Recently our friends working on the Hashcat projects had a open community challenge called The Best64 Challenge or TB64C. The reason being the fact that TB64C was to improve the most widely used ruleset that comes with all of the Hashcat products including oclHashcat-plus, oclHashcat-lite, hashcat, and hascat-gui. There is nothing better than when projects such as Hashcat get the community involved and what better way to do so than to provide a contest for people to provide feedback in the for of personal experience. Anyhow awhile back I wrote an article on tools.question-defense.com that described each of the best64 rules in more detail and there was a request for the article to be updated now that the ruleset has been improved. Below are the details of the new best64.rule file that will be released in all new releases of the Hashcat software line as of 04-21-2012.
As you know we think that oclHashcat is one of the best password crackers available and along with Hashcat and John The Ripper are pretty much the only password crackers we use at this point. Earlier someone asked me to crack some OpenLDAP hashes which come in SHA and SSHA format and the below example includes only the OpenLDAP SHA format hashes.
The below article explains how I used password fingerprinting to crack 500,000 password hashes in less than half a day completly automated. This article shows each command step by step, but only to describe the details of how password fingerprinting with oclHashcat works. The reality is that the password fingerprinting process can easily be automated by a script which is why we call it automated password cracking.
The Fingerprint Attack in my example had a success rate of about 80% in a 100% automated process after 12 hours with a single GeForce GTX 285. In order to reach the 500,000 cracked hashes I first created a list of 650,000 unique password hashes using a well known leaked password hash database. Once I had the list of 650,000 unique password hashes I started out by doing some easy attacks on the hashes such as a five character long brute force using all possible character sets which will provide an initial wordlist to start the fingerprint attack with. You really do not need to perform this step as explained further below. Once the initial brute force attack is complete the real fingerprinting starts. You will take the initial results, pipe them into the expander, and then run a combined dictionary attack against the hash list. Once we have results from the second set of attacks we use the expander again and issue another attack. You will see through the process, which is described in detail below, that results are returned at a very high rate by automated finding patterns and exploiting those patterns to return results.
I have been using Hashcat and oclHashcat a lot in recent weeks but have been limited to primarily using it on Linux servers so I decided to give it a shot on a couple Windows machines. Below I describe how I got oclHashcat operational on Windows 7 Ultimate 32-Bit on a desktop computer with a NVIDIA 9600GT GPU as well as operational on a Windows 7 Ultimate 64-Bit laptop with NVIDIA 9400G M GPU and a NVIDIA G210M GPU. Below is information on what needs to be done to get oclHashcat working on Windows 7.
Recently I have started using Hashcat-gui a lot more to test the strength of various passwords for certain clients. One of the things I wasn’t sure of at first was how to save charsets in the Bruteforce Settings window and while it would be nice if you could have a text file that included various charsets you could select from the drop down menu it is also easy to save your preferred charsets as Hashcat Jobs. Below is information on how to save charsets as Hashcat Jobs as well as recommended charsets you might want to save.