上尉
- 注册时间
- 2006-11-24
- 金币
- 697 个
- 威望
- 26 个
- 荣誉
- 8 个
累计签到:21 天
连续签到:0 天
[LV.50]初入江湖
|
本帖最后由 jiuweiljp 于 2019-5-18 21:13 编辑
前言:发这个帖子呢主要目的是让大家开阔下视野多接触下另类的工具,不要抱着EWSA 、Wifipr不放,网络上有很多其他的工具,也能达到很好的效果,而且还是免费的,功能也强大很多。
hashcat 是一个离线密码破解工具(官方地址:https://hashcat.net/hashcat/),支持windows 及 linux 平台,能使用显卡破解大多数密码,网上也有很多教程。
相比较另外一个大名顶顶的离线破解工具,JTR (“John the Ripper” 官方地址 https://www.openwall.com/john/ ),
使用起来相对简单多了。
题外话:JTR官方版更新很慢,有国外的大拿在更新维护,更新速度很快,有兴趣的的可以自己看下。
https://ci.appveyor.com/project/ ... hntheripper/history
hashcat 最新版只支持Opencl 破解,对显卡的驱动版本要求很高,所以最好是使用最新版的驱动。
官方对驱动的要求:
GPU Driver requirements: - AMD GPUs on Linux require "RadeonOpenCompute (ROCm)" Software Platform (1.6.180 or later)
- AMD GPUs on Windows require "AMD Radeon Software Crimson Edition" (15.12 or later)
- Intel CPUs require "OpenCL Runtime for Intel Core and Intel Xeon Processors" (16.1.1 or later) 【注1】
- Intel GPUs on Linux require "OpenCL 2.0 GPU Driver Package for Linux" (2.0 or later)
- Intel GPUs on Windows require "OpenCL Driver for Intel Iris and Intel HD Graphics"【注2】
- NVIDIA GPUs require "NVIDIA Driver" (367.x or later) 【注3】
注1:这个runtime 与intel集显驱动有冲突,如果安装了集显驱动就没有办法安装这个runtime 库了,
最新版是18.1,我这里只有16.1.1,如果有需要请留言给我。
注2:intel 集显驱动下载地址
https://downloadcenter.intel.com/zh-cn/product/80939/-
另外我自己修改了下第4代CPU的移动版集显驱动(windows 7_64), 能将第4代的驱动提高到15.40.42.5063版本。(这个版本官方只支持第4代集显在win 10中用)
(win7_64位系统用,其它windwos 系统,可无视这个附件)
在Intel的网站中下载15.40.42.5063的官方驱动的zip版本,解压缩包内的inf 文件,覆盖官方驱动中Graphics目录下的igdlh64.inf文件,然后正常安装就可以了,在未签名提示中强制安装该驱动就可以正常使用了。好处就是可以在hashcat中能使用集显的Opencl。(我测试过4代的集显不用这个版本的驱动就不能使用opencl)
注3:nvidia 显卡驱动下载地址
https://www.geforce.cn/drivers
---------------------------------------------
简单使用方法:
1、 查看显卡支持情况
Hashcat64.exe -I
- hashcat (v5.1.0) starting...
- OpenCL Info:
- Platform ID #1
- Vendor : NVIDIA Corporation
- Name : NVIDIA CUDA
- Version : OpenCL 1.2 CUDA 10.0.132
- Device ID #1
- Type : GPU
- Vendor ID : 32
- Vendor : NVIDIA Corporation
- Name : GeForce GTX 960M
- Version : OpenCL 1.2 CUDA
- Processor(s) : 5
- Clock : 1176
- Memory : 512/2048 MB allocatable
- OpenCL Version : OpenCL C 1.2
- Driver Version : 417.35
- Platform ID #2
- Vendor : Intel(R) Corporation
- Name : Intel(R) OpenCL
- Version : OpenCL 1.2
- Device ID #2
- Type : GPU
- Vendor ID : 8
- Vendor : Intel(R) Corporation
- Name : Intel(R) HD Graphics 4600
- Version : OpenCL 1.2
- Processor(s) : 20
- Clock : 1150
- Memory : 324/1297 MB allocatable
- OpenCL Version : OpenCL C 1.2
- Driver Version : 20.19.15.5063
- Device ID #3
- Type : CPU
- Vendor ID : 8
- Vendor : Intel(R) Corporation
- Name : Intel(R) Core(TM) i5-4210H CPU @ 2.90GHz
- Version : OpenCL 1.2 (Build 10094)
- Processor(s) : 4
- Clock : 2900
- Memory : 3043/12175 MB allocatable
- OpenCL Version : OpenCL C 1.2
- Driver Version : 5.2.0.10094
- Benchmarking uses hand-optimized kernel code by default.
- You can use it in your cracking session by setting the -O option.
- Note: Using optimized kernel code limits the maximum supported password length.
- To disable the optimized kernel code in benchmark mode, use the -w option.
- * Device #2: Intel's OpenCL runtime (GPU only) is currently broken.
- We are waiting for updated OpenCL drivers from Intel.
- You can use --force to override, but do not report related errors.
- nvmlDeviceGetFanSpeed(): Not Supported
- OpenCL Platform #1: NVIDIA Corporation
- ======================================
- * Device #1: GeForce GTX 960M, 512/2048 MB allocatable, 5MCU
- OpenCL Platform #2: Intel(R) Corporation
- ========================================
- * Device #2: Intel(R) HD Graphics 4600, skipped.
- * Device #3: Intel(R) Core(TM) i5-4210H CPU @ 2.90GHz, skipped.
- Benchmark relevant options:
- ===========================
- * --optimized-kernel-enable
- Hashmode: 2500 - WPA-EAPOL-PBKDF2 (Iterations: 4096)
- Speed.#1.........: 62246 H/s (81.71ms) @ Accel:256 Loops:64 Thr:256 Vec:1
- Started: Fri May 17 16:47:36 2019
- Stopped: Fri May 17 16:47:50 2019
3、忽略警告使用独显和集显一起测试破解
Hashcat64.exe -m 2500 --force -d1,2 -b
- hashcat (v5.1.0) starting in benchmark mode...
- Benchmarking uses hand-optimized kernel code by default.
- You can use it in your cracking session by setting the -O option.
- Note: Using optimized kernel code limits the maximum supported password length.
- To disable the optimized kernel code in benchmark mode, use the -w option.
- nvmlDeviceGetFanSpeed(): Not Supported
- OpenCL Platform #1: NVIDIA Corporation
- ======================================
- * Device #1: GeForce GTX 960M, 512/2048 MB allocatable, 5MCU
- OpenCL Platform #2: Intel(R) Corporation
- ========================================
- * Device #2: Intel(R) HD Graphics 4600, 324/1297 MB allocatable, 20MCU
- * Device #3: Intel(R) Core(TM) i5-4210H CPU @ 2.90GHz, skipped.
- Benchmark relevant options:
- ===========================
- * --force
- * --opencl-devices=1,2
- * --optimized-kernel-enable
- Hashmode: 2500 - WPA-EAPOL-PBKDF2 (Iterations: 4096)
- Speed.#1.........: 62257 H/s (81.66ms) @ Accel:256 Loops:64 Thr:256 Vec:1
- Speed.#2.........: 4035 H/s (77.94ms) @ Accel:16 Loops:8 Thr:512 Vec:1
- Speed.#*.........: 66293 H/s
- Started: Sat May 18 10:02:38 2019
- Stopped: Sat May 18 10:02:51 2019
-----------------------------------------------------------------
4、实际使用
将你的 .cap文件(抓包文件)上传到 https://hashcat.net/cap2hccapx/ 网址上,该网站会返回一个 .hccapx 文件,将这个文件复制到hashcat目录下。
- 例子:
- Hashcat64.exe -m 2500 -d1,2 --force 1558145266.hccapx realhuman_phill.txt
解释:-m 2500(使用WPA-EAPOL-PBKDF2方式破解);
-d1,2 --force(使用我的独显gtx 960m和集显4600 破解,并忽略警告)
1558145266.hccapx(是https://hashcat.net/cap2hccapx/ 返回的文件);
realhuman_phill.txt 是字典文件;
- Session..........: hashcat
- Status...........: Running
- Hash.Type........: WPA-EAPOL-PBKDF2
- Hash.Target......: House (AP:00:1b:fc:b3:b6:28 STA:00:18:de:85:15:f9)
- Time.Started.....: Sat May 18 10:23:27 2019 (12 mins, 9 secs)
- Time.Estimated...: Sat May 18 10:36:21 2019 (45 secs)
- Guess.Base.......: File (realhuman_phill.txt)
- Guess.Queue......: 1/1 (100.00%)
- Speed.#1.........: 57920 H/s (10.55ms) @ Accel:128 Loops:64 Thr:64 Vec:1
- Speed.#2.........: 3620 H/s (9.96ms) @ Accel:16 Loops:8 Thr:64 Vec:1
- Speed.#*.........: 61540 H/s
- Recovered........: 0/1 (0.00%) Digests, 0/1 (0.00%) Salts
- Progress.........: 61160222/63941069 (95.65%)
- Rejected.........: 16309022/61160222 (26.67%)
- Restore.Point....: 60379525/63941069 (94.43%)
- Restore.Sub.#1...: Salt:0 Amplifier:0-1 Iteration:64-128
- Restore.Sub.#2...: Salt:0 Amplifier:0-1 Iteration:3688-3696
- Candidates.#1....: WILLEMSSPOORTUNNEL -> WINSTONHILLS
- Candidates.#2....: WARCMddV0 -> WASP-WWII
- Hardware.Mon.#1..: Temp: 86c Util: 98% Core:1176MHz Mem:2505MHz Bus:16
- Hardware.Mon.#2..: N/A
5、如果上一次没有跑完可以命令继续跑包
6、使用8为数字密码暴力破解
- Hashcat64.exe -m 2500 -d1,2 --force 28736_1558145266.hccapx -a 3 ?d?d?d?d?d?d?d?d -w3
?d?d?d?d?d?d?d?d 使用 (使用Hashcat 内建字符集0-9)
-w 3 (让gpu 占用率更高,这个会使屏幕刷新会变慢,但破解速度会更高)
- Session..........: hashcat
- Status...........: Running
- Hash.Type........: WPA-EAPOL-PBKDF2
- Hash.Target......: House (AP:00:1b:fc:b3:b6:28 STA:00:18:de:85:15:f9)
- Time.Started.....: Sat May 18 11:02:15 2019 (5 secs)
- Time.Estimated...: Sat May 18 11:27:32 2019 (25 mins, 12 secs)
- Guess.Mask.......: ?d?d?d?d?d?d?d?d [8]
- Guess.Queue......: 1/1 (100.00%)
- Speed.#1.........: 62144 H/s (81.87ms) @ Accel:256 Loops:64 Thr:256 Vec:1
- Speed.#2.........: 3993 H/s (77.93ms) @ Accel:16 Loops:8 Thr:512 Vec:1
- Speed.#*.........: 66137 H/s
- Recovered........: 0/1 (0.00%) Digests, 0/1 (0.00%) Salts
- Progress.........: 0/100000000 (0.00%)
- Rejected.........: 0/0 (0.00%)
- Restore.Point....: 0/10000000 (0.00%)
- Restore.Sub.#1...: Salt:0 Amplifier:0-1 Iteration:3776-3840
- Restore.Sub.#2...: Salt:0 Amplifier:0-1 Iteration:480-488
- Candidates.#1....: 12345678 -> 17956112
- Candidates.#2....: 12743345 -> 17131723
- Hardware.Mon.#1..: Temp: 70c Util:100% Core:1176MHz Mem:2505MHz Bus:16
- Hardware.Mon.#2..: N/A
|
本帖子中包含更多资源
您需要 登录 才可以下载或查看,没有账号?注册
x
|
发表于 2019-5-18 11:14
