Hashcat is a new password recovery software.
Download it here md5sum: ebe8f712e79c5bad1f6da3e8a770a1e3
hashcat is tested on XP, Win7, Gentoo, Debian
The main features of hashcat are:
* It is free.
* Native binaries for Linux and Windows.
* Multi-threaded.
* Supports the following hashes:
- MD5
- md5($pass.$salt)
- md5($salt.$pass)
- md5(md5($pass))
- md5(md5(md5($pass)))
- md5(md5($pass).$salt)
- md5(md5($salt).$pass)
- md5($salt.md5($pass))
- md5($salt.$pass.$salt)
- md5(md5($salt).md5($pass))
- md5(md5($pass).md5($salt))
- md5($salt.md5($salt.$pass))
- md5($salt.md5($pass.$salt))
- md5($username.0.$pass)
- md5(strtoupper(md5($pass)))
- SHA1
- sha1($pass.$salt)
- sha1($salt.$pass)
- sha1(sha1($pass))
- sha1(sha1(sha1($pass)))
- MySQL
- MySQL4.1/MySQL5
- MD5(WordPress)
- MD5(phpBB3)
- MD5(Unix)
- SHA-1(Base64)
- SSHA-1(Base64)
* Supports the following attacks:
- Straight-Words Attack
- Combination-Words Attack
- Toggle-Case Attack
- Brute-Force Attack
* All Attack-Modes except Brute-Force can be extended by Hybrid-Attack rules.
* Hybrid-Attack engine is mostly compatible with JTR / PasswordsPro.
* Possible to resume or limit session.
It also has some special features:
* Automatically recognizes already recovered hashes from outfile at startup.
* Automatically generate random rules for Hybrid-Attack.
* Load hashlist that include more than 3 million hashes of any supported type at once.
* Load saltlist from external file and then use them in a Brute-Force Attack variant.
* Able to work in an distributed environment.
There are some more things you should know:
* You can specify multiple wordlists and also multiple directories of wordlists.
* Number of threads can be configured.
* Threads run on lowest priority.
I want to thank the following people for supporting me with testing and giving me ideas:
hakre, legion, d3ad0ne, ErrorNeo, K9, skmpz
If you want to get in contact join #hashcat on IRC: irc.rizon.net:6667 ssl (+9999)
Read more at hashkiller.com
No comments:
Post a Comment