Hashcat v3.6.0 - World's Fastest and Most Advanced Password Recovery Utility

hashcat is the world's fastest and most advanced password recovery utility, supporting five unique modes of attack for over 200 highly-optimized hashing algorithms. hashcat currently supports CPUs, GPUs, and other hardware accelerators on Linux, Windows, and OSX, and has facilities to help enable distributed password cracking.

Installation

Download the latest release and unpack it in the desired location. Please remember to use 7z x when unpacking the archive from the command line to ensure full file paths remain intact.

GPU Driver requirements:

• AMD GPUs on Windows require "AMD Radeon Software Crimson Edition" (15.12 or later)
• AMD GPUs on Linux require "AMDGPU-PRO Driver" (16.40 or later)
• Intel CPUs require "OpenCL Runtime for Intel Core and Intel Xeon Processors" (16.1.1 or later)
• Intel GPUs on Windows require "OpenCL Driver for Intel Iris and Intel HD Graphics"
• Intel GPUs on Linux require "OpenCL 2.0 GPU Driver Package for Linux" (2.0 or later)
• NVIDIA GPUs require "NVIDIA Driver" (367.x or later)

Features

• World's fastest password cracker
• World's first and only in-kernel rule engine
• Free
• Open-Source (MIT License)
• Multi-OS (Linux, Windows and OSX)
• Multi-Platform (CPU, GPU, DSP, FPGA, etc., everything that comes with an OpenCL runtime)
• Multi-Hash (Cracking multiple hashes at the same time)
• Multi-Devices (Utilizing multiple devices in same system)
• Multi-Device-Types (Utilizing mixed device types in same system)
• Supports distributed cracking networks (using overlay)
• Supports interactive pause / resume
• Supports sessions
• Supports restore
• Supports reading password candidates from file and stdin
• Supports hex-salt and hex-charset
• Supports automatic performance tuning
• Supports automatic keyspace ordering markov-chains
• Built-in benchmarking system
• Integrated thermal watchdog
• 200+ Hash-types implemented with performance in mind
• ... and much more

Algorithms

• MD4
• MD5
• Half MD5 (left, mid, right)
• SHA1
• SHA-224
• SHA-256
• SHA-384
• SHA-512
• SHA-3 (Keccak)
• BLAKE2b-512
• SipHash
• Skip32
• RIPEMD-160
• Whirlpool
• DES (PT = $salt, key = $pass)
• 3DES (PT = $salt, key = $pass)
• ChaCha20
• GOST R 34.11-94
• GOST R 34.11-2012 (Streebog) 256-bit
• GOST R 34.11-2012 (Streebog) 512-bit
• md5($pass.$salt)
• md5($salt.$pass)
• md5(unicode($pass).$salt)
• md5($salt.unicode($pass))
• md5($salt.$pass.$salt)
• md5($salt.md5($pass))
• md5($salt.md5($salt.$pass))
• md5($salt.md5($pass.$salt))
• md5(md5($pass))
• md5(md5($pass).md5($salt))
• md5(strtoupper(md5($pass)))
• md5(sha1($pass))
• sha1($pass.$salt)
• sha1($salt.$pass)
• sha1(unicode($pass).$salt)
• sha1($salt.unicode($pass))
• sha1(sha1($pass))
• sha1($salt.sha1($pass))
• sha1(md5($pass))
• sha1($salt.$pass.$salt)
• sha1(CX)
• sha256($pass.$salt)
• sha256($salt.$pass)
• sha256(unicode($pass).$salt)
• sha256($salt.unicode($pass))
• sha512($pass.$salt)
• sha512($salt.$pass)
• sha512(unicode($pass).$salt)
• sha512($salt.unicode($pass))
• HMAC-MD5 (key = $pass)
• HMAC-MD5 (key = $salt)
• HMAC-SHA1 (key = $pass)
• HMAC-SHA1 (key = $salt)
• HMAC-SHA256 (key = $pass)
• HMAC-SHA256 (key = $salt)
• HMAC-SHA512 (key = $pass)
• HMAC-SHA512 (key = $salt)
• PBKDF2-HMAC-MD5
• PBKDF2-HMAC-SHA1
• PBKDF2-HMAC-SHA256
• PBKDF2-HMAC-SHA512
• MyBB
• phpBB3
• SMF (Simple Machines Forum)
• vBulletin
• IPB (Invision Power Board)
• WBB (Woltlab Burning Board)
• osCommerce
• xt:Commerce
• PrestaShop
• MediaWiki B type
• WordPress
• Drupal 7
• Joomla
• PHPS
• Django (SHA-1)
• Django (PBKDF2-SHA256)
• Episerver
• ColdFusion 10+
• Apache MD5-APR
• MySQL
• PostgreSQL
• MSSQL
• Oracle H: Type (Oracle 7+)
• Oracle S: Type (Oracle 11+)
• Oracle T: Type (Oracle 12+)
• Sybase
• hMailServer
• DNSSEC (NSEC3)
• IKE-PSK
• IPMI2 RAKP
• iSCSI CHAP
• CRAM-MD5
• MySQL CRAM (SHA1)
• PostgreSQL CRAM (MD5)
• SIP digest authentication (MD5)
• WPA
• WPA2
• NetNTLMv1
• NetNTLMv1+ESS
• NetNTLMv2
• Kerberos 5 AS-REQ Pre-Auth etype 23
• Kerberos 5 TGS-REP etype 23
• Netscape LDAP SHA/SSHA
• FileZilla Server
• LM
• NTLM
• Domain Cached Credentials (DCC), MS Cache
• Domain Cached Credentials 2 (DCC2), MS Cache 2
• DPAPI masterkey file v1 and v2
• MS-AzureSync PBKDF2-HMAC-SHA256
• descrypt
• bsdicrypt
• md5crypt
• sha256crypt
• sha512crypt
• bcrypt
• scrypt
• OSX v10.4
• OSX v10.5
• OSX v10.6
• OSX v10.7
• OSX v10.8
• OSX v10.9
• OSX v10.10
• iTunes backup < 10.0
• iTunes backup >= 10.0
• AIX {smd5}
• AIX {ssha1}
• AIX {ssha256}
• AIX {ssha512}
• Cisco-ASA MD5
• Cisco-PIX MD5
• Cisco-IOS $1$ (MD5)
• Cisco-IOS type 4 (SHA256)
• Cisco $8$ (PBKDF2-SHA256)
• Cisco $9$ (scrypt)
• Juniper IVE
• Juniper NetScreen/SSG (ScreenOS)
• Juniper/NetBSD sha1crypt
• Fortigate (FortiOS)
• Samsung Android Password/PIN
• Windows Phone 8+ PIN/password
• GRUB 2
• CRC32
• RACF
• Radmin2
• Redmine
• PunBB
• OpenCart
• Atlassian (PBKDF2-HMAC-SHA1)
• Citrix NetScaler
• SAP CODVN B (BCODE)
• SAP CODVN F/G (PASSCODE)
• SAP CODVN H (PWDSALTEDHASH) iSSHA-1
• PeopleSoft
• PeopleSoft PS_TOKEN
• Skype
• WinZip
• 7-Zip
• RAR3-hp
• RAR5
• AxCrypt
• AxCrypt in-memory SHA1
• PDF 1.1 - 1.3 (Acrobat 2 - 4)
• PDF 1.4 - 1.6 (Acrobat 5 - 8)
• PDF 1.7 Level 3 (Acrobat 9)
• PDF 1.7 Level 8 (Acrobat 10 - 11)
• MS Office <= 2003 MD5
• MS Office <= 2003 SHA1
• MS Office 2007
• MS Office 2010
• MS Office 2013
• Lotus Notes/Domino 5
• Lotus Notes/Domino 6
• Lotus Notes/Domino 8
• Bitcoin/Litecoin wallet.dat
• Blockchain, My Wallet
• Blockchain, My Wallet, V2
• 1Password, agilekeychain
• 1Password, cloudkeychain
• LastPass
• Password Safe v2
• Password Safe v3
• KeePass 1 (AES/Twofish) and KeePass 2 (AES)
• JKS Java Key Store Private Keys (SHA1)
• Ethereum Wallet, PBKDF2-HMAC-SHA256
• Ethereum Wallet, SCRYPT
• eCryptfs
• Android FDE <= 4.3
• Android FDE (Samsung DEK)
• TrueCrypt
• VeraCrypt
• LUKS
• Plaintext

Attack-Modes

• Straight ^*
• Combination
• Brute-force
• Hybrid dict + mask
• Hybrid mask + dict

^* accept Rules

Supported OpenCL runtimes

• AMD
• Apple
• Intel
• Mesa (Gallium)
• NVidia
• pocl

Supported OpenCL device types

• GPU
• CPU
• APU
• DSP
• FPGA
• Coprocessor

Download Hashcat

Read More

Dagon - Advanced Hash Manipulation

Named after the prince of Hell, Dagon (day-gone) is an advanced hash cracking and manipulation system, capable of bruteforcing multiple hash types, creating bruteforce dictionaries, automatic hashing algorithm verification, random salt generation from Unicode to ASCII, and much more.

Screenshots

Bruteforcing made easy with a built in wordlist creator if you do not specify one. The wordlist will create 100,000 strings to use

Verify what algorithm was used to create that hash you're trying to crack. You can specify to view all possible algorithms by providing the -L flag (some algorithms are not implemented yet)

Random salting, unicode random salting, or you can make your own choice on the salt.

Basic usage
For full functionality of Dagon please reference the homepage here
python dagon.py -h This will run the help menu and provide a list of all possible flags
python dagon.py -c <HASH> --bruteforce This will attempt to bruteforce a given hash
python dagon.py -l <FILE-PATH> --bruteforce This will attempt to bruteforce a given file full of hashes (one per line)
python dagon.py -v <HASH> This will try to verify the algorithm used to create the hash
python dagon.py -V <FILE-PATH> This will attempt to verify each hash in a file, one per line

Installation
Dagon requires python version 2.7.x to run successfully.

• git clone https://github.com/ekultek/dagon.git
• cd Dagon
• pip install -r requirements.txt

This should install all the dependencies that you will need to run Dagon

Contributions
All contributions are greatly appreciated and helpful. When you contribute you will get your name placed on the homepage underneath contributions with a link to your contribution. You will also get massive respect from me, and that's a pretty cool thing. What I'm looking for in contributions is some of the following:

• Hashing algorithm creations, specifically; A quicker MD2 algorithm, full Tiger algorithms, Keychain algorithms for cloud and agile
• More wordlists to download from, please make sure that the link is encoded
• Rainbow table attack implementation
• More regular expressions to verify different hash types

Download Dagon

Read More

John the Ripper 1.8.0-jumbo-1 - Fast Password Cracker

John the Ripper is a free password cracking software tool. Initially developed for the Unix operating system, it now runs on fifteen different platforms (eleven of which are architecture-specific versions of Unix, DOS, Win32, BeOS, and OpenVMS). It is one of the most popular password testing and breaking programs as it combines a number of password crackers into one package, autodetects password hash types, and includes a customizable cracker. It can be run against various encrypted password formats including several crypt password hash types most commonly found on various Unix versions (based on DES, MD5, or Blowfish), Kerberos AFS, and Windows NT/2000/XP/2003 LM hash. Additional modules have extended its ability to include MD4-based password hashes and passwords stored in LDAP, MySQL, and others.

John the Ripper 1.8.0-jumbo-1 is based on today’s code from the bleeding-jumbo branch on GitHub, which we’ve tried to make somewhat stable lately in preparation for this release.

You may notice that the source code archive size has increased from under 2 MB to over 20 MB. This is primarily due to the included .chr files, which are both bigger and more numerous than pre-1.8 ones. There are lots of source code additions, too.

In fact:

This is probably the biggest single jumbo update so far. The changes are too numerous to summarize – unfortunately, we haven’t been doing that during development, and it’d be a substantial effort to do it now, delaying the release to next year. So we chose to go ahead and release whatever we’ve got. (Of course, there are the many commit messages -but that’s not a summary.)

A really brief summary, though, is that there are new “formats” (meaning more supported hash and “non-hash” types, both on CPU and on GPU), various enhancements to existing ones, mask mode, better support for non-ASCII character sets, and of course all of 1.8.0’s features (including –fork and –node). And new bugs. Oh, and we’re now using autoconf, meaning that you need to “./configure” and “make”, with all the usual pros and cons of this approach. There’s a Makefile.legacy included, so you may “make -f Makefile.legacy” to try and build JtR the old way if you refuse to use autoconf… for now…and this _might_ even work… but you’d better bite the bullet. (BTW, I have no current plans on autoconf’ing non-jumbo versions of JtR.)

Due to autoconf, things such as OpenMP and OpenCL are now enabled automatically (if system support for them is detected during build). When this is undesirable, you may use e.g. “./configure –disable-openmp” or “./configure –disable-openmp-for-fast-formats” and run with –fork to achieve a higher cumulative c/s rate across the fork’ed processes.

Out of over 4800 commits since 1.7.9-jumbo-7, over 2600 are by magnum, making him the top contributor. Other prolific contributors are JimF, Dhiru Kholia, Claudio Andre, Frank Dittrich, Sayantan Datta.

There are also multiple commits by (or attributed to) Lukas Odzioba, ShaneQful, Alexander Cherepanov, rofl0r, bwall, Narendra Kangralkar, Tavis Ormandy, Spiros Fraganastasis, Harrison Neal, Vlatko Kosturjak, Aleksey Cherepanov, Jeremi Gosney, junmuz, Thiebaud Weksteen, Sanju Kholia, Michael Samuel, Deepika Dutta, Costin Enache, Nicolas Collignon, Michael Ledford. There are single commits by (or attributed to) many other contributors as well (including even one by atom of hashcat).

Download John the Ripper 1.8.0-jumbo-1

Read More

Hashcat-Utils - Set of small utilities that are useful in advanced password cracking

Hashcat-utils are a set of small utilities that are useful in advanced password cracking. They all are packed into multiple stand-alone binaries.

All of these utils are designed to execute only one specific function. Since they all work with STDIN and STDOUT you can group them into chains.

The programs are available for Linux and Windows on both 32 bit and 64 bit architectures. The programs are also available as open source.

List of Utilities

• combinator: This program is a stand-alone implementation of the Combinator Attack.
  Each word from file2 is appended to each word from file1 and then printed to STDOUT.
  Since the program is required to rewind the files multiple times it cannot work with STDIN and requires real files.
• cutb: This program (new in hashcat-utils-0.6) is designed to cut up a wordlist (read from STDIN) to be used in Combinator attack. Suppose you notice that passwords in a particular dump tend to have a common padding length at the beginning or end of the plaintext, this program will cut the specific prefix or suffix length off the existing words in a list and pass it to STDOUT.
• expander: This program has no parameters to configure. Each word going into STDIN is parsed and split into all its single chars, mutated and reconstructed and then sent to STDOUT.
  
  
  There are a couple of reconstructions generating all possible patterns of the input word by applying the following iterations:
  
  
  
  All possible lengths of the patterns within a maximum of 7 (defined in LEN_MAX macro, which you can increase in the source).
  All possible offsets of the word.
  Shifting the word to the right until a full cycle.
  Shifting the word to the left until a full cycle.
• gate: Each wordlist going into STDIN is parsed and split into equal sections and then passed to STDOUT based on the amount you specify. The reason for splitting is to distribute the workload that gets generated.The two important parameters are “mod” and “offset”.
  The mod value is the number of times you want to split your dictionary.
  The offset value is which section of the split is getting that feed.
• hcstatgen: Tool used to generate .hcstat files for use with the statsprocessor.
• len: Each word going into STDIN is parsed for its length and passed to STDOUT if it matches a specified word-length range.
• morph: Basically morph generates insertion rules for the most frequent chains of characters from the dictionary that you provide and that, per position.

Dictionary = Wordlist used for frequency analysis.

Depth = Determines what “top” chains that you want. For example 10 would give you the top 10 (in fact, it seems to start with value 0 so that 10 would give the top 11).Width = Max length of the chain. With 3 for example, you will get up to 3 rules per line for the most frequent 3 letter chains.pos_min = Minimum position where the insertion rule will be generated. For example 5 would mean that it will make rule to insert the string only from position 5 and up.pos_max = Maximum position where the insertion rule will be generated. For example 10 would mean that it will make rule to insert the string so that it’s end finishes at a maximum of position 10.

• permute: This program is a stand-alone implementation of the Permutation Attack. It has no parameters to configure. Each word going into STDIN is parsed and run through “The Countdown QuickPerm Algorithm” by Phillip Paul Fuchs.
• prepare: This program is made as an dictionary optimizer for the Permutation Attack. Due to the nature of the permutation algorithm itself, the input words “BCA” and “CAB” would produce exactly the same password candidates.
• req: Each word going into STDIN is parsed and passed to STDOUT if it matches an specified password group criteria. Sometimes you know that some password must include a lower-case char, a upper-case char and a digit to pass a specific password policy. That means checking passwords that do not match this policy will definitely not result in a cracked password. So we should skip it. This program is not very complex and it can not fully match all the common password policy criteria, but it does provide a little help.
• rli: compares a single file against another file(s) and removes all duplicates. rli can be very useful to clean your dicts and to have one unique set of dictionaries.
• rli2: Unlike rli, rli2 is not limited. But it requires infile and removefile to be sorted and uniqued before, otherwise it won’t work as it should.
• splitlen: This program is designed to be a dictionary optimizer for oclHashcat. oclHashcat has a very specific way of loading dictionaries, unlike hashcat or oclHashcat. The best way to organize your dictionaries for use with oclHashcat is to sort each word in your dictionary by its length into specific files, into a specific directory, and then to run oclHashcat in directory mode.

Download Hashcat-Utils

Read More

Hash Kracker v2.5 - All-in-one Hash Password Recovery Software

Hash Kracker is the free all-in-one tool to recover the hash password for multiple hash types.

Currently it supports password recovery from following popular Hash types

• MD5
• SHA1
• SHA256
• SHA384
• SHA512

It uses dictionary based cracking method which makes the cracking operation simple and easier.

Though it supports only Dictinary Crack method, you can easily use tools like Crunch, Cupp to generate brute-force based or any custom password list file and then use it with 'Hash Kracker'.

Download Hash Kracker v2.5

Read More

[Hashcat v0.47] The world’s fastest CPU-based password recovery tool

Hashcat is the world’s fastest CPU-based password recovery tool.

While it’s not as fast as its GPU counterparts oclHashcat-plus and oclHashcat-lite, large lists can be easily split in half with a good dictionary and a bit of knowledge of the command switches.

Changelog v0.47

• added -m 123 = EPi
• added -m 1430 = sha256(unicode($pass).$salt)
• added -m 1440 = sha256($salt.unicode($pass))
• added -m 1441 = EPiServer 6.x >= v4
• added -m 1711 = SSHA-512(Base64), LDAP {SSHA512}
• added -m 1730 = sha512(unicode($pass).$salt)
• added -m 1740 = sha512($salt.unicode($pass))
• added -m 7400 = SHA-256(Unix)
• added -m 7600 = Redmine SHA1
• debug mode can now be used also together with -g, generate rule
• support added for using external salts together with mode 160 = HMAC-SHA1 (key = $salt)
• allow empty salt/key for HMAC algos
• allow variable rounds for hash modes 500, 1600, 1800, 3300, 7400 using rounds= specifier
• added –generate-rules-seed, sets seed used for randomization so rulesets can be reproduced
• added output-format type 8 (position:hash:plain)
• updated/added some hcchr charset files in /charsets, some new files: Bulgarian, Polish, Hungarian
• format output when using –show according to the –outfile-format option
• show mask length in status screen
• –disable-potfile in combination with –show or –left resulted in a crash, combination was disallowed

Features

• Multi-Threaded
• Free
• Multi-Hash (up to 24 million hashes)
• Multi-OS (Linux, Windows and OSX native binaries)
• Multi-Algo (MD4, MD5, SHA1, DCC, NTLM, MySQL, …)
• SSE2, AVX and XOP accelerated
• All Attack-Modes except Brute-Force and Permutation can be extended by rules
• Very fast Rule-engine
• Rules compatible with JTR and PasswordsPro
• Possible to resume or limit session
• Automatically recognizes recovered hashes from outfile at startup
• Can automatically generate random rules
• Load saltlist from external file and then use them in a Brute-Force Attack variant
• Able to work in an distributed environment
• Specify multiple wordlists or multiple directories of wordlists
• Number of threads can be configured
• Threads run on lowest priority
• Supports hex-charset
• Supports hex-salt
• 90+ Algorithms implemented with performance in mind
• …and much more

Download hashcat v0.47

Read More

[Hashcat v0.46] Multi-Threaded Password Hash Cracking Tool

hashcat claims to be the world’s fastest CPU-based password recovery tool, while not as fast as GPU powered hash brute forcing (like CUDA-Multiforcer), it is still pretty fast.

hashcat was written somewhere in the middle of 2009. Yes, there were already close-to-perfect working tools supporting rule-based attacks like “PasswordsPro”, “John The Ripper”. However for some unknown reason, both of them did not support multi-threading. That was the only reason to write hashcat: To make use of the multiple cores of modern CPUs.

Granted, that was not 100% correct. John the Ripper already supported MPI using a patch, but at that time it worked only for Brute-Force attack. There was no solution available to crack plain MD5 which supports MPI using rule-based attacks.

Hashcat, from its first version, v0.01, was called “atomcrack”. This version was very poor, but at least the MD5 kernel was written in assembler utilizing SSE2 instructions and of course it was multi-threaded. It was a simple dictionary cracker, nothing more. But it was fast. Really fast. Some guys from the scene become interested in it and after one week there were around 10 beta testers. Everything worked fine and so requests for more algorithm types, a rule-engine for mutation of dictionaries, a windows version and different attack modes were added. These developments took around half a year, and were completely non-public.

Features

• Multi-Threaded
• Multi-Hash (up to 24 million hashes)
• Multi-OS (Linux, Windows and OSX native binaries)
• Multi-Algo (MD4, MD5, SHA1, DCC, NTLM, MySQL, …)
• SSE2, AVX and XOP accelerated
• All Attack-Modes except Brute-Force and Permutation can be extended by rules
• Very fast Rule-engine
• Rules compatible with JTR and PasswordsPro
• Possible to resume or limit session
• Automatically recognizes recovered hashes from outfile at startup
• Can automatically generate random rules
• Load saltlist from external file and then use them in a Brute-Force Attack variant
• Able to work in an distributed environment
• Specify multiple wordlists or multiple directories of wordlists
• Number of threads can be configured
• Threads run on lowest priority
• Supports hex-charset
• Supports hex-salt
• 80+ Algorithms implemented with performance in mind

Detailed documentation and command line switches can be found here – hashcat.

Download Hashcat v0.46

Read More

[John the Ripper v1.8.0] Fast Password Cracker

John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. Besides several crypt(3) password hash types most commonly found on various Unix systems, supported out of the box are Windows LM hashes, plus lots of other hashes and ciphers in the community-enhanced version.

John the Ripper is free and Open Source software, distributed primarily in source code form. If you would rather use a commercial product tailored for your specific operating system, please consider John the Ripper Pro, which is distributed primarily in the form of "native" packages for the target operating systems and in general is meant to be easier to install and use while delivering optimal performance.

Changelog v1.8.0

• Revised the incremental mode to let the current character counts grow for each character position independently, with the aim to improve efficiency in terms of successful guesses per candidate passwords tested.
• Revised the pre-defined incremental modes, as well as external mode filters that are used to generate .chr files.
• Added makechr, a script to (re-)generate .chr files.
• Enhanced the status reporting to include four distinct speed metrics (g/s, p/s, c/s, and C/s).
• Added the “–fork=N” and “–node=MIN[-MAX]/TOTAL” options for trivial parallel and distributed processing.
• In the external mode compiler, treat character literals as unsigned.
• Renamed many of the formats.
• Updated the documentation.
• Relaxed the license for many source files to cut-down BSD.
• Relaxed the license for John the Ripper as a whole from GPLv2 (exact version) to GPLv2 or newer with optional OpenSSL and unRAR exceptions.
• Assorted other changes have been made.

Download John the Ripper v1.8.0

Read More

[Hashcat v0.45] Advanced Password Recovery

* changes v0.44 -> v0.45:

Release with some new algorithms:

• AIX smd5
• AIX ssha1, ssha256, ssha512
• GOST R 34.11-94

We managed also to fix some bugs and implement some additional feature requests

Full changelog:

type: feature

file: hashcat-cli
desc: show status screen also when all hashes were recovered AND add start/stop time too

type: feature
file: hashcat-cli
desc: added -m 6300 = AIX {smd5}
cred: philsmd

type: feature
file: hashcat-cli
desc: added -m 6400 = AIX {ssha256}
cred: philsmd

type: feature
file: hashcat-cli
desc: added -m 6500 = AIX {ssha512}
cred: philsmd

type: feature
file: hashcat-cli
desc: added -m 6700 = AIX {ssha1}
cred: philsmd

type: feature
file: hashcat-cli
desc: added -m 6900 = GOST R 34.11-94
cred: Xanadrel

type: feature
file: hashcat-cli
desc: dropped predefined charsets ?h, ?F, ?G and ?R
trac: #55

type: feature
file: hashcat-cli
desc: added a collection of language-specific charset-files for use with masks
trac: #55

type: feature
file: hashcat-cli
desc: changed the E rule to lowercase all input before processing, its more intuitive
trac: #110

type: feature
file: rules
desc: added a more more complex leetspeak rules file from unix-ninja
trac: #112

type: feature
file: hashcat-cli
desc: changed outfile opts to line up with OCL style
trac: #120

type: feature
file: hashcat-cli
desc: --remove in combination w/ external salts should output plain hash files only (no salt)
trac: #153

type: bug
file: hashcat-cli
desc: fix progress line in status screen when all hashes were recovered

type: bug
file: hashcat-cli
desc: fix for some possible memory overflow problems

type: bug
file: hashcat-cli
desc: an external salt sort failure caused some hashes not to be checked against the digests
trac: #74

type: bug
file: hashcat-cli
desc: fixed a null-pointer dereference that can lead to a segmentation fault
trac: #104

type: bug
file: hashcat-cli
desc: fixed a bug if hashlist contains words with ascii character code >= 0x80
trac: #108

Download Hashcat v0.45

Read More

[Salted Hash Kracker v1.0] Tool to recover the Password from Salted Hash text

Salted Hash Kracker is the free all-in-one tool to recover the Password from Salted Hash text.

These days most websites and applications use salt based hash generation to prevent it from being cracked easily using precomputed hash tables such as Rainbow Crack. In such cases, 'Salted Hash Kracker' will help you to recover the lost password from salted hash text.

It also allow you to specify the salt position either in the beginning of password(salt+password) or at the end of the password (password+salt). In case you want to perform normal hash cracking without the salt then just leave the 'Salt field' blank.

Currently it supports password recovery from following popular Hash types

• MD5
• SHA1
• SHA256
• SHA384
• SHA512

It uses dictionary based cracking method which makes the cracking operation simple and easier. You can find good collection of password dictionaries (also called wordlist) here & here

It is fully portable and works on all Windows platforms starting from Windows XP to Windows 8.

Download Salted Hash Kracker v1.0

Read More

[Hash Kracker Console] Tool to find out the password from the Hash

Hash Kracker Console is the all-in-one command-line tool to find out the password from the Hash.

Currently it supports password recovery from following popular Hash types

• MD5
• SHA1
• SHA256
• SHA384
• SHA512

Also it offers 4 types of Password Recovery methods based on the complexity of password

• Dictionary Crack
• Hybrid Crack
• Brute-force Crack
• Pattern based Brute-force Crack

Being a command-line makes it faster and easy for automation. It is fully portable tool and includes installer also.

It works on wide range of platforms starting from Windows XP to Windows 8.

Download Hash Kracker Console v1.0
More

Read More

[oclHashcat-lite v0.15] Worlds fastest NTLM, MD5, SHA1, SHA256 and Descrypt Cracker

Features

• Worlds fastest NTLM, MD5, SHA1, SHA256 and descrypt cracker
• Free
• Multi-GPU (up to 128 gpus)
• Multi-OS (Linux & Windows native binaries)
• Multi-Platform (OpenCL & CUDA support)
• Multi-Algo (see below)
• Low resource utilization, you can still watch movies or play games while cracking
• Focuses one-shot, lightweight hashes
• Supports mixed GPU types
• Supports markov attack
• Supports mask attack
• Supports distributed cracking
• Supports pause / resume while cracking
• Supports sessions
• Supports restore
• Supports hex-salt
• Supports hex-charset
• Integrated thermal watchdog
• ... and much more

Algorithms

• MD5
• md5($pass.$salt)
• Joomla
• SHA1
• nsldap, SHA-1(Base64), Netscape LDAP SHA
• sha1($pass.$salt)
• nsldaps, SSHA-1(Base64), Netscape LDAP SSHA
• Oracle 11g
• MSSQL(2000)
• MSSQL(2005)
• MySQL
• MD4
• md4($pass.$salt)
• NTLM
• Domain Cached Credentials, mscash
• SHA256
• sha256($pass.$salt)
• descrypt, DES(Unix), Traditional DES
• SHA512
• sha512($pass.$salt)
• Cisco-PIX MD5
• Double MD5
• vBulletin < v3.8.5
• vBulletin > v3.8.5
• IPB2+, MyBB1.2+
• LM
• Oracle 7-10g, DES(Oracle)
• SHA-3(Keccak)
• Half MD5
• NetNTLMv1-VANILLA / NetNTLMv1+ESS
• NetNTLMv2
• Cisco-IOS SHA256

Download here: http://adf.ly/145xZ2

type: driver

file: host programs
desc: added support for AMD ADL v5.0 library

type: feature
file: hashcat-cli
desc: added mode -m 5500 = NetNTLMv1-VANILLA / NetNTLMv1+ESS
trac: #51
trac: #96

type: feature
file: hashcat-cli
desc: added mode -m 5600 = NetNTLMv2
trac: #56

type: feature
file: kernels
desc: added -m 5700 = Cisco-IOS SHA256
cred: philsmd

type: feature
file: kernels
desc: modified -m 5100 = Half MD5 so that it accepts only 16 byte input, see next change why
trac: #89

type: feature
file: kernels
desc: modified -m 5100 = Half MD5 so it can crack middle and right portions, too (not just left)
trac: #89

type: bug
file: kernels
desc: fixed bug in NVidia version had to switch back to bitness-depending kernels

type: bug
file: kernels
desc: fixed bug in NVidia version writing to constant memory from kernel isnt allowed

type: bug
file: hashcat-cli
desc: fixed bug in benchmark-mode, do not run MD5 again at end

type: bug
file: hashcat-cli
desc: fixed bug in benchmark-mode, Memory stepping when doing a benchmark
trac: #57

Read More

[oclHashcat-plus v0.14] Worlds fastest md5crypt, phpass, mscash2 and WPA/WPA2 cracker

Features

• Worlds fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker
• Worlds first and only GPGPU based rule engine
• Free
• Multi-GPU (up to 128 gpus)
• Multi-Hash (up to 15 million hashes)
• Multi-OS (Linux & Windows native binaries)
• Multi-Platform (OpenCL & CUDA support)
• Multi-Algo (see below)
• Low resource utilization, you can still watch movies or play games while cracking
• Focuses highly iterated modern hashes
• Focuses single dictionary based attacks
• Supports mask attack
• Supports distributed cracking
• Supports pause / resume while cracking
• Supports sessions
• Supports restore
• Supports reading words from file
• Supports reading words from stdin
• Supports hex-salt
• Supports hex-charset
• Integrated thermal watchdog
• 30+ Algorithms implemented with performance in mind
• ... and much more

Attack-Modes

• Straight ^*
• Combination
• Brute-force
• Hybrid dict + mask
• Hybrid mask + dict

Download here: http://adf.ly/145xV8

type: driver
file: host programs
desc: added support for AMD ADL v5.0 library

type: feature
file: hashcat-cli
desc: added mode -m 5500 = NetNTLMv1-VANILLA / NetNTLMv1+ESS
trac: #51
trac: #96

type: feature
file: hashcat-cli
desc: added mode -m 5600 = NetNTLMv2
trac: #56

type: feature
file: kernels
desc: added -m 5700 = Cisco-IOS SHA256
cred: philsmd

type: feature
file: kernels
desc: modified -m 5100 = Half MD5 so that it accepts only 16 byte input, see next change why
trac: #89

type: feature
file: kernels
desc: modified -m 5100 = Half MD5 so it can crack middle and right portions, too (not just left)
trac: #89

type: bug
file: kernels
desc: fixed bug in NVidia version had to switch back to bitness-depending kernels

type: bug
file: kernels
desc: fixed bug in NVidia version writing to constant memory from kernel isnt allowed

Read More

[Hashcat v0.44] Advanced Password Recovery

Features

• Multi-Threaded
• Free
• Multi-Hash (up to 24 million hashes)
• Multi-OS (Linux, Windows and OSX native binaries)
• Multi-Algo (MD4, MD5, SHA1, DCC, NTLM, MySQL, ...)
• SSE2 accelerated
• All Attack-Modes except Brute-Force and Permutation can be extended by rules
• Very fast Rule-engine
• Rules compatible with JTR and PasswordsPro
• Possible to resume or limit session
• Automatically recognizes recovered hashes from outfile at startup
• Can automatically generate random rules
• Load saltlist from external file and then use them in a Brute-Force Attack variant
• Able to work in an distributed environment
• Specify multiple wordlists or multiple directories of wordlists
• Number of threads can be configured
• Threads run on lowest priority
• Supports hex-charset
• Supports hex-salt
• 30+ Algorithms implemented with performance in mind
• ... and much more

Attack-Modes

• Straight ^*
• Combination ^*
• Toggle-Case
• Brute-Force
• Permutation
• Table-Lookup

Download here: http://adf.ly/143xLq

type: feature

file: hashcat-cli
desc: added mode -m 9999 = Plaintext
trac: #45

type: feature
file: hashcat-cli
desc: added mode -m 5500 = NetNTLMv1 + ESS
trac: #96

type: feature
file: kernels
desc: added -m 5700 = Cisco-IOS SHA256
cred: philsmd

type: change
file: hashcat-cli
desc: changed the hash-format for NetNTLMv1 and NetNTLMv2 to .lc format
cred: #98

type: bug
file: hashcat-cli
desc: fixed bug in 32 bit version, did not crack -m 1800 sha512crypt
trac: #92

type: bug
file: hashcat-cli
desc: fixed bug in NetNTLMv2 parser
trac: #95

Read More

[Hashkill 0.3.1] Password Cracker Tool Released

 Hashkill is an opensource hash cracker for Linux that uses OpenSSL. Currently it supports 4 attack methods (dictionary, bruteforce, hybrid).

Hashkill has 35 plugins for different types of passwords (ranging from simple hashes like MD5 and SHA1 to passworded ZIP files and private SSL key passphrases).

Multi-hash support (you may load hashlists of length up to 1 million) and very fast GPU support on Nvidia (compute capability 2.1 cards also supported) and ATI (4xxx, 5xxx and 6xxx).

The latest update includes 9 new plugins: bfunix, drupal7, django256, sha256unix, mssql-2012, o5logon, msoffice-old, msoffice, luks. Of them msoffice-old is currently supported on CPU only, the rest are GPU-accelerated. Improved bitmaps handling in non-salted kernels addded, so that huge hashlists would be cracked at faster speeds. Now Thermal monitoring can now be disabled using -T 0 command-line argument.

Download Hashkill 0.3.1

Read More