oclHashcat
Hashcat and oclHashcat were merged into one program – hashcat. Information below is not actual and saved only for legacy support.
oclHashcat Description
oclHashcat is a GPGPU-based multi-hash cracker using a brute-force attack (implemented as mask attack), combinator attack, dictionary attack, hybrid attack, mask attack, and rule-based attack.
This GPU cracker is a fusioned version of oclHashcat-plus and oclHashcat-lite, both very well-known suites at that time, but now deprecated. There also existed a now very old oclHashcat GPU cracker that was replaced w/ plus and lite, which - as said - were then merged into oclHashcat 1.00 again.
oclHashcat, starting with version 2.00, is released as open source software under the MIT license
Features:
- Worlds fastest password cracker
- Worlds first and only GPGPU based rule engine
- Free
- Open-Source
- Multi-GPU (up to 128 gpus)
- Multi-Hash (up to 100 million hashes)
- Multi-OS (Linux & Windows native binaries)
- Multi-Platform (OpenCL & CUDA support)
- Multi-Algo (see below)
- Low resource utilization, you can still watch movies or play games while cracking
- Focuses highly iterated modern hashes
- Focuses dictionary based attacks
- Supports distributed cracking
- Supports pause / resume while cracking
- Supports sessions
- Supports restore
- Supports reading words from file
- Supports reading words from stdin
- Supports hex-salt
- Supports hex-charset
- Built-in benchmarking system
- Integrated thermal watchdog
- 150+ Algorithms implemented with performance in mind
- … and much more
Homepage: http://hashcat.net/oclhashcat/
Author: atom
License: MIT
oclHashcat Help
Usage: oclHashcat [options]... hash|hashfile|hccapfile [dictionary|mask|directory]...
======= Options ======= * General: -m, --hash-type=NUM Hash-type, see references below -a, --attack-mode=NUM Attack-mode, see references below -V, --version Print version -h, --help Print help --quiet Suppress output * Benchmark: -b, --benchmark Run benchmark --benchmark-mode=NUM Benchmark-mode, see references below * Misc: --hex-charset Assume charset is given in hex --hex-salt Assume salt is given in hex --hex-wordlist Assume words in wordlist is given in hex --force Ignore warnings --status Enable automatic update of the status-screen --status-timer=NUM Seconds between status-screen update --status-automat Display the status view in a machine readable format --loopback Add new plains to induct directory --weak-hash-threshold=NUM Threshold when to stop checking for weak hashes, default is 100 salts * Markov: --markov-hcstat=FILE Specify hcstat file to use, default is hashcat.hcstat --markov-disable Disables markov-chains, emulates classic brute-force --markov-classic Enables classic markov-chains, no per-position enhancement -t, --markov-threshold=NUM Threshold when to stop accepting new markov-chains * Session: --runtime=NUM Abort session after NUM seconds of runtime --session=STR Define specific session name --restore Restore session from --session --restore-disable Do not write restore file * Files: -o, --outfile=FILE Define outfile for recovered hash --outfile-format=NUM Define outfile-format for recovered hash, see references below --outfile-autohex-disable Disable the use of $HEX[] in output plains --outfile-check-timer=NUM Seconds between outfile checks -p, --separator=CHAR Separator char for hashlists and outfile --show Show cracked passwords only --left Show un-cracked passwords only --username Enable ignoring of usernames in hashfile (recommended: also use --show) --remove Enable remove of hash once it is cracked --remove-timer=NUM Update input hash file each NUM seconds --potfile-disable Do not write potfile --debug-mode=NUM Defines the debug mode (hybrid only by using rules), see references below --debug-file=FILE Output file for debugging rules (see also --debug-mode) --induction-dir=FOLDER Specify induction directory to use, default is $session.induct --outfile-check-dir=FOLDER Specify the outfile directory which should be monitored, default is $session.outfiles --logfile-disable Disable the logfile --truecrypt-keyfiles=FILE Keyfiles used, seperate with comma * Resources: -c, --segment-size=NUM Size in MB to cache from the wordfile --bitmap-min=NUM Minimum number of bits allowed for bitmaps --bitmap-max=NUM Maximum number of bits allowed for bitmaps --cpu-affinity=STR Locks to CPU devices, seperate with comma --gpu-async Use non-blocking async calls (NV only) -d, --gpu-devices=STR Devices to use, separate with comma -w, --workload-profile=NUM Enable a specific workload profile, see references below -n, --gpu-accel=NUM Workload tuning: 1, 8, 40, 80, 160 -u, --gpu-loops=NUM Workload fine-tuning: 8 - 1024 --gpu-temp-disable Disable temperature and fanspeed readings and triggers --gpu-temp-abort=NUM Abort session if GPU temperature reaches NUM degrees celsius --gpu-temp-retain=NUM Try to retain GPU temperature at NUM degrees celsius (AMD only) --powertune-enable Enable automatic power tuning option (AMD OverDrive 6 only) --scrypt-tmto=NUM Manually override automatically calculated TMTO value for scrypt * Distributed: -s, --skip=NUM Skip number of words -l, --limit=NUM Limit number of words --keyspace Show keyspace base:mod values and quit * Rules: -j, --rule-left=RULE Single rule applied to each word from left dict -k, --rule-right=RULE Single rule applied to each word from right dict -r, --rules-file=FILE Rules-file, multi use: -r 1.rule -r 2.rule -g, --generate-rules=NUM Generate NUM random rules --generate-rules-func-min=NUM Force NUM functions per random rule min --generate-rules-func-max=NUM Force NUM functions per random rule max --generate-rules-seed=NUM Force RNG seed to NUM * Custom charsets: -1, --custom-charset1=CS User-defined charsets -2, --custom-charset2=CS Example: -3, --custom-charset3=CS --custom-charset1=?dabcdef : sets charset ?1 to 0123456789abcdef -4, --custom-charset4=CS -2 mycharset.hcchr : sets charset ?2 to chars contained in file * Increment: -i, --increment Enable increment mode --increment-min=NUM Start incrementing at NUM --increment-max=NUM Stop incrementing at NUM ========== References ========== * Workload Profile: 1 = Reduced performance profile (low latency desktop) 2 = Default performance profile 3 = Tuned performance profile (high latency desktop) * Benchmark Settings: 0 = Manual Tuning 1 = Performance Tuning, default * Outfile Formats: 1 = hash[:salt] 2 = plain 3 = hash[:salt]:plain 4 = hex_plain 5 = hash[:salt]:hex_plain 6 = plain:hex_plain 7 = hash[:salt]:plain:hex_plain 8 = crackpos 9 = hash[:salt]:crackpos 10 = plain:crackpos 11 = hash[:salt]:plain:crackpos 12 = hex_plain:crackpos 13 = hash[:salt]:hex_plain:crackpos 14 = plain:hex_plain:crackpos 15 = hash[:salt]:plain:hex_plain:crackpos * Debug mode output formats (for hybrid mode only, by using rules): 1 = save finding rule 2 = save original word 3 = save original word and finding rule 4 = save original word, finding rule and modified plain * Built-in charsets: ?l = abcdefghijklmnopqrstuvwxyz ?u = ABCDEFGHIJKLMNOPQRSTUVWXYZ ?d = 0123456789 ?s = !"#$%&'()*+,-./:;<=>?@[\]^_`{|}~ ?a = ?l?u?d?s ?b = 0x00 - 0xff * Attack modes: 0 = Straight 1 = Combination 3 = Brute-force 6 = Hybrid dict + mask 7 = Hybrid mask + dict * Hash types: [[ Roll-your-own: Raw Hashes ]] 900 = MD4 0 = MD5 5100 = Half MD5 100 = SHA1 10800 = SHA-384 1400 = SHA-256 1700 = SHA-512 5000 = SHA-3(Keccak) 10100 = SipHash 6000 = RipeMD160 6100 = Whirlpool 6900 = GOST R 34.11-94 11700 = GOST R 34.11-2012 (Streebog) 256-bit 11800 = GOST R 34.11-2012 (Streebog) 512-bit [[ Roll-your-own: Iterated and / or Salted Hashes ]] 10 = md5($pass.$salt) 20 = md5($salt.$pass) 30 = md5(unicode($pass).$salt) 40 = md5($salt.unicode($pass)) 3800 = md5($salt.$pass.$salt) 3710 = md5($salt.md5($pass)) 2600 = md5(md5($pass) 4300 = md5(strtoupper(md5($pass))) 4400 = md5(sha1($pass)) 110 = sha1($pass.$salt) 120 = sha1($salt.$pass) 130 = sha1(unicode($pass).$salt) 140 = sha1($salt.unicode($pass)) 4500 = sha1(sha1($pass) 4700 = sha1(md5($pass)) 4900 = sha1($salt.$pass.$salt) 1410 = sha256($pass.$salt) 1420 = sha256($salt.$pass) 1430 = sha256(unicode($pass).$salt) 1440 = sha256($salt.unicode($pass)) 1710 = sha512($pass.$salt) 1720 = sha512($salt.$pass) 1730 = sha512(unicode($pass).$salt) 1740 = sha512($salt.unicode($pass)) [[ Roll-your-own: Authenticated Hashes ]] 50 = HMAC-MD5 (key = $pass) 60 = HMAC-MD5 (key = $salt) 150 = HMAC-SHA1 (key = $pass) 160 = HMAC-SHA1 (key = $salt) 1450 = HMAC-SHA256 (key = $pass) 1460 = HMAC-SHA256 (key = $salt) 1750 = HMAC-SHA512 (key = $pass) 1760 = HMAC-SHA512 (key = $salt) [[ Generic KDF ]] 400 = phpass 8900 = scrypt 11900 = PBKDF2-HMAC-MD5 12000 = PBKDF2-HMAC-SHA1 10900 = PBKDF2-HMAC-SHA256 12100 = PBKDF2-HMAC-SHA512 [[ Network protocols, Challenge-Response ]] 23 = Skype 2500 = WPA/WPA2 4800 = iSCSI CHAP authentication, MD5(Chap) 5300 = IKE-PSK MD5 5400 = IKE-PSK SHA1 5500 = NetNTLMv1 5500 = NetNTLMv1 + ESS 5600 = NetNTLMv2 7300 = IPMI2 RAKP HMAC-SHA1 7500 = Kerberos 5 AS-REQ Pre-Auth etype 23 8300 = DNSSEC (NSEC3) 10200 = Cram MD5 11100 = PostgreSQL Challenge-Response Authentication (MD5) 11200 = MySQL Challenge-Response Authentication (SHA1) 11400 = SIP digest authentication (MD5) [[ Forums, CMS, E-Commerce, Frameworks, Middleware, Wiki, Management ]] 121 = SMF (Simple Machines Forum) 400 = phpBB3 2611 = vBulletin < v3.8.5 2711 = vBulletin > v3.8.5 2811 = MyBB 2811 = IPB (Invison Power Board) 8400 = WBB3 (Woltlab Burning Board) 11 = Joomla < 2.5.18 400 = Joomla > 2.5.18 400 = WordPress 2612 = PHPS 7900 = Drupal7 21 = osCommerce 21 = xt:Commerce 11000 = PrestaShop 124 = Django (SHA-1) 10000 = Django (PBKDF2-SHA256) 3711 = Mediawiki B type 7600 = Redmine [[ Database Server ]] 12 = PostgreSQL 131 = MSSQL(2000) 132 = MSSQL(2005) 1731 = MSSQL(2012) 1731 = MSSQL(2014) 200 = MySQL323 300 = MySQL4.1/MySQL5 3100 = Oracle H: Type (Oracle 7+) 112 = Oracle S: Type (Oracle 11+) 12300 = Oracle T: Type (Oracle 12+) 8000 = Sybase ASE [[ HTTP, SMTP, LDAP Server]] 141 = EPiServer 6.x < v4 1441 = EPiServer 6.x > v4 1600 = Apache $apr1$ 12600 = ColdFusion 10+ 1421 = hMailServer 101 = nsldap, SHA-1(Base64), Netscape LDAP SHA 111 = nsldaps, SSHA-1(Base64), Netscape LDAP SSHA 1711 = SSHA-512(Base64), LDAP {SSHA512} [[ Checksums ]] 11500 = CRC32 [[ Operating-Systems ]] 3000 = LM 1000 = NTLM 1100 = Domain Cached Credentials (DCC), MS Cache 2100 = Domain Cached Credentials 2 (DCC2), MS Cache 2 12800 = MS-AzureSync PBKDF2-HMAC-SHA256 1500 = descrypt, DES(Unix), Traditional DES 12400 = BSDiCrypt, Extended DES 500 = md5crypt $1$, MD5(Unix) 3200 = bcrypt $2*$, Blowfish(Unix) 7400 = sha256crypt $5$, SHA256(Unix) 1800 = sha512crypt $6$, SHA512(Unix) 122 = OSX v10.4 122 = OSX v10.5 122 = OSX v10.6 1722 = OSX v10.7 7100 = OSX v10.8 7100 = OSX v10.9 7100 = OSX v10.10 6300 = AIX {smd5} 6700 = AIX {ssha1} 6400 = AIX {ssha256} 6500 = AIX {ssha512} 2400 = Cisco-PIX 2410 = Cisco-ASA 500 = Cisco-IOS $1$ 5700 = Cisco-IOS $4$ 9200 = Cisco-IOS $8$ 9300 = Cisco-IOS $9$ 22 = Juniper Netscreen/SSG (ScreenOS) 501 = Juniper IVE 5800 = Android PIN 8100 = Citrix Netscaler 8500 = RACF 7200 = GRUB 2 9900 = Radmin2 [[ Enterprise Application Software (EAS) ]] 7700 = SAP CODVN B (BCODE) 7800 = SAP CODVN F/G (PASSCODE) 10300 = SAP CODVN H (PWDSALTEDHASH) iSSHA-1 8600 = Lotus Notes/Domino 5 8700 = Lotus Notes/Domino 6 9100 = Lotus Notes/Domino 8 133 = PeopleSoft [[ Archives ]] 11600 = 7-Zip 12500 = RAR3-hp [[ Full-Disk encryptions (FDE) ]] 62XY = TrueCrypt 5.0+ X = 1 = PBKDF2-HMAC-RipeMD160 X = 2 = PBKDF2-HMAC-SHA512 X = 3 = PBKDF2-HMAC-Whirlpool X = 4 = PBKDF2-HMAC-RipeMD160 + boot-mode Y = 1 = XTS 512 bit (Ciphers: AES or Serpent or Twofish) Y = 2 = XTS 1024 bit (Ciphers: AES or Serpent or Twofish or AES-Twofish or Serpent-AES or Twofish-Serpent) Y = 3 = XTS 1536 bit (Ciphers: All) 8800 = Android FDE < v4.3 12200 = eCryptfs [[ Documents ]] 9700 = MS Office <= 2003 MD5 + RC4, oldoffice$0, oldoffice$1 9710 = MS Office <= 2003 MD5 + RC4, collider-mode #1 9720 = MS Office <= 2003 MD5 + RC4, collider-mode #2 9800 = MS Office <= 2003 SHA1 + RC4, oldoffice$3, oldoffice$4 9810 = MS Office <= 2003 SHA1 + RC4, collider-mode #1 9820 = MS Office <= 2003 SHA1 + RC4, collider-mode #2 9400 = MS Office 2007 9500 = MS Office 2010 9600 = MS Office 2013 10400 = PDF 1.1 - 1.3 (Acrobat 2 - 4) 10410 = PDF 1.1 - 1.3 (Acrobat 2 - 4) + collider-mode #1 10420 = PDF 1.1 - 1.3 (Acrobat 2 - 4) + collider-mode #2 10500 = PDF 1.4 - 1.6 (Acrobat 5 - 8) 10600 = PDF 1.7 Level 3 (Acrobat 9) 10700 = PDF 1.7 Level 8 (Acrobat 10 - 11) [[ Password Managers ]] 9000 = Password Safe v2 5200 = Password Safe v3 6800 = Lastpass 6600 = 1Password, agilekeychain 8200 = 1Password, cloudkeychain 11300 = Bitcoin/Litecoin wallet.dat 12700 = Blockchain, My Wallet
oclHashcat Usage Example
oclHashcat accepts the WPA/WPA2 hashes in it's own “hccap” file. Assuming you already captured a 4-way handshake using airodump-ng, Wireshark or tcpdump, the next step will be converting the .cap file to a format oclHashcat will understand.
1. Run it through “wpaclean”.
2. Convert it with “aircrack-ng” using the -J option
Example working code for wpaclean.
wpaclean <out.cap> <in.cap>
Please note that the wpaclean options are the wrong way round. <out.cap> <in.cap> instead of <in.cap> <out.cap> which may cause some confusion.
Example working code aircrack .cap conversion to .hccap
aircrack-ng <out.cap> -J <out.hccap>
Note the -J is a capitol J not lower case j.
3.1 Dictionary attack
Grab some wordlist, like Rockyou.
Put it into oclHashcat folder.
Rename your converted capture file “capture.hccap”.
oclhashcat -m 2500 capture.hccap rockyou.txt
3.2 Brute-Force Attack
Rename your converted capture file “capture.hccap”.
oclhashcat -m 2500 -a3 capture.hccap ?d?d?d?d?d?d?d?d
This will pipe len8 digits only to oclHashcat, replace the ?d as needed.
How to install oclHashcat
GPU Driver requirements:
- NV users require ForceWare 346.59 or later
- AMD users require Catalyst 15.7 or later
Installation on Kali 2.0
AMD users & NV users
sudo apt-get install oclhashcat
Installation on BlackArch
AMD users
sudo pacman -Ss oclhashcat
NV users
sudo pacman -Ss cudahashcat
oclHashcat Screenshots
oclHashcat Tutorials
Coming soon…
Related tools
- hashcat (Hashcat & oclHashcat) (100%)
- Maskprocessor (74.3%)
- hashcat-utils (74.3%)
- Name-That-Hash (74.3%)
- HAITI (74.3%)
- Router Scan (RANDOM - 30.3%)
Comments are Closed