Pro Tips

freeroute

A cheat-sheet for password crackers
Source: A_cheat-sheet_for_password_crackers
CHEAT_SHEET_unix_ninja.txt

freeroute

Information about hashes formats
Information_about_hashes_formats.txt

freeroute

Title: Analyze and create rules for large hashlists
Author: hashcat's developers
URL: https://hashcat.net/wiki/doku.php?id=hashcat
Description: Analyze and create rules for large hashlists. In some cases, this could be useful.

Command: hashcat -m 0 large_hash_list wordlist -g 500000 --debug-mode=1 --debug-file=new.rule

-g, --generate-rules | Num | Generate X random rules
--debug-file | File | Output file for debugging rules

• [ Rule Debugging Modes ] -

  | Format
  ===+========
  1 | Finding-Rule
  2 | Original-Word
  3 | Original-Word:Finding-Rule
  4 | Original-Word:Finding-Rule:Processed-Word
  5 | Original-Word:Finding-Rule:Processed-Word:Wordlist

freeroute

Title: What is the correct format of a Houzz hash for hashcat?
Author: freeroute
URL: https://paste.hashpwn.net/?56c460ef65322356#B1ZEbFB7qiZRymJUeGZp2ygV4pR8fdyxw5kmjeckhdVi
Description: The correct format of Houzz hash for hashcat

freeroute

Title: Check the candidates generated by hashcat rule file
Author: freeroute
URL: https://paste.hashpwn.net/?e695c3709b553d0f#BX9utL4md1xmvirutURJYycRvCqRncAyhstWGMYNj9Mt

Description: Check the candidates generated by the Hashcat rule file.

A1131

@freeroute

The above can be used with more words and rules to get a little bigger wordlist:

echo $'word1\nword2\nw0rd3' > words.txt

hashcat --force words.txt -r complex.rule --stdout | sort -u > candidates_words.txt

oe3p32wedw

@freeroute wrote a script via chatgpt to analyze the debug file
Title: python script to analyze debug rule file
Author: ChatGPT
Code:

from collections import Counter

# Reading data from the file
input_file = 'new.rule'  # Path to your input file
output_file = 'output.txt'  # Path to the output file where results will be saved

# Try opening the file with a different encoding
try:
    with open(input_file, 'r', encoding='utf-8') as file:
        strings = file.readlines()
except UnicodeDecodeError:
    with open(input_file, 'r', encoding='ISO-8859-1') as file:
        strings = file.readlines()

# Removing unnecessary spaces (e.g., newline characters)
strings = [line.strip() for line in strings]

# Counting the frequency of each line
counter = Counter(strings)

# Sorting lines by frequency (in descending order)
sorted_strings = counter.most_common()

# Writing the sorted lines and their frequency to a new file
with open(output_file, 'w', encoding='utf-8') as file:
    for line, count in sorted_strings:
        file.write(f"{line} - {count}\n")

print(f"Result saved in {output_file}")

Description: Simply run specifying the received file from the hashcat. In the output you will get the rules that were used most often

freeroute

Title: ETH hash parameters for hashcat
Description: For speed, don't use -w 4, add the below manually
-n 64 -u 8 -T 1024 --force

-n, --kernel-accel - Manual workload tuning, set outerloop step size to X
-u, --kernel-loops - Manual workload tuning, set innerloop step size to X
-T, --kernel-threads - Manual workload tuning, set thread count to X
--force - Ignore warnings

freeroute

Title: HTTP Digest access authentication algorithm
Hashcat mode: -m 11400 - SIP digest authentication (MD5)
Format:

$sip$*192.168.100.100*192.168.100.121*username*asterisk*REGISTER*sip*192.168.100.121**2b01df0b****MD5*ad0520061ca07c120d7e8ce696a6df2d
$sip$***Mufasa*[email protected]*GET**/dir/index.html**dcd98b7102dd2f0e8b11d0f600bfb0c093*0a4f113b*00000001*auth*MD5*6629fae49393a05397450978507c4ef1

$sip$*[URI_SERVER]*[URI_CLIENT]*[USERNAME]*[REALM]*[METHOD]*[URI_PREFIX]*[URI_RESOURCE]*[URI_SUFFIX]*[NONCE_SERVER]*[NONCE_CLIENT]*[NONCE_COUNT]*[QOP]*[DIRECTIVE]*[MD5]

Sources:
https://github.com/hashcat/hashcat/issues/1021
https://hashcat.net/forum/thread-7054-post-37744.html#pid37744

freeroute

Title:rulechef - a markov rule generator
Author:Cynosure Prime
Description:Analyses a ruleset for hashcat/mdxfind/john the ripper and iteratively generates rules based on markov chains created from the input rules. Users can specify additional parameters such as the min/max rule operations, chain probability and starting chain limits.

This tool was written in an attempt to craft better quality rules as opposed to the usual rule stacking or randomly generating rules.
Source:https://github.com/Cynosureprime/rulechef

freeroute

Title: Plundering and pillaging password and passphrase plains for profit
Author: Will Hunt
Description: In this talk we'll look beyond the basics of cracking and arm you with further attacks when you feel you're out of options. We'll look at multiple paths for cracking delimited passphrases and review when you'd want to use these attacks and why. Target-specific markov tables will be shown to illustrate how you could be missing out on elusive plains without even realising it, as well as getting the best bang for your buck out of your rule-based attacks by identifying non-efficient operations. Then, after reviewing transliterated attacks and hash shucking, we'll wrap up with the release of a tool to help you automate the initial heavy lifting of your attack cycles.

Will Hunt
Will (@Stealthsploit) has been in infosec for over 15 years, co-founded In.security in 2018 and as a pentester has helped secure many organisations through technical security services and training. Will's a Black Hat trainer and has taught and spoken at several conferences and events, as well as helping run Password Village at DEFCON. Will also assists the UK government in various technical, educational and advisory capacities. Before Will was a security consultant he was an experienced digital forensics consultant and trainer.

Security Fest is an inspiring and unique IT security conference held in Gothenburg, Sweden. The event is an excellent opportunity to learn more about IT security, and a great way to connect with both the renowned international speakers, and the other attendees.

Source: https://www.youtube.com/watch?v=ArLhwcpWMdU

freeroute

Title: hcxcommic.
ZeroBeat: ZeroBeat
Source: https://github.com/ZerBea/hcxtools
Description:It takes as input a 22000 hashcat -o file and a hash file and converts it to a HEX:PLAIN file.
Accepted by hashmob if the MIC is in both input files present. That makes it much easier to submit findings to hashmob.net.

Download a 22000 left list from hashmob either via web interface (filter by 22000)
https://hashmob.net/hashlists/user or by ID (get if via web interface (https://hashmob.net/hashlists/user)

I prefer via ID: (12612 is the ID shown in hm web interface:
$ wget https://cdn.hashmob.net/hashlists/12589/125892.left

Run hashcat against this list and use its -o option to store the findings to file!

Either use your own word list
$ hashcat -m 22000 -o 12589.found 12589.left wordlist
...
Recovered........: 8/3358 (0.24%) Digests (total), 8/3358 (0.24%) Digests (new), 8/2857 (0.28%) Salts
...

Or get one from wpa-sec
$ wget https://wpa-sec.stanev.org/dict/cracked.txt.gz
$ hashcat -m 22000 -o 12589.found 12589.left wordlist

Generate the hash file accepted by hm:
$ hcxcommic 12589.found 12589.left > hm.found

Submit hm.found to hashmob (choose 22000).

Note: hasmob marks some hashes as invalid.
That's because hashmob has a massif(!) missing new line (\0a) problem! It has been reported.