**resources:**

Hashcat Wiki

oclHashcat Details

Bute Forcing

Brute Forcing with Hashcat

Permutations

Combinations

In this lab we will review some hexadecimal, as well as go over a couple new methods of attack. To begin with, hexadecimal is a way of representing numbers much like decimal. In decimal you have 10 numbers to work with, 0-9. This is why we use the prefix deci(means 10). In hexadecimal you break down the two prefixes and add them together. Hexa(means 6) + deci(means 10), giving you 16. This is why people often refer to hexadecimal as base 16. The same rules apply for hex, the base number is the amount of numbers, or characters, that you have to work with. In hex you have access to 0-9, but also a-f. This means that instead of wrapping around to the number 10 in decimal, hex uses the letter a.

So why is hex relevant to hashcat? Because hashing algorithms will often output their hash in hexadecimal, and sometimes the salt is stored in hex as well. In order to properly attack a password hash, the program must know the difference. How is hashcat supposed to know that theDecimal10 a 11 b ...... 15 f 16 10 17 11 ...... 31 1f 32 20Hexadecimal

MD5 - 128 bits Number of bits in a hex digit - 4 128/4 = 32 hex digits in your MD5 hash

Look over the wikipedia article for brute forcing, as well as the hashcat article. Brute forcing is exactly what it sounds like, you try to crack a password by hashing and comparing every possible combination. This might sound simple, because it is. But with the simplicity comes a massive increase in time. Let's imagine a 4 digit password, only numbers.

How many different passwords could you have with just these two rules? The answer is the number of permutations, with repeating allowed. So we look at the number of possibilities in each space, 0-9.

10 10 10 10 = 10x10x10x10 = 10^4As you can see, this is quite the large number for quite the small password. Brute Forcing a password becomes exponentially more difficult as you increase the number of characters, and you increase the keyspace. This is why you will notice hashcat no longer has a wiki article specifically for brute forcing, because there is a similar method that is strictly more efficient.

Because at the worst a mask attack is equal to a brute force attack, it can only ever get better. By changing the keyspaces allowed to each index, you greatly reduce the number of possibilities. For instance:?a?a?a?a Every index can be any number, letter, or symbol, upper or lowercaseMask Attack

?l?l?l?l?d?d 26x26x26x26x10x10 ?a?a?a?a?a?a 97x97x97x97x97x97In the first example we have 4 lowercase letters followed by two numbers. This pattern has

10 9 8 7 = 10x9x8x7 = 10!/6!The numbers change depending on what is available, there are 26 letters, 26 uppercase letters, and numerous symbols. After you have finished the lab, attempt to complete the following questions.