This demo shows how an attack can use Hashcat, a free, fast password recovery tool, to recover plaintext passwords from insecure hash functions. Hashcat is a great tool for demonstrating how certain hash functions and password storage techniques are insecure—it also might be helpful if you find some password hashes that you are interested in cracking.
You can download a Hashcat binary from the Hashcat website. Hashcat is fast because it contains hand-optimized kernel code that allows it to permute and hash passwords very quickly, though newer versions of Hashcat allow you to run Hashcat on your computer’s GPU for even faster performance.
You may also look at the source code on Hashcat’s Github repository. If you have trouble using the GPU version of Hashcat on your computer, you might try using the CPU-only Hashcat Legacy, which can be found at the Hashcat Legacy repository. (Hashcat Legacy is the version we displayed during the demo, and it’s still extremely fast in terms of the number of passwords it can hash per second.)
If you’re on a department machine, we’ve installed Hashcat Legacy, which you can run using the
cs166_hashcat command, or the full path:
Once you have Hashcat installed, make sure Hashcat has been properly set up by running the benchmarks:
On the Sunlab machines using insecure hash functions like MD4 and MD5, the benchmarks show that Hashcat is able to hash several million passwords per second. (Consider: some hash functions are slower to compute than others. Why is this a good thing, from a security perspective?)
Demo slides can be found here—they describe how to perform the various types of attacks that we saw in the demo.
To perform the dictionary attacks from the demo, you’ll need
rockyou.txt, a list of plaintext passwords recovered from the 2009 RockYou hack (download; warning—very large file that might be flagged by anti-malware software). The easiest way to download this file is to use the following two commands:
wget https://downloads.skullsecurity.org/passwords/rockyou.txt.bz2 bunzip2 rockyou.txt.bz2
You can also try cracking some of the hashes in the
eharmony.hash dataset from the 2012 eHarmony data breach (download; same warnings as previous download).
(One thing to observe about the eHarmony dataset once you’ve launched a dictionary attack against it: eHarmony converted all lowercase letters to uppercase, and there are no special characters. This eliminates a lot of variety and saves us a lot of work, so this is a good place to try the “mask”-based attacks we discussed in the demo.)
One might wonder how it’s possible to identify which kind of hash we’re faced with when we’re given a dataset. It’s possible to do some effective “cryptanalysis” on given hashes to identify (or at least, narrow down) the range of possible hash functions it could have originated from. In the demo, we’ll use
hashid to demonstrate how you can do this.