FRONTMATTER_29_# Hashcat Cheat Sheet¶
HTML_TAG_18_ __HTML_TAG_21_📄 Generare PDF __HTML_TAG_23_
Panoramica¶
Hashcat è lo strumento di recupero password più veloce e avanzato del mondo, progettato per sfruttare la potenza computazionale delle CPU moderne e GPU per la cracking password ad alte prestazioni e la verifica della sicurezza. Sviluppato come successore dei tradizionali cracker password basati sulla CPU, Hashcat rivoluziona i test di sicurezza delle password utilizzando le capacità di elaborazione parallele delle schede grafiche per raggiungere velocità di cracking senza precedenti. Lo strumento supporta oltre 300 algoritmi hash e modalità di attacco, rendendolo la piattaforma di recupero password più completa disponibile per professionisti di sicurezza, tester di penetrazione e ricercatori che effettuano valutazioni delle password e controlli di sicurezza.
La forza principale di Hashcat risiede nella sua sofisticata architettura di accelerazione GPU, che può sfruttare la potenza di più schede grafiche simultaneamente per eseguire miliardi di test di password candidato al secondo. Questa enorme capacità computazionale, combinata con algoritmi di ottimizzazione intelligente di attacco, consente a Hashcat di rompere password complesse che sarebbero impraticabili per attaccare con strumenti basati sulla CPU tradizionali. La piattaforma supporta tutti i principali fornitori di GPU tra cui NVIDIA CUDA e AMD OpenCL, ottimizzando automaticamente le prestazioni per le configurazioni hardware disponibili e fornendo metriche di prestazioni dettagliate per la pianificazione delle capacità e l'ottimizzazione degli attacchi.
Il set di funzionalità avanzato di Hashcat include molteplici modalità di attacco che vanno dagli attacchi dei dizionario e dalle trasformazioni basate sulle regole agli attacchi sofisticati delle maschere e alle combinazioni ibride. L'architettura modulare dello strumento supporta lo sviluppo di regole personalizzate, il calcolo distribuito su più sistemi, e l'integrazione con generatori di wordlist esterni e strumenti di preprocessing. Con la sua gestione completa delle sessioni, la reportistica dettagliata dei progressi e le ampie opzioni di personalizzazione, Hashcat fornisce sia funzionalità di controllo automatizzate delle password che un controllo accurato per applicazioni di ricerca di sicurezza specializzata. La comunità attiva di sviluppo della piattaforma e l'ottimizzazione continua per le architetture hardware emergenti assicurano che rimanga all'avanguardia della tecnologia di test di sicurezza delle password.
Installazione¶
## Ubuntu/Debian Installazione¶
Installazione di Hashcat sui sistemi Ubuntu/Debian:
# Update system packages
sudo apt update && sudo apt upgrade -y
# Install Hashcat from repositories
sudo apt install -y hashcat
# Install additional dependencies
sudo apt install -y opencl-headers ocl-icd-opencl-dev
# Install GPU drivers for optimal performance
# For NVIDIA GPUs:
sudo apt install -y nvidia-driver-470 nvidia-opencl-dev
# For AMD GPUs:
sudo apt install -y mesa-opencl-icd
# Verify installation
hashcat --version
hashcat --benchmark
# Install latest version from source
sudo apt install -y git build-essential
git clone https://github.com/hashcat/hashcat.git
cd hashcat
make
sudo make install
# Verify GPU detection
hashcat -I
CentOS/RHEL Installazione¶
# Install EPEL repository
sudo yum install -y epel-release
# Install development tools
sudo yum groupinstall -y "Development Tools"
# Install dependencies
sudo yum install -y opencl-headers ocl-icd-devel
# Install GPU drivers
# For NVIDIA:
sudo yum install -y nvidia-driver nvidia-opencl
# Build from source
git clone https://github.com/hashcat/hashcat.git
cd hashcat
make
sudo make install
# Verify installation
hashcat --version
hashcat -I
Installazione di Windows¶
# Download pre-compiled binaries
# https://hashcat.net/hashcat/
# Extract to desired location
# Example: C:\hashcat
# Install GPU drivers
# NVIDIA: Download from nvidia.com
# AMD: Download from amd.com
# Add to PATH environment variable
# System Properties > Environment Variables
# Add C:\hashcat to PATH
# Verify installation
hashcat.exe --version
hashcat.exe -I
# Alternative: Install with Chocolatey
choco install hashcat
macOS Installazione¶
# Install using Homebrew
brew install hashcat
# Install GPU support (limited on macOS)
# Metal performance shaders for Apple Silicon
# Verify installation
hashcat --version
hashcat -I
# Build from source for latest features
brew install git
git clone https://github.com/hashcat/hashcat.git
cd hashcat
make
sudo make install
Installazione Docker¶
Running Hashcat in Docker con supporto GPU:
# Create Dockerfile for Hashcat
cat > Dockerfile.hashcat << 'EOF'
FROM nvidia/cuda:11.8-devel-ubuntu22.04
# Install dependencies
RUN apt-get update && apt-get install -y \
git \
build-essential \
opencl-headers \
ocl-icd-opencl-dev \
&& rm -rf /var/lib/apt/lists/*
# Clone and build Hashcat
RUN git clone https://github.com/hashcat/hashcat.git /opt/hashcat
WORKDIR /opt/hashcat
RUN make && make install
# Create working directory
WORKDIR /work
# Set PATH
ENV PATH="/opt/hashcat:$\\\\{PATH\\\\}"
CMD ["hashcat", "--help"]
EOF
# Build Docker image
docker build -f Dockerfile.hashcat -t hashcat-gpu .
# Run with GPU support (NVIDIA)
docker run --gpus all -it --rm \
-v $(pwd):/work \
hashcat-gpu hashcat --benchmark
# Run with specific GPU
docker run --gpus '"device=0"' -it --rm \
-v $(pwd):/work \
hashcat-gpu hashcat -I
Uso di base¶
Hash Identification¶
Identificare tipi e formati di hash:
# List supported hash modes
hashcat --help|grep -A 500 "Hash modes"
# Common hash mode numbers
# 0 = MD5
# 100 = SHA1
# 1000 = NTLM
# 1400 = SHA256
# 1700 = SHA512
# 1800 = sha512crypt
# 3200 = bcrypt
# 7500 = Kerberos 5 AS-REQ Pre-Auth
# Identify hash automatically
hashcat --identify hash.txt
# Example hash formats
echo "5d41402abc4b2a76b9719d911017c592" > md5_hash.txt # MD5
echo "aaf4c61ddcc5e8a2dabede0f3b482cd9aea9434d" > sha1_hash.txt # SHA1
echo "admin:1000:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::" > ntlm_hash.txt # NTLM
# Verify hash format
hashcat -m 0 --identify md5_hash.txt
hashcat -m 100 --identify sha1_hash.txt
hashcat -m 1000 --identify ntlm_hash.txt
Attacco di base¶
Eseguire attacchi di password di base:
# Dictionary attack
hashcat -m 0 -a 0 hash.txt wordlist.txt
# Dictionary attack with rules
hashcat -m 0 -a 0 hash.txt wordlist.txt -r rules/best64.rule
# Brute force attack
hashcat -m 0 -a 3 hash.txt ?a?a?a?a?a?a
# Mask attack (specific pattern)
hashcat -m 0 -a 3 hash.txt ?u?l?l?l?l?d?d?d
# Combination attack
hashcat -m 0 -a 1 hash.txt wordlist1.txt wordlist2.txt
# Hybrid attack (wordlist + mask)
hashcat -m 0 -a 6 hash.txt wordlist.txt ?d?d?d
# Hybrid attack (mask + wordlist)
hashcat -m 0 -a 7 hash.txt ?d?d?d wordlist.txt
# Show cracked passwords
hashcat -m 0 hash.txt --show
# Resume session
hashcat --session=mysession --restore
# Attack with time limit
timeout 3600 hashcat -m 0 -a 0 hash.txt wordlist.txt
Ottimizzazione delle prestazioni¶
Ottimizzazione delle prestazioni Hashcat:
# Benchmark system performance
hashcat -b
# Benchmark specific hash mode
hashcat -b -m 1000
# Show device information
hashcat -I
# Use specific GPU devices
hashcat -m 0 -a 0 hash.txt wordlist.txt -d 1,2
# Optimize workload
hashcat -m 0 -a 0 hash.txt wordlist.txt -w 3
# Workload profiles:
# -w 1 = Low (desktop use)
# -w 2 = Default
# -w 3 = High (dedicated cracking)
# -w 4 = Nightmare (maximum performance)
# Optimize kernel loops
hashcat -m 0 -a 0 hash.txt wordlist.txt -n 1024 -u 256
# Monitor temperature and performance
watch -n 1 'hashcat --status --machine-readable'
Caratteristiche avanzate¶
Attacco della maschera¶
Attacchi basati sulla maschera avanzati:
# Character sets
# ?l = lowercase letters (a-z)
# ?u = uppercase letters (A-Z)
# ?d = digits (0-9)
# ?h = hex digits (0-9a-f)
# ?H = hex digits (0-9A-F)
# ?s = special characters
# ?a = all characters (?l?u?d?s)
# ?b = all bytes (0x00-0xff)
# Common password patterns
# 8-character mixed case with numbers
hashcat -m 0 -a 3 hash.txt ?u?l?l?l?l?d?d?d
# Phone number pattern
hashcat -m 0 -a 3 hash.txt ?d?d?d-?d?d?d-?d?d?d?d
# Date pattern (MMDDYYYY)
hashcat -m 0 -a 3 hash.txt ?d?d?d?d?d?d?d?d
# Custom character set
hashcat -m 0 -a 3 hash.txt -1 ?l?d ?1?1?1?1?1?1?1?1
# Multiple custom character sets
hashcat -m 0 -a 3 hash.txt -1 ?l?u -2 ?d?s ?1?1?1?1?2?2
# Increment mode
hashcat -m 0 -a 3 hash.txt --increment --increment-min=6 --increment-max=8 ?a?a?a?a?a?a?a?a
# Position-specific masks
hashcat -m 0 -a 3 hash.txt ?u?l?l?l?l?l?d?d
# Mask file
cat > masks.txt << 'EOF'
?u?l?l?l?l?d?d
?u?l?l?l?l?d?d?d
?u?l?l?l?l?l?d?d
?l?l?l?l?d?d?d?d
EOF
hashcat -m 0 -a 3 hash.txt masks.txt
Attacchi basati sulla regola¶
Trasformazioni basate su regole avanzate:
# Built-in rule files
ls /usr/share/hashcat/rules/
# Common rule files
# best64.rule - Most effective 64 rules
# leetspeak.rule - Leet speak transformations
# rockyou-30000.rule - Rules based on RockYou analysis
# dive.rule - Comprehensive rule set
# Use specific rule file
hashcat -m 0 -a 0 hash.txt wordlist.txt -r /usr/share/hashcat/rules/best64.rule
# Multiple rule files
hashcat -m 0 -a 0 hash.txt wordlist.txt -r rules/best64.rule -r rules/leetspeak.rule
# Create custom rules
cat > custom.rule ``<< 'EOF'
# Append numbers
$0 $1 $2 $3 $4 $5 $6 $7 $8 $9
# Prepend numbers
^0 ^1 ^2 ^3 ^4 ^5 ^6 ^7 ^8 ^9
# Capitalize first letter
c
# Toggle case
t
# Duplicate word
d
# Reverse word
r
# Leetspeak substitutions
sa@ se3 si1 so0 ss$
# Append common suffixes
$! $@ $# $ $% $1 $2 $3
# Complex transformations
c $1 $2 $3
c $! $@
sa@ se3 si1 so0 $!
EOF
# Use custom rules
hashcat -m 0 -a 0 hash.txt wordlist.txt -r custom.rule
# Generate rule statistics
hashcat -m 0 -a 0 hash.txt wordlist.txt -r rules/best64.rule --debug-mode=1 --debug-file=debug.log
# Test rules without cracking
hashcat -a 0 --stdout wordlist.txt -r custom.rule|head -20
Gestione sessione¶
Gestione di sessioni di lungo periodo:
# Start named session
hashcat --session=audit2023 -m 1000 -a 0 hash.txt wordlist.txt
# Check session status
hashcat --session=audit2023 --status
# Restore session
hashcat --session=audit2023 --restore
# Remove session
hashcat --session=audit2023 --remove
# Session with checkpoint
hashcat --session=audit2023 -m 1000 -a 0 hash.txt wordlist.txt --status-timer=60
# Quit session gracefully
# Press 'q' during execution or send SIGTERM
# Session configuration
cat >`` hashcat.conf << 'EOF'
# Status timer (seconds)
status-timer = 60
# Checkpoint interval (seconds)
checkpoint-disable = false
# Restore timer (seconds)
restore-timer = 60
# Quiet mode
quiet = false
# Force mode
force = false
EOF
# Use configuration file
hashcat --session=audit2023 --config=hashcat.conf -m 1000 -a 0 hash.txt wordlist.txt
Distribuito Cracking¶
Impostazione di cracking password distribuito:
# Split wordlist for distribution
split -l 1000000 rockyou.txt wordlist_part_
# Distribute across multiple machines
# Machine 1:
hashcat --session=node1 -m 1000 -a 0 hash.txt wordlist_part_aa
# Machine 2:
hashcat --session=node2 -m 1000 -a 0 hash.txt wordlist_part_ab
# Machine 3:
hashcat --session=node3 -m 1000 -a 0 hash.txt wordlist_part_ac
# Keyspace distribution for mask attacks
# Total keyspace calculation
hashcat -m 0 -a 3 --keyspace ?a?a?a?a?a?a
# Distribute keyspace
# Machine 1 (first quarter):
hashcat -m 0 -a 3 hash.txt ?a?a?a?a?a?a --skip=0 --limit=1000000
# Machine 2 (second quarter):
hashcat -m 0 -a 3 hash.txt ?a?a?a?a?a?a --skip=1000000 --limit=1000000
# Automated distribution script
cat > distribute_hashcat.sh ``<< 'EOF'
#!/bin/bash
HOSTS=("server1" "server2" "server3" "server4")
HASH_FILE="hashes.txt"
WORDLIST="rockyou.txt"
HASH_MODE="1000"
# Calculate total lines
TOTAL_LINES=$(wc -l < $WORDLIST)
LINES_PER_HOST=$((TOTAL_LINES / $\\\{#HOSTS[@]\\\}))
for i in "$\\\{!HOSTS[@]\\\}"; do
HOST="$\\\{HOSTS[$i]\\\}"
SKIP=$((i * LINES_PER_HOST))
echo "Starting node $((i+1)) on $HOST"
ssh $HOST "hashcat --session=node$((i+1)) -m $HASH_MODE -a 0 $HASH_FILE $WORDLIST --skip=$SKIP --limit=$LINES_PER_HOST" &
done
wait
echo "All nodes completed"
EOF
chmod +x distribute_hashcat.sh
./distribute_hashcat.sh
Automation Scripts¶
Comprensiva password Audit Script¶
#!/usr/bin/env python3
# Comprehensive password audit using Hashcat
import subprocess
import os
import sys
import time
import json
import argparse
from datetime import datetime
import threading
import queue
import re
class HashcatAuditor:
def __init__(self, hashcat_path="hashcat"):
self.hashcat_path = hashcat_path
self.results = \\\{\\\}
self.sessions = \\\{\\\}
def verify_hashcat_installation(self):
"""Verify Hashcat installation and GPU support"""
try:
result = subprocess.run([self.hashcat_path, "--version"],
capture_output=True, text=True)
if result.returncode == 0:
print(f"Hashcat version: \\\{result.stdout.strip()\\\}")
# Check GPU devices
gpu_result = subprocess.run([self.hashcat_path, "-I"],
capture_output=True, text=True)
if gpu_result.returncode == 0:
print("GPU devices detected:")
print(gpu_result.stdout)
return True
else:
print("Warning: No GPU devices detected")
return True
else:
print("Hashcat not found or not working")
return False
except Exception as e:
print(f"Error checking Hashcat installation: \\\{e\\\}")
return False
def identify_hash_type(self, hash_file):
"""Identify hash types in file"""
try:
result = subprocess.run([self.hashcat_path, "--identify", hash_file],
capture_output=True, text=True)
if result.returncode == 0:
return self.parse_hash_identification(result.stdout)
else:
print(f"Hash identification failed: \\\{result.stderr\\\}")
return \\\{\\\}
except Exception as e:
print(f"Error identifying hashes: \\\{e\\\}")
return \\\{\\\}
def parse_hash_identification(self, output):
"""Parse hash identification output"""
hash_types = \\\{\\\}
lines = output.strip().split('\n')
for line in lines:
if 'possible' in line.lower():
# Parse hash type information
parts = line.split()
if len(parts) >``= 3:
hash_mode = parts[0]
hash_name = ' '.join(parts[1:])
hash_types[hash_mode] = hash_name
return hash_types
def benchmark_performance(self):
"""Benchmark system performance"""
try:
result = subprocess.run([self.hashcat_path, "-b"],
capture_output=True, text=True, timeout=300)
if result.returncode == 0:
return self.parse_benchmark_results(result.stdout)
else:
print(f"Benchmark failed: \\\\{result.stderr\\\\}")
return \\\\{\\\\}
except subprocess.TimeoutExpired:
print("Benchmark timed out")
return \\\\{\\\\}
except Exception as e:
print(f"Error running benchmark: \\\\{e\\\\}")
return \\\\{\\\\}
def parse_benchmark_results(self, output):
"""Parse benchmark results"""
benchmarks = \\\\{\\\\}
lines = output.strip().split('\n')
for line in lines:
if 'H/s' in line:
# Parse benchmark line
parts = line.split()
if len(parts) >= 4:
hash_mode = parts[0]
speed = parts[-2]
unit = parts[-1]
benchmarks[hash_mode] = f"\\\\{speed\\\\} \\\\{unit\\\\}"
return benchmarks
def crack_passwords(self, hash_file, attack_config):
"""Crack passwords with specified configuration"""
session_name = f"audit_\\\\{int(time.time())\\\\}"
cmd = [self.hashcat_path, "--session", session_name]
# Add hash mode
if attack_config.get('mode'):
cmd.extend(["-m", str(attack_config['mode'])])
# Add attack type
if attack_config.get('attack'):
cmd.extend(["-a", str(attack_config['attack'])])
# Add attack-specific parameters
if attack_config.get('attack') == 0: # Dictionary attack
if attack_config.get('wordlist'):
cmd.append(attack_config['wordlist'])
if attack_config.get('rules'):
cmd.extend(["-r", attack_config['rules']])
elif attack_config.get('attack') == 3: # Mask attack
if attack_config.get('mask'):
cmd.append(attack_config['mask'])
if attack_config.get('increment'):
cmd.append("--increment")
if attack_config.get('increment_min'):
cmd.extend(["--increment-min", str(attack_config['increment_min'])])
if attack_config.get('increment_max'):
cmd.extend(["--increment-max", str(attack_config['increment_max'])])
# Add performance options
if attack_config.get('workload'):
cmd.extend(["-w", str(attack_config['workload'])])
if attack_config.get('devices'):
cmd.extend(["-d", attack_config['devices']])
# Add hash file
cmd.append(hash_file)
print(f"Starting password cracking: \\\\{' '.join(cmd)\\\\}")
try:
# Start cracking process
process = subprocess.Popen(cmd, stdout=subprocess.PIPE,
stderr=subprocess.PIPE, text=True)
self.sessions[session_name] = \\\\{
'process': process,
'start_time': time.time(),
'config': attack_config,
'cmd': cmd
\\\\}
return session_name
except Exception as e:
print(f"Error starting crack: \\\\{e\\\\}")
return None
def monitor_session(self, session_name, timeout=None):
"""Monitor cracking session"""
if session_name not in self.sessions:
print(f"Session \\\\{session_name\\\\} not found")
return None
session = self.sessions[session_name]
process = session['process']
start_time = session['start_time']
try:
if timeout:
stdout, stderr = process.communicate(timeout=timeout)
else:
stdout, stderr = process.communicate()
end_time = time.time()
duration = end_time - start_time
result = \\\\{
'session': session_name,
'duration': duration,
'returncode': process.returncode,
'stdout': stdout,
'stderr': stderr,
'cmd': session['cmd']
\\\\}
return result
except subprocess.TimeoutExpired:
print(f"Session \\\\{session_name\\\\} timed out")
process.terminate()
return None
except Exception as e:
print(f"Error monitoring session: \\\\{e\\\\}")
return None
def get_cracked_passwords(self, hash_file, hash_mode=None):
"""Retrieve cracked passwords"""
cmd = [self.hashcat_path, "--show"]
if hash_mode:
cmd.extend(["-m", str(hash_mode)])
cmd.append(hash_file)
try:
result = subprocess.run(cmd, capture_output=True, text=True)
if result.returncode == 0:
lines = result.stdout.strip().split('\n')
cracked = []
for line in lines:
if ':' in line and line.strip():
parts = line.split(':')
if len(parts) >= 2:
cracked.append(\\\\{
'hash': parts[0],
'password': parts[1],
'full_line': line
\\\\})
return cracked
else:
print(f"Error getting cracked passwords: \\\\{result.stderr\\\\}")
return []
except Exception as e:
print(f"Error retrieving passwords: \\\\{e\\\\}")
return []
def analyze_password_strength(self, cracked_passwords):
"""Analyze password strength patterns"""
analysis = \\\\{
'total_cracked': len(cracked_passwords),
'length_distribution': \\\\{\\\\},
'character_analysis': \\\\{
'lowercase_only': 0,
'uppercase_only': 0,
'digits_only': 0,
'mixed_case': 0,
'with_digits': 0,
'with_symbols': 0,
'alphanumeric': 0
\\\\},
'pattern_analysis': \\\\{
'dictionary_words': 0,
'keyboard_patterns': 0,
'repeated_characters': 0,
'sequential_patterns': 0
\\\\},
'complexity_score': 0,
'weak_passwords': []
\\\\}
if not cracked_passwords:
return analysis
for entry in cracked_passwords:
password = entry['password']
length = len(password)
# Length distribution
if length not in analysis['length_distribution']:
analysis['length_distribution'][length] = 0
analysis['length_distribution'][length] += 1
# Character analysis
has_lower = bool(re.search(r'[a-z]', password))
has_upper = bool(re.search(r'[A-Z]', password))
has_digit = bool(re.search(r'[0-9]', password))
has_symbol = bool(re.search(r'[^a-zA-Z0-9]', password))
if password.islower():
analysis['character_analysis']['lowercase_only'] += 1
elif password.isupper():
analysis['character_analysis']['uppercase_only'] += 1
elif password.isdigit():
analysis['character_analysis']['digits_only'] += 1
elif has_lower and has_upper:
analysis['character_analysis']['mixed_case'] += 1
if has_digit:
analysis['character_analysis']['with_digits'] += 1
if has_symbol:
analysis['character_analysis']['with_symbols'] += 1
if password.isalnum():
analysis['character_analysis']['alphanumeric'] += 1
# Pattern analysis
if re.search(r'(password|admin|user|test|guest|login)', password.lower()):
analysis['pattern_analysis']['dictionary_words'] += 1
if re.search(r'(qwerty|asdf|zxcv|1234|abcd)', password.lower()):
analysis['pattern_analysis']['keyboard_patterns'] += 1
if re.search(r'(.)\1\\\\{2,\\\\}', password):
analysis['pattern_analysis']['repeated_characters'] += 1
if re.search(r'(012|123|234|345|456|567|678|789|abc|bcd|cde)', password.lower()):
analysis['pattern_analysis']['sequential_patterns'] += 1
# Weakness assessment
weakness_score = 0
if length < 8:
weakness_score += 3
if password.lower() in ['password', '123456', 'admin', 'user', 'guest']:
weakness_score += 5
if password.isdigit() or password.islower() or password.isupper():
weakness_score += 2
if not has_symbol:
weakness_score += 1
if weakness_score >= 3:
analysis['weak_passwords'].append(\\\\{
'password': password,
'hash': entry['hash'],
'weakness_score': weakness_score
\\\\})
# Calculate overall complexity score
total = len(cracked_passwords)
if total > 0:
complexity_factors = [
(analysis['character_analysis']['mixed_case'] / total) * 20,
(analysis['character_analysis']['with_symbols'] / total) * 30,
(sum(1 for l in analysis['length_distribution'] if l >= 12) / total) * 25,
(1 - (len(analysis['weak_passwords']) / total)) * 25
]
analysis['complexity_score'] = sum(complexity_factors)
return analysis
def generate_comprehensive_report(self, audit_results, output_file="hashcat_audit_report.html"):
"""Generate comprehensive audit report"""
html_content = f"""
<!DOCTYPE html>
<html>
<head>
<title>Hashcat Password Security Audit Report</title>
<style>
body \\\\{\\\\{ font-family: Arial, sans-serif; margin: 20px; \\\\}\\\\}
.section \\\\{\\\\{ margin: 20px 0; padding: 15px; border: 1px solid #ddd; \\\\}\\\\}
.critical \\\\{\\\\{ color: red; font-weight: bold; \\\\}\\\\}
.warning \\\\{\\\\{ color: orange; font-weight: bold; \\\\}\\\\}
.info \\\\{\\\\{ color: blue; \\\\}\\\\}
.success \\\\{\\\\{ color: green; font-weight: bold; \\\\}\\\\}
table \\\\{\\\\{ border-collapse: collapse; width: 100%; \\\\}\\\\}
th, td \\\\{\\\\{ border: 1px solid #ddd; padding: 8px; text-align: left; \\\\}\\\\}
th \\\\{\\\\{ background-color: #f2f2f2; \\\\}\\\\}
.score \\\\{\\\\{ font-size: 24px; font-weight: bold; \\\\}\\\\}
.score.high \\\\{\\\\{ color: green; \\\\}\\\\}
.score.medium \\\\{\\\\{ color: orange; \\\\}\\\\}
.score.low \\\\{\\\\{ color: red; \\\\}\\\\}
</style>
</head>
<body>
<h1>Hashcat Password Security Audit Report</h1>
<p>Generated: \\\\{datetime.now().isoformat()\\\\}</p>
<p>Hash File: \\\\{audit_results.get('hash_file', 'N/A')\\\\}</p>
<div class="section">
<h2>Executive Summary</h2>
<ul>
<li>Total Hashes Analyzed: \\\\{audit_results.get('total_hashes', 0)\\\\}</li>
<li>Passwords Cracked: \\\\{audit_results.get('total_cracked', 0)\\\\}</li>
<li>Crack Rate: \\\\{(audit_results.get('total_cracked', 0) / max(audit_results.get('total_hashes', 1), 1) * 100):.2f\\\\}%</li>
<li>Weak Passwords: \\\\{len(audit_results.get('weak_passwords', []))\\\\}</li>
</ul>
<h3>Password Complexity Score</h3>
<div class="score \\\\{self.get_score_class(audit_results.get('complexity_score', 0))\\\\}">
\\\\{audit_results.get('complexity_score', 0):.1f\\\\}/100
</div>
</div>
<div class="section">
<h2 class="critical">Critical Findings</h2>
<h3>Weak Passwords</h3>
<table>
<tr><th>Hash</th><th>Password</th><th>Weakness Score</th></tr>
"""
for weak in audit_results.get('weak_passwords', [])[:20]:
html_content += f"""
<tr>
<td>\\\\{weak['hash'][:20]\\\\}...</td>
<td>\\\\{weak['password']\\\\}</td>
<td>\\\\{weak['weakness_score']\\\\}</td>
</tr>"""
html_content += """
</table>
</div>
<div class="section">
<h2>Performance Analysis</h2>
<table>
<tr><th>Attack Method</th><th>Duration</th><th>Passwords Found</th><th>Rate</th></tr>
"""
for session in audit_results.get('sessions', []):
duration = session.get('duration', 0)
passwords_found = session.get('passwords_found', 0)
rate = passwords_found / duration if duration > 0 else 0
html_content += f"""
<tr>
<td>\\\\{session.get('attack_method', 'Unknown')\\\\}</td>
<td>\\\\{duration:.2f\\\\}s</td>
<td>\\\\{passwords_found\\\\}</td>
<td>\\\\{rate:.2f\\\\} p/s</td>
</tr>"""
html_content += """
</table>
</div>
<div class="section">
<h2>Recommendations</h2>
<ul>
<li>Implement minimum password length of 14 characters</li>
<li>Require complex passwords with mixed case, numbers, and symbols</li>
<li>Prohibit common dictionary words and keyboard patterns</li>
<li>Implement password history to prevent reuse</li>
<li>Enable multi-factor authentication</li>
<li>Regular password audits and user training</li>
<li>Consider passphrase-based authentication</li>
</ul>
</div>
</body>
</html>
"""
with open(output_file, 'w') as f:
f.write(html_content)
print(f"Report generated: \\\\{output_file\\\\}")
return output_file
def get_score_class(self, score):
"""Get CSS class for complexity score"""
if score >= 70:
return "high"
elif score >= 40:
return "medium"
else:
return "low"
def run_comprehensive_audit(self, hash_file, wordlists, output_dir="/tmp/hashcat_audit"):
"""Run comprehensive password audit"""
print("Starting comprehensive Hashcat audit...")
# Create output directory
os.makedirs(output_dir, exist_ok=True)
audit_results = \\\\{
'start_time': time.time(),
'hash_file': hash_file,
'wordlists': wordlists,
'sessions': [],
'total_hashes': 0,
'total_cracked': 0
\\\\}
# Identify hash types
print("Identifying hash types...")
hash_types = self.identify_hash_type(hash_file)
audit_results['hash_types'] = hash_types
# Count total hashes
try:
with open(hash_file, 'r') as f:
audit_results['total_hashes'] = len(f.readlines())
except Exception as e:
print(f"Error reading hash file: \\\\{e\\\\}")
return None
# Determine best hash mode
if hash_types:
best_mode = list(hash_types.keys())[0]
print(f"Using hash mode: \\\\{best_mode\\\\} (\\\\{hash_types[best_mode]\\\\})")
else:
best_mode = "0" # Default to MD5
print("Using default hash mode: MD5")
# Run multiple attack strategies
attack_configs = [
\\\\{
'name': 'Quick Dictionary',
'mode': best_mode,
'attack': 0,
'wordlist': wordlists[0] if wordlists else '/usr/share/wordlists/rockyou.txt',
'timeout': 1800 # 30 minutes
\\\\},
\\\\{
'name': 'Dictionary with Rules',
'mode': best_mode,
'attack': 0,
'wordlist': wordlists[0] if wordlists else '/usr/share/wordlists/rockyou.txt',
'rules': '/usr/share/hashcat/rules/best64.rule',
'timeout': 3600 # 1 hour
\\\\},
\\\\{
'name': 'Mask Attack (8 chars)',
'mode': best_mode,
'attack': 3,
'mask': '?a?a?a?a?a?a?a?a',
'increment': True,
'increment_min': 6,
'increment_max': 8,
'timeout': 1800 # 30 minutes
\\\\}
]
# Execute attacks
for config in attack_configs:
print(f"Running \\\\{config['name']\\\\} attack...")
session_name = self.crack_passwords(hash_file, config)
if session_name:
result = self.monitor_session(session_name, config.get('timeout'))
if result:
result['attack_method'] = config['name']
audit_results['sessions'].append(result)
# Get final results
cracked_passwords = self.get_cracked_passwords(hash_file, best_mode)
audit_results['total_cracked'] = len(cracked_passwords)
# Analyze password strength
if cracked_passwords:
strength_analysis = self.analyze_password_strength(cracked_passwords)
audit_results.update(strength_analysis)
# Generate report
report_file = os.path.join(output_dir, "hashcat_audit_report.html")
self.generate_comprehensive_report(audit_results, report_file)
audit_results['end_time'] = time.time()
audit_results['duration'] = audit_results['end_time'] - audit_results['start_time']
print(f"Audit completed in \\\\{audit_results['duration']:.2f\\\\} seconds")
print(f"Cracked \\\\{audit_results['total_cracked']\\\\} of \\\\{audit_results['total_hashes']\\\\} passwords")
return audit_results
def main():
parser = argparse.ArgumentParser(description='Hashcat Password Audit')
parser.add_argument('--hash-file', required=True, help='Hash file to crack')
parser.add_argument('--wordlists', nargs='+', help='Wordlist files')
parser.add_argument('--hash-mode', help='Hash mode (auto-detect if not specified)')
parser.add_argument('--output', default='/tmp/hashcat_audit', help='Output directory')
parser.add_argument('--hashcat-path', default='hashcat', help='Path to Hashcat executable')
args = parser.parse_args()
# Initialize auditor
auditor = HashcatAuditor(args.hashcat_path)
# Verify installation
if not auditor.verify_hashcat_installation():
print("Hashcat not properly installed or configured")
sys.exit(1)
# Run audit
results = auditor.run_comprehensive_audit(
args.hash_file,
args.wordlists or [],
args.output
)
if results:
print("Password audit completed successfully")
else:
print("Password audit failed")
sys.exit(1)
if __name__ == "__main__":
main()
Esempi di integrazione¶
CI/CD Integrazione¶
# Jenkins Pipeline for Hashcat Integration
pipeline \\\\{
agent \\\\{
label 'gpu-enabled'
\\\\}
environment \\\\{
HASH_FILE = 'extracted_hashes.txt'
WORDLIST = '/opt/wordlists/rockyou.txt'
HASHCAT_PATH = '/usr/local/bin/hashcat'
\\\\}
stages \\\\{
stage('Extract Hashes') \\\\{
steps \\\\{
script \\\\{
// Extract hashes from application
sh '''
# Extract user password hashes
python3 extract_hashes.py --output $\\\\{HASH_FILE\\\\}
# Verify hash file
if [ ! -s $\\\\{HASH_FILE\\\\} ]; then
echo "No hashes extracted"
exit 1
fi
echo "Extracted $(wc -l < $\\\\{HASH_FILE\\\\}) hashes"
'''
\\\\}
\\\\}
\\\\}
stage('Password Audit') \\\\{
steps \\\\{
script \\\\{
// Run Hashcat audit
sh '''
python3 hashcat_audit.py \
--hash-file $\\\\{HASH_FILE\\\\} \
--wordlists $\\\\{WORDLIST\\\\} \
--output ./hashcat-results \
--hashcat-path $\\\\{HASHCAT_PATH\\\\}
'''
\\\\}
\\\\}
\\\\}
stage('Process Results') \\\\{
steps \\\\{
// Archive results
archiveArtifacts artifacts: 'hashcat-results/**/*', fingerprint: true
// Publish report
publishHTML([
allowMissing: false,
alwaysLinkToLastBuild: true,
keepAll: true,
reportDir: 'hashcat-results',
reportFiles: '*.html',
reportName: 'Hashcat Audit Report'
])
// Check for weak passwords
script \\\\{
def weakPasswords = sh(
script: "grep -c 'weakness_score.*[3-9]' hashcat-results/*.html||true",
returnStdout: true
).trim()
if (weakPasswords.toInteger() > 0) \\\\{
currentBuild.result = 'UNSTABLE'
echo "Found $\\\\{weakPasswords\\\\} weak passwords"
\\\\}
\\\\}
\\\\}
\\\\}
\\\\}
post \\\\{
always \\\\{
// Clean up sensitive data
sh 'rm -f $\\\\{HASH_FILE\\\\} hashcat-results/*.potfile'
\\\\}
failure \\\\{
// Send notification
emailext (
subject: "Password Audit Failed: $\\\\{env.JOB_NAME\\\\} - $\\\\{env.BUILD_NUMBER\\\\}",
body: "Password audit failed. Check console output for details.",
to: "$\\\\{env.SECURITY_TEAM_EMAIL\\\\}"
)
\\\\}
\\\\}
\\\\}
Risoluzione dei problemi¶
Questioni comuni¶
** Problemi di rilevamento GPU:** Traduzione:
** Problemi di conformità: ** Traduzione:
** Problemi di memoria: ** Traduzione:
Ottimizzazione delle prestazioni¶
Ottimizzazione delle prestazioni Hashcat:
# GPU Optimization
# Use all available GPUs
hashcat -d 1,2,3,4
# Optimize workload for GPU
hashcat -w 4 # Maximum performance
# Tune kernel parameters
hashcat -n 1024 -u 256
# Memory Optimization
hashcat --segment-size=1024
# CPU Optimization
# Disable CPU usage for GPU-only attacks
hashcat --opencl-device-types=2
# Benchmark optimization
hashcat -b -m 1000 --runtime=60
Considerazioni di sicurezza¶
Sicurezza operativa¶
** Protezione dei dati. - Crittografia file hash e database password incrinati - Attuazione politiche di conservazione dei dati sicure per i risultati di audit - Controllo dell'accesso agli strumenti di cracking password e risultati - Trasmissione sicura di file hash e report di audit - Pulizia regolare dei file temporanei e dei dati di sessione
** Considerazioni giuridiche ed etiche: - No. Solo le password di crack che possiedi o hai il permesso esplicito per testare - Comprendi i requisiti legali per i test di sicurezza delle password - Implementare procedure di gestione dei dati adeguate per informazioni sensibili - Rispetto della privacy e della riservatezza delle credenziali dell'utente - Attività di controllo della password del documento a fini di conformità
Sicurezza hardware¶
**GPU Sicurezza. - Monitorare la temperatura e le prestazioni GPU - Implementare un raffreddamento adeguato per operazioni prolungate - Manutenzione regolare dell'hardware GPU - Sicuro accesso fisico ai sistemi di cracking - Procedura di backup e ripristino per guasti hardware
Referenze¶
- Documentazione ufficiale Hashcat_
- Hashcat GitHub Repository
- [GPU Password Cracking](URL_26___
- Guidali di sicurezza password__
- Riferimento Hash Algorithm