Pages

Subscribe:

Breaking The Crypt - Advanced Hash Cracking

Advanced Hash Cracking Techniques

This is a series of articles where I will cover the following topics:
  • GPU based Cracking using Open CL hashcat.
  • Amazon EC2 Cloud Computing for Cracking Hashes.
  • Pushing the envelope with JTR

The intended readers for this article are users who are familiar and well versed with the process of hash cracking using tools like JTR/Hashcat/Passwords Pro.

This article is not going to cover the basics of hash cracking and how you go about it.

Please note that most of the passwords I use as an example in this article are modified versions of the word, defcon. However, this concept can be extended to just about any dictionary word since I have covered most of the mangling rules.

Hash cracking tools like JTR have existed since a long time. As the hardware speeds have scaled up over the years, so have the hash cracking speeds. It provides us better opportunities to crack more hashes than we could have on the old Pentium Processors.

Cracking Hashes on GPU: Nvidia's CUDA and ATI's OpenCL gave developers a chance to port the hash cracking algorithms to GPUs. GPU's have a high parallel processing power and this is a big advantage over CPU's which do serial processing instead.

CPU's are good at performing complex instructions quickly and GPU on the other hand can perform many easy instructions quickly.

To discuss more in depth, I'll start with using oclhashcat as an example. Oclhashcat is developed by atom (hashcat team) and it's compatible with both Nvidia's CUDA based GPU's and ATI's Open CL GPUs.

You can get more details here:

oclHashcat-plus - advanced password recovery

Here, I present a few ways in which we can use this tool more effectively to get better success rates at cracking hashes.

Starting with the basic forms of attack:

Code:
./oclhashcat64.exe -m 0 -n 160 --remove -o foundMD5.txt md5.txt dict1.txt dict2.txt
m - specifies the type of hash we are attacking. Just type in, oclhashcat --help and scroll down to see all the hash types.

-m 0 is for Raw MD5 hashes.

-n 160 - This is for workload tuning of GPU and you might have to tweak it depending on your GPU. The higher the load on your GPU, the higher will be the operating temperature as well, something that you will have to keep in mind.

--remove - This option is quite useful. Oclhashcat will remove the hashes it has cracked from the hashlist so that it doesn't attempt to crack them again during another session.

-o by default, oclhashcat will display the cracked hashes on the console. But, since we want to save our results, it's a good idea to use this option and redirect the output to a text file. In this case, foundMD5.txt

md5.txt - the hash file. At present, oclhashcat expects the hash list to have only hashes in it and no usernames. Unlike the format which JTR accepts, here we need filter out any usernames from the list.

dict1.txt and dict2.txt - oclhashcat works on the concept of the left mask and right mask. It breaks every word into a left and right part and allows us to define how these parts are controlled.

This option is really useful, as we will see further in this article, how efficiently we can use this option.

It's compulsory to provide both a left mask and a right mask. You cannot give one and omit the other. In this case, dict1.txt is the left mask and dict2.txt is the right mask.

Ok, so that was just the basic. Let's get to more effective methods.

Code:
oclhashcat -m 0 -n 160 --remove -o foundMD5.txt md5.txt dict1.txt ?d?d?d?d
here the left mask is a dictionary however the right mask is a predefined charset.

These charsets are predefined by oclhashcat for digits, lowercase, uppercase and special chars.

Later we will see there are many more charsets defined as well for the more obscure passwords using characters from Unicode Charset.

This form of attack works good against passwords where a user has padded a sequence of chars at the end.

The above command will try all 4 digits padded to the password. But to have a higher success rate and to save our time, we have the option --increment

Code:
oclhashcat -m 0 -n 160 --remove -o foundMD5.txt md5.txt dict1.txt ?d?d?d?d --increment
This is a time saving option. It tries the following 4 right masks.

Code:
?d
?d?d
?d?d?d
?d?d?d?d
Makes life much easier.

We have been padding only digits at the end of our passwords. How do we attack patterns like, defcon@123. The good thing about masks is they give you complete control over every character position.

Code:
oclhashcat -m 0 -n 160 --remove -o foundMD5.txt md5.txt dict1.txt ?s?d?d?d
The above command will pad patterns like: @123, #276, $125 to the end of every word in the dictionary, dict1.txt.

But, there could be many more combinations of special chars and digits as well. For instance, defcon@1!2#

We can make our attacks more dynamic by binding the predefined charsets to masks.

Code:
oclhashcat -m 0 -n 160 --remove -o foundMD5.txt -1 ?d?s md5.txt dict1.txt ?1?1?1?1
The above command will bind the two predefined charsets, ?d and ?s to mask custom charset, ?1.

So, our right mask now becomes, ?1?1?1?1 providing us a better flexibility.

But what about the following patterns?

Code:
defcon@34
defcon#$!
defcon()
return();
We can use the --increment option combining it with the custom charset mask

Code:
oclhashcat -m 0 -n 160 --remove -o foundMD5.txt -1 ?d?s md5.txt dict1.txt ?1?1?1?1 --increment
So, far I have covered only passwords which have padded a sequence of characters to them. But, we have not touched our left mask, which is the dictionary at all.

Time to apply some modification rules to it as well.

in oclhashcat, the left mask and right mask can be controlled using -j and -k options.

-j allows the control over left mask and -k over right mask.

The correspondence between -j and -k to left and right mask respectively can be remembered easily by looking at the position of characters j and k on the keyboard. The left one corresponds to left mask and right one to right mask. It's not a big deal to remember, but just in case, it might help someone.

This time, we will attack following pattern:

Defcon@$a5

Code:
oclhashcat -m 0 -n 160 --remove -o foundMD5.txt -1 ?l?d?s -j U md5.txt dict1.txt ?1?1?1?1 --increment
The new option here is, -j U

U will convert the first char of left mask to uppercase for every word in the dictionary. And since in the padding we have, @$a5, I have binded the charsets, ?l?d?s to -1

More complex password patterns could remove a few chars from the dictionary and do padding instead.

For instance, defc@3$d

Here the letters, o and n are stripped off from the end of "defcon" and padded with @3$d instead. To attack such a pattern, we will do the same with our dictionary. This time, we will strip off the last 2 chars from every word of dictionary in the left mask and upper case the first one followed by the password padding.

Code:
oclhashcat -m 0 -n 160 --remove -o foundMD5.txt -1 ?l?d?s -j ]] dict1.txt ?1?1?1?1 --increment
-j ]] is the new option. The left square bracket, ']', will strip off one char from the end of the left mask and then apply the other masks as mentioned above.

So, far we have been using dictionary as one of our masks. If we are targeting a fast hashing algorithm like, raw md5 or raw sha1, we can try a pure bruteforce attack as well.

Code:
oclhashcat -m 0 -n 160 --remove -o foundMD5.txt -1 ?l?d?s ?1?1?1?1 ?1?1?1?1 --increment
In this case, the left mask remains constant at ?1?1?1?1 and right mask is incremented from ?1 to ?1?1?1?1.

It's important to understand that, the load on GPU depends on the amount of different combinations in the mask.

for instance, if you are running an attack with the right mask set to ?1?1 and getting a lower hashing speed. That doesn't mean the performance of your hardware is down.

It just means, you are not utilizing the full power of your GPU. The essence of this is, you need to keep the GPU busy with as many combinations as possible to get the best out of it.

I have covered different ways of using the left mask and right mask. Most of the techniques apply the same to both left and right mask with a few exceptions as listed below:

-k instead of -j. As mentioned above, to control the words in the right mask, we need to use -k instead of -j.

Code:
oclhashcat -m 0 -n 160 --remove -o foundMD5.txt md5.txt -1 ?l?d?s -k ]]]] ?1?1?1?1 dict1.txt
This will strip the last 4 characters from the second dictionary and use pad them to the left mask.

--increment option - While we can use the --increment option with the right mask to save time. The same option cannot be used with the left mask.

so, the following command won't work.

Code:
oclhashcat -m 0 -n 160 --remove -o foundMD5.txt md5.txt -1 ?d?u?l?s ?1?1?1?1 --increment dict1.txt
Date Pattern:

An interesting example. Some people use their passwords in the form of dates and believe me, these are hard to bruteforce. Since, they have special characters in between digits and it's not possible to find a word like this in dictionary.

Patterns such as:

Code:
08/10/83
10-04-12
03.07.09
Masks to the rescue!

Once again, masks can make this task really easy.

Code:
oclhashcat -m 0 -n 160 --remove -o foundMD5.txt md5.txt ?d?d?s?d ?d?s?d?d
This covers a few advanced techniques of using oclhashcat. Please note that this list is not exhaustive and you are not limited to only the above combinations.

From an advanced decrypting standpoint, we have only scratched the surface. There's a lot more to it.

c0d3inj3cT