Hashcat Cheat Blatt¶
Überblick¶
Hashcat ist das weltweit schnellste und fortschrittlichste Passwort-Recovery-Tool, um die Rechenleistung moderner CPUs und GPUs für leistungsstarke Passwort-Cracking und Sicherheits-Auditing zu nutzen. Hashcat wurde als Nachfolger traditioneller CPU-basierter Passwort-Cracker entwickelt und revolutioniert Passwort-Sicherheitstests, indem die parallelen Verarbeitungsfunktionen von Grafikkarten genutzt werden, um beispiellose Rißgeschwindigkeiten zu erreichen. Das Tool unterstützt über 300 Hash-Algorithmen und Angriffsmodi, so dass es die umfassendste Passwort-Recovery-Plattform für Sicherheitsexperten, Penetrationsprüfer und Forscher, die Kennwort-Richtlinien-Bewertungen und Sicherheitsaudits durchführen.
Die Kernkraft von Hashcat liegt in seiner ausgeklügelten GPU-Beschleunigungsarchitektur, die die Kraft mehrerer Grafikkarten gleichzeitig nutzen kann, um Milliarden von Passwörtern pro Sekunde durchzuführen. Diese massive Rechenfähigkeit, kombiniert mit intelligenten Angriffsoptimierungsalgorithmen, ermöglicht Hashcat, komplexe Passwörter zu knacken, die unpraktisch mit traditionellen CPU-basierten Werkzeugen angreifen würden. Die Plattform unterstützt alle großen GPU-Anbieter einschließlich NVIDIA CUDA und AMD OpenCL, optimiert automatisch die Leistung für verfügbare Hardware-Konfigurationen und bietet detaillierte Leistungskennzahlen für die Kapazitätsplanung und Angriffsoptimierung.
Hashcats erweitertes Feature-Set umfasst mehrere Angriffsmodi, von Wörterbuchangriffen und regelbasierten Transformationen bis hin zu anspruchsvollen Maskenangriffen und Hybrid-Kombinationen. Die modulare Architektur des Tools unterstützt kundenspezifische Regelentwicklung, verteiltes Computing über mehrere Systeme und Integration mit externen Wortlistengeneratoren und Vorverarbeitungswerkzeugen. Hashcat bietet mit seinem umfassenden Sitzungsmanagement, der detaillierten Fortschrittsberichte und umfangreichen Anpassungsoptionen sowohl automatisierte Passwortprüfungsfunktionen als auch feinkörnige Kontrolle für spezialisierte Sicherheitsforschungsanwendungen. Die aktive Entwicklungsgemeinschaft der Plattform und die kontinuierliche Optimierung der aufstrebenden Hardware-Architekturen sorgen dafür, dass sie an der Spitze der Passwort-Sicherheitstesttechnologie bleibt.
Installation¶
Ubuntu/Debian Installation¶
Installation von Hashcat auf Ubuntu/Debian-Systemen:
```bash
Update system packages¶
sudo apt update && sudo apt upgrade -y
Install Hashcat from repositories¶
sudo apt install -y hashcat
Install additional dependencies¶
sudo apt install -y opencl-headers ocl-icd-opencl-dev
Install GPU drivers for optimal performance¶
For NVIDIA GPUs:¶
sudo apt install -y nvidia-driver-470 nvidia-opencl-dev
For AMD GPUs:¶
sudo apt install -y mesa-opencl-icd
Verify installation¶
hashcat --version hashcat --benchmark
Install latest version from source¶
sudo apt install -y git build-essential git clone https://github.com/hashcat/hashcat.git cd hashcat make sudo make install
Verify GPU detection¶
hashcat -I ```_
CentOS/RHEL Installation¶
```bash
Install EPEL repository¶
sudo yum install -y epel-release
Install development tools¶
sudo yum groupinstall -y "Development Tools"
Install dependencies¶
sudo yum install -y opencl-headers ocl-icd-devel
Install GPU drivers¶
For NVIDIA:¶
sudo yum install -y nvidia-driver nvidia-opencl
Build from source¶
git clone https://github.com/hashcat/hashcat.git cd hashcat make sudo make install
Verify installation¶
hashcat --version hashcat -I ```_
Windows Installation¶
```bash
Download pre-compiled binaries¶
https://hashcat.net/hashcat/¶
Extract to desired location¶
Example: C:\hashcat¶
Install GPU drivers¶
NVIDIA: Download from nvidia.com¶
AMD: Download from amd.com¶
Add to PATH environment variable¶
System Properties > Environment Variables¶
Add C:\hashcat to PATH¶
Verify installation¶
hashcat.exe --version hashcat.exe -I
Alternative: Install with Chocolatey¶
choco install hashcat ```_
macOS Installation¶
```bash
Install using Homebrew¶
brew install hashcat
Install GPU support (limited on macOS)¶
Metal performance shaders for Apple Silicon¶
Verify installation¶
hashcat --version hashcat -I
Build from source for latest features¶
brew install git git clone https://github.com/hashcat/hashcat.git cd hashcat make sudo make install ```_
Docker Installation¶
Running Hashcat in Docker mit GPU-Unterstützung:
```bash
Create Dockerfile for Hashcat¶
cat > Dockerfile.hashcat << 'EOF' FROM nvidia/cuda:11.8-devel-ubuntu22.04
Install dependencies¶
RUN apt-get update && apt-get install -y \ git \ build-essential \ opencl-headers \ ocl-icd-opencl-dev \ && rm -rf /var/lib/apt/lists/*
Clone and build Hashcat¶
RUN git clone https://github.com/hashcat/hashcat.git /opt/hashcat WORKDIR /opt/hashcat RUN make && make install
Create working directory¶
WORKDIR /work
Set PATH¶
ENV PATH="/opt/hashcat:$\\{PATH\\}"
CMD ["hashcat", "--help"] EOF
Build Docker image¶
docker build -f Dockerfile.hashcat -t hashcat-gpu .
Run with GPU support (NVIDIA)¶
docker run --gpus all -it --rm \ -v $(pwd):/work \ hashcat-gpu hashcat --benchmark
Run with specific GPU¶
docker run --gpus '"device=0"' -it --rm \ -v $(pwd):/work \ hashcat-gpu hashcat -I ```_
Basisnutzung¶
Hash Identifikation¶
Identifizierung von Hash-Typen und -Formaten:
```bash
List supported hash modes¶
hashcat --help|grep -A 500 "Hash modes"
Common hash mode numbers¶
0 = MD5¶
100 = SHA1¶
1000 = NTLM¶
1400 = SHA256¶
1700 = SHA512¶
1800 = sha512crypt¶
3200 = bcrypt¶
7500 = Kerberos 5 AS-REQ Pre-Auth¶
Identify hash automatically¶
hashcat --identify hash.txt
Example hash formats¶
echo "5d41402abc4b2a76b9719d911017c592" > md5_hash.txt # MD5 echo "aaf4c61ddcc5e8a2dabede0f3b482cd9aea9434d" > sha1_hash.txt # SHA1 echo "admin:1000:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::" > ntlm_hash.txt # NTLM
Verify hash format¶
hashcat -m 0 --identify md5_hash.txt hashcat -m 100 --identify sha1_hash.txt hashcat -m 1000 --identify ntlm_hash.txt ```_
Grundangriffe¶
Führen grundlegende Passwortangriffe:
```bash
Dictionary attack¶
hashcat -m 0 -a 0 hash.txt wordlist.txt
Dictionary attack with rules¶
hashcat -m 0 -a 0 hash.txt wordlist.txt -r rules/best64.rule
Brute force attack¶
hashcat -m 0 -a 3 hash.txt ?a?a?a?a?a?a
Mask attack (specific pattern)¶
hashcat -m 0 -a 3 hash.txt ?u?l?l?l?l?d?d?d
Combination attack¶
hashcat -m 0 -a 1 hash.txt wordlist1.txt wordlist2.txt
Hybrid attack (wordlist + mask)¶
hashcat -m 0 -a 6 hash.txt wordlist.txt ?d?d?d
Hybrid attack (mask + wordlist)¶
hashcat -m 0 -a 7 hash.txt ?d?d?d wordlist.txt
Show cracked passwords¶
hashcat -m 0 hash.txt --show
Resume session¶
hashcat --session=mysession --restore
Attack with time limit¶
timeout 3600 hashcat -m 0 -a 0 hash.txt wordlist.txt ```_
Leistungsoptimierung¶
Optimierung der Hashcat-Leistung:
```bash
Benchmark system performance¶
hashcat -b
Benchmark specific hash mode¶
hashcat -b -m 1000
Show device information¶
hashcat -I
Use specific GPU devices¶
hashcat -m 0 -a 0 hash.txt wordlist.txt -d 1,2
Optimize workload¶
hashcat -m 0 -a 0 hash.txt wordlist.txt -w 3
Workload profiles:¶
-w 1 = Low (desktop use)¶
-w 2 = Default¶
-w 3 = High (dedicated cracking)¶
-w 4 = Nightmare (maximum performance)¶
Optimize kernel loops¶
hashcat -m 0 -a 0 hash.txt wordlist.txt -n 1024 -u 256
Monitor temperature and performance¶
watch -n 1 'hashcat --status --machine-readable' ```_
Erweiterte Funktionen¶
Maskenangriffe¶
Erweiterte maskenbasierte Angriffe:
```bash
Character sets¶
?l = lowercase letters (a-z)¶
?u = uppercase letters (A-Z)¶
?d = digits (0-9)¶
?h = hex digits (0-9a-f)¶
?H = hex digits (0-9A-F)¶
?s = special characters¶
?a = all characters (?l?u?d?s)¶
?b = all bytes (0x00-0xff)¶
Common password patterns¶
8-character mixed case with numbers¶
hashcat -m 0 -a 3 hash.txt ?u?l?l?l?l?d?d?d
Phone number pattern¶
hashcat -m 0 -a 3 hash.txt ?d?d?d-?d?d?d-?d?d?d?d
Date pattern (MMDDYYYY)¶
hashcat -m 0 -a 3 hash.txt ?d?d?d?d?d?d?d?d
Custom character set¶
hashcat -m 0 -a 3 hash.txt -1 ?l?d ?1?1?1?1?1?1?1?1
Multiple custom character sets¶
hashcat -m 0 -a 3 hash.txt -1 ?l?u -2 ?d?s ?1?1?1?1?2?2
Increment mode¶
hashcat -m 0 -a 3 hash.txt --increment --increment-min=6 --increment-max=8 ?a?a?a?a?a?a?a?a
Position-specific masks¶
hashcat -m 0 -a 3 hash.txt ?u?l?l?l?l?l?d?d
Mask file¶
cat > masks.txt << 'EOF' ?u?l?l?l?l?d?d ?u?l?l?l?l?d?d?d ?u?l?l?l?l?l?d?d ?l?l?l?l?d?d?d?d EOF
hashcat -m 0 -a 3 hash.txt masks.txt ```_
Regelbasierte Angriffe¶
Erweiterte regelbasierte Transformationen:
```bash
Built-in rule files¶
ls /usr/share/hashcat/rules/
Common rule files¶
best64.rule - Most effective 64 rules¶
leetspeak.rule - Leet speak transformations¶
rockyou-30000.rule - Rules based on RockYou analysis¶
dive.rule - Comprehensive rule set¶
Use specific rule file¶
hashcat -m 0 -a 0 hash.txt wordlist.txt -r /usr/share/hashcat/rules/best64.rule
Multiple rule files¶
hashcat -m 0 -a 0 hash.txt wordlist.txt -r rules/best64.rule -r rules/leetspeak.rule
Create custom rules¶
cat > custom.rule ``<< 'EOF'
Append numbers¶
$0 $1 $2 $3 $4 $5 $6 $7 $8 $9
Prepend numbers¶
^0 ^1 ^2 ^3 ^4 ^5 ^6 ^7 ^8 ^9
Capitalize first letter¶
c
Toggle case¶
t
Duplicate word¶
d
Reverse word¶
r
Leetspeak substitutions¶
sa@ se3 si1 so0 ss$
Append common suffixes¶
$! $@ $# $ $% $1 $2 $3
Complex transformations¶
c $1 $2 $3 c $! $@ sa@ se3 si1 so0 $! EOF
Use custom rules¶
hashcat -m 0 -a 0 hash.txt wordlist.txt -r custom.rule
Generate rule statistics¶
hashcat -m 0 -a 0 hash.txt wordlist.txt -r rules/best64.rule --debug-mode=1 --debug-file=debug.log
Test rules without cracking¶
hashcat -a 0 --stdout wordlist.txt -r custom.rule|head -20 ```_
Sitzungsmanagement¶
Langlaufende Sitzungen verwalten:
```bash
Start named session¶
hashcat --session=audit2023 -m 1000 -a 0 hash.txt wordlist.txt
Check session status¶
hashcat --session=audit2023 --status
Restore session¶
hashcat --session=audit2023 --restore
Remove session¶
hashcat --session=audit2023 --remove
Session with checkpoint¶
hashcat --session=audit2023 -m 1000 -a 0 hash.txt wordlist.txt --status-timer=60
Quit session gracefully¶
Press 'q' during execution or send SIGTERM¶
Session configuration¶
cat >`` hashcat.conf << 'EOF'
Status timer (seconds)¶
status-timer = 60
Checkpoint interval (seconds)¶
checkpoint-disable = false
Restore timer (seconds)¶
restore-timer = 60
Quiet mode¶
quiet = false
Force mode¶
force = false EOF
Use configuration file¶
hashcat --session=audit2023 --config=hashcat.conf -m 1000 -a 0 hash.txt wordlist.txt ```_
Verteilte Cracking¶
Einrichten von verteilten Passwort-Cracking:
```bash
Split wordlist for distribution¶
split -l 1000000 rockyou.txt wordlist_part_
Distribute across multiple machines¶
Machine 1:¶
hashcat --session=node1 -m 1000 -a 0 hash.txt wordlist_part_aa
Machine 2:¶
hashcat --session=node2 -m 1000 -a 0 hash.txt wordlist_part_ab
Machine 3:¶
hashcat --session=node3 -m 1000 -a 0 hash.txt wordlist_part_ac
Keyspace distribution for mask attacks¶
Total keyspace calculation¶
hashcat -m 0 -a 3 --keyspace ?a?a?a?a?a?a
Distribute keyspace¶
Machine 1 (first quarter):¶
hashcat -m 0 -a 3 hash.txt ?a?a?a?a?a?a --skip=0 --limit=1000000
Machine 2 (second quarter):¶
hashcat -m 0 -a 3 hash.txt ?a?a?a?a?a?a --skip=1000000 --limit=1000000
Automated distribution script¶
cat > distribute_hashcat.sh ``<< 'EOF'
!/bin/bash¶
HOSTS=("server1" "server2" "server3" "server4") HASH_FILE="hashes.txt" WORDLIST="rockyou.txt" HASH_MODE="1000"
Calculate total lines¶
TOTAL_LINES=$(wc -l < \(WORDLIST) LINES_PER_HOST=\)((TOTAL_LINES / $\{#HOSTS[@]\}))
for i in "\(\\\{!HOSTS[@]\\\}"; do HOST="\)\{HOSTS[\(i]\\\}" SKIP=\)((i * LINES_PER_HOST))
echo "Starting node $((i+1)) on $HOST"
ssh $HOST "hashcat --session=node$((i+1)) -m $HASH_MODE -a 0 $HASH_FILE $WORDLIST --skip=$SKIP --limit=$LINES_PER_HOST" &
done
wait echo "All nodes completed" EOF
chmod +x distribute_hashcat.sh ./distribute_hashcat.sh ```_
Automatisierungsskripte¶
Umfassendes Passwort Audit Script¶
```python
!/usr/bin/env python3¶
Comprehensive password audit using Hashcat¶
import subprocess import os import sys import time import json import argparse from datetime import datetime import threading import queue import re
class HashcatAuditor: def init(self, hashcat_path="hashcat"): self.hashcat_path = hashcat_path self.results = \{\} self.sessions = \{\}
def verify_hashcat_installation(self):
"""Verify Hashcat installation and GPU support"""
try:
result = subprocess.run([self.hashcat_path, "--version"],
capture_output=True, text=True)
if result.returncode == 0:
print(f"Hashcat version: \\\{result.stdout.strip()\\\}")
# Check GPU devices
gpu_result = subprocess.run([self.hashcat_path, "-I"],
capture_output=True, text=True)
if gpu_result.returncode == 0:
print("GPU devices detected:")
print(gpu_result.stdout)
return True
else:
print("Warning: No GPU devices detected")
return True
else:
print("Hashcat not found or not working")
return False
except Exception as e:
print(f"Error checking Hashcat installation: \\\{e\\\}")
return False
def identify_hash_type(self, hash_file):
"""Identify hash types in file"""
try:
result = subprocess.run([self.hashcat_path, "--identify", hash_file],
capture_output=True, text=True)
if result.returncode == 0:
return self.parse_hash_identification(result.stdout)
else:
print(f"Hash identification failed: \\\{result.stderr\\\}")
return \\\{\\\}
except Exception as e:
print(f"Error identifying hashes: \\\{e\\\}")
return \\\{\\\}
def parse_hash_identification(self, output):
"""Parse hash identification output"""
hash_types = \\\{\\\}
lines = output.strip().split('\n')
for line in lines:
if 'possible' in line.lower():
# Parse hash type information
parts = line.split()
if len(parts) >``= 3:
hash_mode = parts[0]
hash_name = ' '.join(parts[1:])
hash_types[hash_mode] = hash_name
return hash_types
def benchmark_performance(self):
"""Benchmark system performance"""
try:
result = subprocess.run([self.hashcat_path, "-b"],
capture_output=True, text=True, timeout=300)
if result.returncode == 0:
return self.parse_benchmark_results(result.stdout)
else:
print(f"Benchmark failed: \\\\{result.stderr\\\\}")
return \\\\{\\\\}
except subprocess.TimeoutExpired:
print("Benchmark timed out")
return \\\\{\\\\}
except Exception as e:
print(f"Error running benchmark: \\\\{e\\\\}")
return \\\\{\\\\}
def parse_benchmark_results(self, output):
"""Parse benchmark results"""
benchmarks = \\\\{\\\\}
lines = output.strip().split('\n')
for line in lines:
if 'H/s' in line:
# Parse benchmark line
parts = line.split()
if len(parts) >= 4:
hash_mode = parts[0]
speed = parts[-2]
unit = parts[-1]
benchmarks[hash_mode] = f"\\\\{speed\\\\} \\\\{unit\\\\}"
return benchmarks
def crack_passwords(self, hash_file, attack_config):
"""Crack passwords with specified configuration"""
session_name = f"audit_\\\\{int(time.time())\\\\}"
cmd = [self.hashcat_path, "--session", session_name]
# Add hash mode
if attack_config.get('mode'):
cmd.extend(["-m", str(attack_config['mode'])])
# Add attack type
if attack_config.get('attack'):
cmd.extend(["-a", str(attack_config['attack'])])
# Add attack-specific parameters
if attack_config.get('attack') == 0: # Dictionary attack
if attack_config.get('wordlist'):
cmd.append(attack_config['wordlist'])
if attack_config.get('rules'):
cmd.extend(["-r", attack_config['rules']])
elif attack_config.get('attack') == 3: # Mask attack
if attack_config.get('mask'):
cmd.append(attack_config['mask'])
if attack_config.get('increment'):
cmd.append("--increment")
if attack_config.get('increment_min'):
cmd.extend(["--increment-min", str(attack_config['increment_min'])])
if attack_config.get('increment_max'):
cmd.extend(["--increment-max", str(attack_config['increment_max'])])
# Add performance options
if attack_config.get('workload'):
cmd.extend(["-w", str(attack_config['workload'])])
if attack_config.get('devices'):
cmd.extend(["-d", attack_config['devices']])
# Add hash file
cmd.append(hash_file)
print(f"Starting password cracking: \\\\{' '.join(cmd)\\\\}")
try:
# Start cracking process
process = subprocess.Popen(cmd, stdout=subprocess.PIPE,
stderr=subprocess.PIPE, text=True)
self.sessions[session_name] = \\\\{
'process': process,
'start_time': time.time(),
'config': attack_config,
'cmd': cmd
\\\\}
return session_name
except Exception as e:
print(f"Error starting crack: \\\\{e\\\\}")
return None
def monitor_session(self, session_name, timeout=None):
"""Monitor cracking session"""
if session_name not in self.sessions:
print(f"Session \\\\{session_name\\\\} not found")
return None
session = self.sessions[session_name]
process = session['process']
start_time = session['start_time']
try:
if timeout:
stdout, stderr = process.communicate(timeout=timeout)
else:
stdout, stderr = process.communicate()
end_time = time.time()
duration = end_time - start_time
result = \\\\{
'session': session_name,
'duration': duration,
'returncode': process.returncode,
'stdout': stdout,
'stderr': stderr,
'cmd': session['cmd']
\\\\}
return result
except subprocess.TimeoutExpired:
print(f"Session \\\\{session_name\\\\} timed out")
process.terminate()
return None
except Exception as e:
print(f"Error monitoring session: \\\\{e\\\\}")
return None
def get_cracked_passwords(self, hash_file, hash_mode=None):
"""Retrieve cracked passwords"""
cmd = [self.hashcat_path, "--show"]
if hash_mode:
cmd.extend(["-m", str(hash_mode)])
cmd.append(hash_file)
try:
result = subprocess.run(cmd, capture_output=True, text=True)
if result.returncode == 0:
lines = result.stdout.strip().split('\n')
cracked = []
for line in lines:
if ':' in line and line.strip():
parts = line.split(':')
if len(parts) >= 2:
cracked.append(\\\\{
'hash': parts[0],
'password': parts[1],
'full_line': line
\\\\})
return cracked
else:
print(f"Error getting cracked passwords: \\\\{result.stderr\\\\}")
return []
except Exception as e:
print(f"Error retrieving passwords: \\\\{e\\\\}")
return []
def analyze_password_strength(self, cracked_passwords):
"""Analyze password strength patterns"""
analysis = \\\\{
'total_cracked': len(cracked_passwords),
'length_distribution': \\\\{\\\\},
'character_analysis': \\\\{
'lowercase_only': 0,
'uppercase_only': 0,
'digits_only': 0,
'mixed_case': 0,
'with_digits': 0,
'with_symbols': 0,
'alphanumeric': 0
\\\\},
'pattern_analysis': \\\\{
'dictionary_words': 0,
'keyboard_patterns': 0,
'repeated_characters': 0,
'sequential_patterns': 0
\\\\},
'complexity_score': 0,
'weak_passwords': []
\\\\}
if not cracked_passwords:
return analysis
for entry in cracked_passwords:
password = entry['password']
length = len(password)
# Length distribution
if length not in analysis['length_distribution']:
analysis['length_distribution'][length] = 0
analysis['length_distribution'][length] += 1
# Character analysis
has_lower = bool(re.search(r'[a-z]', password))
has_upper = bool(re.search(r'[A-Z]', password))
has_digit = bool(re.search(r'[0-9]', password))
has_symbol = bool(re.search(r'[^a-zA-Z0-9]', password))
if password.islower():
analysis['character_analysis']['lowercase_only'] += 1
elif password.isupper():
analysis['character_analysis']['uppercase_only'] += 1
elif password.isdigit():
analysis['character_analysis']['digits_only'] += 1
elif has_lower and has_upper:
analysis['character_analysis']['mixed_case'] += 1
if has_digit:
analysis['character_analysis']['with_digits'] += 1
if has_symbol:
analysis['character_analysis']['with_symbols'] += 1
if password.isalnum():
analysis['character_analysis']['alphanumeric'] += 1
# Pattern analysis
| | if re.search(r'(password | admin | user | test | guest | login)', password.lower()): | | analysis['pattern_analysis']['dictionary_words'] += 1
| | if re.search(r'(qwerty | asdf | zxcv | 1234 | abcd)', password.lower()): | | analysis['pattern_analysis']['keyboard_patterns'] += 1
if re.search(r'(.)\1\\\\{2,\\\\}', password):
analysis['pattern_analysis']['repeated_characters'] += 1
| | if re.search(r'(012 | 123 | 234 | 345 | 456 | 567 | 678 | 789 | abc | bcd | cde)', password.lower()): | | analysis['pattern_analysis']['sequential_patterns'] += 1
# Weakness assessment
weakness_score = 0
if length < 8:
weakness_score += 3
if password.lower() in ['password', '123456', 'admin', 'user', 'guest']:
weakness_score += 5
if password.isdigit() or password.islower() or password.isupper():
weakness_score += 2
if not has_symbol:
weakness_score += 1
if weakness_score >= 3:
analysis['weak_passwords'].append(\\\\{
'password': password,
'hash': entry['hash'],
'weakness_score': weakness_score
\\\\})
# Calculate overall complexity score
total = len(cracked_passwords)
if total > 0:
complexity_factors = [
(analysis['character_analysis']['mixed_case'] / total) * 20,
(analysis['character_analysis']['with_symbols'] / total) * 30,
(sum(1 for l in analysis['length_distribution'] if l >= 12) / total) * 25,
(1 - (len(analysis['weak_passwords']) / total)) * 25
]
analysis['complexity_score'] = sum(complexity_factors)
return analysis
def generate_comprehensive_report(self, audit_results, output_file="hashcat_audit_report.html"):
"""Generate comprehensive audit report"""
html_content = f"""
Hashcat Password Security Audit Report
Generated: \\\\{datetime.now().isoformat()\\\\}
Hash File: \\\\{audit_results.get('hash_file', 'N/A')\\\\}
Executive Summary
- Total Hashes Analyzed: \\\\{audit_results.get('total_hashes', 0)\\\\}
- Passwords Cracked: \\\\{audit_results.get('total_cracked', 0)\\\\}
- Crack Rate: \\\\{(audit_results.get('total_cracked', 0) / max(audit_results.get('total_hashes', 1), 1) * 100):.2f\\\\}%
- Weak Passwords: \\\\{len(audit_results.get('weak_passwords', []))\\\\}
Password Complexity Score
Critical Findings
Weak Passwords
| Hash | Password | Weakness Score |
|---|---|---|
| \\\\{weak['hash'][:20]\\\\}... | \\\\{weak['password']\\\\} | \\\\{weak['weakness_score']\\\\} |
Performance Analysis
| Attack Method | Duration | Passwords Found | Rate |
|---|---|---|---|
| \\\\{session.get('attack_method', 'Unknown')\\\\} | \\\\{duration:.2f\\\\}s | \\\\{passwords_found\\\\} | \\\\{rate:.2f\\\\} p/s |
Recommendations
- Implement minimum password length of 14 characters
- Require complex passwords with mixed case, numbers, and symbols
- Prohibit common dictionary words and keyboard patterns
- Implement password history to prevent reuse
- Enable multi-factor authentication
- Regular password audits and user training
- Consider passphrase-based authentication
"""
with open(output_file, 'w') as f:
f.write(html_content)
print(f"Report generated: \\\\{output_file\\\\}")
return output_file
def get_score_class(self, score):
"""Get CSS class for complexity score"""
if score >= 70:
return "high"
elif score >= 40:
return "medium"
else:
return "low"
def run_comprehensive_audit(self, hash_file, wordlists, output_dir="/tmp/hashcat_audit"):
"""Run comprehensive password audit"""
print("Starting comprehensive Hashcat audit...")
# Create output directory
os.makedirs(output_dir, exist_ok=True)
audit_results = \\\\{
'start_time': time.time(),
'hash_file': hash_file,
'wordlists': wordlists,
'sessions': [],
'total_hashes': 0,
'total_cracked': 0
\\\\}
# Identify hash types
print("Identifying hash types...")
hash_types = self.identify_hash_type(hash_file)
audit_results['hash_types'] = hash_types
# Count total hashes
try:
with open(hash_file, 'r') as f:
audit_results['total_hashes'] = len(f.readlines())
except Exception as e:
print(f"Error reading hash file: \\\\{e\\\\}")
return None
# Determine best hash mode
if hash_types:
best_mode = list(hash_types.keys())[0]
print(f"Using hash mode: \\\\{best_mode\\\\} (\\\\{hash_types[best_mode]\\\\})")
else:
best_mode = "0" # Default to MD5
print("Using default hash mode: MD5")
# Run multiple attack strategies
attack_configs = [
\\\\{
'name': 'Quick Dictionary',
'mode': best_mode,
'attack': 0,
'wordlist': wordlists[0] if wordlists else '/usr/share/wordlists/rockyou.txt',
'timeout': 1800 # 30 minutes
\\\\},
\\\\{
'name': 'Dictionary with Rules',
'mode': best_mode,
'attack': 0,
'wordlist': wordlists[0] if wordlists else '/usr/share/wordlists/rockyou.txt',
'rules': '/usr/share/hashcat/rules/best64.rule',
'timeout': 3600 # 1 hour
\\\\},
\\\\{
'name': 'Mask Attack (8 chars)',
'mode': best_mode,
'attack': 3,
'mask': '?a?a?a?a?a?a?a?a',
'increment': True,
'increment_min': 6,
'increment_max': 8,
'timeout': 1800 # 30 minutes
\\\\}
]
# Execute attacks
for config in attack_configs:
print(f"Running \\\\{config['name']\\\\} attack...")
session_name = self.crack_passwords(hash_file, config)
if session_name:
result = self.monitor_session(session_name, config.get('timeout'))
if result:
result['attack_method'] = config['name']
audit_results['sessions'].append(result)
# Get final results
cracked_passwords = self.get_cracked_passwords(hash_file, best_mode)
audit_results['total_cracked'] = len(cracked_passwords)
# Analyze password strength
if cracked_passwords:
strength_analysis = self.analyze_password_strength(cracked_passwords)
audit_results.update(strength_analysis)
# Generate report
report_file = os.path.join(output_dir, "hashcat_audit_report.html")
self.generate_comprehensive_report(audit_results, report_file)
audit_results['end_time'] = time.time()
audit_results['duration'] = audit_results['end_time'] - audit_results['start_time']
print(f"Audit completed in \\\\{audit_results['duration']:.2f\\\\} seconds")
print(f"Cracked \\\\{audit_results['total_cracked']\\\\} of \\\\{audit_results['total_hashes']\\\\} passwords")
return audit_results
def main(): parser = argparse.ArgumentParser(description='Hashcat Password Audit') parser.add_argument('--hash-file', required=True, help='Hash file to crack') parser.add_argument('--wordlists', nargs='+', help='Wordlist files') parser.add_argument('--hash-mode', help='Hash mode (auto-detect if not specified)') parser.add_argument('--output', default='/tmp/hashcat_audit', help='Output directory') parser.add_argument('--hashcat-path', default='hashcat', help='Path to Hashcat executable')
args = parser.parse_args()
# Initialize auditor
auditor = HashcatAuditor(args.hashcat_path)
# Verify installation
if not auditor.verify_hashcat_installation():
print("Hashcat not properly installed or configured")
sys.exit(1)
# Run audit
results = auditor.run_comprehensive_audit(
args.hash_file,
args.wordlists or [],
args.output
)
if results:
print("Password audit completed successfully")
else:
print("Password audit failed")
sys.exit(1)
if name == "main": main() ```_
Integrationsbeispiele¶
CI/CD Integration¶
```yaml
Jenkins Pipeline for Hashcat Integration¶
pipeline \\{ agent \\{ label 'gpu-enabled' \\}
environment \\\\{
HASH_FILE = 'extracted_hashes.txt'
WORDLIST = '/opt/wordlists/rockyou.txt'
HASHCAT_PATH = '/usr/local/bin/hashcat'
\\\\}
stages \\\\{
stage('Extract Hashes') \\\\{
steps \\\\{
script \\\\{
// Extract hashes from application
sh '''
# Extract user password hashes
python3 extract_hashes.py --output $\\\\{HASH_FILE\\\\}
# Verify hash file
if [ ! -s $\\\\{HASH_FILE\\\\} ]; then
echo "No hashes extracted"
exit 1
fi
echo "Extracted $(wc -l < $\\\\{HASH_FILE\\\\}) hashes"
'''
\\\\}
\\\\}
\\\\}
stage('Password Audit') \\\\{
steps \\\\{
script \\\\{
// Run Hashcat audit
sh '''
python3 hashcat_audit.py \
--hash-file $\\\\{HASH_FILE\\\\} \
--wordlists $\\\\{WORDLIST\\\\} \
--output ./hashcat-results \
--hashcat-path $\\\\{HASHCAT_PATH\\\\}
'''
\\\\}
\\\\}
\\\\}
stage('Process Results') \\\\{
steps \\\\{
// Archive results
archiveArtifacts artifacts: 'hashcat-results/**/*', fingerprint: true
// Publish report
publishHTML([
allowMissing: false,
alwaysLinkToLastBuild: true,
keepAll: true,
reportDir: 'hashcat-results',
reportFiles: '*.html',
reportName: 'Hashcat Audit Report'
])
// Check for weak passwords
script \\\\{
def weakPasswords = sh(
| | script: "grep -c 'weakness_score.[3-9]' hashcat-results/.html | | true", | | returnStdout: true ).trim()
if (weakPasswords.toInteger() > 0) \\\\{
currentBuild.result = 'UNSTABLE'
echo "Found $\\\\{weakPasswords\\\\} weak passwords"
\\\\}
\\\\}
\\\\}
\\\\}
\\\\}
post \\\\{
always \\\\{
// Clean up sensitive data
sh 'rm -f $\\\\{HASH_FILE\\\\} hashcat-results/*.potfile'
\\\\}
failure \\\\{
// Send notification
emailext (
subject: "Password Audit Failed: $\\\\{env.JOB_NAME\\\\} - $\\\\{env.BUILD_NUMBER\\\\}",
body: "Password audit failed. Check console output for details.",
to: "$\\\\{env.SECURITY_TEAM_EMAIL\\\\}"
)
\\\\}
\\\\}
\\} ```_
Fehlerbehebung¶
Gemeinsame Themen¶
GPU Erkennungsprobleme: ```bash
Check GPU drivers¶
nvidia-smi # For NVIDIA clinfo # For OpenCL
Verify Hashcat GPU detection¶
hashcat -I
Install missing drivers¶
NVIDIA:¶
sudo apt install nvidia-driver-470 nvidia-opencl-dev
AMD:¶
sudo apt install mesa-opencl-icd
Test GPU functionality¶
hashcat -b -m 0 ```_
Leistungsfragen: ```bash
Check system resources¶
nvidia-smi htop free -h
Optimize workload¶
hashcat -w 3 # High workload hashcat -w 4 # Nightmare mode
Adjust kernel parameters¶
hashcat -n 1024 -u 256
Monitor temperature¶
watch -n 1 nvidia-smi ```_
Memory Issues: ```bash
Reduce memory usage¶
hashcat --segment-size=32
Use smaller wordlists¶
head -1000000 rockyou.txt > small_wordlist.txt
Split large hash files¶
split -l 1000 large_hashes.txt hash_part_ ```_
Leistungsoptimierung¶
Optimierung der Hashcat-Leistung:
```bash
GPU Optimization¶
Use all available GPUs¶
hashcat -d 1,2,3,4
Optimize workload for GPU¶
hashcat -w 4 # Maximum performance
Tune kernel parameters¶
hashcat -n 1024 -u 256
Memory Optimization¶
hashcat --segment-size=1024
CPU Optimization¶
Disable CPU usage for GPU-only attacks¶
hashcat --opencl-device-types=2
Benchmark optimization¶
hashcat -b -m 1000 --runtime=60 ```_
Sicherheitsüberlegungen¶
Operationelle Sicherheit¶
Datenschutz: - Verschlüsseln von Hash-Dateien und geknackten Passwort-Datenbanken - Umsetzung sicherer Datenschutzbestimmungen für Audit-Ergebnisse - Zugriff auf Passwort-Cracking-Tools und Ergebnisse steuern - Sichere Übertragung von Hash-Dateien und Audit-Berichten - Regelmäßige Reinigung von temporären Dateien und Sitzungsdaten
Rechtliche und ethische Überlegungen: - Nur Crack-Passwörter, die Sie besitzen oder haben ausdrückliche Erlaubnis zu testen - Rechtsanforderungen für Passwort-Sicherheitstests verstehen - Durchführung richtiger Datenverarbeitungsverfahren für sensible Informationen - Respektieren Sie Privatsphäre und Vertraulichkeit von Benutzerinformationen - Dokumente Passwörter Auditing Aktivitäten für Compliance Zwecke
Hardware-Sicherheit¶
GPU Sicherheit: - GPU Temperatur und Leistung überwachen - Implementieren Sie die richtige Kühlung für erweiterte Operationen - Regelmäßige Wartung der GPU-Hardware - Sicherer physischer Zugang zu Rißsystemen - Backup- und Recovery-Prozeduren für Hardwareausfälle
Referenzen¶
- Hashcat Offizielle Dokumentation
- [Hashcat GitHub Repository](https://LINK_5_
- (LINK_5_)
- [Password Security Guidelines](LINK_5_
- [Hash Algorithm Referenz](LINK_5