Password Cracking | Beginners

Leave a Comment / BLOG, CYBER SECURITY, P-Testing / D-Forensics, Tech Support / By

Password Hashes

At the fundamental level, a password is like a key that fits into and unlocks a particular lock. Only you have the key, but anyone can come up and inspect the lock. With a mechanical lock, nobody can see the internal functions of the lock without specialized tools like lock picks. If someone was proficient at using lockpicks, they could theoretically determine the depth of each pin while picking the lock to make a key that would unlock the lock. The same sort of concept is true for passwords. Each password should have a unique algorithmic hash. To obtain a hash, a complex mathematical algorithm is run against a string of data and the output is an extremely unique character string. For some weaker hash algorithms, there have been hash collisions where two different sets of data have resulted in the same outputted hash. However, when considering human-generated passwords, it is normally not necessary to worry about hash collisions. It is sufficient to say that if you have the hash of a password you have the password in an encrypted state. The password hash is how the password is stored on any modern operating system like Windows, macOS, or Linux or for encrypted containers like BitLocker or encrypted 7-Zip files. With the right tools, that is the only part of the password that will be available for an examiner to inspect, just like the mechanical part of a lock is the only thing to inspect on a locked door if someone were to try and pick the lock. There are methods to prevent the extraction of a password hash, but it is reasonable to attempt to find a method to extract a hash from a system if the individual has physical access to the electronic device, encrypted file, or a forensic image (.E01, dd, or similar) of an encrypted volume or file. Therefore, if the password hash can be extracted, it can be attacked to attempt to crack the password. Hashing algorithms are mathematically a one-way operation. If someone has a password hash, there is no normal mathematical operation that can be performed to reverse engineer the original plaintext password. Additionally, some hashing algorithms are more difficult to crack than others because the speed of decryption is sacrificed for security. However, the user can guess the potential password, hash it, and then compare the resulting hash against the known hash. If it is a match, then the password is cracked. This would be a very slow method to do manually, but there is software like Hashcat that can be used to automate this process to perform thousands of attempts per second. To make the guessing more difficult, the system can implement what is known as “salt” into the hash to obfuscate the hash and make it more difficult to crack. A discussion of password hashes would not be complete without mentioning salted passwords. The salt for a password is additional data that is added to the password before the hash algorithm is applied to complicate the guessing of the password. Therefore, the salt would have to be known and applied to each potential guess otherwise the hash would be incorrect even if the correct password was guessed. The salt can be generated in several different ways and can be static or dynamic depending on developer choice. Unfortunately, Windows does not salt the NTLM password hashes that it generates so they are vulnerable to attack. As was just mentioned, Windows stores password hashes in NTLM format. This is unfortunately a very weak form of encryption as it is the equivalent of MD4 encryption. The VTech company was compromised in 2015 by a SQL injection attack and when the password hashes were analyzed they were determined to be encrypted with MD5. MD5 is considered to be a weak form of encryption and some do not consider it to even be encryption as it is so weak. Windows uses even weaker encryption for its passwords, and those passwords are not even salted to compensate for the weak encryption! Windows has upgraded to NTLMv1 and NTLMv2 for some uses, but those are still weak by most encryption standards. Even more concerning is these NTLM hashes of user passwords are transmitted over the network for authentication between computers (Patton, 2022). This is one of the most common passwords that users will use and can be extracted by several methods, including packet sniffing. It is also nearly guaranteed to not be generated by a password manager as the user has to physically enter the password into the keyboard.

Useful Software Tools

There is no reason to reinvent the wheel as in most situations someone else has already created a tool that will perform the task needed. The same is true for using software to assist in cracking passwords. The general workflow for cracking a password is hash extraction, hash identification, attacking the hash with general methods, and attacking the hash with custom methods. Tools that can assist in these phases are Mimikatz, Hashcat, John the Ripper, Passware, Gov Crack, custom scripts often shared on GitHub and many more. Some tools like Passware are paid tools, and while there is nothing wrong with a paid tool, this paper will focus on using the free tool called Hashcat. Gov Crack has a graphical user interface (GUI) while Hashcat and John the Ripper use command-line interfaces (CLI). Normally GUI interfaces allow for ease of access but tend to lack the flexibility of CLI tools. Nearly all of the custom scripts that are used for hash extraction and are posted on GitHub are going to be CLI-based tools. If the reader is unfamiliar with the command line, that should not be a limiting factor for at least understanding the methods discussed in this paper and there will be step-by-step instructions on how to crack a password hash in Hashcat. The focus on a particular set of tools over another is due to personal experience with certain tools and no bias towards any particular tool is intended as many tools can do the same thing and overlap with each other with certain functions.

Hash Extraction Techniques

 One common method to extract an NTLM hash is to use Mimikatz, but it is widely recognized as malware by most anti-virus software. If the individual has access to the forensic image (an .E01 or similar) of the hard drive of the computer, then Mimikatz should be used against the SAM and SYSTEM registry files found in C:\Windows\System32\config, assuming BitLocker or another form of encryption is not present. Even with live access to a machine, administrator rights and a forensic tool such as FTK Imager, preferably preloaded on a USB drive, will be required to copy the registry files as a simple copy/paste or drag-and-drop method will not work. This is just one way to obtain an NTLM hash as it can also be obtained by observing network traffic. In general, this is a great place to start when trying to crack passwords and try out different methods as the NTLM hash uses a weak encryption method. If the examiner is looking at an APFS encrypted volume from a MacBook, it is important to realize that the password for the encrypted volume is the same as the password used to log into the system. However, this hash uses a strong encryption method and will take much longer to crack as compared to an NTLM hash. To extract the hash, there are tools available like the one from user Banaanhangwagen on GitHub. This will require using Linux to run the tool and extract the hash from a raw or .dd forensic image. Other encryption methods include BitLocker, zipped or compressed files, password-protected Word documents, and many more. Generally speaking, some smart person somewhere has found out how to extract the hash and has shared that information for that particular situation. The examiner needs to search for hash extraction of a particular make, model, file system, software version, or a combination of those and similar attributes. John the Ripper is a great place to start when looking for how to extract a hash. Also as a general rule, the hash is likely to be stored in plain text somewhere in the hex (the raw data) on an electronic device. If the examiner is willing to poke around and search the hex, they may be able to find the password hash assuming the correct decoding method is used. This is not a hard-fast rule by any means, as there are complex methods of preventing external access to protected memory areas. For example, at the time of writing this, I know of no known method to extract a hash from a Chromebook even though it is possible to log into a Chromebook without it being connected to the internet, implying that a hash of the user’s password must be stored locally on the device.

Hash Identification

There may be times when a password hash has been located but the hash type is unknown. Hashcat has an entire wiki including example hashes that can aid in this process. The example hashes are located on the Hashcat Wiki and can help with the hash identification of an unknown hash. A simple Google search for “Hash Identification” results in multiple online tools that can help identify the type of hash, be it NTLM, SHA-256, or many others. Several websites include Skerritt, Hashes.com or Onlinehashcrack.com. Be wary of using these or any other websites for sensitive hashes as the website now has the actual hash. For advanced examiners who do not want to use an online tool, Kali Linux also has an offline tool called Hash-Identifier that can be downloaded and used locally so the hash is not shared.

Attacking the Hash

Once the type of hash is identified, it is time to attempt to crack the hash. The simplest yet least secure method of cracking a password from a hash is once again to use an online resource. Some of the previously mentioned websites also offer services that will attempt to crack a hash, but those are limited. The use of a password cracking tool such as Hashcat is highly recommended as it allows for a much more powerful, robust, and secure method of cracking a password hash. Here is a hash taken from the Hashcat Wiki: b4b9b02e6f09a9bd760f388b67351e2b. This is an NTLM hash of a word in the English language. If you have visited the website then it is easy to determine what this hash is, but let’s assume that we know nothing about this hash other than it was extracted from a Windows machine and we wanted to crack this hash using Hashcat. Recall that the method of cracking this password has to be coming up with our potential password, hashing it, and comparing the two hashes until we find a match. This is a process Hashcat will automate for us. So if we get it wrong, the worst that will happen is we will move on to the next potential password and try again. Therefore, there are two primary methods of attacking a password, a brute-force method, and a more focused attack. An exhaustive brute-force attack would take the combination of all possible symbols on the keyboard and iterate through them. This is not ideal, but let’s explore the mathematical reason why it is not the best method before explaining a better method. If an exhaustive attack was to be performed against a password, that would mean that every possible permutation of all possible characters, numbers, and symbols on the keyboard would be attempted. For the standard English QWERTY keyboard, there are 10 digits 0123456789, 26 lowercase letters abcdefghijklmnopqrstuvwxyz, 26 upper case letters, ABCDEFGHIJKLMNOPQRSTUVWXYZ, and 33 special characters or including symbols, !@#$%^&*()-_=+[{]}\|;:'”,<.>/? . Note that space or the spacebar is also included in the special character count. Adding these together results in 10 + 26 + 26 + 33 = 95. or ninety-five total possible characters that can be used at any point in a password, assuming they are all allowed for use in a password. So for a single character password, there are only 95 possible combinations. For a two-character password, there are 95 x 95 = 9,025 possible combinations. A three-character password has 95 x 95 x 95 (or 95³) = 857,375 combinations, a four-character has 95⁴ = 81,450,625 combinations, and a very short five-character password has an astonishing 95⁵ = 7,737,809,375 password combinations, over seven billion! Even a meager eight-character combination has over six quadrillion (a quadrillion is the name of the number just beyond trillion) possible combinations for just the eight characters alone! Not only does this show the difficulty of using every possible character, but it also shows the strength of using unusual symbols in passwords. Even with modern computing that is capable of computing thousands of possible passwords per second, it could take decades or longer to attempt to crack an eight-character password using this method using normal computers. We need a better method! So to speed up this process we need to make some assumptions about the original password rather than guessing random characters. This brings up the primary weakness and therefore the best method of attacking passwords once the examiner has the hash. Since most passwords must be remembered by the user, it is very likely to contain a word in a language that the user knows. The total number of guesses can be greatly reduced by avoiding letter combinations that are not words. The total number of words in the 2022 Oxford English dictionary is over 600,000 words, but this does include outdated, obsolete, and obscure words. Still, this is a huge improvement over even a short three-letter permutation! It is also common to add numbers or symbols to the end of the password. So we can also add numbers to the end of a valid word and try those combinations. Sophisticated users may decide to use “leet speak” and replace letters like ‘S’ with the number ‘5’, the letter ‘A’ with the number ‘4’, the letter ‘E’ with the number ‘3’, the letters ‘I’ or ‘l’ with the number ‘1’ because they look similar to the corresponding letter. For example, the word “Apples” may become “4pp135” when using leet speak. Finally, the addition of symbols is common at the end of the password, so common symbols like “!” can be added to the end (Picolet, 2019). This is by no means an exhaustive list, but this is a good starting point considering the alternative of a true brute force attack.

Wordlists

Now that we know a better method, we need to come up with a way to use that method to attack passwords. The simplest method would be to use a list of words or a wordlist of possible passwords. Just like it sounds, it is a list of possible passwords that already have symbols and numbers added to them. When using a wordlist to attack a password, it is often called a dictionary attack. It is possible to manually build our wordlist, but that is a very time-intensive task as we would not only need to create useful passwords but avoid duplicates. Fortunately, there are prebuilt wordlists that we can use. When companies are hacked, a part of the data that is often stolen is the passwords. Companies should encrypt their data, specifically user passwords, but this is not always the case. In 2009, the social gaming company RockYou was compromised by a SQL injection attack. The hacker was able to gain access to over 32 million accounts and they were storing passwords in the clear, which means that there was no encryption whatsoever on the passwords as they were stored in plain text (Cubrilovic, 2009). This list of passwords has become known as the rockyou list and is commonly used as a starting point for dictionary attacks. Future breaches where the passwords have been compromised and cracked have also been added to wordlists. It is important to note that a good password list will not have duplicates of passwords due to deduplication. This is a key way to save time when cracking passwords by not attempting the same password multiple times. A good online resource where wordlists are compiled and ranked is Weakpass.com (W34kp455, 2014). On this site, wordlists are ranked by order of popularity and functionality from 0 to 100 and using a color-coding system that corresponds with the numerical ranking. Note how there are varying sizes of lists, ranging from over 400GB to only a few bytes in size. The first several wordlists for download may not be ranked very high being color-coded red and only being in the single digits. Selecting “Lists” and selecting “Medium” should display the original rockyou wordlist as rockyou.txt on the first page with just over 14 million unique passwords. When selecting “Lists” from the horizontal menu and selecting “All” we can sort all lists by popularity. Near the top of the list should be the cyclone.hashesorg.hashkiller.combined.txt password list with about 1.5 billion total passwords. This list is one of the top-ranked lists while only being just over 15GB in size. I would recommend using this list and I use it frequently because it is a good combination of reduced size yet it still has some complexity to crack most common passwords. The total time to iterate through the list is not unreasonable for many password hash types and stands a decent chance of cracking many passwords with a straight dictionary attack. The “All-in-One” tab allows for downloading a deduplicated version of all passwords on the site in various lengths for different applications, but know that a longer list will take longer to complete than a shorter list. If you haven’t noticed, there is also an estimated time to iterate through the list for a particular password type under each list. While this can vary widely between different computers, it does a good job of showing the relative time difference it takes to attempt that list against the different hash types. If the 15GB password list is too large for you, here is a smaller list that is not posted on Weakpass. This list combines several of the smaller wordlists from Weakpass and uses a few other techniques for an uncompressed size that is just under 1GB in size. If you plan on installing and using Hashcat, I would strongly recommend downloading at least one list of your choice.

Installing Hashcat

Now that we know some of the more common methods used to create passwords, and we have access to a good list of millions of potential passwords, we can attempt to crack the example hash using Hashcat (Hashcat – Advanced Password Recovery, n.d.). Considering the type of calculations performed, it is much more efficient to use the video card of a computer to perform these calculations rather than use the CPU. This may cause some compatibility issues, and if so help on how to install Hashcat can be found on the Hashcat Discord server. I would encourage anyone who has not used Hashcat or even if they have not used a command-line tool to follow along at this point on their own Windows machine even if you have not extracted any hashes up to this point. We will crack the previously mentioned example hash (b4b9b02e6f09a9bd760f388b67351e2b) from Hashcat’s website here shortly! Once Hashcat is installed, it needs to be launched from the command line, or command prompt, assuming the user is using a Windows system. The simplest method to launch a command prompt window in the correct location is to navigate to where Hashcat is installed (C:\Windows\Programs\hashcat-6.2.5 or similar) using File Explorer, click the white area next to the path so that the path turns blue, type cmd and press enter. A black window with white text should appear. If you have never used the command line before, congratulations on opening your first terminal window! The next step is to launch Hashcat in help mode. This will also see if the correct drivers are installed to allow for Hashcat to run. Simply type hashcat.exe -h in the command prompt. It is possible that an error occurred stating an OpenCL, HIP, or CUDA installation was not found. If this is the case, I would recommend typing Device Manager in the search bar next to the Windows Start menu and then selecting Display adapters to determine the type of video card installed on the computer. Beyond this, it will require downloading the required drivers from a trusted source to continue using Hashcat. Once again, additional help on how to install Hashcat can be found on the Hashcat Discord Server¹⁰⁰. If the hashcat.exe -h is successful, then there should be a large amount of output on the screen showing options, hash modes, and examples, and should end with some links to the Hashcat website. I find it helpful to save this help information to a simple text file for easy reference. That can be done by pressing the up arrow on the keyboard to display hashcat.exe -h again, but before pressing enter add > Help.txt to the end of the command for the total command of hashcat.exe -h > Help.txt. This will create a text file in the same folder with the output from the help command which can be opened in Notepad or similar for quick reference while keeping the command prompt window free to run Hashcat. Open the Help.txt that was just created in the hashcat-6.2.5 folder. Under – [ Hash Modes ] – it shows the numerous types of hashes that can be attacked (and possibly cracked) assuming the hash is properly extracted. Scrolling to the bottom shows some example commands to run Hashcat under – [ Basic Examples ] -. Note that the first Attack-Mode is a Wordlist, but there is also a Brute Force option. This is not a true brute force method as was discussed earlier as it does not use all the possible symbols on the keyboard nor does it use uppercase letters except for the first character. One advantage is that it does not require a dictionary or wordlist to crack a password, so it has its uses. Let’s break down this command. Under example command, the first word is hashcat. It can also be hashcat.exe. This is simple, we are just calling the executable file, but we need to give some input or arguments to the program. The next thing we see is -a and then a number followed by -m followed by another number. At the top of the help file, we see under – [ Options ] – it explains -a as the attack-mode and -m as the hash-type. Both of these are required, but the order is not an issue as they can be in either order, but we will follow the order shown in the example. Scrolling back down towards the bottom we find – [ Attack Modes ] – where it shows the types of attacks. Brute-Force is 3 while Straight is 0. Brute-Force is Hashcat’s version of brute-force that was just briefly mentioned, while Straight is a dictionary attack using a wordlist. Now for the other required argument, the -m. This stands for hash-type, so we scroll up to the bulk of the help file under – [ Hash Modes ] – and see all the different types. We know this is an NTLM hash, so we need to find the hash-type for NTLM in all of that noise. Rather than manually searching, press CTRL + F to open the find menu and type NTLM. You may get some results like NetNTLMv1, NetNTLMv1+ESS, or NetNTLMv2 and you may have to change your direction of searching to find matches, but you should be able to find just NTLM all on one line with a mode of 1000. Now that we know the required parameters for our two required arguments, onto how to input the hash itself into Hashcat. When it comes to the hash itself, Hashcat will accept the hash in one of two ways. It can either be pasted directly into the command line, or it can be put into a simple text (.txt) file with one hash and only one hash per line. If a text file containing multiple hashes is used, it needs to be all hashes of the same type, like multiple NTLM hashes or multiple SHA-256 hashes, with each hash on its own line. If attacking multiple hashes, the file method will be faster than trying to crack them one at a time but it will be slower than a single hash. Pasting directly into the command line can be faster if the hash is already extracted, but a few seconds taken to format the hash in a text file right after extraction may be better in some situations. The example command shows some arguments like ?a?a?a?a?a? after the example0.hash, but those are not required. Other arguments can be seen towards the top of the help file, but those are optional. We now know everything required to crack this example NTLM hash! b4b9b02e6f09a9bd760f388b67351e2b.

“Brute-Forcing” with Hashcat

Go to the command line where we typed in hashcat.exe -h and type hashcat.exe -a 3 -m 1000 b4b9b02e6f09a9bd760f388b67351e2b and hit enter. There should be a wall of white text and then it will stop and it should show Cracked partway up on the screen! Above the Cracked notification, there will be the hash and at the end, it will show b4b9b02e6f09a9bd760f388b67351e2b:hashcat. This means the password was hashcat, as can be seen at the top of the Hashcat Wiki webpage. If this is your first time cracking a password then congratulations! You just cracked your first password hash! Now let’s examine what Hashcat did during that wall of white text. Scrolling up we can see the first block of text similar to the block of text at the end, but instead of saying Cracked it says Exhausted. Looking at the Guess.Mask row in the first column we see a ?1 [1], and on the next row we see a Guess.Charset. On the Guess.Charset row there it shows the -1 and it is followed by a ?l?u?d. To know what those mean, we need to go back to our help file. Under – [ Built-in Charsets ] – close to the bottom we see the l showing all lowercase characters, the u showing all uppercase characters, and the d is all digits from 0 to 9. Putting it all together this means Hashcat tried all lowercase, uppercase, and digits for a password length of 1 before exhausting and moving on. Notice how at the top it showed Approaching final keyspace – workload adjusted. and that means that Hashcat realizes it is about to come to the end of its current process and it is thinking about what it needs to do next. The second block shows a Guess.Mask of ?1?2 [2]. Therefore, there was a total of two characters, but this time it is a little different. The ?2 is only the ?l and ?d meaning for the second character it only tried lowercase and digits, but for the first character it was still a ?1 so it tried lower, upper, and digits like in the first block. The third block is a Guess.Mask of ?1?2?2 [3], so three characters total but only trying uppercase, lowercase, and digits for the first and trying lowercase and digits for the other two. The fourth, fifth, and sixth blocks all show uppercase, lowercase, and digits for the first character with lowercase and digits for the rest. The seventh block is where it was cracked, using the same Guess.Mask format of ?1?2?2?2?2?2?2. The password was not long enough to see for thisexample, but if we didn’t crack it on seven characters it would keep getting longer, and eventually the ?3 would be used which would be added to the end which would also try the following five symbols of *!$@_ in addition to lowercase and digits for the last character.

Hashcat’s Potfile

This worked for this password, but for more complicated passwords we can see where it has its limitations. That is why we need a robust wordlist. So let’s try and crack this password again using a wordlist, and in doing so we will discover a useful function of Hashcat. First, find the wordlist that you previously downloaded in File Explorer and unzip it. It may not have a file extension, but Hashcat doesn’t care nor would it be likely that you could open the file in normal Notepad anyway as it is probably going to be too big for the standard version of Notepad. If you want to see the contents, you should be able to use another text editor like Notepad++ for smaller wordlists, but it is by no means required. Let’s go back to the command line where we just cracked the hash and type out a new command. Type hashcat.exe -a 0 -m 1000 b4b9b02e6f09a9bd760f388b67351e2b not forgetting to put a single space after the hash but don’t hit enter just yet. Hashcat needs the path for the wordlist, note how we are using -a 0 instead of -a 3. If you are savvy with the command line, you could enter the path of the file (not forgetting quotes if there are any spaces), or you could copy the path from the File Explorer window (where we typed cmd earlier to open our command prompt window) and then add the file name, but there is an easier way that some may consider cheating. If you are not cheating you are not trying, right? The easiest way is to just drag and drop the uncompressed wordlist into the black area of the command prompt window and it should populate the whole path to the file in the command line. The whole command should look something like this, hashcat.exe -a 0 -m 1000 b4b9b02e6f09a9bd760f388b67351e2b “D:\My Folder\My Downloaded Wordlist”. There may or may not be quotes around the path depending on if there are spaces in the folder and subfolders or the file name. Hit enter and see what happens. It should have finished very quickly and displayed a notification of INFO: All hashes found in potfile! Use –show to display them. Well, that is interesting, what is a potfile? Simply put, the potfile is where Hashcat automatically stores hashes it cracks with the corresponding password in plain text. This is very useful to make sure that time is not wasted trying to crack passwords that have already been cracked and to make sure a cracked password is saved in case of power failure. It would be most unfortunate if a password was cracked before the examiner could see it and the power went out to the machine that was not hooked up to a Universal Power Supply due to budgetary concerns. Anyway, go to the hashcat-6.2.5 folder where hashcat.exe is located, find the file named hashcat.potfile and open using Notepad or the text editor of your choice. Assuming this is your first time using a freshly downloaded Hashcat, there will only be one entry, b4b9b02e6f09a9bd760f388b67351e2b:hashcat. This is nice to prevent us from wasting time trying to crack it again, but we want to see how to try and crack it using other methods. Either delete the single entry from the potfile, save, and close, or just delete the whole potfile as Hashcat will automatically generate a new one upon cracking another password.

Dictionary (Wordlist) Attack with Hashcat

Go back to the command prompt and press the up arrow on the keyboard. Your previously typed command of hashcat.exe -a 0 -m 1000 b4b9b02e6f09a9bd760f388b67351e2b “D:\My Folder\My Downloaded Wordlist” or similar should appear. Press Enter to run the command again. Now it should start processing, but it will stop after a moment and display something like Watchdog: Temperature abort trigger set to 90c. As a side note, this is nice to know that Hashcat has built-in safety procedures to help prevent the overheating of video cards and will slow down its processing speed if the GPU (aka video card) gets too hot. Anyway, after a few seconds, it should display something like Dictionary cache building “D:\My Folder\My Downloaded Wordlist”: 1711225339 bytes (10.61%) with the percentage increasing every few seconds. This is normal and depending on the size of the wordlist it might take a minute or two. This is required after the first time starting a new wordlist, but as long as the location of the wordlist does not change it will not need to build the dictionary each time. Once the dictionary is built, it will display the following line: [s]tatus [p]ause [b]ypass [c]heckpoint [f]inish [q]uit =>. This shows what commands we can enter while it is processing. It would be nice to know what is going on, so press the s key. The first thing I look at is the Time.Estimated row and it will show an estimated end date and time and estimated duration. This is where times can vary greatly based on the type of GPU and length of the wordlist. Even if a longer wordlist was chosen, it should not take long to crack the password. This is assuming that the word “hashcat” is in the dictionary, but hopefully it is there. This method will likely take a bit longer than the brute-force method, but it is much more robust and is one of the best methods for cracking passwords. We are going to try one more method for now, so go back to the potfile and delete the most recent entry from the potfile or just delete the whole potfile.

Dictionary (Wordlist) Attack with Hashcat

Go back to the command prompt and press the up arrow on the keyboard. Your previously typed command of hashcat.exe -a 0 -m 1000 b4b9b02e6f09a9bd760f388b67351e2b “D:\My Folder\My Downloaded Wordlist” or similar should appear. Press Enter to run the command again. Now it should start processing, but it will stop after a moment and display something like Watchdog: Temperature abort trigger set to 90c. As a side note, this is nice to know that Hashcat has built-in safety procedures to help prevent the overheating of video cards and will slow down its processing speed if the GPU (aka video card) gets too hot. Anyway, after a few seconds, it should display something like Dictionary cache building “D:\My Folder\My Downloaded Wordlist”: 1711225339 bytes (10.61%) with the percentage increasing every few seconds. This is normal and depending on the size of the wordlist it might take a minute or two. This is required after the first time starting a new wordlist, but as long as the location of the wordlist does not change it will not need to build the dictionary each time. Once the dictionary is built, it will display the following line: [s]tatus [p]ause [b]ypass [c]heckpoint [f]inish [q]uit =>. This shows what commands we can enter while it is processing. It would be nice to know what is going on, so press the s key. The first thing I look at is the Time.Estimated row and it will show an estimated end date and time and estimated duration. This is where times can vary greatly based on the type of GPU and length of the wordlist. Even if a longer wordlist was chosen, it should not take long to crack the password. This is assuming that the word “hashcat” is in the dictionary, but hopefully it is there. This method will likely take a bit longer than the brute-force method, but it is much more robust and is one of the best methods for cracking passwords. We are going to try one more method for now, so go back to the potfile and delete the most recent entry from the potfile or just delete the whole potfile.

Robust Encryption Methods

Up to now, we have only cracked an NTLM hash, but what about more robust encryption methods? Go to the Hashcat Example Hashes and search for BitLocker that should be mode 22100. The resulting hash should be as follows: $bitlocker$1$16$6f972989ddc209f1eccf07313a7266a2$1048576$12$3a33a8eaff5e6f81d907b591$60$3 16b0f6d4cb445fb056f0e3e0633c413526ff4481bbf588917b70a4e8f8075f5ceb45958a800b42cb7ff9b7f5 e17c6145bf8561ea86f52d3592059fb. This is massive compared to the NTLM hash! Try it in Hashcat using the following command: hashcat.exe -a 3 -m 22100 $bitlocker$1$16$6f972989ddc209f1eccf07313a7266a2$1048576$12$3a3 3a8eaff5e6f81d907b591$60$316b0f6d4cb445fb056f0e3e0633c413526ff4481bbf588917b70a4e8f8075f5 ceb45958a800b42cb7ff9b7f5e17c6145bf8561ea86f52d3592059fb The brute-force starts at four characters because BitLocker originally required a minimum password length of four so Hashcat is smart enough to not waste time trying less than four characters when attacking a BitLocker password. For my computer, it shows an estimated time of 1 hour and 19 minutes for just 4 characters. If I let it run and go to 5 characters, it shows it will take 2 days to just try 5 characters! Your computer may have different estimated times, but unless you have a really good gaming computer or are running Hashcat on a computer designed for mining cryptocurrency you are probably seeing similar numbers. Trying the same BitLocker hash but just using a dictionary attack with no rules against the cyclone.hashesorg.hashkiller.combined dictionary shows an estimated time of 28 days! Knowing this means that if an NTLM hash was cracked using the cyclone.hashesorg.hashkiller. combined dictionary, it will take about a month at the most for the same BitLocker password to be cracked. This time can be significantly reduced by using a computer with multiple GPUs like computers used for mining cryptocurrency. This is a really good reason to not have a password that comes standard in most dictionary attacks and shows why strong and complicated passwords are important. This is just examining BitLocker, but VeraCrypt and DiskCryptor example hashes require the download of a file as it is too large to display on Hashcat’s website. This shows a substantial difference between password encryption used by Windows and robust encryption software, but it also shows why it is very important to not reuse passwords. If an attacker can compromise the weak Windows password and the same password is also used for robust encryption software then the strong encryption method is very easily defeated. It also shows how a robust encryption method can be defeated by using a good wordlist and why strong passwords are the first line of defense no matter what encryption method is used.

Complex Password Testing with Hashcat

Maybe you have gotten the bug by now and our simple hash that is just “hashcat” is not good enough and you want to try even harder potential passwords. The easiest way to attempt to crack more difficult passwords is to use an NTLM hash generator. Online NTLM hash generators hosted on a website may be the easiest route, but there is a major security concern if the user wants to test their own passwords and converts them using an online tool. By using the online tool the user has likely given up their password to a third party if that online tool is logging input to their website. I would only recommend using an online tool for testing passwords that the user is not using, and I would not even use similar passwords to ones that are currently in use in an online tool. The next best method would likely be PowerShell functions or Python scripts that can generate NTLM hashes. These links are just two possible ways to create an NTLM hash, but searching Google can find other methods as well. This is much more secure as the processing to convert the password to an NTLM hash is done on the user’s computer. Just note that if the password is cracked, it will be saved in the potfile so it would be wise to either delete the entry from the potfile or delete the potfile altogether once the testing session is complete.

Searching a Dictionary for a Password

Since we have already mentioned that the main weakness of a password is the existence of that password in a wordlist, it might be nice to see if our current password or other potential password shows up in a dictionary. Since these wordlists are very large, it is difficult to find a program that will open them up to do a simple Ctrl + F to search the document to find the password. Fortunately, the command line offers an easier way to search the contents of a file without opening the file. Using File Explorer, navigate to the folder where you have downloaded and uncompressed a wordlist. Open a command-line window just like we did for running Hashcat by clicking the white area next to the path so that the path turns blue, type cmd, and press enter. We are going to use the findstr command to search the contents of a dictionary. In the command line, type findstr password and then press [TAB] until the dictionary you want to search appears. The completed command should look something like findstr password MyDictionary. Press enter. If you chose a common password it should output a wall of white text showing all passwords that contain that password. If it just shows a blinking cursor, then it is searching trying to find a match. When you can type again, it has finished searching. This is a good way to check if a password exists in a dictionary or wordlist, but if the password does not show up that does not necessarily mean it can’t be cracked with that dictionary. An appropriate rule would have to be added to mangle the wordlist in a way that would cause the password to be guessed by Hashcat. Still, since dictionary attacks are the most common and the fastest method of cracking a password, it is a good yet simple test to see if the password is a strong password or not.

Generating Custom Wordlists

Now I am going to move into a bit more advanced concepts and assume that the reader is somewhat familiar with forensic examinations of electronic devices. Some of the more basic concepts related to forensic exams will be overlooked when explaining these techniques, and some of the advanced concepts will only be discussed briefly. This remaining section of this chapter is simply intended to show what is possible and how it can be useful in a thorough examination. Two reasons for using custom wordlists are for attacking a particularly stubborn password (good for them for using a strong password!) or for generating a wordlist for use on forensic tools that require a static wordlist/dictionary to attack alphanumeric passwords like are used on some Android devices. As an example of how to use both of these techniques in a forensic examination, let’s say an examiner has the legal authority to examine a Windows computer and an Android phone from the same target/suspect user. Both devices are in the examiner’s possession. The drive for the computer is not encrypted with BitLocker or other methods and the examiner was able to acquire an .E01 of the hard drive from the computer, but the phone is locked with an alphanumeric password and unfortunately, we have not cracked the NTLM hash with the methods already mentioned. Because the data on the hard drive is not encrypted, there is now a wealth of information about the target including usergenerated data. It is even possible that there is simply a document saved somewhere on the hard drive that contains the passwords for that user that may contain the Windows (NTLM) password and the phone password. Rather than manually looking through the contents of the hard drive, there are tools that will search the hard drive and build wordlists for us. The first tool is the AXIOM Wordlist Generator. This requires the examiner to have access to the Magnet AXIOM forensic software. The .E01 image will need to be processed With AXIOM Process and then the AXIOM Wordlist Generator can be used. Instructions for how to use the AXIOM Wordlist Generator is on their website. A free alternative that is more comprehensive but yields more false positives is to use Bulk Extractor with the following command: bulk_extractor -E wordlist -o . For example, if the examiner had acquired an .E01 image of a hard drive and named the acquisition HDD.E01 and wanted to output the wordlist to a folder called Wordlist that was in the same folder as the HDD.E01 file with a terminal window open in the same directory as the HDD.E01 file, the following command would be used: bulk_extractor -E wordlist -o Wordlist HDD.E01. Bulk Extractor comes standard with a Kali Linux build, but is also available on Windows. I find it is better to use a Linux box, but to each their own. A virtual machine (VM) of Linux or other access to Kali Linux or similar can be used as nearly all Linux distributions to include Kali Linux are free. If using a Linux VM, one option is to use Virtual Box. While a VM can be used, it is not difficult to set up a USB thumb drive or an external hard drive with Kali Linux or similar and change the boot order on the computer to boot to a fully functional and persistent Kali Linux. The instructions for this procedure are on the Kali Linux website. I would recommend this second method if you are planning on further customizing wordlists by paring them down as is discussed in the next section, but a Kali VM will work as well. Once the wordlist is generated with the preferred method (or both methods), the NTLM password from the Windows machine can be attacked again and hopefully cracked. By using the cracked Windows password, we can then use virtualization software to log in to the suspect machine virtually and examine the saved passwords in Chrome, Edge, or other browsers. With the cracked NTLM and the saved browser passwords, we now have several potential passwords for the phone. Those exact passwords could be tried on the phone, using a forensic tool of course, but what if it was an unknown variation of those passwords? It is also possible that we have yet to crack even the NTLM password if it is a strong password. There is still hope if the keyword/baseword used in the password is in the wordlist we have generated. For example, if the target password is 123456Password!@#$%^ We just have to get rid of the noise in the custom wordlist and then mangle the wordlist in a way that will generate the target password. Kali Linux can help us with that process.

Paring Down Custom Wordlists

If a really strong password has been used, then it may not be cracked even with a custom-built wordlist using the AXIOM Wordlist Generator and Bulk Extractor to pull passwords from the target device. It is also possible that the password uses a word from another language. If this is the case, the examiner will need to focus their efforts even more and get rid of the “noise” in the custom wordlist. It would also be a good idea to download a list of words for the target language. This link is a good place to start when looking for wordlists in other languages. A simple Google search should also yield results for wordlists in the target language. With all three lists (AXIOM wordlist, Bulk Extractor, and foreign language) we need to combine them into one list. A simple copy-paste can work, but the lists may be too large to open to copy them all into one file. Fortunately, Linux has a concatenate method that will combine files. After copying all the files/wordlists to Kali Linux, open up a terminal window and type the following command cat AXIOMWordlist BulkExtractorWordList ForeignLanguageWordList > CombinedWordList choosing the correct names of the files, of course.

Now we run into the issue of potential duplicate lines. There are tools built into Linux that canremove these duplicate lines, by using the following commands: sort CombinedWordList | uniq -d followed by awk ‘!seen[$0]++’ CombinedWordList > CombinedWordListDedupe. The problem with this is we run into the issue of different line endings/carriage return symbols that are used by Unix vs Windows. A carriage return is simply the [Return] or [Enter] character at the end of a line that tells the operating system to start a new line. Unix uses a different carriage return character than Windows. So two lines may be identical except for the carriage return, but it won’t be recognized by normal Linux commands and there will be duplicate lines in our wordlist. There is a program called rling that will need to be compiled on a Linux system. It is not in the normal distributions so a sudo apt install from the terminal window will not work. Certain dependencies like libdv-dev and Judy may need to be installed using the following commands: sudo apt-get update –y sudo apt-get install -y libdb-dev for libdb-dev and sudo apt-get install libjudy-dev. The rling command will then be run from the location it was compiled by using ./rling in that directory if the entire rling folder is not stored in the /usr/share folder on the Linux system after compiling the program. I would reccommend copying the rling folder to the /usr/share folder to allow it to run from the terminal window like Hashcat or Bulk Extractor so you can call the command by simply using rling from anywhere on the system. I understand that this is somewhat technical and I did not go into great detail, but this is the best and fastest method that I found for deduplication that also properly deals with carriage return issues. Once we have chosen the deduplication method of our choice, it may be useful to change the characters that have escaped HTML conversion back to their ASCII equivalents. What this means is there may be a &gt inside of the passwords but what that should be is simply a >. The way to automate this conversion is with the following command: sed -I ‘s/&gt/>/g’ WordList.txt.

Here is a partial list of HTML names and their ASCII equivalents. Finally, we may choose to only select potential passwords that are of a certain length. Grep can be very useful here. By using the following command grep -x ‘.\{4,16\}’ WordList.txt > AndroidPWLength.txt it will select only lines that are between 4 to 16 characters in length. By using the following command grep -x -E -v ‘[0-9]+’ AndroidPWLength.txt > Alphanumeric.txt it will exclude all PIN codes from the list and only select alphanumeric passwords. This final list should be a deduplicated list of possible passwords from the AXIOM wordlist, Bulk Extractor, and foreign language list that can be used against the Android device with the appropriate forensic tool.

Mangling Wordlists In Place

Perhaps the combined wordlist as was just mentioned still did not crack the stubborn password and the forensic tool is being used that does not allow for rules on the fly like Hashcat. If this is the case, the wordlist will need to be mangled in place before uploading the wordlist to the forensic tool. Hashcat can still be used to mangle the wordlist before uploading to the forensic tool, but it will need to be done using Linux. As was mentioned in the previous section, I prefer Kali Linux but to each their own. The following instructions are how to mangle the wordlist in place using a Kali Linux OS, but the location of the rule list may be different if using a different flavor of Linux. Copy the wordlist to a Kali Linux computer and navigate to the folder that contains the wordlist you want to mangle with the Hashcat rule of your choice. For this example, I will use Wordlist.txt and the best64.rule rule. Open up a terminal window (if you are using the GUI instead of the CLI to navigate) by right-clicking in the area inside of the folder and use the following command: hashcat –force Wordlist.txt -r /usr/share/hashcat/rules/best64.rule –stdout > Wordlist_best64.txt and hit enter. Once the iteration is complete, the file Wordlist_best64.txt will be created and will contain all of the iterations of Wordlist.txt with the best64.rule rule used against it so that a straight dictionary attack can be used. Keep in mind that this can quickly create massive files even out of smaller wordlists, so that is why I am using the much smaller rule set of base64.rule rather than the onerulestorulethemall.rule. If even the standard smaller rules create wordlists that are too big to use on the forensic tool, then custom rules can be created. For example, a file named append_exclamation.rule containing only two lines of : and $! (each on their own line) would append an exclamation point to every word in a wordlist so it would double the size of the list. More information on how to mangle wordlists using Hashcat can be found at this blog post. It might also be useful to make sure that there are no duplicates by using rling against the wordlist again. Additionally, if a max password length is known it would be good to use grep to remove passwords that are too long as was mentioned in the previous section.

 

Additional Resources and Advanced Techniques

Building Wordlists from RAM

While it is pretty much required to have the admin password from a computer to acquire RAM, if RAM has been acquired on a system and there is a need to crack an additional password other than the known admin password, RAM can be a great resource to build a custom wordlist for that system. Once again, Linux is also a useful tool for this. The basic process is to use an uncompressed RAM capture and extract possible passwords by using the strings command to look for possible passwords. Linux can also deduplicate these possible passwords. An example command would look like strings Memory_file | sort | uniq > RAMwordlist.txt where ‘Memory_file’ is the name of the uncompressed memory image. Then the generated wordlist can be used in Hashcat just like a dictionary attack. For more info, check out a great video on the topic by DFIRScience.

Crunch for Generating Random Wordlists

Crunch is a Kali Linux package that allows for the generation of wordlists using a predefined set of characters and only of a specific length. This can be useful if certain characters are known or if the length of the password is known. It is a bit simpler than using rules in Hashcat, it is easy to use, and it is quite useful for lists of only a few characters in length. It is similar to generating a list for brute-forcing a password which has limitations already discussed, but it can be useful. From the terminal window on a Linux machine simply type the command sudo apt install crunch to install. The example on their home page shows the command crunch 6 6 0123456789abcdef -o 6chars.txt generating a list of all combinations and permutations of all digits and the letters a-f and outputting the results to a file.

Combinator Attacks and More by 13Cubed

The 13Cubed YouTube channel has excellent and in-depth information on numerous digital forensics concepts. One of his videos covers how to concatenate words together to crack passwords that may consist of several words strung together. He also goes over some more advanced topics and concepts related to using Hashcat, check out the first of his two-part series on Hashcat.

John the Ripper

John the Ripper is similar to Hashcat in many ways but where I think it really shines is for hash extraction to start the process of cracking a password. John the Ripper can also be used instead of Hashcat to crack the actual hash, and it can also mangle wordlists in a similar fashion to the previously described method of using Hashcat on a Linux machine. More info on John the Ripper can be found on their website.

 

This has just been a brief dive into showing how easy it is to crack simple passwords and hopefully will show why strong passwords are so important. The Windows operating system uses a weak form of encryption for its passwords, and this is a place to start when trying to crack passwords for fun or security testing purposes. Even with strong encryption methods, a weak or reused password will not be sufficient to safeguard the data. Knowing these methods are out there to defeat user passwords should show the user why it is so important to use strong passwords and why it is a bad idea to reuse passwords between accounts. A better understanding of the attack methods against passwords should encourage everyone to use better security practices to safeguard their data.

 

Learn More:

For solution, online support and query email us at .

 

 

Leave a Comment

Your email address will not be published. Required fields are marked *

error: Content is protected !!