const uint VERSION_BIN = 300;
const uint RESTORE_MIN = 300;
-double TARGET_MS_PROFILE[3] = { 8, 16, 96 };
+double TARGET_MS_PROFILE[4] = { 8, 16, 96, 512 };
#define INCR_RULES 10000
#define INCR_SALTS 100000
"",
"Usage: %s [options]... hash|hashfile|hccapfile [dictionary|mask|directory]...",
"",
- "=======",
- "Options",
- "=======",
+ "###########",
+ "# Options #",
+ "###########",
"",
- "* General:",
- "",
- " -m, --hash-type=NUM Hash-type, see references below",
- " -a, --attack-mode=NUM Attack-mode, see references below",
- " -V, --version Print version",
- " -h, --help Print help",
- " --quiet Suppress output",
- "",
- "* Misc:",
- "",
- " --hex-charset Assume charset is given in hex",
- " --hex-salt Assume salt is given in hex",
- " --hex-wordlist Assume words in wordlist is given in hex",
- " --force Ignore warnings",
- " --status Enable automatic update of the status-screen",
- " --status-timer=NUM Seconds between status-screen update",
- " --status-automat Display the status view in a machine readable format",
- " --loopback Add new plains to induct directory",
- " --weak-hash-threshold=NUM Threshold when to stop checking for weak hashes, default is 100 salts",
- "",
- "* Markov:",
- "",
- " --markov-hcstat=FILE Specify hcstat file to use, default is hashcat.hcstat",
- " --markov-disable Disables markov-chains, emulates classic brute-force",
- " --markov-classic Enables classic markov-chains, no per-position enhancement",
- " -t, --markov-threshold=NUM Threshold when to stop accepting new markov-chains",
- "",
- "* Session:",
- "",
- " --runtime=NUM Abort session after NUM seconds of runtime",
- " --session=STR Define specific session name",
- " --restore Restore session from --session",
- " --restore-disable Do not write restore file",
- "",
- "* Files:",
- "",
- " -o, --outfile=FILE Define outfile for recovered hash",
- " --outfile-format=NUM Define outfile-format for recovered hash, see references below",
- " --outfile-autohex-disable Disable the use of $HEX[] in output plains",
- " --outfile-check-timer=NUM Seconds between outfile checks",
- " -p, --separator=CHAR Separator char for hashlists and outfile",
- " --show Show cracked passwords only",
- " --left Show un-cracked passwords only",
- " --username Enable ignoring of usernames in hashfile (recommended: also use --show)",
- " --remove Enable remove of hash once it is cracked",
- " --remove-timer=NUM Update input hash file each NUM seconds",
- " --potfile-disable Do not write potfile",
- " --potfile-path Specific path to potfile",
- " --debug-mode=NUM Defines the debug mode (hybrid only by using rules), see references below",
- " --debug-file=FILE Output file for debugging rules (see also --debug-mode)",
- " --induction-dir=FOLDER Specify induction directory to use, default is $session.induct",
- " --outfile-check-dir=FOLDER Specify the outfile directory which should be monitored, default is $session.outfiles",
- " --logfile-disable Disable the logfile",
- " --truecrypt-keyfiles=FILE Keyfiles used, separate with comma",
- " --veracrypt-keyfiles=FILE Keyfiles used, separate with comma",
- " --veracrypt-pim=NUM VeraCrypt personal iterations multiplier",
- "",
- "* Resources:",
- "",
- " -b, --benchmark Run benchmark",
- " --benchmark-repeats=NUM Repeat the kernel on the device NUM times to increase benchmark accuracy",
- " -c, --segment-size=NUM Size in MB to cache from the wordfile",
- " --bitmap-min=NUM Minimum number of bits allowed for bitmaps",
- " --bitmap-max=NUM Maximum number of bits allowed for bitmaps",
- " --cpu-affinity=STR Locks to CPU devices, separate with comma",
- " --opencl-platforms=STR OpenCL platforms to use, separate with comma",
- " -d, --opencl-devices=STR OpenCL devices to use, separate with comma",
- " --opencl-device-types=STR OpenCL device-types to use, separate with comma, see references below",
- " --opencl-vector-width=NUM OpenCL vector-width (either 1, 2, 4, 8 or 16), overrides value from device query",
- " -w, --workload-profile=NUM Enable a specific workload profile, see references below",
- " -n, --kernel-accel=NUM Workload tuning, increase the outer-loop step size (outdated option, use -w)",
- " -u, --kernel-loops=NUM Workload tuning, increase the inner-loop step size (outdated option, use -w)",
- " --gpu-temp-disable Disable temperature and fanspeed readings and triggers",
+ " Short- | Long- | Parameter- | Description | Example",
+ " Option | Option | Type | |",
+ "--------+---------------------------+------------+------------------------------------------------------+---------------------",
+ " -m | --hash-type | Number | Hash-type, see references below | -m 1000",
+ " -a | --attack-mode | Number | Attack-mode, see references below | -a 3",
+ " -V | --version | | Print version | --version",
+ " -h | --help | | Print help | --help",
+ " | --quiet | | Suppress output | --quiet",
+ " | --hex-charset | | Assume charset is given in hex | --hex-charset",
+ " | --hex-salt | | Assume salt is given in hex | --hex-salt",
+ " | --hex-wordlist | | Assume words in wordlist is given in hex | --hex-wordlist",
+ " | --force | | Ignore warnings | --force",
+ " | --status | | Enable automatic update of the status-screen | --status",
+ " | --status-timer | Number | Sets seconds between status-screen update to X | --status-timer=1",
+ " | --status-automat | | Display the status view in a machine readable format | --status-automat",
+ " | --loopback | | Add new plains to induct directory | --loopback",
+ " | --weak-hash-threshold | Number | Threshold X when to stop checking for weak hashes | --weak-hash-threshold=0",
+ " | --markov-hcstat | File | Specify hcstat file to use, default is hashcat.hcstat| --markiv-hcstat=my.hcstat",
+ " | --markov-disable | | Disables markov-chains, emulates classic brute-force | --markov-disable",
+ " | --markov-classic | | Enables classic markov-chains, no per-position | --markov-classic",
+ " -t | --markov-threshold | Number | Threshold X when to stop accepting new markov-chains | -t 50",
+ " | --runtime | Number | Abort session after X seconds of runtime | --runtime=10",
+ " | --session | String | Define specific session name | --session=mysession",
+ " | --restore | | Restore session from --session | --restore",
+ " | --restore-disable | | Do not write restore file | --restore-disable",
+ " -o | --outfile | File | Define outfile for recovered hash | -o outfile.txt",
+ " | --outfile-format | Number | Define outfile-format X for recovered hash | --outfile-format=7",
+ " | --outfile-autohex-disable | | Disable the use of $HEX[] in output plains | --outfile-autohex-disable",
+ " | --outfile-check-timer | Number | Sets seconds between outfile checks to X | --outfile-check-timer=30",
+ " -p | --separator | Char | Separator char for hashlists and outfile | -p :",
+ " | --show | | Show cracked passwords only | --show",
+ " | --left | | Show un-cracked passwords only | --left",
+ " | --username | | Enable ignoring of usernames in hashfile | --username",
+ " | --remove | | Enable remove of hash once it is cracked | --remove",
+ " | --remove-timer | Number | Update input hash file each X seconds | --remove-timer=30",
+ " | --potfile-disable | | Do not write potfile | --potfile-disable",
+ " | --potfile-path | | Specific path to potfile | --potfile-path=hashcat.pot",
+ " | --debug-mode | Number | Defines the debug mode (hybrid only by using rules) | --debug-mode=4",
+ " | --debug-file | File | Output file for debugging rules | --debug-file=goodrules.log",
+ " | --induction-dir | Folder | Specify the induction directory to use for loopback | --induction-dir=inducts",
+ " | --outfile-check-dir | Folder | Specify the outfile directory to monitor for plains | --outfile-check-dir=ext",
+ " | --logfile-disable | | Disable the logfile | --logfile-disable",
+ " | --truecrypt-keyfiles | File | Keyfiles used, separate with comma | --truecrypt-keyfiles=xx.png",
+ " | --veracrypt-keyfiles | File | Keyfiles used, separate with comma | --veracrypt-keyfiles=xx.png",
+ " | --veracrypt-pim | Number | VeraCrypt personal iterations multiplier | --veracrypt-pim=1000",
+ " -b | --benchmark | | Run benchmark | -b",
+ " -c | --segment-size | Number | Sets size in MB to cache from the wordfile to X | -c 32",
+ " | --bitmap-min | Number | Sets minimum bits allowed for bitmaps to X | --bitmap-min=24",
+ " | --bitmap-max | Number | Sets maximum bits allowed for bitmaps to X | --bitmap-min=24",
+ " | --cpu-affinity | String | Locks to CPU devices, separate with comma | --cpu-affinity=1,2,3,4",
+ " | --opencl-platforms | String | OpenCL platforms to use, separate with comma | --opencl-platforms=2",
+ " -d | --opencl-devices | String | OpenCL devices to use, separate with comma | -d 1",
+ " | --opencl-device-types | String | OpenCL device-types to use, separate with comma | --opencl-device-types=1,2",
+ " | --opencl-vector-width | Number | Manual override OpenCL vector-width to X | --opencl-vector-width=4",
+ " -w | --workload-profile | Number | Enable a specific workload profile, see pool below | -w 3",
+ " -n | --kernel-accel | Number | Manual workload tuning, set outerloop step size to X | -n 64",
+ " -u | --kernel-loops | Number | Manual workload tuning, set innerloop step size to X | -u 256",
+ " | --gpu-temp-disable | | Disable temperature and fanspeed reads and triggers | --gpu-temp-disable",
#ifdef HAVE_HWMON
- " --gpu-temp-abort=NUM Abort session if GPU temperature reaches NUM degrees celsius",
- " --gpu-temp-retain=NUM Try to retain GPU temperature at NUM degrees celsius (AMD only)",
+ " | --gpu-temp-abort | Number | Abort if GPU temperature reaches X degrees celsius | --gpu-temp-abort=100",
+ " | --gpu-temp-retain | Number | Try to retain GPU temperature at X degrees celsius | --gpu-temp-retain=95",
#ifdef HAVE_ADL
- " --powertune-enable Enable automatic power tuning option (AMD OverDrive 6 only)",
+ " | --powertune-enable | | Enable automatic power tuning (AMD OverDrive 6 only) | --powertune-enable",
#endif
#endif
- " --scrypt-tmto=NUM Manually override automatically calculated TMTO value for scrypt",
- "",
- "* Distributed:",
- "",
- " -s, --skip=NUM Skip number of words",
- " -l, --limit=NUM Limit number of words",
- " --keyspace Show keyspace base:mod values and quit",
- "",
- "* Rules:",
- "",
- " -j, --rule-left=RULE Single rule applied to each word from left dict",
- " -k, --rule-right=RULE Single rule applied to each word from right dict",
- " -r, --rules-file=FILE Rules-file, multi use: -r 1.rule -r 2.rule",
- " -g, --generate-rules=NUM Generate NUM random rules",
- " --generate-rules-func-min=NUM Force NUM functions per random rule min",
- " --generate-rules-func-max=NUM Force NUM functions per random rule max",
- " --generate-rules-seed=NUM Force RNG seed to NUM",
- "",
- "* Custom charsets:",
- "",
- " -1, --custom-charset1=CS User-defined charsets",
- " -2, --custom-charset2=CS Example:",
- " -3, --custom-charset3=CS --custom-charset1=?dabcdef : sets charset ?1 to 0123456789abcdef",
- " -4, --custom-charset4=CS -2 mycharset.hcchr : sets charset ?2 to chars contained in file",
- "",
- "* Increment:",
- "",
- " -i, --increment Enable increment mode",
- " --increment-min=NUM Start incrementing at NUM",
- " --increment-max=NUM Stop incrementing at NUM",
- "",
- "==========",
- "References",
- "==========",
- "",
- "* Workload Profile:",
- "",
- " 1 = Interactive performance profile, kernel execution runtime to 8ms, lower latency desktop, lower speed",
- " 2 = Default performance profile, kernel execution runtime to 16ms, economic setting",
- " 3 = Headless performance profile, kernel execution runtime to 96ms, higher latency desktop, higher speed",
- "",
- "* OpenCL device-types:",
- "",
- " 1 = CPU devices",
- " 2 = GPU devices",
- " 3 = Accelerator devices (FPGA, CELL Blade, etc.)",
- "",
- "* Outfile Formats:",
- "",
- " 1 = hash[:salt]",
- " 2 = plain",
- " 3 = hash[:salt]:plain",
- " 4 = hex_plain",
- " 5 = hash[:salt]:hex_plain",
- " 6 = plain:hex_plain",
- " 7 = hash[:salt]:plain:hex_plain",
- " 8 = crackpos",
- " 9 = hash[:salt]:crackpos",
- " 10 = plain:crackpos",
- " 11 = hash[:salt]:plain:crackpos",
- " 12 = hex_plain:crackpos",
- " 13 = hash[:salt]:hex_plain:crackpos",
- " 14 = plain:hex_plain:crackpos",
- " 15 = hash[:salt]:plain:hex_plain:crackpos",
- "",
- "* Debug mode output formats (for hybrid mode only, by using rules):",
- "",
- " 1 = save finding rule",
- " 2 = save original word",
- " 3 = save original word and finding rule",
- " 4 = save original word, finding rule and modified plain",
- "",
- "* Built-in charsets:",
- "",
- " ?l = abcdefghijklmnopqrstuvwxyz",
- " ?u = ABCDEFGHIJKLMNOPQRSTUVWXYZ",
- " ?d = 0123456789",
- " ?s = !\"#$%%&'()*+,-./:;<=>?@[\\]^_`{|}~",
- " ?a = ?l?u?d?s",
- " ?b = 0x00 - 0xff",
- "",
- "* Attack modes:",
- "",
- " 0 = Straight",
- " 1 = Combination",
- " 3 = Brute-force",
- " 6 = Hybrid dict + mask",
- " 7 = Hybrid mask + dict",
- "",
- "* Hash types:",
- "",
- "[[ Roll-your-own: Raw Hashes ]]",
- "",
- " 900 = MD4",
- " 0 = MD5",
- " 5100 = Half MD5",
- " 100 = SHA1",
- " 10800 = SHA-384",
- " 1400 = SHA-256",
- " 1700 = SHA-512",
- " 5000 = SHA-3(Keccak)",
- " 10100 = SipHash",
- " 6000 = RipeMD160",
- " 6100 = Whirlpool",
- " 6900 = GOST R 34.11-94",
- " 11700 = GOST R 34.11-2012 (Streebog) 256-bit",
- " 11800 = GOST R 34.11-2012 (Streebog) 512-bit",
- "",
- "[[ Roll-your-own: Iterated and / or Salted Hashes ]]",
- "",
- " 10 = md5($pass.$salt)",
- " 20 = md5($salt.$pass)",
- " 30 = md5(unicode($pass).$salt)",
- " 40 = md5($salt.unicode($pass))",
- " 3800 = md5($salt.$pass.$salt)",
- " 3710 = md5($salt.md5($pass))",
- " 2600 = md5(md5($pass)",
- " 4300 = md5(strtoupper(md5($pass)))",
- " 4400 = md5(sha1($pass))",
- " 110 = sha1($pass.$salt)",
- " 120 = sha1($salt.$pass)",
- " 130 = sha1(unicode($pass).$salt)",
- " 140 = sha1($salt.unicode($pass))",
- " 4500 = sha1(sha1($pass)",
- " 4700 = sha1(md5($pass))",
- " 4900 = sha1($salt.$pass.$salt)",
- " 1410 = sha256($pass.$salt)",
- " 1420 = sha256($salt.$pass)",
- " 1430 = sha256(unicode($pass).$salt)",
- " 1440 = sha256($salt.unicode($pass))",
- " 1710 = sha512($pass.$salt)",
- " 1720 = sha512($salt.$pass)",
- " 1730 = sha512(unicode($pass).$salt)",
- " 1740 = sha512($salt.unicode($pass))",
- "",
- "[[ Roll-your-own: Authenticated Hashes ]]",
- "",
- " 50 = HMAC-MD5 (key = $pass)",
- " 60 = HMAC-MD5 (key = $salt)",
- " 150 = HMAC-SHA1 (key = $pass)",
- " 160 = HMAC-SHA1 (key = $salt)",
- " 1450 = HMAC-SHA256 (key = $pass)",
- " 1460 = HMAC-SHA256 (key = $salt)",
- " 1750 = HMAC-SHA512 (key = $pass)",
- " 1760 = HMAC-SHA512 (key = $salt)",
- "",
- "[[ Generic KDF ]]",
- "",
- " 400 = phpass",
- " 8900 = scrypt",
- " 11900 = PBKDF2-HMAC-MD5",
- " 12000 = PBKDF2-HMAC-SHA1",
- " 10900 = PBKDF2-HMAC-SHA256",
- " 12100 = PBKDF2-HMAC-SHA512",
- "",
- "[[ Network protocols, Challenge-Response ]]",
- "",
- " 23 = Skype",
- " 2500 = WPA/WPA2",
- " 4800 = iSCSI CHAP authentication, MD5(Chap)",
- " 5300 = IKE-PSK MD5",
- " 5400 = IKE-PSK SHA1",
- " 5500 = NetNTLMv1",
- " 5500 = NetNTLMv1 + ESS",
- " 5600 = NetNTLMv2",
- " 7300 = IPMI2 RAKP HMAC-SHA1",
- " 7500 = Kerberos 5 AS-REQ Pre-Auth etype 23",
- " 8300 = DNSSEC (NSEC3)",
- " 10200 = Cram MD5",
- " 11100 = PostgreSQL Challenge-Response Authentication (MD5)",
- " 11200 = MySQL Challenge-Response Authentication (SHA1)",
- " 11400 = SIP digest authentication (MD5)",
- " 13100 = Kerberos 5 TGS-REP etype 23",
- "",
- "[[ Forums, CMS, E-Commerce, Frameworks, Middleware, Wiki, Management ]]",
- "",
- " 121 = SMF (Simple Machines Forum)",
- " 400 = phpBB3",
- " 2611 = vBulletin < v3.8.5",
- " 2711 = vBulletin > v3.8.5",
- " 2811 = MyBB",
- " 2811 = IPB (Invison Power Board)",
- " 8400 = WBB3 (Woltlab Burning Board)",
- " 11 = Joomla < 2.5.18",
- " 400 = Joomla > 2.5.18",
- " 400 = Wordpress",
- " 2612 = PHPS",
- " 7900 = Drupal7",
- " 21 = osCommerce",
- " 21 = xt:Commerce",
- " 11000 = PrestaShop",
- " 124 = Django (SHA-1)",
- " 10000 = Django (PBKDF2-SHA256)",
- " 3711 = Mediawiki B type",
- " 7600 = Redmine",
- "",
- "[[ Database Server ]]",
- "",
- " 12 = PostgreSQL",
- " 131 = MSSQL(2000)",
- " 132 = MSSQL(2005)",
- " 1731 = MSSQL(2012)",
- " 1731 = MSSQL(2014)",
- " 200 = MySQL323",
- " 300 = MySQL4.1/MySQL5",
- " 3100 = Oracle H: Type (Oracle 7+)",
- " 112 = Oracle S: Type (Oracle 11+)",
- " 12300 = Oracle T: Type (Oracle 12+)",
- " 8000 = Sybase ASE",
+ " | --scrypt-tmto | Number | Manually override TMTO value for scrypt to X | --scrypt-tmto=3",
+ " -s | --skip | Number | Skip X words from the start | -s 1000000",
+ " -l | --limit | Number | Limit X words from the start + skipped words | -l 1000000",
+ " | --keyspace | | Show keyspace base:mod values and quit | --keyspace",
+ " -j | --rule-left | Rule | Single Rule applied to each word from left wordlist | -j 'c'",
+ " -k | --rule-right | Rule | Single Rule applied to each word from right wordlist | -k '^-'",
+ " -r | --rules-file | File | Multiple Rules applied to each word from wordlists | -r rules/best64.rule",
+ " -g | --generate-rules | | Enable generate random rules | -g 10000",
+ " | --generate-rules-func-min | Number | Force min X funcs per rule |",
+ " | --generate-rules-func-max | Number | Force max X funcs per rule |",
+ " | --generate-rules-seed | Number | Force RNG seed set to X |",
+ " -1 | --custom-charset1 | Charset | User-defined charset ?1 | -1 ?l?d?u",
+ " -2 | --custom-charset2 | Charset | User-defined charset ?2 | -2 ?l?d?s",
+ " -3 | --custom-charset3 | Charset | User-defined charset ?3 |",
+ " -4 | --custom-charset4 | Charset | User-defined charset ?4 |",
+ " -i | --increment | | Enable mask increment mode | --increment",
+ " | --increment-min | Number | Start mask incrementing at X | --increment-min=4",
+ " | --increment-max | Number | Stop mask incrementing at X | --increment-max=8",
"",
- "[[ HTTP, SMTP, LDAP Server ]]",
+ "################",
+ "## Hash modes ##",
+ "################",
"",
- " 141 = EPiServer 6.x < v4",
- " 1441 = EPiServer 6.x > v4",
- " 1600 = Apache $apr1$",
- " 12600 = ColdFusion 10+",
- " 1421 = hMailServer",
- " 101 = nsldap, SHA-1(Base64), Netscape LDAP SHA",
- " 111 = nsldaps, SSHA-1(Base64), Netscape LDAP SSHA",
- " 1711 = SSHA-512(Base64), LDAP {SSHA512}",
+ " # | Name | Category",
+ " ------+--------------------------------------------------+--------------------------------------",
+ " 900 | MD4 | Raw Hash",
+ " 0 | MD5 | Raw Hash",
+ " 5100 | Half MD5 | Raw Hash",
+ " 100 | SHA1 | Raw Hash",
+ " 10800 | SHA-384 | Raw Hash",
+ " 1400 | SHA-256 | Raw Hash",
+ " 1700 | SHA-512 | Raw Hash",
+ " 5000 | SHA-3(Keccak) | Raw Hash",
+ " 10100 | SipHash | Raw Hash",
+ " 6000 | RipeMD160 | Raw Hash",
+ " 6100 | Whirlpool | Raw Hash",
+ " 6900 | GOST R 34.11-94 | Raw Hash",
+ " 11700 | GOST R 34.11-2012 (Streebog) 256-bit | Raw Hash",
+ " 11800 | GOST R 34.11-2012 (Streebog) 512-bit | Raw Hash",
+ " 10 | md5($pass.$salt) | Raw Hash, Salted and / or Iterated",
+ " 20 | md5($salt.$pass) | Raw Hash, Salted and / or Iterated",
+ " 30 | md5(unicode($pass).$salt) | Raw Hash, Salted and / or Iterated",
+ " 40 | md5($salt.unicode($pass)) | Raw Hash, Salted and / or Iterated",
+ " 3800 | md5($salt.$pass.$salt) | Raw Hash, Salted and / or Iterated",
+ " 3710 | md5($salt.md5($pass)) | Raw Hash, Salted and / or Iterated",
+ " 2600 | md5(md5($pass) | Raw Hash, Salted and / or Iterated",
+ " 4300 | md5(strtoupper(md5($pass))) | Raw Hash, Salted and / or Iterated",
+ " 4400 | md5(sha1($pass)) | Raw Hash, Salted and / or Iterated",
+ " 110 | sha1($pass.$salt) | Raw Hash, Salted and / or Iterated",
+ " 120 | sha1($salt.$pass) | Raw Hash, Salted and / or Iterated",
+ " 130 | sha1(unicode($pass).$salt) | Raw Hash, Salted and / or Iterated",
+ " 140 | sha1($salt.unicode($pass)) | Raw Hash, Salted and / or Iterated",
+ " 4500 | sha1(sha1($pass) | Raw Hash, Salted and / or Iterated",
+ " 4700 | sha1(md5($pass)) | Raw Hash, Salted and / or Iterated",
+ " 4900 | sha1($salt.$pass.$salt) | Raw Hash, Salted and / or Iterated",
+ " 1410 | sha256($pass.$salt) | Raw Hash, Salted and / or Iterated",
+ " 1420 | sha256($salt.$pass) | Raw Hash, Salted and / or Iterated",
+ " 1430 | sha256(unicode($pass).$salt) | Raw Hash, Salted and / or Iterated",
+ " 1440 | sha256($salt.unicode($pass)) | Raw Hash, Salted and / or Iterated",
+ " 1710 | sha512($pass.$salt) | Raw Hash, Salted and / or Iterated",
+ " 1720 | sha512($salt.$pass) | Raw Hash, Salted and / or Iterated",
+ " 1730 | sha512(unicode($pass).$salt) | Raw Hash, Salted and / or Iterated",
+ " 1740 | sha512($salt.unicode($pass)) | Raw Hash, Salted and / or Iterated",
+ " 50 | HMAC-MD5 (key = $pass) | Raw Hash, Authenticated",
+ " 60 | HMAC-MD5 (key = $salt) | Raw Hash, Authenticated",
+ " 150 | HMAC-SHA1 (key = $pass) | Raw Hash, Authenticated",
+ " 160 | HMAC-SHA1 (key = $salt) | Raw Hash, Authenticated",
+ " 1450 | HMAC-SHA256 (key = $pass) | Raw Hash, Authenticated",
+ " 1460 | HMAC-SHA256 (key = $salt) | Raw Hash, Authenticated",
+ " 1750 | HMAC-SHA512 (key = $pass) | Raw Hash, Authenticated",
+ " 1760 | HMAC-SHA512 (key = $salt) | Raw Hash, Authenticated",
+ " 400 | phpass | Generic KDF",
+ " 8900 | scrypt | Generic KDF",
+ " 11900 | PBKDF2-HMAC-MD5 | Generic KDF",
+ " 12000 | PBKDF2-HMAC-SHA1 | Generic KDF",
+ " 10900 | PBKDF2-HMAC-SHA256 | Generic KDF",
+ " 12100 | PBKDF2-HMAC-SHA512 | Generic KDF",
+ " 23 | Skype | Network protocols",
+ " 2500 | WPA/WPA2 | Network protocols",
+ " 4800 | iSCSI CHAP authentication, MD5(Chap) | Network protocols",
+ " 5300 | IKE-PSK MD5 | Network protocols",
+ " 5400 | IKE-PSK SHA1 | Network protocols",
+ " 5500 | NetNTLMv1 | Network protocols",
+ " 5500 | NetNTLMv1 + ESS | Network protocols",
+ " 5600 | NetNTLMv2 | Network protocols",
+ " 7300 | IPMI2 RAKP HMAC-SHA1 | Network protocols",
+ " 7500 | Kerberos 5 AS-REQ Pre-Auth etype 23 | Network protocols",
+ " 8300 | DNSSEC (NSEC3) | Network protocols",
+ " 10200 | Cram MD5 | Network protocols",
+ " 11100 | PostgreSQL CRAM (MD5) | Network protocols",
+ " 11200 | MySQL CRAM (SHA1) | Network protocols",
+ " 11400 | SIP digest authentication (MD5) | Network protocols",
+ " 13100 | Kerberos 5 TGS-REP etype 23 | Network protocols",
+ " 121 | SMF (Simple Machines Forum) | Forums, CMS, E-Commerce, Frameworks",
+ " 400 | phpBB3 | Forums, CMS, E-Commerce, Frameworks",
+ " 2611 | vBulletin < v3.8.5 | Forums, CMS, E-Commerce, Frameworks",
+ " 2711 | vBulletin > v3.8.5 | Forums, CMS, E-Commerce, Frameworks",
+ " 2811 | MyBB | Forums, CMS, E-Commerce, Frameworks",
+ " 2811 | IPB (Invison Power Board) | Forums, CMS, E-Commerce, Frameworks",
+ " 8400 | WBB3 (Woltlab Burning Board) | Forums, CMS, E-Commerce, Frameworks",
+ " 11 | Joomla < 2.5.18 | Forums, CMS, E-Commerce, Frameworks",
+ " 400 | Joomla > 2.5.18 | Forums, CMS, E-Commerce, Frameworks",
+ " 400 | Wordpress | Forums, CMS, E-Commerce, Frameworks",
+ " 2612 | PHPS | Forums, CMS, E-Commerce, Frameworks",
+ " 7900 | Drupal7 | Forums, CMS, E-Commerce, Frameworks",
+ " 21 | osCommerce | Forums, CMS, E-Commerce, Frameworks",
+ " 21 | xt:Commerce | Forums, CMS, E-Commerce, Frameworks",
+ " 11000 | PrestaShop | Forums, CMS, E-Commerce, Frameworks",
+ " 124 | Django (SHA-1) | Forums, CMS, E-Commerce, Frameworks",
+ " 10000 | Django (PBKDF2-SHA256) | Forums, CMS, E-Commerce, Frameworks",
+ " 3711 | Mediawiki B type | Forums, CMS, E-Commerce, Frameworks",
+ " 7600 | Redmine | Forums, CMS, E-Commerce, Frameworks",
+ " 12 | PostgreSQL | Database Server",
+ " 131 | MSSQL(2000) | Database Server",
+ " 132 | MSSQL(2005) | Database Server",
+ " 1731 | MSSQL(2012) | Database Server",
+ " 1731 | MSSQL(2014) | Database Server",
+ " 200 | MySQL323 | Database Server",
+ " 300 | MySQL4.1/MySQL5 | Database Server",
+ " 3100 | Oracle H: Type (Oracle 7+) | Database Server",
+ " 112 | Oracle S: Type (Oracle 11+) | Database Server",
+ " 12300 | Oracle T: Type (Oracle 12+) | Database Server",
+ " 8000 | Sybase ASE | Database Server",
+ " 141 | EPiServer 6.x < v4 | HTTP, SMTP, LDAP Server",
+ " 1441 | EPiServer 6.x > v4 | HTTP, SMTP, LDAP Server",
+ " 1600 | Apache $apr1$ | HTTP, SMTP, LDAP Server",
+ " 12600 | ColdFusion 10+ | HTTP, SMTP, LDAP Server",
+ " 1421 | hMailServer | HTTP, SMTP, LDAP Server",
+ " 101 | nsldap, SHA-1(Base64), Netscape LDAP SHA | HTTP, SMTP, LDAP Server",
+ " 111 | nsldaps, SSHA-1(Base64), Netscape LDAP SSHA | HTTP, SMTP, LDAP Server",
+ " 1711 | SSHA-512(Base64), LDAP {SSHA512} | HTTP, SMTP, LDAP Server",
+ " 11500 | CRC32 | Checksums",
+ " 3000 | LM | Operating-Systems",
+ " 1000 | NTLM | Operating-Systems",
+ " 1100 | Domain Cached Credentials (DCC), MS Cache | Operating-Systems",
+ " 2100 | Domain Cached Credentials 2 (DCC2), MS Cache 2 | Operating-Systems",
+ " 12800 | MS-AzureSync PBKDF2-HMAC-SHA256 | Operating-Systems",
+ " 1500 | descrypt, DES(Unix), Traditional DES | Operating-Systems",
+ " 12400 | BSDiCrypt, Extended DES | Operating-Systems",
+ " 500 | md5crypt $1$, MD5(Unix) | Operating-Systems",
+ " 3200 | bcrypt $2*$, Blowfish(Unix) | Operating-Systems",
+ " 7400 | sha256crypt $5$, SHA256(Unix) | Operating-Systems",
+ " 1800 | sha512crypt $6$, SHA512(Unix) | Operating-Systems",
+ " 122 | OSX v10.4, OSX v10.5, OSX v10.6 | Operating-Systems",
+ " 1722 | OSX v10.7 | Operating-Systems",
+ " 7100 | OSX v10.8, OSX v10.9, OSX v10.10 | Operating-Systems",
+ " 6300 | AIX {smd5} | Operating-Systems",
+ " 6700 | AIX {ssha1} | Operating-Systems",
+ " 6400 | AIX {ssha256} | Operating-Systems",
+ " 6500 | AIX {ssha512} | Operating-Systems",
+ " 2400 | Cisco-PIX | Operating-Systems",
+ " 2410 | Cisco-ASA | Operating-Systems",
+ " 500 | Cisco-IOS $1$ | Operating-Systems",
+ " 5700 | Cisco-IOS $4$ | Operating-Systems",
+ " 9200 | Cisco-IOS $8$ | Operating-Systems",
+ " 9300 | Cisco-IOS $9$ | Operating-Systems",
+ " 22 | Juniper Netscreen/SSG (ScreenOS) | Operating-Systems",
+ " 501 | Juniper IVE | Operating-Systems",
+ " 5800 | Android PIN | Operating-Systems",
+ " 8100 | Citrix Netscaler | Operating-Systems",
+ " 8500 | RACF | Operating-Systems",
+ " 7200 | GRUB 2 | Operating-Systems",
+ " 9900 | Radmin2 | Operating-Systems",
+ " 125 | ArubaOS | Operating-Systems",
+ " 7700 | SAP CODVN B (BCODE) | Enterprise Application Software (EAS)",
+ " 7800 | SAP CODVN F/G (PASSCODE) | Enterprise Application Software (EAS)",
+ " 10300 | SAP CODVN H (PWDSALTEDHASH) iSSHA-1 | Enterprise Application Software (EAS)",
+ " 8600 | Lotus Notes/Domino 5 | Enterprise Application Software (EAS)",
+ " 8700 | Lotus Notes/Domino 6 | Enterprise Application Software (EAS)",
+ " 9100 | Lotus Notes/Domino 8 | Enterprise Application Software (EAS)",
+ " 133 | PeopleSoft | Enterprise Application Software (EAS)",
+ " 13500 | PeopleSoft Token | Enterprise Application Software (EAS)",
+ " 11600 | 7-Zip | Archives",
+ " 12500 | RAR3-hp | Archives",
+ " 13000 | RAR5 | Archives",
+ " 13200 | AxCrypt | Archives",
+ " 13300 | AxCrypt in memory SHA1 | Archives",
+ " 13600 | WinZip | Archives",
+ " 62XY | TrueCrypt | Full-Disk encryptions (FDE)",
+ " X | 1 = PBKDF2-HMAC-RipeMD160 | Full-Disk encryptions (FDE)",
+ " X | 2 = PBKDF2-HMAC-SHA512 | Full-Disk encryptions (FDE)",
+ " X | 3 = PBKDF2-HMAC-Whirlpool | Full-Disk encryptions (FDE)",
+ " X | 4 = PBKDF2-HMAC-RipeMD160 + boot-mode | Full-Disk encryptions (FDE)",
+ " Y | 1 = XTS 512 bit pure AES | Full-Disk encryptions (FDE)",
+ " Y | 1 = XTS 512 bit pure Serpent | Full-Disk encryptions (FDE)",
+ " Y | 1 = XTS 512 bit pure Twofish | Full-Disk encryptions (FDE)",
+ " Y | 2 = XTS 1024 bit pure AES | Full-Disk encryptions (FDE)",
+ " Y | 2 = XTS 1024 bit pure Serpent | Full-Disk encryptions (FDE)",
+ " Y | 2 = XTS 1024 bit pure Twofish | Full-Disk encryptions (FDE)",
+ " Y | 2 = XTS 1024 bit cascaded AES-Twofish | Full-Disk encryptions (FDE)",
+ " Y | 2 = XTS 1024 bit cascaded Serpent-AES | Full-Disk encryptions (FDE)",
+ " Y | 2 = XTS 1024 bit cascaded Twofish-Serpent | Full-Disk encryptions (FDE)",
+ " Y | 3 = XTS 1536 bit all | Full-Disk encryptions (FDE)",
+ " 8800 | Android FDE < v4.3 | Full-Disk encryptions (FDE)",
+ " 12900 | Android FDE (Samsung DEK) | Full-Disk encryptions (FDE)",
+ " 12200 | eCryptfs | Full-Disk encryptions (FDE)",
+ " 137XY | VeraCrypt | Full-Disk encryptions (FDE)",
+ " X | 1 = PBKDF2-HMAC-RipeMD160 | Full-Disk encryptions (FDE)",
+ " X | 2 = PBKDF2-HMAC-SHA512 | Full-Disk encryptions (FDE)",
+ " X | 3 = PBKDF2-HMAC-Whirlpool | Full-Disk encryptions (FDE)",
+ " X | 4 = PBKDF2-HMAC-RipeMD160 + boot-mode | Full-Disk encryptions (FDE)",
+ " X | 5 = PBKDF2-HMAC-SHA256 | Full-Disk encryptions (FDE)",
+ " X | 6 = PBKDF2-HMAC-SHA256 + boot-mode | Full-Disk encryptions (FDE)",
+ " Y | 1 = XTS 512 bit pure AES | Full-Disk encryptions (FDE)",
+ " Y | 1 = XTS 512 bit pure Serpent | Full-Disk encryptions (FDE)",
+ " Y | 1 = XTS 512 bit pure Twofish | Full-Disk encryptions (FDE)",
+ " Y | 2 = XTS 1024 bit pure AES | Full-Disk encryptions (FDE)",
+ " Y | 2 = XTS 1024 bit pure Serpent | Full-Disk encryptions (FDE)",
+ " Y | 2 = XTS 1024 bit pure Twofish | Full-Disk encryptions (FDE)",
+ " Y | 2 = XTS 1024 bit cascaded AES-Twofish | Full-Disk encryptions (FDE)",
+ " Y | 2 = XTS 1024 bit cascaded Serpent-AES | Full-Disk encryptions (FDE)",
+ " Y | 2 = XTS 1024 bit cascaded Twofish-Serpent | Full-Disk encryptions (FDE)",
+ " Y | 3 = XTS 1536 bit all | Full-Disk encryptions (FDE)",
+ " 9700 | MS Office <= 2003 $0|$1, MD5 + RC4 | Documents",
+ " 9710 | MS Office <= 2003 $0|$1, MD5 + RC4, collider #1 | Documents",
+ " 9720 | MS Office <= 2003 $0|$1, MD5 + RC4, collider #2 | Documents",
+ " 9800 | MS Office <= 2003 $3|$4, SHA1 + RC4 | Documents",
+ " 9810 | MS Office <= 2003 $3|$4, SHA1 + RC4, collider #1 | Documents",
+ " 9820 | MS Office <= 2003 $3|$4, SHA1 + RC4, collider #2 | Documents",
+ " 9400 | MS Office 2007 | Documents",
+ " 9500 | MS Office 2010 | Documents",
+ " 9600 | MS Office 2013 | Documents",
+ " 10400 | PDF 1.1 - 1.3 (Acrobat 2 - 4) | Documents",
+ " 10410 | PDF 1.1 - 1.3 (Acrobat 2 - 4), collider #1 | Documents",
+ " 10420 | PDF 1.1 - 1.3 (Acrobat 2 - 4), collider #2 | Documents",
+ " 10500 | PDF 1.4 - 1.6 (Acrobat 5 - 8) | Documents",
+ " 10600 | PDF 1.7 Level 3 (Acrobat 9) | Documents",
+ " 10700 | PDF 1.7 Level 8 (Acrobat 10 - 11) | Documents",
+ " 9000 | Password Safe v2 | Password Managers",
+ " 5200 | Password Safe v3 | Password Managers",
+ " 6800 | Lastpass + Lastpass sniffed | Password Managers",
+ " 6600 | 1Password, agilekeychain | Password Managers",
+ " 8200 | 1Password, cloudkeychain | Password Managers",
+ " 11300 | Bitcoin/Litecoin wallet.dat | Password Managers",
+ " 12700 | Blockchain, My Wallet | Password Managers",
+ " 13400 | Keepass 1 (AES/Twofish) and Keepass 2 (AES) | Password Managers",
"",
- "[[ Checksums ]]",
+ "#####################",
+ "## Outfile Formats ##",
+ "#####################",
"",
- " 11500 = CRC32",
+ " # | Format",
+ " ---+--------",
+ " 1 | hash[:salt]",
+ " 2 | plain",
+ " 3 | hash[:salt]:plain",
+ " 4 | hex_plain",
+ " 5 | hash[:salt]:hex_plain",
+ " 6 | plain:hex_plain",
+ " 7 | hash[:salt]:plain:hex_plain",
+ " 8 | crackpos",
+ " 9 | hash[:salt]:crack_pos",
+ " 10 | plain:crack_pos",
+ " 11 | hash[:salt]:plain:crack_pos",
+ " 12 | hex_plain:crack_pos",
+ " 13 | hash[:salt]:hex_plain:crack_pos",
+ " 14 | plain:hex_plain:crack_pos",
+ " 15 | hash[:salt]:plain:hex_plain:crack_pos",
"",
- "[[ Operating-Systems ]]",
+ "##########################",
+ "## Rule Debugging Modes ##",
+ "##########################",
"",
- " 3000 = LM",
- " 1000 = NTLM",
- " 1100 = Domain Cached Credentials (DCC), MS Cache",
- " 2100 = Domain Cached Credentials 2 (DCC2), MS Cache 2",
- " 12800 = MS-AzureSync PBKDF2-HMAC-SHA256",
- " 1500 = descrypt, DES(Unix), Traditional DES",
- " 12400 = BSDiCrypt, Extended DES",
- " 500 = md5crypt $1$, MD5(Unix)",
- " 3200 = bcrypt $2*$, Blowfish(Unix)",
- " 7400 = sha256crypt $5$, SHA256(Unix)",
- " 1800 = sha512crypt $6$, SHA512(Unix)",
- " 122 = OSX v10.4",
- " 122 = OSX v10.5",
- " 122 = OSX v10.6",
- " 1722 = OSX v10.7",
- " 7100 = OSX v10.8",
- " 7100 = OSX v10.9",
- " 7100 = OSX v10.10",
- " 6300 = AIX {smd5}",
- " 6700 = AIX {ssha1}",
- " 6400 = AIX {ssha256}",
- " 6500 = AIX {ssha512}",
- " 2400 = Cisco-PIX",
- " 2410 = Cisco-ASA",
- " 500 = Cisco-IOS $1$",
- " 5700 = Cisco-IOS $4$",
- " 9200 = Cisco-IOS $8$",
- " 9300 = Cisco-IOS $9$",
- " 22 = Juniper Netscreen/SSG (ScreenOS)",
- " 501 = Juniper IVE",
- " 5800 = Android PIN",
- " 8100 = Citrix Netscaler",
- " 8500 = RACF",
- " 7200 = GRUB 2",
- " 9900 = Radmin2",
- " 125 = ArubaOS",
+ " # | Format",
+ " ---+--------",
+ " 1 | Finding-Rule",
+ " 2 | Original-Word",
+ " 3 | Original-Word:Finding-Rule",
+ " 4 | Original-Word:Finding-Rule:Processed-Word",
"",
- "[[ Enterprise Application Software (EAS) ]]",
+ "##################",
+ "## Attack Modes ##",
+ "##################",
"",
- " 7700 = SAP CODVN B (BCODE)",
- " 7800 = SAP CODVN F/G (PASSCODE)",
- " 10300 = SAP CODVN H (PWDSALTEDHASH) iSSHA-1",
- " 8600 = Lotus Notes/Domino 5",
- " 8700 = Lotus Notes/Domino 6",
- " 9100 = Lotus Notes/Domino 8",
- " 133 = PeopleSoft",
- " 13500 = PeopleSoft Token",
+ " # | Mode",
+ " ---+------",
+ " 0 | Straight",
+ " 1 | Combination",
+ " 3 | Brute-force",
+ " 6 | Hybrid Wordlist + Mask",
+ " 7 | Hybrid Mask + Wordlist",
"",
- "[[ Archives ]]",
+ "#######################",
+ "## Built-in Charsets ##",
+ "#######################",
"",
- " 11600 = 7-Zip",
- " 12500 = RAR3-hp",
- " 13000 = RAR5",
- " 13200 = AxCrypt",
- " 13300 = AxCrypt in memory SHA1",
- " 13600 = WinZip",
+ " ? | Charset",
+ " ---+---------",
+ " l | abcdefghijklmnopqrstuvwxyz",
+ " u | ABCDEFGHIJKLMNOPQRSTUVWXYZ",
+ " d | 0123456789",
+ " s | !\"#$%%&'()*+,-./:;<=>?@[\\]^_`{|}~",
+ " a | ?l?u?d?s",
+ " b | 0x00 - 0xff",
"",
- "[[ Full-Disk encryptions (FDE) ]]",
+ "#########################",
+ "## OpenCL Device Types ##",
+ "#########################",
"",
- " 62XY = TrueCrypt",
- " X = 1 = PBKDF2-HMAC-RipeMD160",
- " X = 2 = PBKDF2-HMAC-SHA512",
- " X = 3 = PBKDF2-HMAC-Whirlpool",
- " X = 4 = PBKDF2-HMAC-RipeMD160 + boot-mode",
- " Y = 1 = XTS 512 bit (Ciphers: AES or Serpent or Twofish)",
- " Y = 2 = XTS 1024 bit (Ciphers: AES or Serpent or Twofish or AES-Twofish or Serpent-AES or Twofish-Serpent)",
- " Y = 3 = XTS 1536 bit (Ciphers: All)",
- " 8800 = Android FDE < v4.3",
- " 12900 = Android FDE (Samsung DEK)",
- " 12200 = eCryptfs",
- " 137XY = VeraCrypt",
- " X = 1 = PBKDF2-HMAC-RipeMD160",
- " X = 2 = PBKDF2-HMAC-SHA512",
- " X = 3 = PBKDF2-HMAC-Whirlpool",
- " X = 4 = PBKDF2-HMAC-RipeMD160 + boot-mode",
- " X = 5 = PBKDF2-HMAC-SHA256",
- " X = 6 = PBKDF2-HMAC-SHA256 + boot-mode",
- " Y = 1 = XTS 512 bit (Ciphers: AES or Serpent or Twofish)",
- " Y = 2 = XTS 1024 bit (Ciphers: AES or Serpent or Twofish or AES-Twofish or Serpent-AES or Twofish-Serpent)",
- " Y = 3 = XTS 1536 bit (Ciphers: All)",
+ " # | Device Type",
+ " ---+-------------",
+ " 1 | CPU",
+ " 2 | GPU",
+ " 3 | FPGA, DSP, Co-Processor",
"",
- "[[ Documents ]]",
+ "#######################",
+ "## Workload Profiles ##",
+ "#######################",
"",
- " 9700 = MS Office <= 2003 MD5 + RC4, oldoffice$0, oldoffice$1",
- " 9710 = MS Office <= 2003 MD5 + RC4, collider-mode #1",
- " 9720 = MS Office <= 2003 MD5 + RC4, collider-mode #2",
- " 9800 = MS Office <= 2003 SHA1 + RC4, oldoffice$3, oldoffice$4",
- " 9810 = MS Office <= 2003 SHA1 + RC4, collider-mode #1",
- " 9820 = MS Office <= 2003 SHA1 + RC4, collider-mode #2",
- " 9400 = MS Office 2007",
- " 9500 = MS Office 2010",
- " 9600 = MS Office 2013",
- " 10400 = PDF 1.1 - 1.3 (Acrobat 2 - 4)",
- " 10410 = PDF 1.1 - 1.3 (Acrobat 2 - 4) + collider-mode #1",
- " 10420 = PDF 1.1 - 1.3 (Acrobat 2 - 4) + collider-mode #2",
- " 10500 = PDF 1.4 - 1.6 (Acrobat 5 - 8)",
- " 10600 = PDF 1.7 Level 3 (Acrobat 9)",
- " 10700 = PDF 1.7 Level 8 (Acrobat 10 - 11)",
+ " # | Performance | Runtime | Power Consumption | Desktop Impact",
+ " ---+-------------+---------+-------------------+----------------",
+ " 1 | Low | 8 ms | Low | Minimal",
+ " 2 | Default | 16 ms | Economic | Noticeable",
+ " 3 | High | 96 ms | High | Unresponsive",
+ " 4 | Nightmare | 512 ms | Insane | Headless",
"",
- "[[ Password Managers ]]",
+ "If you have no idea what just happend, please visit the following pages:",
"",
- " 9000 = Password Safe v2",
- " 5200 = Password Safe v3",
- " 6800 = Lastpass",
- " 6600 = 1Password, agilekeychain",
- " 8200 = 1Password, cloudkeychain",
- " 11300 = Bitcoin/Litecoin wallet.dat",
- " 12700 = Blockchain, My Wallet",
- " 13400 = Keepass 1 (AES/Twofish) and Keepass 2 (AES)",
+ "* https://hashcat.net/wiki/#howtos_videos_papers_articles_etc_in_the_wild",
+ "* https://hashcat.net/wiki/#frequently_asked_questions",
"",
NULL
};