hash cracking

after compromising a target and mining hashes from places such as webapp configuration, databases, the OS security system, archives lying around, application configuration files etc, the first thing i do is identify the format (if it’s not immediately obvious, although this one is)

root@kali:~# hash-identifier
HASH: $1$ady53MWp$bJF3IZ/hPjtuCjIflB6Ru/
Possible Hashs:
[+] MD5(Unix)

to extract the hash from something tricky like an archive, i use jtr (john the ripper):

zip2john secret.zip > secret.hash
rar2john confidential.rar > confidential.hash

i prefer hashcat for cracking, but sometimes jtr (at least the jumbo community version of it) supports something hashcat doesn’t, such as a particular variant of RAR:

john -w:/path/to/wordlist.txt –format=rar confidential.hash

otherwise, hashcat it is

these are the hashcat modes i use to attack hashes, in this order

  1. dictionary attack
    1. simply attempts all words in a file.  the files are often huge, for example the ‘rockyou’ wordlist contains over 14 million entries of actual passwords used by compromised users, ordered by prevalence
  2. dictionary attack with mutation rules
    1. you supply a mutations file (e.g. all lower, all upper, first letter upper, etc), and it attempts each word but also mutated in each way.  humans are predictable, and some clever people have crunched a lot of data and come up with a list of the most common mutations.  i usually use a ‘top commom mutations’ file of 68 entries, so i end up doing up to a billion (1,000,000,000) cracking attempts
  3. masked brute force
    1. this is like a cut-down vanilla brute force.  one chooses what character classes can be in which positions, e.g. i can exclude symbols and uppercase characters to cut down the keyspace.  a pure brute force may not be feasible, depending on the algorithm, but a restricted brute force may yield results
  4. pure brute force
    1. attempts every possible value.  ok to try with a cheap/weak algo and/or a short maximum length, otherwise not so much

i run my hash cracks on a windows 10 pro machine with a single GTX-1080 graphics card. it’s a good card

let’s take the example of md5crypt, which takes regular md5 and applies 1000 rounds (called key stretching) to make it more computationally expensive:

  1. wordlist of 14 million entries: 6 seconds
  2. mutated wordlist, 1 billion entries: 1 minute 26 seconds

this algo is way too cheap for me to crack at around 9 million hashes per second, although long and secure (random, alphanum+symbol) passwords are still safe against someone like me with a gaming rig. however, there are powerful cracking farms out there (some paid, some free) which will have gigahashes of power

the story is truly awful with vanilla md5, which doesn’t have that 1000 round cost. in an actual test, my rig was doing 3 billion hashes per second, which is slower than i thought it would be, but still pretty damned fast

everybody should be using an expensive hash algo, like bcrypt, or the modern linux sha512 crypt with 5000 rounds, and users should have secure passwords to boot, because even a costly algo isn’t going to protect a password of ‘password’, since wordlists are ordered by frequency of usage

although webscale websites are tremendously busy, people only log in once per session, and sometimes their sessions are persistent for days or months. a dedicated login server farm can probably afford to take 10 milliseconds of cpu on one core to process a login, which limits cracking attempts to 100 per second on a CPU, although i’m not sure how many that would equate to on a graphics card. it seems likely that even scaling up to a distributed cracking farm, it’s going to be tough to crack a good password

everybody except the incompetent uses salts nowadays as well.  a salt is a value stored alongside the hash which is mixed in when hashing the supplied password.  this prevents rainbow attacks, where an attacker merely precomputes a hashmap of the entire keyspace and runs down the database of harvested hashes looking up the answer for each (i.e. a fixed upfront cost for the attacker, regardless of the number of passwords to be cracked)

some example hashcat invocations:

# dictionary attack
hashcat64 -m 0 -a 0 md5.txt rockyou.txt

# dictionary mutation attack
hashcat64 -m 0 -a 0 md5.txt rockyou.txt -r hob064.rule

# masked brute attack
hashcat64 -m 0 -a 3 md5.txt -1 ?u?l?d ?1?1?1?1?1?1?1?1 –increment

# a pure brute attack
hashcat64 -m 0 -a 3 md5.txt -l ?a ?1?1?1?1?1?1?1?1 –increment

# useful
https://hashcat.net/wiki/doku.php?id=example_hashes
https://hashcat.net/wiki/doku.php?id=mask_attack
https://hashcat.net/wiki/doku.php?id=rule_based_attack
https://github.com/praetorian-inc/Hob0Rules
http://pentestmonkey.net/cheat-sheet/john-the-ripper-hash-formats

Leave a Reply

Your email address will not be published. Required fields are marked *