What is a Hashcat wordlist?
I'm trying to run my hashcat as automated and efficient as possible.
I have a file with NTLM hashes, I want to crack those with hashcat.
To start, I'd like to use a dictionary attack, something like rockyou, or another big word list with real passwords, I'll see what's going to be best to use. So for that, I'd go with something like
hashcat -a 0 -m 1000 hashesFile /opt/useful/SecLists/Passwords/Leaked-Databases/rockyou.txt
For the hashes that can't be cracked with the provided wordlists, I'd like to run a bruteforce attack for passwords between 8 and 12 characters, containing special characters, numbers lower + upper case letters. I don't really understand the mask attack though.
Also, is there a way to combine those two so the remaining hashes automatically are tried to crack with a mask attack?
Hashcat is a popular password cracker and designed to break even the most complex passwords representation. To do this, it enables the cracking of a specific password in multiple ways, combined with versatility and speed.
Password representations are primarily associated with hash keys, such as MD5, SHA, WHIRLPOOL, RipeMD, NTMLv1, NTMLv2 and so on. They are also defined as a one-way function — this is a mathematical operation that is easy to perform, but very difficult to reverse engineer.
Hashcat wordlist turns readable data into a garbled state (this is a random string of fixed-length size). Hashes do not allow someone to decrypt data with a specific key, as standard encryption protocols allow. Hashcat uses precomputed dictionaries, rainbow tables and even brute-force approaches to find an effective and efficient way to crack passwords.
How to crack hashes
The simplest way to crack a hash is to try first to guess the password. Each attempt is hashed and then is compared to the actual hashed value to see if they are the same, but the process can take a long time.
Dictionary and brute-force attacks are the most common ways of guessing passwords. These techniques make use of a file that contains words, phrases, common passwords and other strings that are likely to be used as a viable password.
It should be noted that there is no guaranteed way to prevent dictionary attacks or brute-force attacks.
Other approaches used to crack passwords:
Lookup tables: Hashes are pre-computed from a dictionary and then stored with their corresponding password into a lookup table structure.
Reverse lookup tables: This attack allows for a cyber attacker to apply a dictionary or brute-force attack to many hashes at the same time without having to pre-compute a lookup table.
Rainbow tables: Rainbow tables are a time-memory technique. They are similar to lookup tables, except that they sacrifice hash cracking speed to make the lookup tables smaller.
Hashing with salt: With this technique, the hashes are randomized by appending or prepending a random string, called a “salt.” This is applied to the password before hashing.