guid是什么意思(win10系统硬盘格式是guid还是mbr)

工具简介

Hashcat自称是世界上最快的密码破解工具,在2015年之前为私有代码库,但现在作为免费软件发布,适用于Linux,OS X和Windows版本,Hashcat支持的散列算法有Microsoft LM哈希、MD4、MD5、SHA系列、Unix加密、MySQL和Cisco PIX等,Hashcat支持以下计算核心:

GPUCPUAPUDSPFPGACoprocessor

GPU的驱动要求:

AMD GPUs on Linux require \\\"RadeonOpenCompute (ROCm)\\\" Software Platform (1.6.180 or later)AMD GPUs on Windows require \\\"AMD Radeon Software Crimson Edition\\\" (15.12 or later)Intel CPUs require \\\"OpenCL Runtime for Intel Core and Intel Xeon Processors\\\" (16.1.1 or later)Intel GPUs on Linux require \\\"OpenCL 2.0 GPU Driver Package for Linux\\\" (2.0 or later)Intel GPUs on Windows require \\\"OpenCL Driver for Intel Iris and Intel HD Graphics\\\"NVIDIA GPUs require \\\"NVIDIA Driver\\\" (367.x or later)

参数介绍

下面是常见的参数,想了解更多的参数可以使用\\”hashcat –help\\”查看:

-a  指定要使用的破解模式,其值参考后面对参数, \\\"-a 0\\\"字典攻击,\\\"-a 1\\\" 组合攻击;\\\"-a 3\\\" 掩码攻击-m  指定要破解的hash类型,如果不指定类型,则默认是MD5-o  指定破解成功后的hash及所对应的明文密码的存放位置,可以用它把破解成功的hash写到指定的文件中--force 忽略破解过程中的警告信息,跑单条hash可能需要加上此选项--show  显示已经破解的hash及该hash所对应的明文--increment  启用增量破解模式,你可以利用此模式让hashcat在指定的密码长度范围内执行破解过程--increment-min  密码最小长度,后面直接等于一个整数即可,配置increment模式一起使用--increment-max  密码最大长度,同上--outfile-format 指定破解结果的输出格式id,默认是3--username   忽略hash文件中的指定的用户名,在破解linux系统用户密码hash可能会用到--remove     删除已被破解成功的hash-r       使用自定义破解规则

攻击模式

 0 | Straight(字段破解) 1 | Combination(组合破解) 3 | Brute-force(掩码暴力破解) 6 | Hybrid Wordlist + Mask(字典+掩码破解) 7 | Hybrid Mask + Wordlist(掩码+字典破解)

输出格式

    1 = hash[:salt]2 = plain3 = hash[:salt]:plain4 = hex_plain5 = hash[:salt]:hex_plain6 = plain:hex_plain7 = hash[:salt]:plain:hex_plain8 = crackpos9 = hash[:salt]:crackpos10 = plain:crackpos11 = hash[:salt]:plain:crackpos12 = hex_plain:crackpos13 = hash[:salt]:hex_plain:crackpos14 = plain:hex_plain:crackpos15 = hash[:salt]:plain:hex_plain:crackpos

    HASH ID

    关于Hash ID可以在Hashcat的Wiki上查看:

    https://hashcat.net/wiki/doku.php?id=hashcat

    - [ Hash modes ] -
    # | Name | Category ======+==================================================+====================================== 900 | MD4 | Raw Hash 0 | MD5 | Raw Hash 100 | SHA1 | Raw Hash 1300 | SHA2-224 | Raw Hash 1400 | SHA2-256 | Raw Hash 10800 | SHA2-384 | Raw Hash 1700 | SHA2-512 | Raw Hash 17300 | SHA3-224 | Raw Hash 17400 | SHA3-256 | Raw Hash 17500 | SHA3-384 | Raw Hash 17600 | SHA3-512 | Raw Hash 6000 | RIPEMD-160 | Raw Hash 600 | BLAKE2b-512 | Raw Hash 11700 | GOST R 34.11-2012 (Streebog) 256-bit, big-endian | Raw Hash 11800 | GOST R 34.11-2012 (Streebog) 512-bit, big-endian | Raw Hash 6900 | GOST R 34.11-94 | Raw Hash 5100 | Half MD5 | Raw Hash 18700 | Java Object hashCode() | Raw Hash 17700 | Keccak-224 | Raw Hash 17800 | Keccak-256 | Raw Hash 17900 | Keccak-384 | Raw Hash 18000 | Keccak-512 | Raw Hash 21400 | sha256(sha256_bin($pass)) | Raw Hash 6100 | Whirlpool | Raw Hash 10100 | SipHash | Raw Hash 21000 | BitShares v0.x - sha512(sha512_bin(pass)) | Raw Hash 10 | md5($pass.$salt) | Raw Hash, Salted and/or Iterated 20 | md5($salt.$pass) | Raw Hash, Salted and/or Iterated 3800 | md5($salt.$pass.$salt) | Raw Hash, Salted and/or Iterated 3710 | md5($salt.md5($pass)) | Raw Hash, Salted and/or Iterated 4110 | md5($salt.md5($pass.$salt)) | Raw Hash, Salted and/or Iterated 4010 | md5($salt.md5($salt.$pass)) | Raw Hash, Salted and/or Iterated 21300 | md5($salt.sha1($salt.$pass)) | Raw Hash, Salted and/or Iterated 40 | md5($salt.utf16le($pass)) | Raw Hash, Salted and/or Iterated 2600 | md5(md5($pass)) | Raw Hash, Salted and/or Iterated 3910 | md5(md5($pass).md5($salt)) | Raw Hash, Salted and/or Iterated 4400 | md5(sha1($pass)) | Raw Hash, Salted and/or Iterated 20900 | md5(sha1($pass).md5($pass).sha1($pass)) | Raw Hash, Salted and/or Iterated 21200 | md5(sha1($salt).md5($pass)) | Raw Hash, Salted and/or Iterated 4300 | md5(strtoupper(md5($pass))) | Raw Hash, Salted and/or Iterated 30 | md5(utf16le($pass).$salt) | Raw Hash, Salted and/or Iterated 110 | sha1($pass.$salt) | Raw Hash, Salted and/or Iterated 120 | sha1($salt.$pass) | Raw Hash, Salted and/or Iterated 4900 | sha1($salt.$pass.$salt) | Raw Hash, Salted and/or Iterated 4520 | sha1($salt.sha1($pass)) | Raw Hash, Salted and/or Iterated 140 | sha1($salt.utf16le($pass)) | Raw Hash, Salted and/or Iterated 19300 | sha1($salt1.$pass.$salt2) | Raw Hash, Salted and/or Iterated 14400 | sha1(CX) | Raw Hash, Salted and/or Iterated 4700 | sha1(md5($pass)) | Raw Hash, Salted and/or Iterated 4710 | sha1(md5($pass).$salt) | Raw Hash, Salted and/or Iterated 21100 | sha1(md5($pass.$salt)) | Raw Hash, Salted and/or Iterated 18500 | sha1(md5(md5($pass))) | Raw Hash, Salted and/or Iterated 4500 | sha1(sha1($pass)) | Raw Hash, Salted and/or Iterated 130 | sha1(utf16le($pass).$salt) | Raw Hash, Salted and/or Iterated 1410 | sha256($pass.$salt) | Raw Hash, Salted and/or Iterated 1420 | sha256($salt.$pass) | Raw Hash, Salted and/or Iterated 22300 | sha256($salt.$pass.$salt) | Raw Hash, Salted and/or Iterated 1440 | sha256($salt.utf16le($pass)) | Raw Hash, Salted and/or Iterated 20800 | sha256(md5($pass)) | Raw Hash, Salted and/or Iterated 20710 | sha256(sha256($pass).$salt) | Raw Hash, Salted and/or Iterated 1430 | sha256(utf16le($pass).$salt) | Raw Hash, Salted and/or Iterated 1710 | sha512($pass.$salt) | Raw Hash, Salted and/or Iterated 1720 | sha512($salt.$pass) | Raw Hash, Salted and/or Iterated 1740 | sha512($salt.utf16le($pass)) | Raw Hash, Salted and/or Iterated 1730 | sha512(utf16le($pass).$salt) | Raw Hash, Salted and/or Iterated 19500 | Ruby on Rails Restful-Authentication | Raw Hash, Salted and/or Iterated 50 | HMAC-MD5 (key = $pass) | Raw Hash, Authenticated 60 | HMAC-MD5 (key = $salt) | Raw Hash, Authenticated 150 | HMAC-SHA1 (key = $pass) | Raw Hash, Authenticated 160 | HMAC-SHA1 (key = $salt) | Raw Hash, Authenticated 1450 | HMAC-SHA256 (key = $pass) | Raw Hash, Authenticated 1460 | HMAC-SHA256 (key = $salt) | Raw Hash, Authenticated 1750 | HMAC-SHA512 (key = $pass) | Raw Hash, Authenticated 1760 | HMAC-SHA512 (key = $salt) | Raw Hash, Authenticated 11750 | HMAC-Streebog-256 (key = $pass), big-endian | Raw Hash, Authenticated 11760 | HMAC-Streebog-256 (key = $salt), big-endian | Raw Hash, Authenticated 11850 | HMAC-Streebog-512 (key = $pass), big-endian | Raw Hash, Authenticated 11860 | HMAC-Streebog-512 (key = $salt), big-endian | Raw Hash, Authenticated 11500 | CRC32 | Raw Checksum 14100 | 3DES (PT = $salt, key = $pass) | Raw Cipher, Known-Plaintext attack 14000 | DES (PT = $salt, key = $pass) | Raw Cipher, Known-Plaintext attack 15400 | ChaCha20 | Raw Cipher, Known-Plaintext attack 14900 | Skip32 (PT = $salt, key = $pass) | Raw Cipher, Known-Plaintext attack 11900 | PBKDF2-HMAC-MD5 | Generic KDF 12000 | PBKDF2-HMAC-SHA1 | Generic KDF 10900 | PBKDF2-HMAC-SHA256 | Generic KDF 12100 | PBKDF2-HMAC-SHA512 | Generic KDF 8900 | scrypt | Generic KDF 400 | phpass | Generic KDF 16900 | Ansible Vault | Generic KDF 12001 | Atlassian (PBKDF2-HMAC-SHA1) | Generic KDF 20200 | Python passlib pbkdf2-sha512 | Generic KDF 20300 | Python passlib pbkdf2-sha256 | Generic KDF 20400 | Python passlib pbkdf2-sha1 | Generic KDF 16100 | TACACS+ | Network Protocols 11400 | SIP digest authentication (MD5) | Network Protocols 5300 | IKE-PSK MD5 | Network Protocols 5400 | IKE-PSK SHA1 | Network Protocols 2500 | WPA-EAPOL-PBKDF2 | Network Protocols 2501 | WPA-EAPOL-PMK | Network Protocols 22000 | WPA-PBKDF2-PMKID+EAPOL | Network Protocols 22001 | WPA-PMK-PMKID+EAPOL | Network Protocols 16800 | WPA-PMKID-PBKDF2 | Network Protocols 16801 | WPA-PMKID-PMK | Network Protocols 7300 | IPMI2 RAKP HMAC-SHA1 | Network Protocols 10200 | CRAM-MD5 | Network Protocols 4800 | iSCSI CHAP authentication, MD5(CHAP) | Network Protocols 16500 | JWT (JSON Web Token) | Network Protocols 22600 | Telegram Desktop App Passcode (PBKDF2-HMAC-SHA1) | Network Protocols 22301 | Telegram Mobile App Passcode (SHA256) | Network Protocols 7500 | Kerberos 5, etype 23, AS-REQ Pre-Auth | Network Protocols 13100 | Kerberos 5, etype 23, TGS-REP | Network Protocols 18200 | Kerberos 5, etype 23, AS-REP | Network Protocols 19600 | Kerberos 5, etype 17, TGS-REP | Network Protocols 19700 | Kerberos 5, etype 18, TGS-REP | Network Protocols 19800 | Kerberos 5, etype 17, Pre-Auth | Network Protocols 19900 | Kerberos 5, etype 18, Pre-Auth | Network Protocols 5500 | NetNTLMv1 / NetNTLMv1+ESS | Network Protocols 5600 | NetNTLMv2 | Network Protocols 23 | Skype | Network Protocols 11100 | PostgreSQL CRAM (MD5) | Network Protocols 11200 | MySQL CRAM (SHA1) | Network Protocols 8500 | RACF | Operating System 6300 | AIX {smd5} | Operating System 6700 | AIX {ssha1} | Operating System 6400 | AIX {ssha256} | Operating System 6500 | AIX {ssha512} | Operating System 3000 | LM | Operating System 19000 | QNX /etc/shadow (MD5) | Operating System 19100 | QNX /etc/shadow (SHA256) | Operating System 19200 | QNX /etc/shadow (SHA512) | Operating System 15300 | DPAPI masterkey file v1 | Operating System 15900 | DPAPI masterkey file v2 | Operating System 7200 | GRUB 2 | Operating System 12800 | MS-AzureSync PBKDF2-HMAC-SHA256 | Operating System 12400 | BSDi Crypt, Extended DES | Operating System 1000 | NTLM | Operating System 122 | macOS v10.4, macOS v10.5, MacOS v10.6 | Operating System 1722 | macOS v10.7 | Operating System 7100 | macOS v10.8+ (PBKDF2-SHA512) | Operating System 9900 | Radmin2 | Operating System 5800 | Samsung Android Password/PIN | Operating System 3200 | bcrypt $2*$, Blowfish (Unix) | Operating System 500 | md5crypt, MD5 (Unix), Cisco-IOS $1$ (MD5) | Operating System 1500 | descrypt, DES (Unix), Traditional DES | Operating System 7400 | sha256crypt $5$, SHA256 (Unix) | Operating System 1800 | sha512crypt $6$, SHA512 (Unix) | Operating System 13800 | Windows Phone 8+ PIN/password | Operating System 2410 | Cisco-ASA MD5 | Operating System 9200 | Cisco-IOS $8$ (PBKDF2-SHA256) | Operating System 9300 | Cisco-IOS $9$ (scrypt) | Operating System 5700 | Cisco-IOS type 4 (SHA256) | Operating System 2400 | Cisco-PIX MD5 | Operating System 8100 | Citrix NetScaler (SHA1) | Operating System 22200 | Citrix NetScaler (SHA512) | Operating System 1100 | Domain Cached Credentials (DCC), MS Cache | Operating System 2100 | Domain Cached Credentials 2 (DCC2), MS Cache 2 | Operating System 7000 | FortiGate (FortiOS) | Operating System 125 | ArubaOS | Operating System 501 | Juniper IVE | Operating System 22 | Juniper NetScreen/SSG (ScreenOS) | Operating System 15100 | Juniper/NetBSD sha1crypt | Operating System 131 | MSSQL (2000) | Database Server 132 | MSSQL (2005) | Database Server 1731 | MSSQL (2012, 2014) | Database Server 12 | PostgreSQL | Database Server 3100 | Oracle H: Type (Oracle 7+) | Database Server 112 | Oracle S: Type (Oracle 11+) | Database Server 12300 | Oracle T: Type (Oracle 12+) | Database Server 7401 | MySQL $A$ (sha256crypt) | Database Server 200 | MySQL323 | Database Server 300 | MySQL4.1/MySQL5 | Database Server 8000 | Sybase ASE | Database Server 1421 | hMailServer | FTP, HTTP, SMTP, LDAP Server 8300 | DNSSEC (NSEC3) | FTP, HTTP, SMTP, LDAP Server 16400 | CRAM-MD5 Dovecot | FTP, HTTP, SMTP, LDAP Server 1411 | SSHA-256(Base64), LDAP {SSHA256} | FTP, HTTP, SMTP, LDAP Server 1711 | SSHA-512(Base64), LDAP {SSHA512} | FTP, HTTP, SMTP, LDAP Server 10901 | RedHat 389-DS LDAP (PBKDF2-HMAC-SHA256) | FTP, HTTP, SMTP, LDAP Server 15000 | FileZilla Server >= 0.9.55 | FTP, HTTP, SMTP, LDAP Server 12600 | ColdFusion 10+ | FTP, HTTP, SMTP, LDAP Server 1600 | Apache $apr1$ MD5, md5apr1, MD5 (APR) | FTP, HTTP, SMTP, LDAP Server 141 | Episerver 6.x < .NET 4 | FTP, HTTP, SMTP, LDAP Server 1441 | Episerver 6.x >= .NET 4 | FTP, HTTP, SMTP, LDAP Server 101 | nsldap, SHA-1(Base64), Netscape LDAP SHA | FTP, HTTP, SMTP, LDAP Server 111 | nsldaps, SSHA-1(Base64), Netscape LDAP SSHA | FTP, HTTP, SMTP, LDAP Server 7700 | SAP CODVN B (BCODE) | Enterprise Application Software (EAS) 7701 | SAP CODVN B (BCODE) from RFC_READ_TABLE | Enterprise Application Software (EAS) 7800 | SAP CODVN F/G (PASSCODE) | Enterprise Application Software (EAS) 7801 | SAP CODVN F/G (PASSCODE) from RFC_READ_TABLE | Enterprise Application Software (EAS) 10300 | SAP CODVN H (PWDSALTEDHASH) iSSHA-1 | Enterprise Application Software (EAS) 133 | PeopleSoft | Enterprise Application Software (EAS) 13500 | PeopleSoft PS_TOKEN | Enterprise Application Software (EAS) 21500 | SolarWinds Orion | Enterprise Application Software (EAS) 8600 | Lotus Notes/Domino 5 | Enterprise Application Software (EAS) 8700 | Lotus Notes/Domino 6 | Enterprise Application Software (EAS) 9100 | Lotus Notes/Domino 8 | Enterprise Application Software (EAS) 20600 | Oracle Transportation Management (SHA256) | Enterprise Application Software (EAS) 4711 | Huawei sha1(md5($pass).$salt) | Enterprise Application Software (EAS) 20711 | AuthMe sha256 | Enterprise Application Software (EAS) 12200 | eCryptfs | Full-Disk Encryption (FDE) 22400 | AES Crypt (SHA256) | Full-Disk Encryption (FDE) 14600 | LUKS | Full-Disk Encryption (FDE) 13711 | VeraCrypt RIPEMD160 + XTS 512 bit | Full-Disk Encryption (FDE) 13712 | VeraCrypt RIPEMD160 + XTS 1024 bit | Full-Disk Encryption (FDE) 13713 | VeraCrypt RIPEMD160 + XTS 1536 bit | Full-Disk Encryption (FDE) 13741 | VeraCrypt RIPEMD160 + XTS 512 bit + boot-mode | Full-Disk Encryption (FDE) 13742 | VeraCrypt RIPEMD160 + XTS 1024 bit + boot-mode | Full-Disk Encryption (FDE) 13743 | VeraCrypt RIPEMD160 + XTS 1536 bit + boot-mode | Full-Disk Encryption (FDE) 13751 | VeraCrypt SHA256 + XTS 512 bit | Full-Disk Encryption (FDE) 13752 | VeraCrypt SHA256 + XTS 1024 bit | Full-Disk Encryption (FDE) 13753 | VeraCrypt SHA256 + XTS 1536 bit | Full-Disk Encryption (FDE) 13761 | VeraCrypt SHA256 + XTS 512 bit + boot-mode | Full-Disk Encryption (FDE) 13762 | VeraCrypt SHA256 + XTS 1024 bit + boot-mode | Full-Disk Encryption (FDE) 13763 | VeraCrypt SHA256 + XTS 1536 bit + boot-mode | Full-Disk Encryption (FDE) 13721 | VeraCrypt SHA512 + XTS 512 bit | Full-Disk Encryption (FDE) 13722 | VeraCrypt SHA512 + XTS 1024 bit | Full-Disk Encryption (FDE) 13723 | VeraCrypt SHA512 + XTS 1536 bit | Full-Disk Encryption (FDE) 13771 | VeraCrypt Streebog-512 + XTS 512 bit | Full-Disk Encryption (FDE) 13772 | VeraCrypt Streebog-512 + XTS 1024 bit | Full-Disk Encryption (FDE) 13773 | VeraCrypt Streebog-512 + XTS 1536 bit | Full-Disk Encryption (FDE) 13731 | VeraCrypt Whirlpool + XTS 512 bit | Full-Disk Encryption (FDE) 13732 | VeraCrypt Whirlpool + XTS 1024 bit | Full-Disk Encryption (FDE) 13733 | VeraCrypt Whirlpool + XTS 1536 bit | Full-Disk Encryption (FDE) 16700 | FileVault 2 | Full-Disk Encryption (FDE) 20011 | DiskCryptor SHA512 + XTS 512 bit | Full-Disk Encryption (FDE) 20012 | DiskCryptor SHA512 + XTS 1024 bit | Full-Disk Encryption (FDE) 20013 | DiskCryptor SHA512 + XTS 1536 bit | Full-Disk Encryption (FDE) 22100 | BitLocker | Full-Disk Encryption (FDE) 12900 | Android FDE (Samsung DEK) | Full-Disk Encryption (FDE) 8800 | Android FDE <= 4.3 | Full-Disk Encryption (FDE) 18300 | Apple File System (APFS) | Full-Disk Encryption (FDE) 6211 | TrueCrypt RIPEMD160 + XTS 512 bit | Full-Disk Encryption (FDE) 6212 | TrueCrypt RIPEMD160 + XTS 1024 bit | Full-Disk Encryption (FDE) 6213 | TrueCrypt RIPEMD160 + XTS 1536 bit | Full-Disk Encryption (FDE) 6241 | TrueCrypt RIPEMD160 + XTS 512 bit + boot-mode | Full-Disk Encryption (FDE) 6242 | TrueCrypt RIPEMD160 + XTS 1024 bit + boot-mode | Full-Disk Encryption (FDE) 6243 | TrueCrypt RIPEMD160 + XTS 1536 bit + boot-mode | Full-Disk Encryption (FDE) 6221 | TrueCrypt SHA512 + XTS 512 bit | Full-Disk Encryption (FDE) 6222 | TrueCrypt SHA512 + XTS 1024 bit | Full-Disk Encryption (FDE) 6223 | TrueCrypt SHA512 + XTS 1536 bit | Full-Disk Encryption (FDE) 6231 | TrueCrypt Whirlpool + XTS 512 bit | Full-Disk Encryption (FDE) 6232 | TrueCrypt Whirlpool + XTS 1024 bit | Full-Disk Encryption (FDE) 6233 | TrueCrypt Whirlpool + XTS 1536 bit | Full-Disk Encryption (FDE) 10400 | PDF 1.1 - 1.3 (Acrobat 2 - 4) | Documents 10410 | PDF 1.1 - 1.3 (Acrobat 2 - 4), collider #1 | Documents 10420 | PDF 1.1 - 1.3 (Acrobat 2 - 4), collider #2 | Documents 10500 | PDF 1.4 - 1.6 (Acrobat 5 - 8) | Documents 10600 | PDF 1.7 Level 3 (Acrobat 9) | Documents 10700 | PDF 1.7 Level 8 (Acrobat 10 - 11) | Documents 9400 | MS Office 2007 | Documents 9500 | MS Office 2010 | Documents 9600 | MS Office 2013 | Documents 9700 | MS Office <= 2003 $0/$1, MD5 + RC4 | Documents 9710 | MS Office <= 2003 $0/$1, MD5 + RC4, collider #1 | Documents 9720 | MS Office <= 2003 $0/$1, MD5 + RC4, collider #2 | Documents 9800 | MS Office <= 2003 $3/$4, SHA1 + RC4 | Documents 9810 | MS Office <= 2003 $3, SHA1 + RC4, collider #1 | Documents 9820 | MS Office <= 2003 $3, SHA1 + RC4, collider #2 | Documents 18400 | Open Document Format (ODF) 1.2 (SHA-256, AES) | Documents 18600 | Open Document Format (ODF) 1.1 (SHA-1, Blowfish) | Documents 16200 | Apple Secure Notes | Documents 15500 | JKS Java Key Store Private Keys (SHA1) | Password Managers 6600 | 1Password, agilekeychain | Password Managers 8200 | 1Password, cloudkeychain | Password Managers 9000 | Password Safe v2 | Password Managers 5200 | Password Safe v3 | Password Managers 6800 | LastPass + LastPass sniffed | Password Managers 13400 | KeePass 1 (AES/Twofish) and KeePass 2 (AES) | Password Managers 11300 | Bitcoin/Litecoin wallet.dat | Password Managers 16600 | Electrum Wallet (Salt-Type 1-3) | Password Managers 21700 | Electrum Wallet (Salt-Type 4) | Password Managers 21800 | Electrum Wallet (Salt-Type 5) | Password Managers 12700 | Blockchain, My Wallet | Password Managers 15200 | Blockchain, My Wallet, V2 | Password Managers 18800 | Blockchain, My Wallet, Second Password (SHA256) | Password Managers 16300 | Ethereum Pre-Sale Wallet, PBKDF2-HMAC-SHA256 | Password Managers 15600 | Ethereum Wallet, PBKDF2-HMAC-SHA256 | Password Managers 15700 | Ethereum Wallet, SCRYPT | Password Managers 22500 | MultiBit Classic .key (MD5) | Password Managers 22700 | MultiBit HD (scrypt) | Password Managers 11600 | 7-Zip | Archives 12500 | RAR3-hp | Archives 13000 | RAR5 | Archives 17200 | PKZIP (Compressed) | Archives 17220 | PKZIP (Compressed Multi-File) | Archives 17225 | PKZIP (Mixed Multi-File) | Archives 17230 | PKZIP (Mixed Multi-File Checksum-Only) | Archives 17210 | PKZIP (Uncompressed) | Archives 20500 | PKZIP Master Key | Archives 20510 | PKZIP Master Key (6 byte optimization) | Archives 14700 | iTunes backup < 10.0 | Archives 14800 | iTunes backup >= 10.0 | Archives 23001 | SecureZIP AES-128 | Archives 23002 | SecureZIP AES-192 | Archives 23003 | SecureZIP AES-256 | Archives 13600 | WinZip | Archives 18900 | Android Backup | Archives 13200 | AxCrypt | Archives 13300 | AxCrypt in-memory SHA1 | Archives 8400 | WBB3 (Woltlab Burning Board) | Forums, CMS, E-Commerce 2611 | vBulletin < v3.8.5 | Forums, CMS, E-Commerce 2711 | vBulletin >= v3.8.5 | Forums, CMS, E-Commerce 2612 | PHPS | Forums, CMS, E-Commerce 121 | SMF (Simple Machines Forum) > v1.1 | Forums, CMS, E-Commerce 3711 | MediaWiki B type | Forums, CMS, E-Commerce 4521 | Redmine | Forums, CMS, E-Commerce 11 | Joomla < 2.5.18 | Forums, CMS, E-Commerce 13900 | OpenCart | Forums, CMS, E-Commerce 11000 | PrestaShop | Forums, CMS, E-Commerce 16000 | Tripcode | Forums, CMS, E-Commerce 7900 | Drupal7 | Forums, CMS, E-Commerce 21 | osCommerce, xt:Commerce | Forums, CMS, E-Commerce 4522 | PunBB | Forums, CMS, E-Commerce 2811 | MyBB 1.2+, IPB2+ (Invision Power Board) | Forums, CMS, E-Commerce 18100 | TOTP (HMAC-SHA1) | One-Time Passwords 2000 | STDOUT | Plaintext 99999 | Plaintext | Plaintext 21600 | Web2py pbkdf2-sha512 | Framework 10000 | Django (PBKDF2-SHA256) | Framework 124 | Django (SHA-1) | Framework

    掩码设置

    下面是一些常见的掩码字符集:

    l | abcdefghijklmnopqrstuvwxyz            纯小写字母u | ABCDEFGHIJKLMNOPQRSTUVWXYZ            纯大写字母d | 0123456789                        纯数字h | 0123456789abcdef                    常见小写子目录和数字H | 0123456789ABCDEF                    常见大写字母和数字s | !\\\"#$%&\\\'()*+,-./:;<=>?@[\\\\]^_`{|}~         特殊字符a | ?l?u?d?s                           键盘上所有可见的字符b | 0x00 - 0xff                       可能是用来匹配像空格这种密码的

    下面举几个简单的例子来了解一下掩码的设置:

    八位数字密码:?d?d?d?d?d?d?d?d八位未知密码:?a?a?a?a?a?a?a?a前四位为大写字母,后面四位为数字:?u?u?u?u?d?d?d?d前四位为数字或者是小写字母,后四位为大写字母或者数字:?h?h?h?h?H?H?H?H前三个字符未知,中间为admin,后三位未知:?a?a?aadmin?a?a?a6-8位数字密码:--increment --increment-min 6 --increment-max 8 ?l?l?l?l?l?l?l?l6-8位数字+小写字母密码:--increment --increment-min 6 --increment-max 8 ?h?h?h?h?h?h?h?h

    如果我们想设置字符集为:abcd123456!@-+,那该怎么做呢?这就需要用到自定义字符集这个参数了,hashcat支持用户最多定义4组字符集:

      --custom-charset1 [chars]等价于 -1--custom-charset2 [chars]等价于 -2--custom-charset3 [chars]等价于 -3--custom-charset4 [chars]等价于 -4
      在掩码中用?1、?2、?3、?4来表示,例如:--custom-charset1 abcd123456!@-+ 然后我们就可以用\\\"?1\\\"去表示这个字符集了--custom-charset2 ?l?d 小写字母和数字-1 ?d?l?u ?1就表示数字+小写字母+大写字母

      工具使用

      数字破解

      a、7位数字破解

      hashcat64.exe -a 3 -m 0 --force 25c3e88f81b4853f2a8faacad4c871b6 ?d?d?d?d?d?d?d

      b、7位小写字母破解

      hashcat64.exe -a 3 -m 0 --force 7a47c6db227df60a6d67245d7d8063f3 ?l?l?l?l?l?l?l

      c、1-8位数字破解

      hashcat64.exe -a 3 -m 0 --force 4488cec2aea535179e085367d8a17d75 --increment --increment-min 1 --increment-max 8 ?d?d?d?d?d?d?d?d

      d、1-8位小写字母+数字破解

      hashcat64.exe -a 3 -m 0 --force ab65d749cba1656ca11dfa1cc2383102 --increment --increment-min 1 --increment-max 8 ?h?h?h?h?h?h?h?h

      e、特定字符集:123456abcdf!@+-

      hashcat64.exe -a 3 -1 123456abcdf!@+- 8b78ba5089b11326290bc15cf0b9a07d ?1?1?1?1?1#这里的-1和?1是数字1,不是字母l

      f、1-8为位符集:123456abcdf!@+-

      hashcat64.exe -a 3 -1 123456abcdf!@+- 9054fa315ce16f7f0955b4af06d1aa1b --increment --increment-min 1 --increment-max 8 ?1?1?1?1?1?1?1?1

      g、1-8位数字+大小写字母+可见特殊符号

        hashcat64.exe -a 3 -1 ?d?u?l?s d37fc9ee39dd45a7717e3e3e9415f65d --increment --increment-min 1 --increment-max 8 ?1?1?1?1?1?1?1?1或者:hashcat64.exe -a 3 d37fc9ee39dd45a7717e3e3e9415f65d --increment --increment-min 1 --increment-max 8 ?a?a?a?a?a?a?a?a
        字典破解

        参数\\”-a 0\\”用于指定字典破解模式,参数\\”-o\\”用于输出结果到文件中:

        hashcat64.exe -a 0 ede900ac1424436b55dc3c9f20cb97a8 password.txt -o result.txt
        批量破解
        hashcat64.exe -a 0 hash.txt password.txt -o result.txt

        guid是什么意思(win10系统硬盘格式是guid还是mbr)

        字典掩码
        hashcat64.exe -a 6 9dc9d5ed5031367d42543763423c24ee password.txt ?l?l?l?l?l
        MySQL

        guid是什么意思(win10系统硬盘格式是guid还是mbr)

        使用hashcat进行破解:

        hashcat64.exe -a 3 -m 300 --force 6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9 ?d?d?d?d?d?
        Sha512

        可以通过cat /etc/shadow获取:

        hashcat64.exe -a 3 -m 1800 --force $6$mxuA5cdy$XZRk0CvnPFqOgVopqiPEFAFK72SogKVwwwp7gWaUOb7b6tVwfCpcSUsCEk64ktLLYmzyew/xd0O0hPG/yrm2X. ?l?l?l?l

        不用整理用户名,使用–username:

        hashcat64.exe -a 3 -m 1800 --force qiyou:$6$QDq75ki3$jsKm7qTDHz/xBob0kF1Lp170Cgg0i5Tslf3JW/sm9k9Q916mBTyilU3PoOsbRdxV8TAmzvdgNjrCuhfg3jKMY1 ?l?l?l?l?l --username
        NT-Hash
        hashcat64.exe -a 3 -m 1000 209C6174DA490CAEB422F3FA5A7AE634 ?l?l?l?l?l
        LM-Hash
        hashcat64.exe -a 3 -m 3000 F0D412BD764FFE81AAD3B435B51404EE ?l?l?l?l?l
        MSSQL
        hashcat64.exe -a 3 -m 132 --force 0x01008c8006c224f71f6bf0036f78d863c3c4ff53f8c3c48edafb ?l?l?l?l?l?d?d?d
        WordP
        hashcat64.exe -a 3 -m 400 --force $P$BYEYcHEj3vDhV1lwGBv6rpxurKOEWY/ ?d?d?d?d?d?d
        DIscuz
        hashcat64.exe -a 3 -m 2611 --force 14e1b600b1fd579f47433b88e8d85291: ?d?d?d?d?d?d
        RAR密码

        首先使用rar2john(获取rar文件hash值

        http://openwall.info/wiki/_media/john/johntheripper-v1.8.0.12-jumbo-1-bleeding-e6214ceab-2018-02-07-win-x64.7z

        rar2john.exe 1.rar

        guid是什么意思(win10系统硬盘格式是guid还是mbr)

        之后进行破解:

        hashcat64.exe -a 3 -m 13000 --force $rar5$16$639e9ce8344c680da12e8bdd4346a6a3$15$a2b056a21a9836d8d48c2844d171b73d$8$04a52d2224ad082e ?d?d?d?d?d?d

        guid是什么意思(win10系统硬盘格式是guid还是mbr)

        hashcat支持RAR3-hp和 RAR5,官方示例如下:

          -m 参数    类型      示例 hash12500    RAR3-hp    $RAR3$*0*45109af8ab5f297a*adbf6c5385d7a40373e8f77d7b89d31713000    RAR5       $rar5$16$74575567518807622265582327032280$15$f8b4064de34ac02ecabfe
          ZIP密码

          首先使用zip2john获取文件的hash值:

          zip2john.exe 1.zip

          guid是什么意思(win10系统硬盘格式是guid还是mbr)

          之后使用hashcat进行破解:

          hashcat64.exe -a 3 -m 13600 $zip2$*0*3*0*554bb43ff71cb0cac76326f292119dfd*ff23*5*24b28885ee*d4fe362bb1e91319ab53*$/zip2$ --force ?d?d?d?d?d?d

          guid是什么意思(win10系统硬盘格式是guid还是mbr)

          Office密码

          获取office的hash值:

          python office2john.py 11.docx

          guid是什么意思(win10系统硬盘格式是guid还是mbr)

          之后使用hashcat进行破解:

          hashcat64.exe -a 3 -m 9600 $office$*2013*100000*256*16*e4a3eb62e8d3576f861f9eded75e0525*9eeb35f0849a7800d48113440b4bbb9c*577f8d8b2e1c5f60fed76e62327b38d28f25230f6c7dfd66588d9ca8097aabb9 --force ?d?d?d?d?d?d

          WIFI密码

          首先把我们的握手包转化为hccapx格式,现在最新版的hashcat只支持hccapx格式了,以前的hccap格式已经不支持了,官方在线转换:https://hashcat.net/cap2hccapx/

          hashcat64.exe -a 3 -m 2500 1.hccapx 1391040?d?d?d?d

          原创文章,作者:七芒星实验室,如若转载,请注明出处:https://www.sudun.com/ask/34127.html

          (0)
          七芒星实验室's avatar七芒星实验室
          上一篇 2024年4月6日 下午6:06
          下一篇 2024年4月6日 下午6:08

          相关推荐

          发表回复

          您的邮箱地址不会被公开。 必填项已用 * 标注