{"id":3007,"date":"2024-03-23T02:57:28","date_gmt":"2024-03-22T18:57:28","guid":{"rendered":"http:\/\/www.ccwifi.cc\/blogs\/?p=3007"},"modified":"2024-03-23T02:57:28","modified_gmt":"2024-03-22T18:57:28","slug":"hashcat%e6%94%af%e6%8c%81zip%e5%90%97%e7%8e%a9%e8%bd%achash2097","status":"publish","type":"post","link":"https:\/\/www.ccwifi.cc\/blogs\/2024\/03\/23\/hashcat%e6%94%af%e6%8c%81zip%e5%90%97%e7%8e%a9%e8%bd%achash2097\/","title":{"rendered":"hashcat\u652f\u6301zip\u5417 \u73a9\u8f6cHashcat \u5efa\u8bae\u6536\u85cf"},"content":{"rendered":"
\n

\u5728\u7ebfwifi\u8dd1\u5305 \u91d1\u521a\u5305\u8dd1\u5305 cap\u8dd1\u5305 hccapx ewsa\u5728\u7ebf \u5c31\u6765 \u63e1\u624b\u5305\u8dd1\u5305<\/a><\/strong><\/p>\n

\u5404\u4f4d\u597d \u53c8\u89c1\u9762\u4e86 \u6211\u662f\u66f9\u64cd \u4eca\u5929\u7ed9\u5927\u5bb6\u5e26\u6765\u4e00\u7bc7\u65b0\u7684\u6559\u7a0b<\/p>\n

\u5e0c\u671b\u5404\u4f4d\u7ec6\u5fc3\u5b66\u4e60 \u4f4e\u8c03\u7528\u7f51<\/p>\n<\/div>\n

\"hashcat\u652f\u6301zip\u5417\"<\/p>\n

Hashcat is an open-source password recovery tool that is currently considered the most powerful. You can visit the Hashcat.net website to learn more about this tool. Essentially, Hashcat 3.0 is an advanced password recovery tool that can utilize CPU or GPU resources to attack over 160 different types of password hashes. The HashCat software series supports CPU, NVIDIA GPU, and ATI GPU for password cracking. It is compatible with Windows and Linux platforms, but requires the installation of the officially specified version of the graphics card driver. Incorrect driver versions may cause the program to fail.<\/p>\n

\"hashcat\u652f\u6301zip\u5417\"<\/p>\n

HashCat is mainly divided into three versions: Hashcat, oclHashcat-plus, and oclHashcat-lite. The main differences between these three versions are as follows: HashCat only supports CPU cracking. oclHashcat-plus supports GPU cracking of multiple hashes and supports up to 77 different algorithms. oclHashcat-lite only supports GPU cracking of a single hash and supports only 32 types of hashes. However, it is optimized for algorithms and can achieve the highest speed for GPU cracking. If you are cracking a single ciphertext, it is recommended to use oclHashCat-lite. <\/p>\n

For Windows installation, you can download the binary file from the official website and use it directly after entering the directory.<\/p>\n

<\/span>git clone<\/span> https:\/\/github.com\/hashcat\/hashcat.git
cd<\/span> hashcat \/\/\u8fdb\u5165\u76ee\u5f55
sudo make 
sudo make install \/\/\u5b89\u88c5hashcat
<\/code><\/pre>\n
<\/span>l | abcdefghijklmnopqrstuvwxyz          \u7eaf\u5c0f\u5199\u5b57\u6bcd
u | ABCDEFGHIJKLMNOPQRSTUVWXYZ          \u7eaf\u5927\u5199\u5b57\u6bcd
d | 0123456789                          \u7eaf\u6570\u5b57
h | 0123456789abcdef                    \u5e38\u89c1\u5c0f\u5199\u5b50\u76ee\u5f55\u548c\u6570\u5b57
H | 0123456789ABCDEF                    \u5e38\u89c1\u5927\u5199\u5b57\u6bcd\u548c\u6570\u5b57
s |  !\"#$%&'()*+,-.\/:;?@[]^_`{|}~   \u7279\u6b8a\u5b57\u7b26
a | ?l?u?d?s                            \u952e\u76d8\u4e0a\u6240\u6709\u53ef\u89c1\u7684\u5b57\u7b26
b | 0x00 - 0xff                         \u53ef\u80fd\u662f\u7528\u6765\u5339\u914d\u50cf\u7a7a\u683c\u8fd9\u79cd\u5bc6\u7801\u7684
<\/span><\/code><\/pre>\n
For Linux installation, download the source code from GitHub to your local machine, then enter the directory and compile and install it. If the installation is successful, you can type “hashcat” in the command line to see the help documentation.<\/p>\n
Common parameters include:<\/p>\n
    \n
  • -m –hash-type=NUM: Specifies the hash type, with NUM referring to the hash category value as mentioned in the help information. If no m value is specified, it defaults to md5. For example, -m 1800 represents sha512 Linux encryption.<\/li>\n
  • -a –attack-mode: Specifies the attack mode, e.g., -a 3.<\/li>\n
  • -V –version: Displays version information.<\/li>\n
  • -h –help: Displays help information.<\/li>\n
  • –quiet: Enables quiet mode, suppressing output.<\/li>\n
  • -b –benchmark: Tests the computer’s cracking speed and displays hardware-related information.<\/li>\n<\/ul>\n
    In HashCat, the –attack-mode ? parameter can be used to specify the cracking mode.<\/p>\n
    Other mask settings include:<\/p>\n
      \n
    • ?l: Represents lowercase letters (a-z).<\/li>\n
    • ?u: Represents uppercase letters (A-Z).<\/li>\n
    • ?d: Represents digits (0-9).<\/li>\n
    • ?a: Represents all special characters on the keyboard.<\/li>\n
    • ?s: Represents all visible characters on the keyboard.<\/li>\n
    • ?h: Represents 8-bit hexadecimal characters from 0xc0 to 0xff.<\/li>\n
    • ?D: Represents 8-bit German characters.<\/li>\n
    • ?F: Represents 8-bit French characters.<\/li>\n
    • ?R: Represents 8-bit Russian characters.<\/li>\n<\/ul>\n
      <\/span>
      \u516b\u4f4d\u6570\u5b57\u5bc6\u7801\uff1a?d?d?d?d?d?d?d?d
      \u516b\u4f4d\u672a\u77e5\u5bc6\u7801\uff1a?a?a?a?a?a?a?a?a
      \u524d\u56db\u4f4d\u4e3a\u5927\u5199\u5b57\u6bcd\uff0c\u540e\u9762\u56db\u4f4d\u4e3a\u6570\u5b57\uff1a?u?u?u?u?d?d?d?d
      \u524d\u56db\u4f4d\u4e3a\u6570\u5b57\u6216\u8005\u662f\u5c0f\u5199\u5b57\u6bcd\uff0c\u540e\u56db\u4f4d\u4e3a\u5927\u5199\u5b57\u6bcd\u6216\u8005\u6570\u5b57\uff1a?h?h?h?h?H?H?H?H
      \u524d\u4e09\u4e2a\u5b57\u7b26\u672a\u77e5\uff0c\u4e2d\u95f4\u4e3aadmin\uff0c\u540e\u4e09\u4f4d\u672a\u77e5\uff1a?a?a?aadmin?a?a?a
      6-8\u4f4d\u6570\u5b57\u5bc6\u7801\uff1a--increment --increment-min 6 --increment-max 8 ?l?l?l?l?l?l?l?l
      6-8\u4f4d\u6570\u5b57+\u5c0f\u5199\u5b57\u6bcd\u5bc6\u7801\uff1a--increment --increment-min 6 --increment-max 8 ?h?h?h?h?h?h?h?h
      \u6bd4\u5982\u8bf4\u6211\u8981\u8bbe\u7f6e\u81ea\u5b9a\u4e49\u5b57\u7b26\u96c61\u4e3a\u5c0f\u5199+\u6570\u5b57\uff0c\u90a3\u4e48\u5c31\u52a0\u4e0a

      -- custom-charset1 ?l?d
      \u5982\u679c\u8981\u8bbe\u7f6e\u81ea\u5b9a\u4e49\u5b57\u7b26\u96c62\u4e3aabcd1234\uff0c\u90a3\u4e48\u5c31\u52a0\u4e0a

      --custom-charset2 abcd1234
      \u5982\u679c\u8981\u7834\u89e38\u4f4d\u7684\u5c0f\u5199+\u6570\u5b57\uff0c\u90a3\u4e48\u9700\u8981\u8bbe\u7f6e\u81ea\u5b9a\u4e49\u5b57\u7b26\u96c61\u4e3a

      --custom-charset1 ?l?d
      \u8bbe\u7f6e\u63a9\u7801\u4e3a?1?1?1?1?1?1?1?1\u3002 \u5982\u679c\u5df2\u77e5\u5bc6\u7801\u7684\u7b2c\u4e00\u4f4d\u4e3a\u6570\u5b57\uff0c\u957f\u5ea6\u4e3a8\u4f4d\uff0c\u540e\u51e0\u4f4d\u4e3a\u5927\u5199+\u5c0f\u5199\uff0c\u90a3\u4e48\u9700\u8981\u8bbe\u7f6e\u81ea\u5b9a\u4e49\u5b57\u7b26\u96c61\u4e3a

      --custom-charset1 ?l?u
      \u8bbe\u7f6e\u63a9\u7801\u4e3a?d?1?1?1?1?1?1?1
      <\/code><\/pre>\n
      <\/span>$ aircrack-ng  -J 
      <\/code><\/pre>\n
      <\/span>hashcat -m 2500 out.hccap.hccap  dics.txt
      <\/code><\/pre>\n
      For example, to crack a WPA\/PSK password, convert the cap file captured by airodump to hccap format. You can use online converters or aircrack-ng for conversion. The parameter commands are as follows:<\/p>\n
        \n
      • The first parameter: -m 2500 specifies the cracking mode as WPA\/PSK.<\/li>\n
      • The second parameter: The hccap format file is the converted file.<\/li>\n
      • The third parameter: dics.txt is the dictionary file.<\/li>\n<\/ul>\n
        <\/span>hashcat -m 2500 -a 3 handshake.hccap ?d?d?d?d?d?d?d?d
        <\/code><\/pre>\n
        <\/span>oclHashcat-plus64.exe --hash<\/span>-type 0 --attack-mode 0 d:md5.txt d:dict1.txt d:dict2.txt
        <\/code><\/pre>\n
        <\/span>crunch 8 8  0123456789 -o dic.txt
        <\/code><\/pre>\n
        Cracking a pure numeric password using a dictionary:
        \nDue to the influence of disk and memory speed, the speed of dictionary cracking cannot reach the maximum computational speed of the GPU. Generally, a 5GB dictionary can be completed within 10 minutes for MD5 cracking. To generate a dictionary for pure numbers, use the following command: crunch 8 8 0123456789 -o dic.txt. The generated pure numeric dictionary will be around 900MB.<\/p>\n
        <\/span>hashcat64.exe -m 0 -a 0 5ec822debe54b1935f78d9a6ab900a39 password.dict
        <\/code><\/pre>\n
        <\/span>hashcat64.exe -m 0 -a 0 md5_list.txt password.dict
        <\/code><\/pre>\n
        <\/span>hashcat64.exe -m 0 -a 3 3d9865a2843dcb59e7a6296c894732a4 ?d?d?d?d?d?d?d?d
        <\/code><\/pre>\n
        <\/span>hashcat64.bin -m 0 -a 0 hash.txt dict1.txt dict2.txt dict3.txt
        <\/code><\/pre>\n
        <\/span>hashcat -a 3 -m 0 --force ed2b1f468c5f915f3f1cf75d7068baae \"?d?d?d?d?d?d?d?d\"<\/span>
        <\/code><\/pre>\n
        <\/span>hashcat -a 3 -m 0 --force 4488cec2aea535179e085367d8a17d75 --increment --increment-min 1 --increment-max 8 \"?d?d?d?d?d?d?d?d\"<\/span>
        <\/code><\/pre>\n
        Loading a password dictionary and cracking a single MD5 hash.
        \nLoading a password dictionary and cracking multiple MD5 hashes.
        \nLoading multiple password dictionaries is only supported in “-a 0” mode.
        \nOther common brute-force attacks include:<\/p>\n
          \n
        • Brute-forcing an 8-digit numeric MD5 hash (2 seconds).<\/li>\n
        • Brute-forcing MD5 hashes from 1 to 8 digits.<\/li>\n<\/ul>\n
          <\/span>hashcat -a 3 -m 0 --force 80d41e1777e11df88fa2a02508112a6c \"?l?l?l?l?l?l?l?l\"<\/span>
          <\/code><\/pre>\n
          <\/span>hashcat -a 0 ede900ac1424436b55dc3c9f20cb97a8 password.txt -o result.txt
          <\/code><\/pre>\n
          <\/span>hashcat -a 0 hash.txt password.txt -o result.txt
          <\/code><\/pre>\n
          <\/span>hashcat -a 1 25f9e794323b453885f5181f1b624d0b pwd1.txt pwd2.txt
          <\/code><\/pre>\n
          <\/span>hashcat -a 6 9dc9d5ed5031367d42543763423c24ee password.txt \"?l?l?l?l?l\"<\/span>
          <\/code><\/pre>\n
          <\/span>select host,user,authentication_string from mysql.user;
          hashcat -a 0 -m 300 --force 81F5E21E35407D884A6CD4A731AEBFB6AF209E1B ~\/pwd<\/span>
          <\/code><\/pre>\n
          <\/span>hashcat -a 3 -m 132 --force 0x01008c8006c224f71f6bf0036f78d863c3c4ff53f8c3c48edafb \"?l?l?l?l?l?d?d?d\"<\/span>
          <\/code><\/pre>\n
          <\/span>NT-hash:
          hashcat -a 3 -m 1000 209C6174DA490CAEB422F3FA5A7AE634 \"?l?l?l?l?l\"<\/span>
          LM-hash:
          hashcat -a 3 -m 3000 --force F0D412BD764FFE81AAD3B435B51404EE \"?l?l?l?l?l\"<\/span>
          <\/code><\/pre>\n
          Brute-forcing an 8-character lowercase letter MD5 hash (11 minutes).
          \nUsing a dictionary to brute-force.
          \nBatch cracking hash.txt.
          \nDictionary + dictionary combination.
          \nDictionary + mask combination.
          \nBrute-forcing MySQL password (6 seconds).
          \nBrute-forcing MSSQL password.
          \nBrute-forcing Windows password.<\/p>\n
          <\/span>hashcat -a 3 -m 400 --force \"$P$BYEYcHEj3vDhV1lwGBv6rpxurKOEWY\/\"<\/span> \"?d?d?d?d?d?d\"<\/span>
          <\/code><\/pre>\n
          <\/span>hashcat -a 3 -m 2611 --force 14e1b600b1fd579f47433b88e8d85291: \"?d?d?d?d?d?d\"<\/span>
          <\/code><\/pre>\n
          <\/span>rar2john 1.rar
          hashcat -a 3 -m 13000 --force \"$rar5$16$639e9ce8344c680da12e8bdd4346a6a3$15$a2b056a21a9836d8d48c2844d171b73d$8$04a52d2224ad082e\"<\/span> \"?d?d?d?d?d?d\"<\/span>
          <\/code><\/pre>\n
          Brute-forcing WordPress password. The specific encryption script can be found in .\/wp-includes\/class-phpass.php, in the HashPassword function.
          \nBrute-forcing Discuz password (md5(md5(salt))).
          \nBrute-forcing RAR password (note whether it is rar5 or RAR3-hp mode).<\/p>\n
          <\/span>zip2john.exe 1.zip
          hashcat -a 3 -m 13600 \"$zip2$*0*3*0*554bb43ff71cb0cac76326f292119dfd*ff23*5*24b28885ee*d4fe362bb1e91319ab53*$\/zip2$\"<\/span> --force \"?d?d?d?d?d?d\"<\/span>
          <\/code><\/pre>\n
          <\/span>python \/usr\/share\/john\/office2john.py 11.docx
          hashcat -a 3 -m 9600 \"$office$*2013*100000*256*16*e4a3eb62e8d3576f861f9eded75e0525*9eeb35f0849a7800d48113440b4bbb9c*577f8d8b2e1c5f60fed76e62327b38d28f25230f6c7dfd66588d9ca8097aabb9\"<\/span> --force \"?d?d?d?d?d?d\"<\/span>
          <\/code><\/pre>\n
          <\/span>hashcat hash<\/span> --show
          <\/code><\/pre>\n
          <\/p>\n","protected":false},"excerpt":{"rendered":"
          hashcat\u652f\u6301zip\u5417 \u73a9\u8f6cHashcat \u5efa\u8bae\u6536\u85cfHashcat\u662f\u5f53\u524d\u6700\u5f3a\u5927\u7684\u5f00\u6e90\u5bc6\u7801\u6062\u590d\u5de5\u5177\uff0c\u4f60\u53ef\u4ee5\u8bbf\u95eeHashcat.net\u7f51\u7ad9\u6765\u4e86\u89e3\u8fd9\u6b3e\u5de5\u5177\u7684\u8be6\u7ec6\u60c5\u51b5\u3002\u672c\u8d28\u4e0a\uff0cHashcat3.0\u662f\u4e00\u6b3e\u9ad8\u7ea7\u5bc6\u7801\u6062\u590d\u5de5\u5177<\/p>\n","protected":false},"author":1,"featured_media":3008,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"topic":[],"class_list":["post-3007","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-1"],"_links":{"self":[{"href":"https:\/\/www.ccwifi.cc\/blogs\/wp-json\/wp\/v2\/posts\/3007","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ccwifi.cc\/blogs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ccwifi.cc\/blogs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ccwifi.cc\/blogs\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ccwifi.cc\/blogs\/wp-json\/wp\/v2\/comments?post=3007"}],"version-history":[{"count":0,"href":"https:\/\/www.ccwifi.cc\/blogs\/wp-json\/wp\/v2\/posts\/3007\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.ccwifi.cc\/blogs\/wp-json\/wp\/v2\/media\/3008"}],"wp:attachment":[{"href":"https:\/\/www.ccwifi.cc\/blogs\/wp-json\/wp\/v2\/media?parent=3007"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ccwifi.cc\/blogs\/wp-json\/wp\/v2\/categories?post=3007"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ccwifi.cc\/blogs\/wp-json\/wp\/v2\/tags?post=3007"},{"taxonomy":"topic","embeddable":true,"href":"https:\/\/www.ccwifi.cc\/blogs\/wp-json\/wp\/v2\/topic?post=3007"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}