RevsUp Lab: Hashcat 05
resources:
Hashcat Wiki
oclHashcat Details
Poster Preparations
In this lab we will set up some methods of gathering and organizing information that could
be put onto your group's presentation poster. We want to focus on getting straight to relevant
information, so people walking by and reading the poster can quickly understand the process we
are outlining. Also, remember that you have had a couple weeks getting familiar with the topics
of hashing and hashcat itself, so focus on what we are accomplishing rather than getting too
specific. Let's begin by making a directory to organize any files we create. Call it something
like "Poster".
$ mkdir Poster
$ cd Poster
Graphics Card
Hashcat is GPU driven, and this is an important distinction to make. Think
about the reasons we are using graphics cards and what about the different graphics cards impacts
our performance. Make a file to store any thoughts you have, they could be placed on your poster later.
We can grab information about the graphics card of our system using linux commands. The lspci command
can display system information to the screen.
$ lspci Look for the portion that says VGA compatible controller
$ lspci -vnn | grep VGA -A 12 Will display more details regarding the graphics card
Keep track of the model and manufacturer of the graphics card on your system. Try searching the graphics card
and looking for the number of cores it has. We can compare this information to the GPU machine later.
Hashing
We have gone over the process of creating hashes, why they are needed for security, and what are the
different hashing algorithms. What makes hashes produced by a particular hashing algorithm harder/easer
to crack? What is a salt? Why is it useful? Try hashing some passwords and cracking them, taking note
of the changes in how long hashcat takes. How can you figure out the type of a hash without being directly
told?
General Information
Start thinking about all the different factors that go into your password cracking attempts. Take notes on
the dictionaries, combinations, and masks that you utilize. What is relevant information about each? The
number of lines in a dictionary let's you calculate the number of hashes in the worst case,
which also lets you make estimates for how long an attack might take. When we get into cracking the
passwords provided by the group there will be a wealth of relevant information. Try making tables
to keep track of your attacks. Possible info could be:
type of attack dictionaries/masks used Hashes/second Time to finish # of cracked Hashes
Your computers should have Libre Office and Libre Calc installed, these are equivalent to MS Office and Excel.
You can create quick tables in either program to help keep track of information and save it in your
Poster directory.
Attacks
Finally, brush up on the attack types you have learned so far. Think about the pros and cons to each attack.
In what situations are they useful? What is a logical order to attack a file of hashed passwords? Why?
Attacks
straight/dictionary/wordlist
combination
brute force
mask
hybrid