Hashcat是啥
Hashcat是什么呢?Hashcat是当前最强大的开源密码恢复工具,你可以访问Hashcat.net网站来了解这款工具的详细情况。本质上,Hashcat 3.0是一款高级密码恢复工具,可以利用CPU或GPU资源来攻击160多种哈希类型的密码
计算机环境准备
本地的测试系统为Mac
需要把airodump抓到的 4 次握手文件转换为hccap的格式
txt格式的字典文件
Hashcat和aircrack-ng的对比
使用aricrack-ng暴力破解8位数密码需要50个小时, 但是使用Hashcat只要1个半小时不到
使用aircrac-ng破解密码的时候计算机会爆卡, 内存占用100%是常事, 使用Hashcat破解的时候计算机一点都不卡, Hashcat不但支持CPU破解,还支持GPU破解,利用显卡的计算能力进行极速破解,简直666
即使使用普通的CPU或GPU,每秒也能够生成1.35亿个哈希值, 我这台电脑是Mac Air,破解8位数字需要随机组合68719476736个数字, 这个是千万级别的数字, 使用Hashcat破解只需要1小时40分钟, 平均一秒钟计算1.4个亿密码
Hashcat的安装
先把github上面的源码down到本地:
git clone https://github.com/hashcat/hashcat.git
然后生成项目:
cd hashcat //进入目录 sudo make sudo make install //安装hashcat
如果安装成功, 在命令行输入hashcat,即可看到帮助文档:
hashcat, advanced password recovery Usage: hashcat [options]... hash|hashfile|hccapfile [dictionary|mask|directory]... - [ Options ] - Options Short / Long | Type | Description | Example ===============================+======+======================================================+======================= -m, --hash-type | Num | Hash-type, see references below | -m 1000 -a, --attack-mode | Num | Attack-mode, see references below | -a 3 -V, --version | | Print version | -h, --help | | Print help | --quiet | | Suppress output | --hex-charset | | Assume charset is given in hex | --hex-salt | | Assume salt is given in hex | --hex-wordlist | | Assume words in wordlist is given in hex | --force | | Ignore warnings | --status | | Enable automatic update of the status-screen | --status-timer | Num | Sets seconds between status-screen update to X | --status-timer=1 --machine-readable | | Display the status view in a machine readable format | --keep-guessing | | Keep guessing the hash after it has been cracked | --loopback | | Add new plains to induct directory | --weak-hash-threshold | Num | Threshold X when to stop checking for weak hashes | --weak=0 --markov-hcstat | File | Specify hcstat file to use | --markov-hc=my.hcstat --markov-disable | | Disables markov-chains, emulates classic brute-force | --markov-classic | | Enables classic markov-chains, no per-position | -t, --markov-threshold | Num | Threshold X when to stop accepting new markov-chains | -t 50 --runtime | Num | Abort session after X seconds of runtime | --runtime=10 --session | Str | Define specific session name | --session=mysession --restore | | Restore session from --session | --restore-disable | | Do not write restore file | --restore-file-path | File | Specific path to restore file | --restore-file-path=my.restore -o, --outfile | File | Define outfile for recovered hash | -o outfile.txt --outfile-format | Num | Define outfile-format X for recovered hash | --outfile-format=7 --outfile-autohex-disable | | Disable the use of $HEX[] in output plains | --outfile-check-timer | Num | Sets seconds between outfile checks to X | --outfile-check=30 -p, --separator | Char | Separator char for hashlists and outfile | -p : --stdout | | Do not crack a hash, instead print candidates only | --show | | Compare hashlist with potfile; Show cracked hashes | --left | | Compare hashlist with potfile; Show uncracked hashes | --username | | Enable ignoring of usernames in hashfile | --remove | | Enable remove of hash once it is cracked | --remove-timer | Num | Update input hash file each X seconds | --remove-timer=30 --potfile-disable | | Do not write potfile | --potfile-path | Dir | Specific path to potfile | --potfile-path=my.pot --debug-mode | Num | Defines the debug mode (hybrid only by using rules) | --debug-mode=4 --debug-file | File | Output file for debugging rules | --debug-file=good.log --induction-dir | Dir | Specify the induction directory to use for loopback | --induction=inducts --outfile-check-dir | Dir | Specify the outfile directory to monitor for plains | --outfile-check-dir=x --logfile-disable | | Disable the logfile | --truecrypt-keyfiles | File | Keyfiles used, separate with comma | --truecrypt-key=x.png --veracrypt-keyfiles | File | Keyfiles used, separate with comma | --veracrypt-key=x.txt --veracrypt-pim | Num | VeraCrypt personal iterations multiplier | --veracrypt-pim=1000 -b, --benchmark | | Run benchmark | --speed-only | | Return expected speed of the attack and quit | --progress-only | | Return ideal progress step size and time to process | -c, --segment-size | Num | Sets size in MB to cache from the wordfile to X | -c 32 --bitmap-min | Num | Sets minimum bits allowed for bitmaps to X | --bitmap-min=24 --bitmap-max | Num | Sets maximum bits allowed for bitmaps to X | --bitmap-max=24 --cpu-affinity | Str | Locks to CPU devices, separate with comma | --cpu-affinity=1,2,3 -I, --opencl-info | | Show info about OpenCL platforms/devices detected | -I --opencl-platforms | Str | OpenCL platforms to use, separate with comma | --opencl-platforms=2 -d, --opencl-devices | Str | OpenCL devices to use, separate with comma | -d 1 -D, --opencl-device-types | Str | OpenCL device-types to use, separate with comma | -D 1 --opencl-vector-width | Num | Manual override OpenCL vector-width to X | --opencl-vector=4 -w, --workload-profile | Num | Enable a specific workload profile, see pool below | -w 3 -n, --kernel-accel | Num | Manual workload tuning, set outerloop step size to X | -n 64 -u, --kernel-loops | Num | Manual workload tuning, set innerloop step size to X | -u 256 --nvidia-spin-damp | Num | Workaround NVidias CPU burning loop bug, in percent | --nvidia-spin-damp=50 --gpu-temp-disable | | Disable temperature and fanspeed reads and triggers | --gpu-temp-abort | Num | Abort if GPU temperature reaches X degrees celsius | --gpu-temp-abort=100 --gpu-temp-retain | Num | Try to retain GPU temperature at X degrees celsius | --gpu-temp-retain=95 --powertune-enable | | Enable power tuning, restores settings when finished | --scrypt-tmto | Num | Manually override TMTO value for scrypt to X | --scrypt-tmto=3 -s, --skip | Num | Skip X words from the start | -s 1000000 -l, --limit | Num | Limit X words from the start + skipped words | -l 1000000 --keyspace | | Show keyspace base:mod values and quit | -j, --rule-left | Rule | Single rule applied to each word from
最低0.47元/天 解锁文章
3023
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
