Password Cracking with Hashcat

Course Duration

5 Days

Audience

Employees of federal, state and local governments; and businesses working with the government.

Prerequisites

Fundamental Linux skills are a must

Course Description

You will learn, in detail, how to use Hashcat, its supporting tools as well as Hashtopolis for distributed cracking.

Course Outline

Course Topics

• Provide a brief overview of modern cryptography for the purposes of framing hashing techniques and their role in securing infomation systems
• Understand the state of affairs with modern password usage. This includes; Issues with passwords and password implementation (proper and improper usage)
• Approaches to password cracking
• An examination of famous password breaches and what was learned from them
• Passkeys, Dicewords, passphrases and password complexity
• Approaches to password cracking – A logical, methodical approach to password cracking that can and will vary from target to target Exploring Distributed Cracking
• Time-space tradeoffs in password cracking
• Considerations and variations in technique when dealing with slow v. fast hashes
• Password Entropy What it is and why it is so important
• Calculating entropy
• Considerations for building password cracking computers ('cracking rigs') GPU choices
• RAM choices
• CPU choices
• Cooling
• Power
• Motherboard considerations
• Considerations in Internet Wordlists, Custom Wordlists and character encoding
• Overview of Hashcat What it is
• What it can and cannot do
• Overview of attack modes and supported algorithms
• Identifying algorithm type (if/when possible)
• Understanding Hashcat Base and Mod loops and how they impact cracking
• Detailed exploration of Hashcat potfiles and potfile management
• Managing Hashcat sessions
• An in-depth look at each tool in hashcat utils and how each might be used in support of cracknig efforts. This includes: cap2hccapx
• cleanup-rules
• combinator, combinator3 and combinatorX
• combipow
• cutb
• expander
• export_potfile
• gate
• generate-rules
• hcstatgen & hcstat2gen
• keyspace
• mli2
• morph
• permute
• prepare
• remaining
• req-exclude
• req-include
• rli, rli2
• tmesis, tmesis-dynamic
• Detailed Exploration of each hashcat attack type and its usage. This includes: Dictionary attacks Rule-based Attack Analyzing Internet rule sets
• Creating your own custom rule sets
• Ruleset considerations with various algorithms
• Combinator Attack
• Brute Force Attack (Marov) Understanding Markov Chains
• Mask Attacks Custom Hash Masks and Characters Sets
• Hybrid Attacks
• Association Attacks
• Analysis of WiFi Vendors and their default key algroithms and how they can be attcked in the most optimal way possible.
• Detailed exploration of keyboard walks and kwprocessor An analysis of keyboard walk vectors (magnitude & direction)
• Creation of custom keymap files
• Creating your own route files
• Using hcstatsgen and statsprocessor to make your own hcstat files (optimizing Markov for target-specific attacks)
• Using maskprocessor to generate customized candidates using mask files
• Using princeprocessor for automated password guessing
• Using Hashtopolis for distributed cracking

Frequently Asked Questions