Hashing Brute Force Guide

G5 Cyber Security

2 months ago

TL;DR

Brute-forcing hashed integers involves trying every possible combination until you find one that matches the hash. This guide shows how to do it efficiently using tools like Hashcat and John the Ripper, focusing on speed and practical considerations.

1. Understand Hashing Basics

Hashing is a one-way function: easy to calculate the hash from the input, but very difficult to get the input back from the hash. Different hashing algorithms (MD5, SHA256, etc.) produce different length hashes and have varying levels of security.

Hash Algorithm: Knowing which algorithm was used is crucial.
Salt: A random value added to the input before hashing. Salts make brute-forcing much harder because you need to try salts as well as passwords.

2. Choose Your Tool

Two popular tools are Hashcat and John the Ripper.

Hashcat: Generally faster, especially with GPUs. More complex configuration but better performance.
John the Ripper: Easier to use for beginners. Good for CPU-based brute-forcing.

3. Prepare Your Wordlist

A wordlist is a text file containing potential integer values you want to try. The larger and more relevant your wordlist, the better your chances of success.

Generate a list: If you have an idea of possible integers (e.g., IDs from 1-1000), create a text file with one integer per line.
```
seq 1 1000 > wordlist.txt
```
Consider ranges: If the integers are likely within a specific range, focus your list on that range.

4. Brute-Force with Hashcat

Hashcat is command-line based and requires specifying several options.

Basic Command: Replace hash_type, hashfile, and wordlist.txt with your actual values.
```
hashcat -m   wordlist.txt --force
```
Hash Types: Find the correct hash type number from Hashcat’s documentation (https://hashcat.net/wiki/doku.php?id=example_hashes). For example, MD5 is 0, SHA256 is 1400.
Example (MD5): Brute-forcing an MD5 hash in a file called hashes.txt using wordlist.txt.
```
hashcat -m 0 hashes.txt wordlist.txt --force
```
Using Rules: Hashcat rules modify your wordlist (e.g., adding numbers, symbols). This can significantly increase coverage.
```
hashcat -m 0 hashes.txt wordlist.txt -r /usr/share/wordlists/rockyou.rule --force
```

5. Brute-Force with John the Ripper

John the Ripper is also command-line based, but generally easier to use for simple brute-forcing.

Basic Command: Replace hashfile and wordlist.txt.
```
john --wordlist=wordlist.txt hashfile
```
Specify Hash Type: If John the Ripper doesn’t automatically detect the hash type, use the --hash-type option.
```
john --hash-type=md5 --wordlist=wordlist.txt hashfile
```

6. Optimizing Performance

GPU Acceleration (Hashcat): Hashcat is much faster with a powerful GPU. Ensure your GPU drivers are up-to-date and Hashcat is configured to use it.
Rule Selection: Choose rules appropriate for the expected integer format. Avoid overly complex rules if you’re only dealing with simple integers.
Wordlist Size: Smaller, more targeted wordlists are faster than large, generic ones.
Multiple Cores (John the Ripper): John the Ripper can use multiple CPU cores. Adjust the number of processes using the --threads option.
```
john --threads=8 --wordlist=wordlist.txt hashfile
```

7. Important Considerations

Time: Brute-forcing can take a very long time, even with powerful hardware.
Legal Issues: Only brute-force hashes you have permission to crack. Unauthorized access is illegal.
cyber security: If the hashes are salted, brute-forcing becomes significantly more difficult and may be impractical without additional information (e.g., knowing part of the salt).