lastpass
 6900 = GOST R 34.11-94
 7100 = OSX v10.8
 7200 = GRUB 2
 7400 = sha256crypt, SHA256(Unix)
 7500 = Kerberos 5 AS-REQ Pre-Auth etype 23

* Specific hash types:

   11 = Joomla
   21 = osCommerce, xt:Commerce
  101 = nsldap, SHA-1(Base64), Netscape LDAP SHA
  111 = nsldaps, SSHA-1(Base64), Netscape LDAP SSHA
  112 = Oracle 11g
  121 = SMF > v1.1
  122 = OSX v10.4, v10.5, v10.6
  131 = MSSQL(2000)
  132 = MSSQL(2005)
  141 = EPiServer 6.x < v4
 1441 = EPiServer 6.x > v4
 1711 = SSHA-512(Base64), LDAP {SSHA512}
 1722 = OSX v10.7
 1731 = MSSQL(2012)
 2611 = vBulletin < v3.8.5
 2711 = vBulletin > v3.8.5
 2811 = IPB2+, MyBB1.2+
 62XY = TrueCrypt 5.0+
   X  = 1 = PBKDF2-HMAC-RipeMD160
   X  = 2 = PBKDF2-HMAC-SHA512
   X  = 3 = PBKDF2-HMAC-Whirlpool
   X  = 4 = PBKDF2-HMAC-RipeMD160 boot-mode
   Y  = 1 = XTS AES



More information can be found at: https://hashcat.net/oclhashcat

Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s