Closed Patrick-DE closed 1 year ago
{ "name": "Hashcat", "phases": [ "02. Reconnaissance", "08. Credentials & User Impersonation" ], "category": "", "stealthy": false, "platforms": [ "Linux" ], "source": "https://hashcat.net/hashcat/", "description": "World's fastest password cracker\nWorld's first and only in-kernel rule engine", "undetected": [], "detected": [], "content": "# Hashcat\n\n\n## Commands\n- '-a 0' specifies the wordlist attack mode.\n- '-m 1000' specifies that the hash is NTLM.\n- 'C:\\Temp\\ntlm.txt' is a text file containing the NTLM hash to crack.\n- 'D:\\Tools\\rockyou.txt' is the wordlist.\n- '-r rules\\add-year.rule' is our custom rule file\n\n## Bruteforce NTLM\n- '-a 3' specifies the mask attack.\n- '?u?l?l?l?l?l?l?l?d' is the mask.\n\n| ? | Charset |\n| --- | -------------------------------------- |\n| l | abcdefghijklmnopqrstuvwxyz |\n| u | ABCDEFGHIJKLMNOPQRSTUVWXYZ |\n| d | 0123456789 |\n| h | 0123456789abcdef |\n| H | 0123456789ABCDEF |\n| s | '!\"#$%&'()*+,-./:;<=>?@[\\]^_''{ \\| }~' |\n| a | ?l?u?d?s |\n| b | 0x00 - 0xff |\n\n## [[Crack Credentials]]\n## Cracking NTLM\n''''''sh\nhashcat.exe -w 3 -r /rules/oneruletorulethemall -a 0 -m 1000 ntlm.txt C:\\Temp\\ntlm.txt D:\\Tools\\rockyou.txt\n''''''\n\n''''''beacon\nhashcat.exe -a 3 -m 1000 C:\\Temp\\ntlm.txt ?u?l?l?l?l?l?l?l?d\n''''''\n\n## Cracking krb5tgs\n''''''sh\nhashcat.exe -w 3 -r /rules/oneruletorulethemall -a 0 -m 13100 ntlm.txt C:\\Temp\\ntlm.txt D:\\Tools\\rockyou.txt\n''''''\n\n## Cracking krb5asrep\n''''''sh\nhashcat.exe -w 3 -r /rules/oneruletorulethemall -a 0 -m 18200 ntlm.txt C:\\Temp\\ntlm.txt D:\\Tools\\rockyou.txt\n''''''\n\n## Cracking netntlmv2\n'''sh\nhashcat.exe -w 3 -r /rules/oneruletorulethemall -a 0 -m 5600 ntlm.txt C:\\Temp\\ntlm.txt D:\\Tools\\rockyou.txt\n'''\n\n\n", "commands": [ { "id": "4dcdc386-2ceb-431c-acf6-a9c2d55130e9", "name": "Cracking NTLM", "description": "", "tag": "", "results": [], "cmd": "hashcat.exe -w 3 -r /rules/oneruletorulethemall -a 0 -m 1000 ntlm.txt C:\\Temp\\ntlm.txt D:\\Tools\\rockyou.txt" }, { "id": "e2ec4a29-5912-4fec-8b42-339a639391a7", "name": "Bruteforce NTLM", "description": "", "tag": "", "results": [], "cmd": "" }, { "id": "da7d5aea-fb2f-411d-bc82-b59f1c96a552", "name": "Cracking krb5tgs", "description": "", "tag": "", "results": [], "cmd": "hashcat.exe -w 3 -r /rules/oneruletorulethemall -a 0 -m 13100 ntlm.txt C:\\Temp\\ntlm.txt D:\\Tools\\rockyou.txt" }, { "id": "742234d5-3e4a-4261-b2b7-dad52e4200ae", "name": "Cracking krb5asrep", "description": "", "tag": "", "results": [], "cmd": "hashcat.exe -w 3 -r /rules/oneruletorulethemall -a 0 -m 18200 ntlm.txt C:\\Temp\\ntlm.txt D:\\Tools\\rockyou.txt" }, { "id": "2ae08370-f66a-4fac-bad8-da25f0af8ed9", "name": "Cracking netntlmv2", "description": "", "tag": "", "results": [], "cmd": "hashcat.exe -w 3 -r /rules/oneruletorulethemall -a 0 -m 5600 ntlm.txt C:\\Temp\\ntlm.txt D:\\Tools\\rockyou.txt" }, { "id": "64f215f3-7434-44fc-8dc1-2118e7db6a1c", "name": "Bruteforce Rules", "description": "", "tag": "", "results": [], "cmd": "-a 3 specifies the mask attack.\n?u?l?l?l?l?l?l?l?d is the mask.\n\n?\tCharset\n------------------------\nl\tabcdefghijklmnopqrstuvwxyz\nu\tABCDEFGHIJKLMNOPQRSTUVWXYZ\nd\t0123456789\nh\t0123456789abcdef\nH\t0123456789ABCDEF\ns\t!\"#$%&'()*+,-./:;<=>?@[\\]^_''{ | }~\na\t?l?u?d?s\nb\t0x00 - 0xff" } ] }