RevsUp Lab: Hashcat 05

resources:
Hashcat Wiki
oclHashcat Details

Poster Preparations

In this lab we will set up some methods of gathering and organizing information that could be put onto your group's presentation poster. We want to focus on getting straight to relevant information, so people walking by and reading the poster can quickly understand the process we are outlining. Also, remember that you have had a couple weeks getting familiar with the topics of hashing and hashcat itself, so focus on what we are accomplishing rather than getting too specific. Let's begin by making a directory to organize any files we create. Call it something like "Poster".
    $ mkdir Poster
    $ cd Poster
        

Graphics Card

Hashcat is GPU driven, and this is an important distinction to make. Think about the reasons we are using graphics cards and what about the different graphics cards impacts our performance. Make a file to store any thoughts you have, they could be placed on your poster later. We can grab information about the graphics card of our system using linux commands. The lspci command can display system information to the screen.
    $ lspci                                 Look for the portion that says VGA compatible controller
    $ lspci -vnn | grep VGA -A 12           Will display more details regarding the graphics card
        
Keep track of the model and manufacturer of the graphics card on your system. Try searching the graphics card and looking for the number of cores it has. We can compare this information to the GPU machine later.

Hashing

We have gone over the process of creating hashes, why they are needed for security, and what are the different hashing algorithms. What makes hashes produced by a particular hashing algorithm harder/easer to crack? What is a salt? Why is it useful? Try hashing some passwords and cracking them, taking note of the changes in how long hashcat takes. How can you figure out the type of a hash without being directly told?

General Information

Start thinking about all the different factors that go into your password cracking attempts. Take notes on the dictionaries, combinations, and masks that you utilize. What is relevant information about each? The number of lines in a dictionary let's you calculate the number of hashes in the worst case, which also lets you make estimates for how long an attack might take. When we get into cracking the passwords provided by the group there will be a wealth of relevant information. Try making tables to keep track of your attacks. Possible info could be:
    type of attack      dictionaries/masks used     Hashes/second       Time to finish      # of cracked Hashes
        
Your computers should have Libre Office and Libre Calc installed, these are equivalent to MS Office and Excel. You can create quick tables in either program to help keep track of information and save it in your Poster directory.

Attacks

Finally, brush up on the attack types you have learned so far. Think about the pros and cons to each attack. In what situations are they useful? What is a logical order to attack a file of hashed passwords? Why?
    Attacks
    straight/dictionary/wordlist
    combination
    brute force
    mask
    hybrid