hashcat 破解RAR密码操作使用记录
因为忘记了一个重要rar文件的密码,怎么都想不起来了,只好翻工具把密码给找出来了
这次用的是hashcat v6.2.6
官网下载地址戳这里hashcat - advanced password recovery
github地址戳这里GitHub - hashcat/hashcat: World's fastest and most advanced password recovery utility
hashcat is the world's fastest and most advanced password recovery utility, supporting five unique modes of attack for over 300 highly-optimized hashing algorithms. hashcat currently supports CPUs, GPUs, and other hardware accelerators on Linux, Windows, and macOS, and has facilities to help enable distributed password cracking.
按照它在github上的说法,世界上最快最先进的密码还原套件,个人也是很支持这种说法^_^
这里把主要功能记录一下
一、获取hash值,确定hash类型
获取RAR的hash值这里就不得不提到一个工具
John the Ripper
官网下载地址:John the Ripper password cracker (openwall.com)
John the Ripper is an Open Source password security auditing and password recovery tool available for many operating systems. John the Ripper jumbo supports hundreds of hash and cipher types, including for: user passwords of Unix flavors (Linux, *BSD, Solaris, AIX, QNX, etc.), macOS, Windows, "web apps" (e.g., WordPress), groupware (e.g., Notes/Domino), and database servers (SQL, LDAP, etc.); network traffic captures (Windows network authentication, WiFi WPA-PSK, etc.); encrypted private keys (SSH, GnuPG, cryptocurrency wallets, etc.), filesystems and disks (macOS .dmg files and "sparse bundles", Windows BitLocker, etc.), archives (ZIP, RAR, 7z), and document files (PDF, Microsoft Office's, etc.) These are just some of the examples - there are many more.
对于RAR来说用法很简单, 在安装路径下john-1.9.0-jumbo-1-win64\run有个rar2john.exe文件
PS D:\tools\john-1.9.0-jumbo-1-win64\run> .\rar2john.exe crack.rar
crack.rar:$rar5$16$8ca9b503880e86a5fe6f15009cce8e34$15$98d03625b8e2d8c79efaadede8aefb17$8$d4429c96a8b71499rar5就是它的加密类型,使用hashcat的时候需要选择对应的类型
同时$rar5$16$8ca9b503880e86a5fe6f15009cce8e34$15$98d03625b8e2d8c79efaadede8aefb17$8$d4429c96a8b71499就是它的hash值
二、常用破解参数
(一)指定加密类型 -m 13000
Options Short / Long | Type | Description | Example
================================+======+======================================================+=======================-m, --hash-type | Num | Hash-type | -m 1000
# | Name | Category
======+============================================================+======================================
0 | MD5 | Raw Hash11600 | 7-Zip | Archive
12500 | RAR3-hp | Archive
23800 | RAR3-p (Compressed) | Archive
23700 | RAR3-p (Uncompressed) | Archive
13000 | RAR5 | Archive
以上列出了集中常见类型,RAR5是13000,所以是
PS D:\tools\hashcat-6.2.6> .\hashcat.exe -m 13000(二)指定破解方式和字符集 -a 3 ?d
- [ Attack Modes ] -
# | Mode
===+======
0 | Straight
1 | Combination
3 | Brute-force
6 | Hybrid Wordlist + Mask
7 | Hybrid Mask + Wordlist
9 | Association
这里使用 3 | Brute-force 爆破模式,因为我记得是之前设置的密码是数字,根据掩码类型参考
- [ Built-in Charsets ] -
? | Charset
===+=========
l | abcdefghijklmnopqrstuvwxyz [a-z]
u | ABCDEFGHIJKLMNOPQRSTUVWXYZ [A-Z]
d | 0123456789 [0-9]
h | 0123456789abcdef [0-9a-f]
H | 0123456789ABCDEF [0-9A-F]
s | !"#$%&'()*+,-./:;<=>?@[\]^_`{|}~
a | ?l?u?d?s
b | 0x00 - 0xff
这里直接用 ?d 来缩小爆破的字符范围,全字符就是 ?a ,当然也可以自定义,hashcat提供了4个自定义字符集
-1, --custom-charset1 | CS | User-defined charset ?1 | -1 ?l?d?u
-2, --custom-charset2 | CS | User-defined charset ?2 | -2 ?l?d?s
-3, --custom-charset3 | CS | User-defined charset ?3 |
-4, --custom-charset4 | CS | User-defined charset ?4 |
例如使用小写字母+数字的字符集,使用第一个自定义字符集可以这么写,
-1 ?d?l ?1?1?1?1?1(三)设置破解位数 -i --increment-min=1 --increment-max=10
因为不记得具体位数,就从1位到10位逐个开始破解,需要启用递增模式
-i, --increment | | Enable mask increment mode |
--increment-min | Num | Start mask incrementing at X | --increment-min=4
--increment-max | Num | Stop mask incrementing at X | --increment-max=8
所以最后执行的破解命令为
.\hashcat.exe -m 13000 -a 3 -i --increment-min=1 --increment-max=10 '$rar5$16$8ca9b503880e86a5fe6f15009cce8e34$15$98d03625b8e2d8c79efaadede8aefb17$8$d4429c96a8b71499' ?d?d?d?d?d?d?d?d?d?d就会从1到10位开始破解密码,这里只抽其中3个记录留存
hashcat (v6.2.6) starting* Device #1: WARNING! Kernel exec timeout is not disabled.This may cause "CL_OUT_OF_RESOURCES" or related errors.To disable the timeout, see: https://hashcat.net/q/timeoutpatch
* Device #2: WARNING! Kernel exec timeout is not disabled.This may cause "CL_OUT_OF_RESOURCES" or related errors.To disable the timeout, see: https://hashcat.net/q/timeoutpatch
CUDA API (CUDA 12.0)
====================
* Device #1: NVIDIA GeForce RTX 3080, 9087/10239 MB, 68MCUOpenCL API (OpenCL 3.0 CUDA 12.0.70) - Platform #1 [NVIDIA Corporation]
=======================================================================
* Device #2: NVIDIA GeForce RTX 3080, skippedMinimum password length supported by kernel: 0
Maximum password length supported by kernel: 256Hashes: 1 digests; 1 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotatesOptimizers applied:
* Zero-Byte
* Single-Hash
* Single-Salt
* Brute-Force
* Slow-Hash-SIMD-LOOPWatchdog: Temperature abort trigger set to 90cHost memory required for this attack: 1474 MBThe wordlist or mask that you are using is too small.
This means that hashcat cannot use the full parallel power of your device(s).
Unless you supply more work, your cracking speed will drop.
For tips on supplying more work, see: https://hashcat.net/faq/moreworkApproaching final keyspace - workload adjusted.Session..........: hashcat
Status...........: Exhausted
Hash.Mode........: 13000 (RAR5)
Hash.Target......: $rar5$16$8ca9b503880e86a5fe6f15009cce8e34$15$98d036...b71499
Time.Started.....: Sun Nov 13 09:01:11 2022 (2 secs)
Time.Estimated...: Sun Nov 13 09:01:13 2022 (0 secs)
Kernel.Feature...: Pure Kernel
Guess.Mask.......: ?d [1]
Guess.Queue......: 1/10 (10.00%)
Speed.#1.........: 8 H/s (0.10ms) @ Accel:32 Loops:32 Thr:512 Vec:1
Recovered........: 0/1 (0.00%) Digests (total), 0/1 (0.00%) Digests (new)
Progress.........: 10/10 (100.00%)
Rejected.........: 0/10 (0.00%)
Restore.Point....: 1/1 (100.00%)
Restore.Sub.#1...: Salt:0 Amplifier:9-10 Iteration:32768-32799
Candidate.Engine.: Device Generator
Candidates.#1....: 6 -> 6
Hardware.Mon.#1..: Temp: 44c Fan: 0% Util: 77% Core:1950MHz Mem:9251MHz Bus:16Session..........: hashcat
Status...........: Exhausted
Hash.Mode........: 13000 (RAR5)
Hash.Target......: $rar5$16$8ca9b503880e86a5fe6f15009cce8e34$15$98d036...b71499
Time.Started.....: Sun Nov 13 09:01:27 2022 (18 secs)
Time.Estimated...: Sun Nov 13 09:01:45 2022 (0 secs)
Kernel.Feature...: Pure Kernel
Guess.Mask.......: ?d?d?d?d?d?d [6]
Guess.Queue......: 6/10 (60.00%)
Speed.#1.........: 56689 H/s (0.67ms) @ Accel:32 Loops:32 Thr:512 Vec:1
Recovered........: 0/1 (0.00%) Digests (total), 0/1 (0.00%) Digests (new)
Progress.........: 1000000/1000000 (100.00%)
Rejected.........: 0/1000000 (0.00%)
Restore.Point....: 100000/100000 (100.00%)
Restore.Sub.#1...: Salt:0 Amplifier:9-10 Iteration:32768-32799
Candidate.Engine.: Device Generator
Candidates.#1....: 623450 -> 676464
Hardware.Mon.#1..: Temp: 56c Fan: 53% Util: 90% Core:1950MHz Mem:9251MHz Bus:16Approaching final keyspace - workload adjusted.$rar5$16$8ca9b503880e86a5fe6f15009cce8e34$15$98d03625b8e2d8c79efaadede8aefb17$8$d4429c96a8b71499:20221111Session..........: hashcat
Status...........: Cracked
Hash.Mode........: 13000 (RAR5)
Hash.Target......: $rar5$16$8ca9b503880e86a5fe6f15009cce8e34$15$98d036...b71499
Time.Started.....: Sun Nov 13 09:03:36 2022 (2 mins, 34 secs)
Time.Estimated...: Sun Nov 13 09:06:10 2022 (0 secs)
Kernel.Feature...: Pure Kernel
Guess.Mask.......: ?d?d?d?d?d?d?d?d [8]
Guess.Queue......: 8/10 (80.00%)
Speed.#1.........: 94469 H/s (11.09ms) @ Accel:32 Loops:32 Thr:512 Vec:1
Recovered........: 1/1 (100.00%) Digests (total), 1/1 (100.00%) Digests (new)
Progress.........: 14483456/100000000 (14.48%)
Rejected.........: 0/14483456 (0.00%)
Restore.Point....: 1114112/10000000 (11.14%)
Restore.Sub.#1...: Salt:0 Amplifier:2-3 Iteration:32768-32799
Candidate.Engine.: Device Generator
Candidates.#1....: 28118989 -> 29947979
Hardware.Mon.#1..: Temp: 64c Fan: 67% Util: 96% Core:1830MHz Mem:9251MHz Bus:16Started: Sun Nov 13 09:01:10 2022
Stopped: Sun Nov 13 09:06:10 2022在最后一个结果的第一行末可以看到破解的结果为20221111
记录几个注意点
默认是用opencl来调用破解
我的是RTX3080显卡,安装CUDA驱动以后速度对比下来增加了近10%
安装CPU驱动以后才能找到CPU设备
status有3个状态,Running|Exhausted|Cracked
Running就是正在破解中
Exhausted为当前位数已经破解完依然没有找到结果
Cracked为找到了破解结果
hashcat 破解RAR密码操作使用记录相关推荐
- Kali Aircrack-NG HashCat 破解Wi-Fi密码
Kali Aircrack-NG HashCat 破解Wi-Fi密码 假日无事,某网站购入TL-WN722N Kali免驱网卡,扫描一下附近网络试试 仅学习使用 1.设备概要 TL-WN722N Ka ...
- 【加解密篇】利用HashCat破解RAR压缩包加密文件详细教程
[加解密篇]利用HashCat解密RAR压缩包加密文件 在取证知识里挖呀挖呀挖-[蘇小沐] 文章目录 [加解密篇]利用HashCat解密RAR压缩包加密文件 1.实验环境 2.RAR加密压缩包 (一) ...
- hashcat破解wifi密码(kali)
第一步 将网卡处于监听状态 airmon-ng check airmon-ng check kill // 关闭影响监听状态的进程 airmon-ng start wlan0 第二步 扫描可用wifi ...
- cRARk的使用,破解rar密码
cRARk的使用,破解密码 官网下载地址 1.解压密码为空 或 UTF-16 2.解压后,双击安装注册表文件 driver-timeout.reg 3.复制一个english.def,重命名passw ...
- 利用Hashcat破解WiFi密码
https://baijiahao.baidu.com/s?id=1653997752431366311&wfr=spider&for=pc
- 破解RAR压缩包密码——RAR Password Recovery Magic 6.1.1.95 绿色汉化版
破解RAR压缩包密码--RAR Password Recovery Magic 6.1.1.95 绿色汉化版 有时候我们忘记了自己的一些加密压缩的RAR文档的密码,有时候上网下载的一些RAR文档加了密 ...
- 黑客破解网络密码的十个方法
破解网络密码-暴力穷举 密码破解技术中最基本的就是暴力破解,也叫密码穷举.如果黑客事先知道了账户号码,如邮件帐号.QQ用户帐号.网上银行账号等,而用户的密码又设置的十分简单,比如用简单的数字组合, ...
- 使用Hashcat破解Windows系统账号密码
使用Hashcat破解Windows系统账号密码 Simeon 笔者最近对oclHashcat工具破解密码进行了研究,偶有所得,因此撰文跟大家一起分享,本次破解对象选择破解Windows7用户密码.o ...
- 破解rar压缩包密码
没有绝对有效的方法可以破解 RAR 压缩包密码,但有几种常见的方法可以尝试: 字典攻击:使用常用密码词典尝试破解. 暴力攻击:尝试所有可能的字符组合. 弱口令攻击:检查是否使用了常见或轻易猜测的密码. ...
最新文章
- 喜大普奔!GitHub官方文档推出中文版
- webgl三维观察综合实验_【CV现状-2】三维感知
- python面向对象(2)——继承(4)
- 转---谈谈HTTP协议中的短轮询、长轮询、长连接和短连接
- Linux TCP/IP中L4L3的实现框架:udp send部分
- delphi 函数内创建对象 释放_JavaScript 的函数底层运行机制
- 江湖有故人,欢迎来到程序员的江湖
- 详解收发不畅原因及U-Mail邮件中继解决之道
- php 获取 参数名和参数值,如何快速的获得url地址中参数名和参数值(在看PHP手册的时候无意间看见这两个函数,猜想能不能搭配使用。)...
- tmux使用(程序员适用)
- NXP IMX6ULL芯片时钟系统全概况
- node_redis 中文文档及node_redis 注释笔记(中文版)
- ios识别人脸自动拍照_GitHub - qingweiiOS/FaceRecognition: 活体人脸识别,识别人脸,识别张嘴和摇头动作,并拍照...
- 3600000毫秒等于多少小时,一小时等于多少毫秒
- java 多线程,android 移动开发,日语学习,各项新闻RSS吐血分享
- android 模拟物品移动
- SUS2019迎新赛ret2moonWP
- Multism14安装问题
- 无损音乐下载器 MusicTools单文件免安装-v1.9.3.1
- 2021-02-17