Brute Force

Credential Stuffing

Password Cracking

Hashes Examples

Mode

Name

Example

900

MD4

afe04867ec7a3845145579a95f72eca7

MD5

8743b52063cd84097a65d1633f5c74f5

100

SHA1

b89eaac7e61417341b710b727768294d0e6a277b

1400

SHA256

127e6fbfe24a750e72930c220a8e138275656b8e5d8f48a98c3c92df2caba935

1700

SHA512

82a9dda829eb7f8ffe9fbe49e45d47d2dad9664fbb7adf72492e3c81ebd3e29134d9bc12212bf83c6840f10e8246b9db54a4859b7ccd0123d86e5872c1e5082f

5000

SHA-3(Keccak)

203f88777f18bb4ee1226627b547808f38d90d3e106262b5de9ca943b57137b6

6000

RipeMD160

012cb9b334ec1aeb71a9c8ce85586082467f7eb6

6100

Whirlpool

7ca8eaaaa15eaa4c038b4c47b9313e92da827c06940e69947f85bc0fbef3eb8fd254da220ad9e208b6b28f6bb9be31dd760f1fdb26112d83f87d96b416a4d258

3000

299bd128c1101fd6

1000

NTLM

b4b9b02e6f09a9bd760f388b67351e2b

5600

NetNTLMv2

admin::N46iSNekpT:08ca45b7d7ea58ee:88dcbe4446168966a153a0064958dac6:5c7830315c7830310000000000000b45c67103d07d7b95acd12ffa11230e0000000052920b85f78d013c31cdb3b92f5d765c783030

5500

NetNTLMv1

u4-netntlm::kNS:338d08f8e26de93300000000000000000000000000000000:9526fb8c23a90751cdd619b6cea564742e1e4bf33006ba41:cb8086049ec4736c

2100

DCC2

$DCC2$10240#testuser#042641eb192965b665a9e720869c1dbc

2500

WPA/WPA2

[http://hashcat.net/misc/example_hashes/hashcat.hccap](http://hashcat.net/misc/example_hashes/hashcat.hccap\

LM

hashcat -m 3000 -a 3 hash.txt

john --format=lm hash.txt

NTLM

john --format=nt hash.txt

hashcat -m 1000 -a 3 hash.txt

NTLMv1 (A.K.A. Net-NTLMv1)

john --format=netntlm hash.txt

hashcat -m 5500 -a 3 hash.txt

NetNTLMv2 (A.K.A. Net-NTLMv2)

john --format=netntlmv2 hash.txt

hashcat -m 5600 -a 3 hash.txt

DCC2

hashcat64.exe -a 0 -m 2100 --status -r .\OneRuleToRuleThemAll.rule -o found.txt hashes.txt rockyou.txt

Kerberos

hashcat64.exe -m 13100 hash passwords.txt --rules .\OneRuleToRuleThemAll.rule -O -w 3

ZIP

Zip password cracker, similar to fzc, zipcrack

fcrackzip -D -v -u -p /word/list/ fileZip

Unshadow

unshadow passwd shadow > result

john --wordlist=/....../rockyou.txt result

RSA Keys

RSA Keys' passphrases can be brute-forced using JTR by converting the key to the appropriate input format john can work with:

ssh2john id_rsa > id_rsa.john; john –wordlist=/usr/share/wordlists/rockyou.txt id_rsa.john

Wordlists

Password Guessing

Password Spraying

PreviousCredential Access NextCredentials from Password Stores

Last updated 5 years ago

Was this helpful?

hashtagCredential Stuffing

hashtagPassword Cracking

hashtagHashes Examples

hashtagLM

hashtagNTLM

hashtagNTLMv1 (A.K.A. Net-NTLMv1)

hashtagNetNTLMv2 (A.K.A. Net-NTLMv2)

hashtagDCC2

hashtagKerberos

hashtagZIP

hashtagUnshadow

hashtagRSA Keys

hashtagWordlists

hashtagPassword Guessing

hashtagPassword Spraying

Credential Stuffing

Password Cracking

Hashes Examples

LM

NTLM

NTLMv1 (A.K.A. Net-NTLMv1)

NetNTLMv2 (A.K.A. Net-NTLMv2)

DCC2

Kerberos

ZIP

Unshadow

RSA Keys

Wordlists

Password Guessing

Password Spraying