Hash Cracking
Hashing Types. Hashing Methods. Salting. LM and NTLM Hashes (Windows). Hash Benchmarks. Hashcat. Bcrypt, Scrypt and PBKDF2. Analysis.
Prof Bill Buchanan OBE http://asecuritysite.com/crypto03 http://asecuritysite.com/encryption Hash Cracking
Hashing Types
Prof Bill Buchanan OBE http://asecuritysite.com/crypto03 http://asecuritysite.com/encryption Authentication Message Hash H H e e l l B l l o o o b . .
H H N N H H h h o o a a e e e e w w p p l l l l l l i i
l l o o e e a a o o r r r r e e
y y o o u u ? ? - A
1 l g 2 8 o H
r b i a t i 8 C 8 5 s t h
C F B D h s m i 8 7 1 4 i g n
( A 3 0 1 n g M a 9 5 8 4 D t 9 7 1 0 u 5 5 1 5 2 r e ) 3 F A 3 j C i X 9 C B 9 4 y x U 3 C 8 4 N s q F 2 4 7 6 X D Z A 4 B B 1 H E U K A 2 F 1 5 5 8 r E 9 A 2 M j R x 4 A 7 9 + k h L E D 6 6 r E Z K 2 8 A B k p O n 3 3 8 9 M 4 a U a 3 D 2 7 D j 5 o b 7 B 7 1 5 J 1 c C A 7 E 9
6 3 Z Y B 3 B D h a N v 2 Z F 7 F 9 s 1 4 R t 9 8 5 1 h A E M x T C 0 3 1
u a t B F H d 2 0 0 4 h l B o g f X g s 3 5 1 7 r : o a
F H E F P 9 5 7 8 H r r s o k 1 t i C B C 0 i f t e
e B h g w g w F 7 5 4 i x l - l m
B 0 D 9 6 B u 4 6 F 7 2 c h a n a n Authentication Message Hash H H e e l l B l l o o o b . .
H H N N H H h h o o a a e e e e w w p p l l l l l l i i
l l o o e e a a o o r r r r e e
y y o o u u ? ? A -
l 1 g 6 o 0 r H
i b t a h i s B 3 F A t m
F A E 7 h s F 8 F E
i i g v P 9 q ( n 1 F 8 4 S n 4 / u v B 9 C 7 g H a 6 1 E 6 + h T G 8 0 3 1 t A u G 2 e x 2 5 B D - r A H i N A 7 6 D 1 e 5 E B C 3 m d a ) 6 F B C z 7 u V 8 A 2 5 F 6 y o 7 6 E E 7 E 0 8 b 4 6 d 6 9 1 A 2 J K h 6 B 2 8 t L j b F E 7 D 4 A 0 A w a q 0 9 B F 1 k v E 9 4 3 E 3 G 5 1 t 6 5 D 9 4 A E 9 R l p 4 S 5 0 7 5 2 P b d H 6 B D F T O T e 4 7 3 4 A 8 E D B q W F 0 - 1 5 6 4 A w 4 g t 8 C B E h 4 M s w 2 3 7 0 a C C 8 0 y 2 x s s C D C B A o d q a h 2 5 9 A u
t p n 6 b 8 A D A h a B o A 6 9 E O p Q d l r g : A 4 D D a
u Q q F P H o E 0 9 D r s o r C / 0 B 4 1 A r f e
e i B A 3 4 B o 8 A 0 t i x h l B 4 2 F - l
= = = = 6 B A F 0 D m u 4 c h a n a n Authentication Message Hash o o S c b d a o o S c b d a o o n f r a l n f r a l e e l l
e e o o n n t t t t c c h h t a t a a a w w n n h h u u e e
k k e e e t e t
r r B
r r u u i i c c t t m m
t t a a o h h I I y y s s t t b n n n n i i
e e a o e e o o a a t t s s r r i i e e s n n s r r n n m m s s
r r t t s s
l l d d
n n
i i t t i i i . . i n n s s m o o
m e e m m s s k k
t t p s s p , , i i
o o o o
t w e e o o a a h b b n n c c r i r s s e t i i t s s t u u h l l
a a i i i , , t t r t t r r
h h n n
y y p e e a a p e e t
t h
n n
a a
h t t y y i i h h y s d d s r r y
e e s s e e w w s
s a a i u u i i i c t t i i r r c l l l l w w e e
s s a l l - a A
s o o s o o l 1 l
l
g
2 8 o H
r b i a t i 8 F s t h
A h s 9 m i 8 i 4 g n
( B n F g M a i + D B D t o C U E u 5 v 3 + r D e ) c F + 3 0 P F D 9 / 8 A g r 0 E A K g 0 0 A X 5 1 Z S D 9 F I 2 1 9 + 2 B a 7 3 D D 5 E M K 0 Y 6 D A 7 4 B 5 k A 3 9
H g 2 h 6 a b H 8 3 s E P 0 B h A 7 v 0 9
u a t w 2 A h 0 l B o g = = 0 r 7 : o a
P = = 1 6 H r r s o C i C f t e
e B h F 4 i x l - l m
B 6 B E u 4 F c C h a n a n
Hash Cracking
Hashing Methods
Prof Bill Buchanan OBE http://asecuritysite.com/crypto03 http://asecuritysite.com/encryption Hash Hash methods fewerthan ofWindows tostore user passwords that are LM Hash SHA functioncompetition October competitionfor competingalgorithms methodsfor hashing method which did not usethe existing definedthere was a needfor newa hashing withtheoretical attacks on SHA shown to be susceptible toattacks VanAssche Joan Daemen a hash function designed byGuido Bertoni SHA - - 3 3 . standard SHA . 2012 LM Hash isused in manyversion SHA LM Hash LM 15 . - 3 MD characterslong , , Keccakwon theNIST hash - wasknown asKeccak and is Michaël Peeters 3 . 5 andSHA , , andproposedis theas andsetup a - 0 . Tiger have been - , 1 andGilles . , NIST thus along . In , samein their operation 0 MD padded with a byte of Tiger known attacks on MD file sharing networks 1995 designedby Ross Anderson andEli Biham in Tiger 10118 alternative to SHA source Preneel Dobbertin function 256 RIPEM Evaluation MessageDigest RIPEMD salt Bcrypt x 01 4 . - bitor , . . 2 . MD Otherwise the twomethods are the It isoften used by clients within Gnutella Tiger isa . . is anis addition 160 Thiscreates a hash value whichhas . , The It isused on TrueCrypt andwascreated Hansby 5 ( , Bcrypt RIPEMD RACE IntegrityPrimitives 320 . Antoon Bosselaers and Bart andSHA RIPEMD isa 160 - bitcryptographic hash 192 - bitversion isseen as an - 1 - , , ) , bithash function , 5 in whichthe messageis andispart ofISO anddoes notsuffer from 0 whereas in Tigerit is . x andSHA 80 128 ) ( in a similarway to andGOST - bit , Author - , 0 andisopen 160 / SHA :
, Prof Bill BuchananBillProf - andwas bit / . - IEC 1 , . Hash Hash methods hash collisions utilization balancebetween performance and CPU methods performance compared with other hashing hash hash function AustinAppleby function FNVhashes usesa non SHA While hashing methodssuch asMD - - 1 based lookups use methodscryto . , The Murmurhash . Murmur andgenerally provide gooda Also it performswell in terms of . Thiscan be used generalfor . , usesa non . It hasa good - cryptographic hash , , the Murmurand - cryptographic designedby 5 and is theis most up Vo GlennFowler cryptographic functionhash developed by FNV . There are two main versions ( Fowler – , FNV Noll - Landon Curt Noll to - date version – Vo ) isa 64 Author . - bit nonbit , , andPhong : ofwhich
Prof Bill BuchananBillProf - 1 a Dig Cert Public key
Private key
Public key
Session Private key key Alice (Web) Bob
Symmetric
PBKDF2 Header (contains AES (Password- Twofish Based Key master keys) Password 3DES Derivation dkLen Function) Salt RFC 2898 RIPEMD-160 SHA-1 Whirlpool TrueCrypt
DK = PBKDF2(PRF, Password, Salt, c, dkLen) DK = PBKDF2(HMAC−SHA1, passphrase, ssid, 4096, 256) Encrypting disks Chapter 3: Hashing
Salting
Prof Bill Buchanan OBE http://asecuritysite.com/crypto03 http://asecuritysite.com/encryption
Encryption Salting 1 $ C 1 $ : \ $ password openssl fred 1 $ $ password fred bATAk > fred openssl passwd 8 $ UUH bATAk / IDAp 9 bATAk - sd 1 bATAk 6 - saltfred password IUv 8 UUH / fred 8 8 UUH UUH / IDAp / IDAp / IDAp 9 sd 9 sd 6 9 6 IUv sd IUv Author 6 / / : IUv
Prof Bill BuchananBillProf / # cat /etc/shadow root:$1$Etg2ExUZ$F9NTP7omafhKIlqaBMqng1:15651:0:99999:7::: # openssl passwd -1 -salt Etg2ExUZ redhat $1$Etg2ExUZ$F9NTP7omafhKIlqaBMqng1
$ openssl version OpenSSL 1.0.1f 6 Jan 2014
$ openssl dgst -md5 file MD5(file)= b1946ac92492d2347c6235b4d2611184
$ openssl genrsa -out mykey.pem 1024 Generating RSA private key, 1024 bit long modulus ...... ++++++ ...++++++ e is 65537 (0x10001
$ openssl rsa -in mykey.pem -pubout > mykey.pub writing RSA key
$ cat mykey.pub -----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDXv9HSFkpM+ZoOQcpdHBZiUwX8 EzIKm0nsgjc5ZTYVaF9CMLtmKoTzep7aQX9o9nKepFt1kQ73Ta9vOPd6CX61/cgY Xy2tShw0imrtFaVDFjX+7kLmc0uWbFFCoZMtJxIaXaa9SV2kARxOCTJ2uOjRTCCe XU09IJGHnIhSNJeIJQIDAQAB -----END PUBLIC KEY-----
$ cat /etc/shadow root:$1$Etg2ExUZ$F9NTP7omafhKIlqaBMqng1:15651:0:99999:7:::
$ openssl passwd -1 -salt Etg2ExUZ redhat $1$Etg2ExUZ$F9NTP7omafhKIlqaBMqng1 Chapter 3: Hashing
LM and NT Hashes
Prof Bill Buchanan OBE http://asecuritysite.com/crypto03 http://asecuritysite.com/encryption
Hash LM/NTLM napiergives hashme gives Use the guesses NAPIER Loaded Root myuser Root < • • • SAM
user NTLM NTLM Directory Active NTLMv HashLM @ @ > kali kali : : < : 1 500 id 2 ( Windows Windows " ( > ( -- 1 password hash : : Windows Windows HKEY Registry Windows Windows XP : ~# : ~# < : show 12 LM hash LM time : john pw B cat pw 9 " C 7 _ , : 54 7 8 option todisplay all of thecracked passwords reliably ( 307 12 FF FA , LOCAL > , 0 napier F 8 : : etc , : 6 , < - 2 2003 - 00 FE etc NTLM hash NTLM B 91 E A ) 9 – : 0 40814 ) 43841 - - 00 ( EC – No salt No C ) C ) LM DES
connect to 5 : 80 4 _ 00 100 - - 4 MACHINE FD AAD E F > C : - 7 84518 - < 6 3 28 D comment [ B F 4 % ( 128 435 - - E E A 0 103 2 1 / B A - - ) 128 51404 EC D 18795 > : F 2 \ < c SAM - 6 - homedir 80 57 / BS SSE A s EE 69 : - - AB AA AA : 4850 307 B 6 04 > - - 2 D : D E ]) E EA 3 3 3 40814 • • 05 05 05 05 C - C - Directory of C of Directory isA Number Serial Volume no label Chas drive in Volume
B B trying : XP samdump froma Windowssystem hive bkhive 8 78 \ - - - - Windows 4 4 Oct Oct Oct Oct A - - F 35 35 E 62 / Vistapassword hashes - - - - 7 3 14 08 14 08 14 05 14 05 D - D - E B B : 4 E - 5 ( ( 5
\ NTLM NTLM NAPIER 103 System dumps the syskeybootkey - - : : : : 14 14 : 40 39 56 52 2 \ Windows F - - - PM PM PM PM PM
6 04 04 dumps Windows A ) ) 32 69 - - - EE EE \ B config N 04 \ 149 System 15 4 PI EA 2 262 262 , B 728 , Author > 946 3 78 3 dir . R , , - 144 144 7 F , 32 640 , C 368 3 :
7 \ D . Prof Bill BuchananBillProf config A SECURITY SAM ::: SYSTEM . SOFTWARE 2 k / NT / Hash LM/NTLM Use the guesses NAPIER Loaded Root myuser Root SAM E myuser FB password < 103 user 117 @ @ kali kali F 6 AD > : A : : : 1 500 69 500 06 < " : id -- 1 password hash : : B BDD 500 ~# : ~# 04 : > HKEY Registry show 12 12 : time EA 830 : < B E hash LM john pw B cat pw 78 9 52 9 C B " C F 54 7586 CAC : 54 3 option todisplay all of thecracked passwords reliably ( D F _ 0 napier F ::: 6 67419 LOCAL : 6 FE C > : : : 00 FE 0 $ < EC hash NTLM : 0 A 00 ( EC 80 9 ) LM DES A : 80 AAD 224 00 100 AAD _ 3 A MACHINE B 3 435 B > 3 108 : [ B < % ( 128 435 B comment 51404 F 3 FA 1 / B ) 128 51404 6 EE CB > c : 6 : \ / BS SSE 307 D < SAM : homedir s EE 8846 : E : 40814 4850 307 F 2 7 ]) E EAEE > E : 40814 7 D trying 4 8 E 7 D : 4 E NAPIER 103 F 6 A 69 - B N 04 4 PI EA 3 78 Author R F 3 D : :::
Prof Bill BuchananBillProf Hash Crackers/Bit Coin Miners
Fast Hash One • 1.536TH/s – Cost 3-5,000 dollars.
25 GPU Hash Cracker • An eight character NTLM password cracked in 5.5 hours. 14 character LM hash cracked in six minutes. 350 billion hashes per second. Chapter 3: Hashing
Hash Benchmarks
Prof Bill Buchanan OBE http://asecuritysite.com/crypto03 http://asecuritysite.com/encryption Benchmark Hashes “The quick brown fox jumps over the lazy dog”:
SHA-1: 2fd4e1c67a2d28fced849ee1bb76e7391b93eb12 SHA-256: d7a8fbb307d7809469ca9abcb0082e4f8d5651e46d3cdb762d02d0bf37c9e592 SHA-512: 07e547d9586f6a73f73fbac0435ed76951218fb7d0c8d788a309d7 85436bbb642e93a252a954f23912547d1e8a3b5ed6e1bfd7097821233fa0538f3db854fee6
MD-5: 9e107d9d372bb6826bd81d3542a419d6 DES: ZDeS94Lcq/6zg Bcrypt: $2a$05$2czCv5GYgkx3aobmEyewB.ejV2hePMdbvTdCyNaSzWtlGPPjB2xx6 APR1: $apr1$ZDzPE45C$3PvRanPycmNc6c2G9wT9b/ PBKDF2 (SHA1): $pbkdf2$5$WkR6UEU0NUM$0RB2bimWrMY.EPYibpaBT2q3HFg PBKDF2 (SHA-256): $pbkdf2-sha256$5$WkR6UEU0NUM$yrJz2oJix7uBJZwZ/50vWUgdE I/i0ffqeU4obqC0pk4 LM Hash: a7b07f9948d8cc7f97c4b0b30cae500f NT Hash: 4e6a076ae1b04a815fa6332f69e2e231 MS DCC: efa9778bbc94a7360f664eb7d7144725 LDAP (MD5): {MD5}9e107d9d372bb6826bd81d3542a419d6 LDAP (SHA1): {SHA}2fd4e1c67a2d28fced849ee1bb76e7391b93eb12 MS SQL 2000: 0x0100BF77CE595DCD1FC87A37B3DEBC27A8C97355CB96B8BAB 63E602662BA5D5D33B913E422499BE72FF3D9BB65DE MySQL: *A4E4D26FD0C6455E23E2187C3AABE844332AA1B3 Oracle 10: 4CDA2299FCAD0499 Postgres (MD5): md5d44c15daa11770f25c5350f7e5408dd1 Cisco PIX: kGyKN5CqdFQ1qJUs Cisco Type 7: 15260309443B3E2D2B3875200108010D41505640135E1B0E080 519574156401540035E460B594D1D53020B5C
Benchmark Nvidia GeForce GTX 1080 Ti Specifications: – Graphics Processing Clusters: 6 – Streaming Multiprocessors: 28 – CUDA Cores (single precision): 3584 – Texture Units: 224 – ROP Units: 88 – Base Clock: 1480 MHz – Boost Clock: 1582 MHz – Memory Clock: 5505 MHz – Memory Data Rate: 11 Gbps – L2 Cache Size: 2816K – Total Video Memory: 11264MB GDDR5X – Memory Interface: 352-bit – Total Memory Bandwidth: 484 GB/s – Texture Rate (Bilinear): 331.5 GigaTexels/sec – Fabrication Process: 16 nm – Transistor Count: 12 Billion – Connectors: 3 x DisplayPort, 1 x HDMI – Power Connectors: One 6-pin, One 8-pin – Recommended Power Supply: 600 Watts Hashcat root@kali:~/hashes# hashcat -b -m 0 Initializing hashcat v0.49 with 1 threads and 32mb segment-size... Device...... : Intel(R) Core(TM) i7-5557U CPU @ 3.10GHz Instruction set..: x86_64 Number of threads: 1 Hash type: MD5 Speed/sec: 11.20M words
$ hashcat -b -m 0 hashcat (v3.30-317-g778f568) starting in benchmark mode...
OpenCL Platform #1: NVIDIA Corporation ======* Device #1: GeForce GTX 970, 1009/4036 MB allocatable, 13MCU * Device #2: GeForce GTX 750 Ti, 500/2000 MB allocatable, 5MCU
Hashtype: MD5
Speed.Dev.#1.....: 10260.8 MH/s (84.99ms) Speed.Dev.#2.....: 3661.7 MH/s (91.61ms) Speed.Dev.#*.....: 13922.6 MH/s Hashing
Hashcat
Prof Bill Buchanan OBE http://asecuritysite.com/crypto02 http://asecuritysite.com/encryption Hashcat
• Rule-based Attacks. Define a rule of the password. • Dictionary Attacks. Search through a dictionary of common passwords. • Brute-Force Attacks. Search through
Attack modes: Brute-force, Combinator, Dictionary, Mask, Rule-based, Toggle-case and Hybrid. * General: Hashcat -m, --hash-type=NUM Hash-type, see references below -a, --attack-mode=NUM Attack-mode, see references below * Benchmark: -b, --benchmark Run benchmark • hashcat * Files: -o, --outfile=FILE Define outfile for recovered hash [options] --outfile-format=NUM Define outfile-format for recovered hash, see references below --show Show cracked passwords only (see --username) hashfile * Resources: -c, --segment-size=NUM Size in MB to cache from the wordfile [mask|wordfiles -n, --threads=NUM Number of threads * Rules: |directories] -r, --rules-file=FILE Rules-file use: -r 1.rule -g, --generate-rules=NUM Generate NUM random rules --generate-rules-func-min=NUM Force NUM functions per random rule min --generate-rules-func-max=NUM Force NUM functions per random rule max * Toggle-Case attack-mode specific: • hashcat -m 0 --toggle-min=NUM Number of alphas in dictionary minimum myhash --toggle-max=NUM Number of alphas in dictionary maximum * Mask-attack attack-mode specific: myfile.txt -o --pw-min=NUM Password-length minimum output.txt --pw-max=NUM Password-length maximum * Permutation attack-mode specific: --perm-min=NUM Filter words shorter than NUM --perm-max=NUM Filter words larger than NUM * Table-Lookup attack-mode specific: -t, --table-file=FILE Table file --table-min=NUM Number of chars in dictionary minimum --table-max=NUM Number of chars in dictionary maximum Hashcat -a, --attack-mode=NUM
• hashcat Attack Modes: [options] 0 = Straight hashfile 1 = Combination [mask|wordfiles 2 = Toggle-Case |directories] 3 = Brute-force 4 = Permutation • hashcat -m 0 5 = Table-Lookup myhash 6 = Prince myfile.txt -o output.txt -a, --attack-mode=NUM Hashcat -m hash-type * Hash types:
0 = MD5 10 = md5($pass.$salt) • hashcat 20 = md5($salt.$pass) 30 = md5(unicode($pass).$salt) [options] 40 = md5($salt.unicode($pass)) 50 = HMAC-MD5 (key = $pass) hashfile 60 = HMAC-MD5 (key = $salt) 100 = SHA1 [mask|wordfiles 110 = sha1($pass.$salt) 120 = sha1($salt.$pass) |directories] 130 = sha1(unicode($pass).$salt) 140 = sha1($salt.unicode($pass)) 150 = HMAC-SHA1 (key = $pass) 160 = HMAC-SHA1 (key = $salt) • hashcat -m 0 200 = MySQL323 300 = MySQL4.1/MySQL5 myhash 400 = phpass, MD5(Wordpress), MD5(phpBB3), MD5(Joomla) 500 = md5crypt, MD5(Unix), FreeBSD MD5, Cisco-IOS MD5 myfile.txt -o 900 = MD4 1000 = NTLM output.txt 1400 = SHA256 1410 = sha256($pass.$salt) 5500 = NetNTLMv1-VANILLA / NetNTLMv1-ESS 5600 = NetNTLMv2 5700 = Cisco-IOS SHA256 8900 = scrypt 9200 = Cisco $8$ 10000 = Django (PBKDF2-SHA256) Hashcat - Outputs Output format
• hashcat [options] 1 = hash[:salt] hashfile 2 = plain 3 = hash[:salt]:plain [mask|wordfiles|dire 4 = hex_plain ctories] 5 = hash[:salt]:hex_plain 6 = plain:hex_plain 7 = hash[:salt]:plain:hex_plain 8 = crackpos • hashcat -m 0 myhash 9 = hash[:salt]:crackpos myfile.txt -o 10 = plain:crackpos 11 = hash[:salt]:plain:crackpos output.txt 12 = hex_plain:crackpos 13 = hash[:salt]:hex_plain:crackpos 14 = plain:hex_plain:crackpos 15 = hash[:salt]:plain:hex_plain:crackpos Hashcat
hashcat -m 1400 mytext.txt words.txt Hashcat
hashcat -m 1000 mytextnt.txt words.txt Combinational Attack (-a 1) Hashcat -m 0 -a 1 hash.txt dict1.txt dict2.txt dict1.txt jam jar jimmy jamcar jamie jarcar Jimmycar dict2.txt Jamiecar jamcat car cat jarcat jimmycat call jamiecat Hashing
Brute Force (-a 3)
Prof Bill Buchanan OBE http://asecuritysite.com/crypto02 http://asecuritysite.com/encryption Brute Force - How many hash codes?
• 7 digit password with [a-z] … how many? • Ans: • Time to crack - 100 billion per second: • 7 digit with [a-zA-z] … how many? • Ans: • Time to crack – 100 billion per second: • 7 digit with [a-zA-z!@#$%^&*()] … how many? • Ans: • Time to crack – 100 billion per second: Hashcat – Brute Force
• hashcat [options] Custom charsets: -1, --custom-charset1=CS User-defined charsets hashfile -2, --custom-charset2=CS Example: -3, --custom-charset3=CS --custom-charset1=?dabcdef : sets [mask|wordfiles|dire charset ?1 to 0123456789abcdef -4, --custom-charset4=CS -2 mycharset.hcchr : sets charset ctories] ?2 to chars contained in file Character sets
?l = abcdefghijklmnopqrstuvwxyz • hashcat -m 0 myhash ?u = ABCDEFGHIJKLMNOPQRSTUVWXYZ ?d = 0123456789 myfile.txt -o ?s = !"#$%&'()*+,-./:;<=>?@[\]^_`{|}~ ?a = ?l?u?d?s output.txt ?b = 0x00 - 0xff Hashcat – Brute Force
?l = abcdefghijklmnopqrstuvwxyz aaaaaaaa ?u = ABCDEFGHIJKLMNOPQRSTUVWXYZ aaaaaaab ?d = 0123456789 ?s = !"#$%&'()*+,-./:;<=>?@[\]^_`{|}~ … ?a = ?l?u?d?s ?b = 0x00 - 0xff zzzzzzzz
• -1 abcdefghijklmnopqrstuvwxyz0123456789 • -1 abcdefghijklmnopqrstuvwxyz?d • -1 ?l0123456789-1 ?l?d Input.Mode: Mask (?l) [1] Hashcat – Index.....: 0/1 (segment), 26 (words), 0 (bytes) Recovered.: 0/1 hashes, 0/1 salts Speed/sec.: - plains, - words Brute Force Progress..: 26/26 (100.00%) Running...: --:--:--:-- Estimated.: --:--:--:-- Input.Mode: Mask (?l?l) [2] hashcat -a 3 -m Index.....: 0/1 (segment), 676 (words), 0 (bytes) Recovered.: 0/1 hashes, 0/1 salts 1000 mytextlm.txt Speed/sec.: - plains, - words Progress..: 676/676 (100.00%) Running...: --:--:--:-- ?l?l?l?l?l?l?l?l Estimated.: --:--:--:-- Input.Mode: Mask (?l?l?l) [3] Index.....: 0/1 (segment), 17576 (words), 0 (bytes) Recovered.: 0/1 hashes, 0/1 salts Speed/sec.: - plains, - words Progress..: 17576/17576 (100.00%) [keyspace: aaaaaaaa Running...: --:--:--:-- Estimated.: --:--:--:-- – zzzzzzzz] 0333c27eb4b9401d91fef02a9f74840e:help All hashes have been recovered Input.Mode: Mask (?l?l?l?l) [4] Index.....: 0/1 (segment), 456976 (words), 0 (bytes) Recovered.: 1/1 hashes, 1/1 salts Speed/sec.: - plains, - words Progress..: 271188/456976 (59.34%) Running...: --:--:--:-- Estimated.: --:--:--:-- Hashcat – Input.Mode: Mask (h) [1] Index.....: 0/1 (segment), 1 (words), 0 (bytes) Recovered.: 0/1 hashes, 0/1 salts Speed/sec.: - plains, - words Brute Force Progress..: 1/1 (100.00%) Running...: --:--:--:-- Estimated.: --:--:--:-- Input.Mode: Mask (he) [2] Index.....: 0/1 (segment), 1 (words), 0 (bytes) Recovered.: 0/1 hashes, 0/1 salts Speed/sec.: - plains, - words Progress..: 1/1 (100.00%) Running...: --:--:--:-- Estimated.: --:--:--:-- Input.Mode: Mask (hel) [3] Index.....: 0/1 (segment), 1 (words), 0 (bytes) Recovered.: 0/1 hashes, 0/1 salts Speed/sec.: - plains, - words Progress..: 1/1 (100.00%) Running...: --:--:--:-- Estimated.: --:--:--:-- 0333c27eb4b9401d91fef02a9f74840e:help • hashcat -a 3 -m 1000 All hashes have been recovered Input.Mode: Mask (hel?l) [4] mytextlm.txt hel?l Index.....: 0/1 (segment), 26 (words), 0 (bytes) Recovered.: 1/1 hashes, 1/1 salts [keyspace: hela - help] Speed/sec.: - plains, - words Progress..: 16/26 (61.54%) Running...: --:--:--:-- Estimated.: --:--:--:-- Hashcat – Brute Force … b1b735762130797915df96acf5bf09b8:hel9
All hashes have been recovered
Input.Mode: Mask (hel?d) [4] Index.....: 0/1 (segment), 10 (words), 0 (bytes) Recovered.: 1/1 hashes, 1/1 salts Speed/sec.: - plains, - words Progress..: 10/10 (100.00%) Running...: --:--:--:-- Estimated.: --:--:--:--
hashcat -a 3 -m 1000 mytextlm.txt hel?d [keyspace: hela - help] Chapter 3: Hashing
Rules and Lists
Prof Bill Buchanan OBE http://asecuritysite.com/crypto02 http://asecuritysite.com/encryption Hashcat – Password List root@kali:~# wc -l /usr/share/wordlists/rockyou.txt 14344392 /usr/share/wordlists/rockyou.txt
Functio Examp Name n Description le Rule Input Word Out put Wor d root@kali:~# hashcat -m 0 mytextmd.txt /usr/share/wordlists/rockyou.txt
Initializing hashcatNothi ng : Do nothing v0.49: p@ssW0rd p@ssW0rd with 1 threads and 32mb segment-size... 123456 abc123 12345 nicole Added hashes from file mytextmd.txt: 1 (1 salts) Lowercas l Lowercase all letters l p@ssW0rd p@ssw0rd e 123456789 daniel Activating quick-digest mode for single-hash password babygirl NOTE: press enter for status-screen Uppercas u Uppercase all letters u p@ssW0rd P@SSW0RD iloveyou monkey e princess lovely 25f9e794323b453885f5181f1b624d0b:123456789
Capitalize the first Capitaliz e c letter and lower the c p@ssW0rd P@ssw0rd rest 1234567 jessica All hashes have been recovered rockyou anthony
Append $X Append character X to $1 p@ssW0rd p@ssW0rd1 Characte end 12345678 friends Input.Mode: Dictr (/usr/share/wordlists/rockyou.txt) Index.....: 1/5 (segment), 3627099 (words), 33550339 (bytes)
Prepend Characte ^X Prepend character X to ^1 p@ssW0rd 1p@ssW0rd front butterfly r
Replace sXY Replace all instances of ss$ p@ssW0rd p@$$W0rd Recovered.: 1/1 hashes,X with Y 1/1 salts Speed/sec.: - plains, - words Progress..: 4/3627099 (0.00%) Hashcat – Rules Name Function Description Example Rule Input Word Output Word Nothing : Do nothing : p@ssW0rd p@ssW0rd
Functio Examp Lowercase l Lowercase Name n Description le Rule Input Word Out put Wor dl p@ssW0rd p@ssw0rd Uppercase u Uppercase u p@ssW0rd P@SSW0RD
Capitalize c Capitalize 1st, lower rest Nothi ng : Do nothing : p@ssW0rd p@ssW0rd c p@ssW0rd P@ssw0rd Append $X Append character X to end $1 p@ssW0rd p@ssW0rd1 Prepend ^X Prepend character X to front ^1 p@ssW0rd 1p@ssW0rd
Lowercas l Lowercase all letters l p@ssW0rd p@ssw0rd Replace sXY Replace all instances of X withe Y ss$ p@ssW0rd p@$$W0rd
root@kali:~# ls /usr/share/hashcat/rules Uppercas u Uppercase all letters u p@ssW0rd P@SSW0RD e best64.rule specific.rule combinator.rule T0XlC-insert_00-99_1950-2050_toprules_0_F.rule d3ad0ne.rule T0XlC-insert_space_and_special_0_F.rule
Capitalize the first Capitaliz e c letter and lower the c p@ssW0rd P@ssw0rd dive.rule T0XlC-insert_top_100_passwords_1_G.rulerest generated.rule T0XlC.rule Incisive-leetspeak.rule T0XlCv1.rule
Append $X Append character X to $1 p@ssW0rd p@ssW0rd1 Characte end InsidePro-HashManager.rule toggles1.rule r InsidePro-PasswordsPro.rule toggles2.rule
Prepend Characte ^X Prepend character X to ^1 p@ssW0rd 1p@ssW0rd front r
Replace sXY Replace all instances of ss$ p@ssW0rd p@$$W0rd leetspeak.rule toggles3.rule X with Y Ninja-leetspeak.rule toggles4.rule oscommerce.rule toggles5.rule rockyou-30000.rule Name Function Description Example Rule Input Word Output Word Nothing : Do nothing : p@ssW0rd p@ssW0rd Lowercase l Lowercase l p@ssW0rd p@ssw0rd Uppercase u Uppercase u p@ssW0rd P@SSW0RD Capitalize c Capitalize 1st, lower rest c p@ssW0rd P@ssw0rd Append $X Append character X to end $1 p@ssW0rd p@ssW0rd1
Functio Examp Prepend ^X Prepend character X to front Name n Description le Rule Input Word^1Out put Wor d p@ssW0rd 1p@ssW0rd Replace sXY Replace all instances of X with Y ss$ p@ssW0rd p@$$W0rd : Nothi ng : Do nothing : p@ssW0rd p@ssW0rd #Lowercase edinburgh Ed1nburgh123 l #Uppercase u Lowercas l Lowercase all letters l p@ssW0rd p@ssw0rd e #Capitalise first character Capitalise the first character. c #Add '1' to the end
Uppercas $1 u Uppercase all letters u p@ssW0rd P@SSW0RD Add a 1, 2 .. 0 at the end. e #Add '2' to the end Add “123” at the end. $2 Substitute ‘a’ for ‘@’ #Add '3' to the end Capitalize the first Capitaliz c letter and lower the c p@ssW0rd P@ssw0rd $3 e rest Substitute ‘l’ for a ‘1’ #Add '123' to the end $1 $2 $3 Substitute ‘5’ for an ‘s’ #Substitute 'a' for '@'
Append $X Append character X to $1 p@ssW0rd p@ssW0rd1 Characte sa@ end r Substitute ‘3’ for an ‘e’ #Substitute 'a' for '4' sa4 Prepend Characte ^X Prepend character X to ^1 p@ssW0rd 1p@ssW0rd front r
Replace sXY Replace all instances of ss$ p@ssW0rd p@$$W0rd Substitute ‘0’ for an ‘o’ X with Y #substitute 'l' for '1' sl1 #Substitute 'a' for '@', 'e' for '3', 'l' for '1' sa@ se3 sl1 Hashcat – With Battlefield Hash
Functio Examp root@kali:~/hashes# hashcat -m 0 bfield.hashName n Description le Rule Input Word/Out put Worusr d /share/wordlists/rockyou.txt Initializing hashcat v0.49 with 1 threads and 32mb segment-size...
Nothi ng : Do nothing : p@ssW0rd p@ssW0rd Added hashes from file bfield.hash: 548686 (1 salts)
Lowercas l Lowercase all letters l p@ssW0rd p@ssw0rd e NOTE: press enter for status-screen
Uppercas u Uppercase all letters u p@ssW0rd P@SSW0RD e10adc3949ba59abbe56e057f20f883e:123456e 25f9e794323b453885f5181f1b624d0b:123456789
Capitalize the first Capitaliz e c letter and lower the c p@ssW0rd P@ssw0rd 5f4dcc3b5aa765d61d8327deb882cf99:passwordrest f25a2fc72690b780b2a14e140ef6a9e0:iloveyou
Append $X Append character X to $1 p@ssW0rd p@ssW0rd1 Characte end 8afa847f50a716e64932d995c8e7435a:princessr
Prepend Characte ^X Prepend character X to ^1 p@ssW0rd 1p@ssW0rd front fcea920f7412b5da7be0cf42b8c93759:1234567r
Replace sXY Replace all instances of ss$ p@ssW0rd p@$$W0rd 25d55ad283aa400af464c76d713c07ad:12345678X with Y Hash Cracking
BCrypt, PBKDF2 and Scrypt
Prof Bill Buchanan OBE http://asecuritysite.com/crypto02 http://asecuritysite.com/encryption BCrypt
• Here.
Hashcat benchmark (AWS ECS instance) Hash type: MD5 Speed/sec: 380.02M words Hash type: SHA1 Speed/sec: 218.86M words Hash type: SHA256 Speed/sec: 110.37M words Hash type: bcrypt, Blowfish(OpenBSD) Speed/sec: 25.86k words Hash type: NTLM. Speed/sec: 370.22M words Hashcat – Rules
• Scrypt is a password-based key derivation function which produces a hash with a salt and iterations. The main parameters are:passphrase (P); salt (S); Blocksize (r) and CPU/Memory cost parameter (N- a power of 2). Here. • PBKDF2 (Password-Based Key Derivation Function 2) is defined in RFC2898 and generates a salted hash. Often this is used to create an encryption key from a defined password, and where it is not possible to reverse the password from the hashed value. Here. Chapter 3: Hashing
Rules and Lists
Prof Bill Buchanan OBE http://asecuritysite.com/crypto02 http://asecuritysite.com/encryption Analysis Analysis Analysis Hashing Cracking
Hashing Types. Hashing Methods. Salting. LM and NTLM Hashes (Windows). Hash Benchmarks. Hashcat. Bcrypt, Scrypt and PBKDF2. Analysis.
Prof Bill Buchanan OBE http://asecuritysite.com/crypto03 http://asecuritysite.com/encryption