Table of Contents
Hashcat
Return to Red Team Tools, Red Team or Password cracking
“Red team members and penetration testers need to know how to crack passwords with different password cracking techniques. In this course, Credential Access with Hashcat, you will learn about Hashcat, the number one offline password cracker. First, you will see how to launch a dictionary attack using Hashcat. Next, you will discover how you can crack more passwords when you launch a dictionary attack with a rule. Then, you will learn how to launch a dictionary attack with a mask, also known as a hybrid attack). Finally, you will explore how to use Hashcat to crack password-protected PDF and password-protected DOCX files. By the end of this course, you will know how to use Hashcat to crack passwords with different password cracking techniques.”
Fair Use Source: https://app.pluralsight.com/library/courses/credential-access-hashcat/description
By Dawid Czagan - @dawidczagan - SECURITY INSTRUCTOR
Credential Access with Hashcat
Creator of Hashcat: Jens Steube
- Hashcat is the no. 1 offline password cracker.
- Hashcat is available at https://hashcat.net
- You can use Hashcat to launch:
Red Team Kill Chain
MITRE ATT&CK
- MITRE ATT&CK Tactics:
- MITRE ATT&CK Tactics:
In MITRE ATT&CK Tactics, Hashcat is used for Red Team Credential Access with a T1110 Brute Force attack.
Websites
- pdf2john.pl, office2john.py (John the Ripper) - https://www.openwall.com/john
- Dictionaries and Probable Wordlists - https://github.com/berzerk0/Probable-Wordlists
- Electronic Frontier Foundation - https://www.eff.org/pl/deeplinks/2016/07/new-wordlists-random-passphrases