还有比Hashcat还要强大的暴破工具么?记录的是日常遇到的Hash暴破工作语句。

I 爆破NTLM v2

直接用hashcat配合掩码爆破就完事了。

1
hashcat -m 5600 Admin::ADMIN:1122334455667788:6C124DA7784CD6572804F597763D3AF7:01010000000000008D74D9EA3661D40157416B618B18A094000000000200060053004D0042000100160053004D0042002D0054004F004F004C004B00490054000400120073006D0062002E006C006F00630061006C000300280073006500720076006500720032003000300033002E0073006D0062002E006C006F00630061006C000500120073006D0062002E006C006F00630061006C000800300030000000000000000100000000200000512D8B48B3A101B84FCF64DDD148AEDFDAD7B018A086ACC097E41BFDBB7A47840A001000000000000000000000000000000000000900240048005400540050002F00700072006F00780079007300720076003A0033003100320038000000000000000000  -o found.txt --increment-min=1 --increment-max=8  ?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a

II 爆破rar压缩文件

这个需要把hash提取出来,再爆破,且支持的压缩格式有限。

  1. 提取hash
    rar2john test.rar

    rar2john该工具在kali-linux、Parrot-Security Linux都有

  2. 注意事项:hashcat目前只支持一下2种压缩格式:

    -m 格式 示例
    12500 rar3-hp $RAR3$*1*69ac0e199104e0bc*00000000*16*0*1*25d5d8924a3bbce94bff5a30f738a720*35
    13000 rar5 $rar5$16$c419bff65fa52aeb712c393754624e39$15$7580806abe256eea0749f2461158bd9a$8$df73ce060a5d0e49
    • rar3-hp
      RAR3-hp 值为$RAR3$0xxx,中间的数值是0(-hp)而不是1(-p),-p尚未得到支持,只支持-hp。hash示例如下:

      1
      2
      3
      rar2john 123.rar file name: test.txt 123.rar:$RAR3$*1*69ac0e199104e0bc*00000000*16*0*1*25d5d8924a3bbce94bff5a30f738a720*35:1::test.txt

      hashcat64 -m 12500 -a3 $RAR3$*0*5ba3dd697a8706fa*919ad1d7a1c42bae4a8d462c8537c9cb ?d?d?d?d
    • rar5 hash示例如下:

      1
      2
      3
      rar2john test.rar test.rar:$rar5$16$c419bff65fa52aeb712c393754624e39$15$7580806abe256eea0749f2461158bd9a$8$df73ce060a5d0e49

      hashcat64 -m 13000 -a3 $RAR3$*0*5ba3dd697a8706fa*919ad1d7a1c42bae4a8d462c8537c9cb ?d?d?d?d

III 爆破office

1
2
3
4
5
wget https://raw.githubusercontent.com/magnumripper/JohnTheRipper/bleeding-jumbo/run/office2john.py

python office2john.py '/var/run/vmblock-fuse/blockdir/OMpKm1/bn.xls' bn.xls:$oldoffice$0*b0b78bbf75541b1124855b4d392510b1*cc5fff87f8261b4626807892d9f10202*1459c176c2b2bd3a48a824af6c551c5a:::::/var/run/vmblock-fuse/blockdir/OMpKm1/bn.xls

hashcat64.exe -m 9600 -a 3 $office$*2013*100000*256*16*122ef2067e784eac1891d4e90645ea2e*6b094672e4ff7ded1745a93d1efd555f*57c62708b03141a540eb6eabc88bd6067121f50acce43438870c478737e7b5a8 -o found.txt --increment --increment-min=1 --increment-max=10 ?d?d?d?d?d?d?d?d?d?d

参考

用 rar2john+hashcat 破解 RAR 文件密码