Tuesday, December 31, 2013

[Hashcat v0.47] The world’s fastest CPU-based password recovery tool


Hashcat is the world’s fastest CPU-based password recovery tool.

While it’s not as fast as its GPU counterparts oclHashcat-plus and oclHashcat-lite, large lists can be easily split in half with a good dictionary and a bit of knowledge of the command switches.

Changelog v0.47
  • added -m 123 = EPi
  • added -m 1430 = sha256(unicode($pass).$salt)
  • added -m 1440 = sha256($salt.unicode($pass))
  • added -m 1441 = EPiServer 6.x >= v4
  • added -m 1711 = SSHA-512(Base64), LDAP {SSHA512}
  • added -m 1730 = sha512(unicode($pass).$salt)
  • added -m 1740 = sha512($salt.unicode($pass))
  • added -m 7400 = SHA-256(Unix)
  • added -m 7600 = Redmine SHA1
  • debug mode can now be used also together with -g, generate rule
  • support added for using external salts together with mode 160 = HMAC-SHA1 (key = $salt)
  • allow empty salt/key for HMAC algos
  • allow variable rounds for hash modes 500, 1600, 1800, 3300, 7400 using rounds= specifier
  • added –generate-rules-seed, sets seed used for randomization so rulesets can be reproduced
  • added output-format type 8 (position:hash:plain)
  • updated/added some hcchr charset files in /charsets, some new files: Bulgarian, Polish, Hungarian
  • format output when using –show according to the –outfile-format option
  • show mask length in status screen
  • –disable-potfile in combination with –show or –left resulted in a crash, combination was disallowed
Features
  • Multi-Threaded
  • Free
  • Multi-Hash (up to 24 million hashes)
  • Multi-OS (Linux, Windows and OSX native binaries)
  • Multi-Algo (MD4, MD5, SHA1, DCC, NTLM, MySQL, …)
  • SSE2, AVX and XOP accelerated
  • All Attack-Modes except Brute-Force and Permutation can be extended by rules
  • Very fast Rule-engine
  • Rules compatible with JTR and PasswordsPro
  • Possible to resume or limit session
  • Automatically recognizes recovered hashes from outfile at startup
  • Can automatically generate random rules
  • Load saltlist from external file and then use them in a Brute-Force Attack variant
  • Able to work in an distributed environment
  • Specify multiple wordlists or multiple directories of wordlists
  • Number of threads can be configured
  • Threads run on lowest priority
  • Supports hex-charset
  • Supports hex-salt
  • 90+ Algorithms implemented with performance in mind
  • …and much more

No comments:

Post a Comment