Wednesday, July 25, 2018

New Password Cracking Tool 'hashcrack'

Low key launch as I'm not sure I have squashed all the bugs at this point - I imagine other people will have different use cases than me, and some other ones will come to light.


This will download 30Gb of dictionaries btw; if you don't want to do this, configure your own in the hashcrack.cfg file and remove the step from

git clone
cd hashcrack
python3 hashcrack -i targethashes.txt

The hashcrack program tries to pick some sensible defaults for you and runs hashcat against your wordlist, but if it's not getting anything for you, try the following:

Try phrases, dictionary words and previously found words. The latter will get them fromm your pot file - useful for trying found passwords against different hash types:

$ python3 -i sha512hashes.txt --phrases --words --found

Try existing dictionaries with common suffixes:

$ python3 -i sha512hashes.txt -d dict\Top95Thousand-probable.txt -e dict\last3.txt
$ python3 -i sha512hashes.txt -d dict\Top95Thousand-probable.txt -e dict\last4.txt

If you spot patterns, try and use them, e.g. digits followed by something more complex:

$ python3 -i sha512hashes.txt -d dict\last3.txt --lmask ?d?d?d?d?d?d

or something complex followed by digits:

$ python3 -i sha512hashes.txt -d dict\Top95Thousand-probable.txt --rmask ?d?d?d?d?d?d

or use a crib file of found passwords or guesses - keep it short though. This will generate variants of crib in one pass (leet2 rules) and then use the resulting file to attack using more rules.

$ cat crib.txt

$ python3 -i sha512hashes.txt --crib dict/crib.txt

PRINCE preprocessor

If you're still not getting anything sensible, try hashcat's PRINCE preprocessor. This does some statistical magic with generating new combinations of words from a given wordlist, and maybe worth a go:

Get it here:

$ ./princeprocessor/pp64.bin /root/dict/Top95Thousand-probable.txt --pw-min=9 --case-permute -l 1000000000 > /root/dict/prince.txt

$ python3 -i ../128hex -d /root/dict/prince.txt