| Developer(s) | Jens 'atom' Steube, Gabriele 'matrix' Gristina |
|---|---|
| Stable release | |
| Repository | github |
| Operating system | Cross-platform |
| Type | Password cracking |
| License | MIT License |
| Website | www |
Hashcat is apassword recovery tool. It had a proprietary code base until 2015, but was then released as open source software. Versions are available for Linux, macOS, and Windows. Examples of hashcat-supported hashing algorithms areLM hashes,MD4,MD5,SHA-family andUnix Crypt formats as well as algorithms used inMySQL andCisco PIX.
Hashcat has received publicity because it is partly based on flaws in other software discovered by the creator of hashcat. An example was a flaw in1Password's password manager hashing scheme.[2] It has also been compared to similar software in aUsenix publication[3] and been described onArs Technica.[4]
Previously, two variants of hashcat existed:
With the release of hashcat v3.00, the GPU and CPU tools were merged into a single tool called hashcat. The CPU-only version became hashcat-legacy.[5] Both CPU and GPU now requireOpenCL.
Many of the algorithms supported by hashcat-legacy (such as MD5, SHA1, and others) can be cracked in a shorter time with the GPU-based hashcat.[6] However, not all algorithms can be accelerated by GPUs.Bcrypt is an example of this. Due to factors such as data-dependent branching, serialization, and memory (and more), oclHashcat/cudaHashcat weren't catchall replacements for hashcat-legacy.
hashcat-legacy is available for Linux, OSX and Windows.hashcat is available for macOS, Windows, and Linux with GPU, CPU and generic OpenCL support which allows for FPGAs and other accelerator cards.
$hashcat-d2-a0-m400-O-w4hashcat (v5.1.0) starting...OpenCL Platform #1: Intel(R) Corporation========================================* Device #1: Intel(R) Core(TM) i5-2500K CPU @ 3.30GHz, skipped.OpenCL Platform #2: NVIDIA Corporation======================================* Device #2: M1 chip, 1010/4041 MB allocatable, 13MCU* Device #3: Redmi note 11, skipped.Hashes: 1 digests; 1 unique digests, 1 unique saltsBitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotatesRules: 1Applicable optimizers:* Optimized-Kernel* Zero-Byte* Single-Hash* Single-SaltMinimum password length supported by kernel: 0Maximum password length supported by kernel: 55Watchdog: Temperature abort trigger set to 90cDictionary cache hit:* Filename..: example.dict* Passwords.: 128416* Bytes.....: 1069601* Keyspace..: 128416The wordlist or mask that you are using is too small.This means that hashcat cannot use the full parallel power of your device(s).Unless you supply more work, your cracking speed will drop.For tips on supplying more work, see: https://hashcat.net/faq/moreworkApproaching final keyspace - workload adjusted.$H$9y5boZ2wsUlgl2tI6b5PrRoADzYfXD1:hash234Session..........: hashcatStatus...........: CrackedHash.Type........: phpass, WordPress (MD5), phpBB3 (MD5), Joomla (MD5)Hash.Target......: $H$9y5boZ2wsUlgl2tI6b5PrRoADzYfXD1Time.Started.....: Thu Apr 25 05:10:35 2019 (0 secs)Time.Estimated...: Thu Apr 25 05:10:35 2019 (0 secs)Guess.Base.......: File (example.dict)Guess.Queue......: 1/1 (100.00%)Speed.#2.........: 2654.9 kH/s (22.24ms) @ Accel:128 Loops:1024 Thr:1024 Vec:1Recovered........: 1/1 (100.00%) Digests, 1/1 (100.00%) SaltsProgress.........: 128416/128416 (100.00%)Rejected.........: 0/128416 (0.00%)Restore.Point....: 0/128416 (0.00%)Restore.Sub.#2...: Salt:0 Amplifier:0-1 Iteration:1024-2048Candidates.#2....: 0 -> zzzzzzzzzzzHardware.Mon.#2..: Temp: 44c Fan: 40% Util: 50% Core:1265MHz Mem:3004MHz Bus:8Started: Thu Apr 25 05:10:32 2019Stopped: Thu Apr 25 05:10:37 2019
Hashcat offers multiple attack modes for obtaining effective and complex coverage over a hash's keyspace. These modes are:
The traditional bruteforce attack is considered outdated, and the Hashcat core team recommends the Mask-Attack as a full replacement.
Team Hashcat[9] (the official team of the Hashcat software composed of core Hashcat members) won first place in the KoreLogic "Crack Me If you Can" Competitions atDefCon in 2010,[10] 2012, 2014,[11] 2015,[12] and 2018, and atDerbyCon in 2017.
