hate_crack: automating cracking methodologies through Hashcat

by ddos ·

hate_crack

A tool for automating cracking methodologies through Hashcat from the TrustedSec team.

Installation

Get the latest hashcat binaries

OSX Install

mkdir -p hashcat/deps
git clone https://github.com/KhronosGroup/OpenCL-Headers.git hashcat/deps/OpenCL
cd hashcat/
make
make install

Download hate_crack

git clone https://github.com/trustedsec/hate_crack.git

  • Customize binary and wordlist paths in “config.json”
  • Make sure that at least “rockyou.txt” is within your “wordlists” path

Create Optimized Wordlists

wordlist_optimizer.py – parses all wordlists from <input file list>, sorts them by length and de-duplicates into <output directory>

Usage

python hate_crack.py <hash_file> <hash_type>

 

Quick Crack

  • Runs a dictionary attack using all wordlists configured in your “hcatOptimizedWordlists” path and applies the “best64.rule”, with the option of chaining the “best64.rule”.

Extensive Pure_Hate Methodology Crack

Runs several attack methods provided by Martin Bos (formerly known as pure_hate)

  • Brute Force Attack (7 characters)
  • Dictionary Attack
    • All wordlists in “hcatOptimizedWordlists” with “best64.rule”
    • wordlists/rockyou.txt with “d3ad0ne.rule”
    • wordlists/rockyou.txt with “T0XlC.rule”
  • Top Mask Attack (Target Time = 4 Hours)
  • Fingerprint Attack
  • Combinator Attack
  • Hybrid Attack
  • Extra – Just For Good Measure
    • Runs a dictionary attack using wordlists/rockyou.txt with chained “combinator.rule” and “InsidePro-PasswordsPro.rule” rules

Brute Force Attack

Brute forces all characters with the choice of a minimum and maximum password length.

Top Mask Attack

Uses StatsGen and MaskGen from PACK (https://thesprawl.org/projects/pack/) to perform a top mask attack using passwords already cracked for the current session. Presents the user a choice of target cracking time to spend (default 4 hours).

Fingerprint Attack

https://hashcat.net/wiki/doku.php?id=fingerprint_attack

Runs a fingerprint attack using passwords already cracked for the current session.

Combinator Attack

https://hashcat.net/wiki/doku.php?id=combinator_attack

Runs a combinator attack using the “rockyou.txt” wordlist.

Hybrid Attack

https://hashcat.net/wiki/doku.php?id=hybrid_attack

  • Runs several hybrid attacks using the “rockyou.txt” wordlists.
    • Hybrid Wordlist + Mask – ?s?d wordlists/rockyou.txt ?1?1
    • Hybrid Wordlist + Mask – ?s?d wordlists/rockyou.txt ?1?1?1
    • Hybrid Wordlist + Mask – ?s?d wordlists/rockyou.txt ?1?1?1?1
    • Hybrid Mask + Wordlist – ?s?d ?1?1 wordlists/rockyou.txt
    • Hybrid Mask + Wordlist – ?s?d ?1?1?1 wordlists/rockyou.txt
    • Hybrid Mask + Wordlist – ?s?d ?1?1?1?1 wordlists/rockyou.txt

Pathwell Top 100 Mask Brute Force Crack

Runs a brute force attack using the top 100 masks from KoreLogic:https://blog.korelogic.com/blog/2014/04/04/pathwell_topologies

PRINCE Attack

https://hashcat.net/events/p14-trondheim/prince-attack.pdf

Runs a PRINCE attack using wordlists/rockyou.txt

YOLO Combinator Attack

Runs a continuous combinator attack using random wordlists from the optimized wordlists for the left and right sides.

Source: https://github.com/trustedsec/

Tags: crackinghashcat