Hashcat 1

  • Hash types
    • 1000 - NTLM
    • 2100 - Domain Cached Credentials 2, MS Cache 2 (Iterations: 10240)
      • $DCC2$<iterations>#<username>#<hash>
    • 13100 - kerberoasted hash
    • 18200 - ASREProasted hash
  • a 0 - Wordlist
    • hashcat.exe -a 0 -m 1000 C:\Temp\ntlm.txt D:\Tools\rockyou.txt
  • Rules
    • hashcat.exe -a 0 -m 1000 C:\Temp\ntlm.txt D:\Tools\rockyou.txt -r rules\add-year.rule
    • Example custom rule to add "2020" to end of each:
      • $2$0$2$0
    • Hashcat Rules Docs:
      • https://hashcat.net/wiki/doku.php?id=rule_based_attack
  • a 3 - Mask
    • hashcat.exe -a 3 -m 1000 C:\Temp\ntlm.txt ?u?l?l?l?l?l?l?l?d
    • hashcat.exe -a 3 -m 1000 C:\Temp\ntlm.txt -1 ?d?s ?u?l?l?l?l?l?l?l?1
    • Example masks
      • ZeroPointSecurity?d?d?d?d
  • a 1 - Combinator
    • hashcat.exe -a 1 -m 1000 C:\\Temp\\ntlm.txt D:\\Tools\\list1.txt D:\\Tools\\list2.txt -j $- -k $!
    • -j and -k add rule to left or right side of word, respectively
  • a 6 - Hybrid Wordlist + Mask
    • hashcat.exe -a 6 -m 1000 C:\\Temp\\ntlm.txt D:\\Tools\\list.txt ?d?d?d?d
  • a 7 - Hybrid Mask + Wordlist
    • hashcat.exe -a 7 -m 1000 C:\\Temp\\ntlm.txt ?d?d?d?d D:\\Tools\\list.txt
  • Converting Pwnagotchi or other packet capture into hashcat crack-able format
    • Installing
      • sudo apt install hcxtools -y
    • Converting
      • hcxpcaptool capture.pcap -z output.pmkid
      • hcxpcaptool capture.pcap -o crackable.hccapx
    • Cracking
      • hashcat -m 2500 crackable.hccapx /usr/share/wordlists/rockyou.txt
      • hashcat -m 16800 output.pmkid /usr/share/wordlists/rockyou.txt
    • Different ways put a single hash on one line.
      • cat pre_hash.txt | tr -d '[:space:]' > hash
      • tr -d '[:space:]' < pre_hash.txt > hash
      • cat bork.txt | tr -d "\r\n" > hash.txt
      • cat pre_hash.txt | tr -d "\n" | tr -d " " > crackable_hash.txt
      • perl -pe 's/^\s+|\s*$//g' pre_hash > hash