hashcat
hashcat is good at cracking passwords.
Super basic crack job
hashcat -m MODE file-with-hashes.txt big-list-of-passwords.txt
Benchmark your hashcat rig
hashcat -b
Specify device for crack job
If you've got multiple graphics cards you should specify which to use for the task with -d
:
hashcat -m MODE file-with-hashes.txt big-list-of-passwords.txt -d 2
Adjust hashcat's "workload"
That's the -w
flag and basically:
-w 1
consumes the least amount of resources-w 2
is default - balance between decent performance without nuking system responsivness-w 3
set profile to high for max performance
Crack a hash against a word list and include a rules file
hashcat -m MODE file-with-hashes.txt big-list-of-passwords.txt -r rules\somerule.rule
Cracking specific hash types
DCC2
Make sure you get rid of all the tailing/leading info (like if you pulled from secretsdump) so that the hash starts with $DCC2$1040#admin#3333333...
, and then:
hashcat -m 2100 hash.txt wordlist.txt
IPMI
First see our Metasploit guidance for grabbing the hash, then:
hashcat -m 7300 hash.txt wordlist.txt