TL;DR
You have many hashes of the same password and want to crack it faster than trying each possibility individually. This guide shows how to use tools like Hashcat or John the Ripper with rule-based attacks or mask attacks to efficiently find the password.
Cracking Hashes Faster
When you have multiple hashes of the same password, you can significantly speed up cracking by using techniques that exploit this redundancy. Here’s how:
1. Understand Your Tools
We’ll focus on Hashcat and John the Ripper as they are popular tools for hash cracking.
- Hashcat: A powerful, GPU-based password recovery tool. It supports various attack modes.
- John the Ripper: A versatile password cracker that works well on CPUs and GPUs.
2. Identify the Hash Type
Before you start, determine the hash algorithm used (e.g., MD5, SHA-256, bcrypt). Tools like Hashcat’s wiki can help identify common hashes.
3. Rule-Based Attacks
Rule-based attacks use predefined sets of rules to modify potential passwords. These rules often include common substitutions, additions, and transformations. This is effective if the password follows a predictable pattern.
Hashcat Example
hashcat -m hashfile wordlist.txt -r rules/best64.rule -m specifies the hash type, hashfile is your file containing the hashes, wordlist.txt is a list of potential passwords (even a small one can be useful as a base), and -r loads a rule set.
John the Ripper Example
john --hash-type= hashfile wordlist.txt John will automatically try common rules if no password is found in the wordlist.
4. Mask Attacks
Mask attacks are useful when you know parts of the password or have an idea about its structure (e.g., lowercase letters followed by numbers). You define a mask representing the possible characters and their positions.
Hashcat Example
hashcat -m hashfile ?l?l?l?d?d ?l represents lowercase letters, and ?d represents digits. This mask tries all combinations of three lowercase letters followed by two digits.
John the Ripper Example
john --hash-type= hashfile '?l?l?l?d?d' Similar to Hashcat, this defines a mask for password structure.
5. Combining Wordlists and Rules/Masks
The most effective approach often involves combining wordlists with rules or masks. Start with a small wordlist of likely passwords and then apply rules or masks to generate more possibilities.
6. Optimizing for Multiple Hashes
Both Hashcat and John the Ripper are designed to handle multiple hashes efficiently. The tools will automatically distribute the cracking process across available resources (CPU/GPU).
7. Incremental Attacks (Use with Caution)
If you have no clues about the password, incremental attacks try all possible character combinations within a specified length. This is very resource-intensive and can take a long time.
8. Monitoring Progress
Both tools provide real-time progress updates. Pay attention to the cracking speed (hashes/second) to assess performance and adjust your approach if needed.