四虎免费视频,日韩 国产 欧美,色婷婷综合久久久中文字幕,午夜国产一级

Several attack modes of hashcat

2024-12-24 12:15:01

There are multiple attack modes for hashcat, check the full help with the parameter –help, you can see the "Attack Modes" table, as shown below:

6Hybrid Wordlist + Mask
7Hybrid Mask + Wordlist


This attack pattern is also known as "Dictionary Attack". Nothing to say, just given a dictionary, hashcat will read the contents of the dictionary line by line, calculate the hash value of each row, and compare it to the target hash value.


  hashcat -a 0 -m 400 example400.hash example.dict


Baidu told me that Combination is a noun that means: "Combination; Complex; password combinations; Pantyhose". This attack mode is as simple as combining the contents of two password dictionaries. Using this attack pattern requires no more and no less, no less, two password dictionaries to be specified. Suppose we have two password dictionaries dict1.txt and a dict2.txt that have the following contents:




then command:

  hashcat -m 0 -a 1 hash.txt dict1.txt dict2.txt

The dictionary that actually tried was:


The words in the dict1.txt are on the left, and the words in the dict2.txt are on the right, a total of 3×2=6.

The parameters associated with this model are:

  -j, --rule-left
  -k, --rule-right

The rule after -j acts on the left, and the rule after -k acts on the right, if you add the parameter -j '$-', then the dictionary you actually try is:


Add the argument -j '^!', and the dictionary you actually try is:


Add the -k '^>' argument and the dictionary you actually try is:


What are these rules? "$" and "^" are used in a similar way to regular expressions, so are they regular? Actually, no, the rules of hashcat are implemented by themselves, which is another big piece of content, see Rule-based Attack for details


Try a wide variety of combinations of given character sets. According to the official hashcat wiki, this method has become obsolete and has been replaced by Mask-Attack in all directions, so no research is done.

4.Mask Attack

This is a relatively new attack method, as shown below:

  hashcat -a 3 -m 0 md5.hash ?l?l?l?l?l

While the "Attack Modes" table shows that -a 3 corresponds to Brute-force, in reality, -a 3 uses Mask Attack. Mask Attack can be seen as an advanced Brute-force.

The -m parameter is used to specify the type of the hash function, and the md5.hash file stores the value of md5. The key is the last string "?l?l?l?l?l", which is called a mask.

A mask is a string of placeholders. "?l" is a placeholder, where "?" It is a keyword used to modify the "l" after it, and "?l" together represent a set of characters, in addition to "?l", it can also have "?u", "?d", "?h", "? H, ?s, ?a, and ?b, the following table shows the set of characters.

s! “#$%&'()*+,-./:; <=>?@[\]^_`~{|}
b0x00 – 0xff

In this way, we understand that "?l?l?l?l?l" is actually equivalent to a cipher dictionary:


In the same way, "?l?u?d" is equivalent to a cipher dictionary:


The character sets in the table above are built-in to hashcat, and we can also specify the character sets ourselves:


The parameter –custom-charsetN can be abbreviated to -N, e.g. –custom-charset1 can be abbreviated to -1. The set of characters specified with -N is represented in the mask with the placeholder "? N", for example:

  -1 abc123 ?1?1?1

It is equivalent to a password dictionary:


-N can be followed by a .hcchr file that stores a collection of characters, in addition to a string representing a collection of characters. hashcat comes with a number of .hcchr files, in the charsets/ directory of the installation package.

Placeholder "??" The set of characters represented is "?" Itself. In addition, the rest of the characters, when used as placeholders, represent the characters themselves, such as "?lwerner?d", which is equivalent to a cipher dictionary:


With the above knowledge, it is easy to understand mask. A mask consists of several placeholders, each of which is a collection of characters, and a mask is a combination of the sets of placeholder characters. The number of placeholders is equal to the length of the password. What are the advantages of such a design compared to simply giving a set of characters and password length?

Let's say we know that someone's password has 7 digits, the first digit is an uppercase letter, the next 3 digits are lowercase letters, and the last 3 digits are numbers. If it is a traditional brute force attack, it requires the character set a-z, A-Z, and 0-9, a total of 62 characters, and a maximum of 62^7=3 521 614 606 208 attempts, which is trillion-level. The password described by mask is "\u\l\l\l\d\d\d", which is easy to calculate, with a total of (26^4)×(10^3)=456 976 000 possibilities, which is at the level of 100 million, which is 4 orders of magnitude less than the previous method.

Taking a step back, even if we don't know the distribution of passwords, it is easy to simulate the effect of traditional brute force cracking with a mask.

Now the question is how many placeholders are dead when the mask is fixed, and what if we don't know the length of the password. If the password is only 3 digits, and we have 4 placeholders, we can't solve it, wouldn't it be a loss. Do you want to start with 1 and write all the masks of all lengths? That's a lot of trouble.

There are two workarounds, one is to use a mask file, write multiple masks in one file, and then specify this file in the command line. Note that the mask file needs to end with .hcmask.

For example, the content of test.hcmask is:


Use the file with the following command:

  hashcat -m 0 -a 3 --show md5.hash test.hcmask

Another workaround is to add the parameter –increment, which tells hashcat to try with a placeholder as we gave the mask, then two, three, until we give the given length. For example, we write the placeholder "abc" for this and then calculate the md5 value for the following string:


":" is the original string to be used to calculate the hash value, and ":" is followed by the calculated hasn value. Save the above in the file md5.hash and run the following command:

  hashcat -m 0 -a 3 --show --username md5.hash abc

Add the parameter –username because we have the original string in front of each hash value, if we don't add this parameter, hashcat will show that the correct hash value was not found, add this parameter, hashcat will think that the string before the hash value is the username of the hash value, so that the hash value can be loaded smoothly.

The result is that only one hash is solved:


Now add the parameter –increment and run it again:

  hashcat -m 0 -a 3 --show --increment --username md5.hash abc

This time, two more hashes were solved:


As you can see, –increment comes into play. But at the same time, we also know that with this parameter, hashcat will only try A, Ab and ABC in order, and will not arrange and combine placeholders in order, trying all kinds of possibilities.

5.Hybrid Attack

Hybrid Attack is similar to Combinator Attack, Combinator Attack is a combination of two dictionaries, and Hybrid Attack is a hybridization of a dictionary and a mask, and the two are similar.

Let's say we already have a dictionary example.dict that looks like this:


then command:

  hashcat -m 0 -a 6 md5.hash example.dict ?d?d

Equivalent to simply using a dictionary:


then command:

  hashcat -m 0 -a 7 md5.hash ?d? dexample.dict

Equivalent to simply using a dictionary:


Previous:How to use hashcat software to explode various hashes
Next:Hashcat usage method and technical sharing