Advanced Password Recovery Tool (Hash Cat)

By | July 31, 2012

Hash Cat

Features

  • Multi-Threaded
  • Free
  • Multi-Hash (up to 24 million hashes)
  • Multi-OS (Linux & Windows native binaries)
  • Multi-Algo (MD4, MD5, SHA1, DCC, NTLM, MySQL, …)
  • SSE2 accelerated
  • All Attack-Modes except Brute-Force and Permutation can be extended by rules
  • Very fast Rule-engine
  • Rules compatible with JTR and PasswordsPro
  • Possible to resume or limit session
  • Automatically recognizes recovered hashes from outfile at startup
  • Can automatically generate random rules
  • Load saltlist from external file and then use them in a Brute-Force Attack variant
  • Able to work in an distributed environment
  • Specify multiple wordlists or multiple directories of wordlists
  • Number of threads can be configured
  • Threads run on lowest priority
  • 30+ Algorithms implemented with performance in mind
  • … and much more

Hashcat Screenshot

Hashcat screenshot

Attack-Modes

  • Straight *
  • Combination *
  • Toggle-Case
  • Brute-Force
  • Permutation
  • Table-Lookup

* accept Rules

Algorithms

  • MD5
  • md5($pass.$salt)
  • md5($salt.$pass)
  • md5(md5($pass))
  • md5(md5(md5($pass)))
  • md5(md5($pass).$salt)
  • md5(md5($salt).$pass)
  • md5($salt.md5($pass))
  • md5($salt.$pass.$salt)
  • md5(md5($salt).md5($pass))
  • md5(md5($pass).md5($salt))
  • md5($salt.md5($salt.$pass))
  • md5($salt.md5($pass.$salt))
  • md5($username.0.$pass)
  • md5(strtoupper(md5($pass)))
  • SHA1
  • sha1($pass.$salt)
  • sha1($salt.$pass)
  • sha1(sha1($pass))
  • sha1(sha1(sha1($pass)))
  • sha1(strtolower($username).$pass)
  • MySQL
  • MySQL4.1/MySQL5
  • MD5(WordPress)
  • MD5(phpBB3)
  • MD5(Unix)
  • SHA-1(Base64)
  • SSHA-1(Base64)
  • SHA-1(Django)
  • MD4
  • NTLM
  • Domain Cached Credentials
  • MD5(Chap)
  • MSSQL
  • SHA256
  • MD5(APR)
  • SHA512
  • SHA-512(Unix)

Tested OS

  • All Windows and Linux versions should work on both 32 and 64 bit

Performance

  • Windows 7, 64 bit
  • Phenom II X6 T1090 @ 3.8 Ghz
  • hashcat v0.37, 64 bit
Name MD5
1 hash
MD5
500k hashes
WordPress
1 hash
hashcat (6 threads) 64.00M c/s 52.89M c/s 9.99k c/s
hashcat (1 thread) 10.66M c/s 8.86M c/s 1.67k c/s
  • Ubuntu 11.04, 64 bit
  • AMD Athlon(tm) 64 X2 Dual Core Processor 6000+
  • hashcat v0.37, 64 bit
Name SHA1
1 hash
NTLM
500k hashes
MySQL
1k hashes
hashcat (2 threads) 10.23M c/s 12.25M c/s 22.65M c/s
hashcat (1 thread) 5.22M c/s 6.35M c/s 12.03M c/s

Leave a Reply