Passwords associated with hash keys, such as MD5, SHA, WHIRLPOOL, RipeMD, etc.
Hashes are one-way functions —mathematical operation that is easy to perform, but very difficult to reverse engineer.
Hash functions turns readable data into a random string of fixed length size.
Hashes do not allow someone to decrypt data with a specific key, as standard encryption protocols allow.
2. Agenda • Introduction
• How to crack Hashes
• Hash cat - Features
• How to crack a password via a dictionary attack
• Results
• Conclusion
• References
3. Introduction • Passwords associated with hash keys, such as MD5,
SHA,WHIRLPOOL, RipeMD, etc.
• Hashes are one-way functions —mathematical
operation that is easy to perform, but very difficult to
reverse engineer.
• Hash functions turns readable data into a random
string of fixed length size.
• Hashes do not allow someone to decrypt data with a
specific key, as standard encryption protocols allow.
4. How to
Crack
Hashes
• Simplest way to crack a hash is to guess the password.
• Each attempt is hashed and then is compared to the
actual hashed value.
• Dictionary and brute-force - the most common ways of
guessing passwords.
• These make use of a file containing words, phrases,
common passwords, and other strings that are likely to
be used as a viable password.
5. Hash Cat
Features
• It is multi-threaded.
• It is multi-hash and multi-OS based (Linux,Windows and
OSX native binaries).
• It is multi-Algorithm based (MD4, MD5, SHA1, DCC,
NTLM, MySQL, etc.).
• All attack-modes can be extended by specialized rules.
• It is possible to resume or limit sessions automatically.
They recognize recovered hashes from the dump at
startup.
• It can load the salt list from the external file.This can be
used as a brute-force attack variant.
• The number of threads can be configured and executed
based on the lowest priority.
• It supports both hex-charset and hex-salt files.
• The 90+ Algorithm can be implemented with performance
and optimization in mind.
13. Results-
Brute
forcing
• Time to solve alphabetic passwords of various lengths
Word Time(Sec
onds)
z 0
hj 3
hft 5
lkuh 6
ksthq 15
gjdyhi 36
0
5
10
15
20
25
30
35
40
1 2 3 4 5 6
TimeVs Password Length
Alphabets Alphanumeric
Word Time(Sec
onds)
5 0
z4 2
$s3 4
78yh 6
dg67r 12
64dyhi 35
T
I
M
E
NO OF DIGITS
14. Conclusion • These passwords are weak, and it does not take much
effort or time to crack them.
• It is important to note that the simpler the password is,
the easier it will be to detect.
• Make your password into a long and complex one.
• Also, avoid using obvious personal information
• Never reuse passwords and
• Change them regularly.
Always exercise good habits when creating a
password for yourself!