Password hashing is the process of passing a plaintext password to a one-way function (hash function) that generates a hexadecimal string of a fixed length called a password hash. This function is chosen in such a manner that getting a hash from a plaintext password is very efficient while recovering the plaintext password from the hash is very difficult. Hence, the name “one-way function”. Password hashing serves as the last defense against the attacker because, even after getting his hands on the username and password hashes, the attacker still has to recover the plaintext passwords in order to use the credentials. In these labs, various types of hashes are provided along with the Hashcat tool. The user has to crack the given hash and recover the plaintext password.
What will you learn?
Cracking hashes with Hashcat using a dictionary and mask-based brute-force attacks.
References:
Hashcat (https://hashcat.net/hashcat/)
Labs Covered:
Crack MD5 hashes by launching a mask-based brute-force attack with Hashcat.
Crack salted MD5 hashes by launching a dictionary attack with Hashcat.
Crack the key for HMAC-SHA1 digest by launching a dictionary attack with Hashcat.
Crack CRC32 hashes by launching a dictionary attack with Hashcat.
Crack SHA-3 hashes by launching a dictionary attack with Hashcat.
Crack SHA-2 hashes by launching a mask-based brute-force attack with Hashcat.
Crack SHA-3 hashes by launching a dictionary attack with Hashcat.
Crack NTLM hashes by launching a mask-based brute-force attack with Hashcat.