Password Cracking
MITRE ATT&CK, Credential Access, Sub-technique T1110.002
Common Cracking Modes
1000- Crack NTLM hash.1100- Crack DCC hash.5500- Crack Net-NTLMv15600- Crack Net-NTLMv213100- Crack Kerberoast(ed) hash.27100- Crack Net-NTLMv2 to an NTLM hash.
Create a Custom Wordlist for Cracking
1. Create a simple wordlist or use cewl to generate one:
Acme (Domain)
Autumn
Winter
Spring
Summer
Welcome2. Utilize hashcat to run rules on the previous wordlist:
hashcat $wordlist -r /usr/share/hashcat/rules/best64.rule --stdout > newwordlistMasks
Password Length Increment
A Mask attack is always specific to a password length. For example, if we use the mask “?l?l?l?l?l?l?l?l” we can only crack a password of the length 8. But if the password we try to crack has the length 7 we will not find it. Thats why we have to repeat the attack several times, each time with one placeholder added to the mask. This is transparently automated by using the “--increment” flag (Attention: the mask length itself is the limiting factor for hashcat. That implies that if i.e. the mask is only of length 4 --increment won't increment the length of the password candidates above 4. A mask of length, therefore, won't increase at all even if --increment was specified).
Password Cracking Tips
Loopback will take all of the discovered passwords from cracking and apply the rules specified when beginning the attack against them. Simply append
--loopbackto your Hashcat command.If you are experiencing the error
CL_OUT_OF_RESOURCESon Windows 10 when running Hashcat, then you can add the following to the registry to remove it:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\GraphicsDriversthen add "TdrLevel" as a DWORD with value 0.A longer password list != better.
Wordlists
Hashcat Rulesets
Last updated