• Source: Hashcat

Hashcat is a password recovery tool. It had a proprietary code base until 2015, but was then released as open source software. Versions are available for Linux, macOS, and Windows. Examples of hashcat-supported hashing algorithms are LM hashes, MD4, MD5, SHA-family and Unix Crypt formats as well as algorithms used in MySQL and Cisco PIX.
Hashcat has received publicity because it is partly based on flaws in other software discovered by the creator of hashcat. An example was a flaw in 1Password's password manager hashing scheme. It has also been compared to similar software in a Usenix publication and been described on Ars Technica.




Variants


Previously, two variants of hashcat existed:

hashcat - CPU-based password recovery tool
oclHashcat/cudaHashcat - GPU-accelerated tool (OpenCL or CUDA)
With the release of hashcat v3.00, the GPU and CPU tools were merged into a single tool called hashcat. The CPU-only version became hashcat-legacy. Both CPU and GPU now require OpenCL.
Many of the algorithms supported by hashcat-legacy (such as MD5, SHA1, and others) can be cracked in a shorter time with the GPU-based hashcat. However, not all algorithms can be accelerated by GPUs. Bcrypt is an example of this. Due to factors such as data-dependent branching, serialization, and memory (and more), oclHashcat/cudaHashcat weren't catchall replacements for hashcat-legacy.
hashcat-legacy is available for Linux, OSX and Windows.
hashcat is available for macOS, Windows, and Linux with GPU, CPU and generic OpenCL support which allows for FPGAs and other accelerator cards.




Sample output






Attack types


Hashcat offers multiple attack modes for obtaining effective and complex coverage over a hash's keyspace. These modes are:

Brute-force attack
Combinator attack
Dictionary attack
Fingerprint attack
Hybrid attack
Mask attack
Permutation attack
Rule-based attack
Table-Lookup attack (CPU only)
Toggle-Case attack
PRINCE attack (in CPU version 0.48 and higher only)
The traditional bruteforce attack is considered outdated, and the Hashcat core team recommends the Mask-Attack as a full replacement.




Competitions


Team Hashcat (the official team of the Hashcat software composed of core Hashcat members) won first place in the KoreLogic "Crack Me If you Can" Competitions at DefCon in 2010, 2012, 2014, 2015, and 2018, and at DerbyCon in 2017.




See also



Brute-force attack
Brute-force search
Hacker (computer security)
Hacking tool
Openwall Project
Password cracking




References






External links


Official website
A guide to password cracking with Hashcat
Talk: Confessions of a crypto cluster operator based on oclHashcat at Derbycon 2015
Talk: Hashcat state of the union at Derbycon 2016

Kata Kunci Pencarian:

• Hashcat
• MacPorts
• NTLM
• Security Account Manager
• IEEE 802.11r-2008
• Password cracking
• LAN Manager
• Gravatar
• Ashley Madison data breach
• Kali Linux