Password Cracking

Common Cracking Modes

• 1000 - Crack NTLM hash.

• 1100 - Crack DCC hash.

• 5500 - Crack Net-NTLMv1

• 5600 - Crack Net-NTLMv2

• 13100 - Crack Kerberoast(ed) hash.

• 27100 - Crack Net-NTLMv2 to an NTLM hash.

Create a Custom Wordlist for Cracking

1. Create a simple wordlist or use cewl to generate one:

Acme (Domain)
Autumn
Winter
Spring
Summer
Welcome

2. Utilize hashcat to run rules on the previous wordlist:

hashcat $wordlist -r /usr/share/hashcat/rules/best64.rule --stdout > newwordlist

Masks

Password Length Increment

A Mask attack is always specific to a password length. For example, if we use the mask “?l?l?l?l?l?l?l?l” we can only crack a password of the length 8. But if the password we try to crack has the length 7 we will not find it. Thats why we have to repeat the attack several times, each time with one placeholder added to the mask. This is transparently automated by using the “--increment” flag (Attention: the mask length itself is the limiting factor for hashcat. That implies that if i.e. the mask is only of length 4 --increment won't increment the length of the password candidates above 4. A mask of length, therefore, won't increase at all even if --increment was specified).

mask_attack [hashcat wiki]hashcat.net

Password Cracking Tips

• Loopback will take all of the discovered passwords from cracking and apply the rules specified when beginning the attack against them. Simply append --loopback to your Hashcat command.

• If you are experiencing the error CL_OUT_OF_RESOURCES on Windows 10 when running Hashcat, then you can add the following to the registry to remove it: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\GraphicsDrivers then add "TdrLevel" as a DWORD with value 0.

• A longer password list != better.

Wordlists

• SecLists

• Probable-Wordlists

• PasswordList

• WeakPass

• WeakPasswords

• Kaonashi

Hashcat Rulesets

• OneRuleToRuleThemAll

• NSA-Rules

• Pantagrule

• InsidePro-PasswordsPro

• Hob0Rules