win下hashcat破解压缩包上手记录

资源下载

hashcat

https://github.com/hashcat/hashcat

显卡驱动

nvidiahttps://www.nvidia.cn/Download/index.aspx?lang=cn
amdhttps://www.amd.com/zh-hans/support

john(使用xx2john获取文件hash)

johnhttps://www.openwall.com/john/

• perl(7z2john)https://strawberryperl.com/
• pythonhttps://www.python.org/
• ...

具体使用

攻击模式

#	Mode	解释
-a 0	Dictionary attack	trying all words in a list; also called “straight” mode
-a 1	Combination attack	concatenating words from multiple wordlists (-a 1)
-a 3	Brute-force attack and Mask attack	trying all characters from given charsets, per position
-a 6	Hybrid attack	combining wordlists+masks
-a 7	Hybrid attack	combining masks+wordlists; can also be done with rules
-a 9	Association attack	use an username, a filename, a hint, or any other pieces of information which could have had an influence in the password generation to attack one specific hash

Mask attack

内置字符集与使用例：

• ?l = abcdefghijklmnopqrstuvwxyz
• ?u = ABCDEFGHIJKLMNOPQRSTUVWXYZ
• ?d = 0123456789
• ?h = 0123456789abcdef
• ?H = 0123456789ABCDEF
• ?s = «space»!"#$%&'()*+,-./:;<=>?@[]^_`{|}~
• ?a = ?l?u?d?s
• ?b = 0x00 - 0xff

command	keyspace
-a 3 ?l?l?l?l?l?l?l?l	aaaaaaaa - zzzzzzzz
-a 3 -1 ?l?d ?1?1?1?1?1	aaaaa - 99999
-a 3 password?d	password0 - password9
-a 3 -1 ?l?u ?1?l?l?l?l?l19?d?d	aaaaaa1900 - Zzzzzz1999
-a 3 -1 ?dabcdef -2 ?l?u ?1?1?2?2?2?2?2	00aaaaa - ffZZZZZ
-a 3 -1 efghijklmnop ?1?1?1	eee - ppp

下面以一个zip爆破为例：

zip2john 1.zip

获得如下输出：

ver 2.0 1.zip/1.7z PKZIP Encr: cmplen=414, decmplen=402, crc=B1541509
1.zip/1.7z:$pkzip2$112019e192b1541509022019eb1544ee1888df46af0d9690a0130da4a21cf4ef60525f742331c8ff38fd1cf45d5b094416f5859bb03c3d25609edc6d24db746caedc6148acdb168a90bef0f672fbabd8c1153db4ed2d334911ade4b1e9ab30c03f485c072aaeee1139d95c7272ab832c7791a71bfa4b99237fd8015ef9612e19840cd064759756b778e55c5d349eafafcd575a7461457323021d5f68b20303efe2b91a50ad72272773020b45266c0e325b696e016b0c075ef180550fbfbcb8f60243b3506edca79794cc4427d86788f32a7a1723a127d8d217839218b7d2272ddabcefee6a03db77d1fddba58e5847dd34f9b28341a20d234c8dd739b9f4b8c5b0e1d19f0b36df18924afc4df59a569ed917b22f69ec6de7adb720cee79b77a9d8f151d9a7f3120dd00880f0afb623e3764a95f50990c8120b9f23576155100c41148e65a79a8ed64094f34616e1ddd3a7409f2b40c0e27d483c719c28b1e70de363aa269ef26238f19f80fa5e348b018333a487de1b95d397e1d8bc9b4d63e20195b96b60ad10b3e84ad778478a0081ad29561e5e8a3bf1d82c5e3ad17c090dc6d60c82d2844e4f27034e203aa16$/pkzip2$:1.7z:1.zip::1.zip

将第一个$ 到最后一个$ 之间的内容保存到文件（如1.txt）。然后：hashcat -a 3 -m 17225 1.txt ?h?h?h?h?h?h?h?h -d 1

• -a 指定破解模式，3代表掩码破解。
• -m 指定hash类型，17225代表一般是由上面提示的$pkzip2$,，在hashcat -h或在此处查得。
• 随后是文件和掩码/字典。此掩码表示8位16进制数。掩码具体用法参考原wiki。
• -d 指定1号显卡。使用hashcat --benchmark跑分可查看显卡及编号。