Improve README
Opened this issue · 3 comments
Could you please add a section to the readme explaining how to turn a file of plaintext passphrases (that are of interested for exploring their pass-phrase crackability) into a file of hashes appropriate for hashcat?
It's probably a really simple command, maybe even using hashcat itself, but in any case, it would be useful to those who haven't gotten very deep into this yet to quickly find out what they want to know.
Hi Erik! It has been a while since I worked on this so I might be totally off here, but isn't the bottom code block of the readme file what you are looking for?
hashcat -m 100 -r hashcat-ruleset-1 -r hashcat-ruleset-2 -r hashcat-ruleset-3 $hashfile dict-wikiphrases
The dict-wikiphrases is the file created in the previous code block (decompressing two parts of a highly compressed text file). If I remember correctly, this is "a file of plaintext passphrases", and you can just input it directly into hashcat without turning it into a file of hashes.
The $hashfile is the name of a file that contains the hashes you want to crack. The rulesets are also explained in the readme, though they are optional (albeit recommended).
Does that help?
I'm sorry I wasn't clear: it's the hashes to be cracked that I want to build from a plaintext source, as an exercise, for fun and education. I got done what I was looking for on macOs with echo -n 'fake unknown password' | shasum -a 256 | tr -d ' -' > hashes-to-crack and then used option -m 1400 to tell hashcat to use sha-256. But, since hashcat can obviously calculate any hash, it would be nice to know how to use it (if it can be used that way) to do this same task of simply hashing a bunch of plaintext lines into a specific hash.
While you might ask why I couldn't just search the dict-wikiphrases file for an exact match, that's not the point of the exercise—I wanted to see it do its thing from known data. What if it mixed and matched passphrases? What if it tried them with and without spaces or other random stuff injected into the spaces? What if I want to build my own implementation of a passphrase hash-cracker, or fork hashcat and play a bit?
You get the idea!
And indeed, I learned that macOs has trouble using GPU acceleration, at least with my hardware and OS using hashcat v4.2.1, so I had to use the -D option to get it to do anything (much slower). Learning and experimenting is possible even if I don't, right now, have a big file full of hashes that I really need to crack.
Ah, I understand!
How to generate hashes for hashcat to crack is a little off topic for this repository, so I won't update the readme file, but people can find this thread.
I got done what I was looking for on macOs with
echo -n 'fake unknown password' | shasum -a 256 | tr -d ' -' > hashes-to-crack
That is indeed the solution! To hash a whole bunch of plaintexts, you can read from a file as well:
cat passphrases-to-hash | while read line; do
echo -n "$line" | sha256sum | tr -d ' -'
done > hashes-to-crack
If you want to mix your passphrases up using hashcat rules, you can use hashcat with --stdout: this prints all the candidate plaintexts to stdout instead of hashing them. You could use a ruleset from this repository as example:
cat passphrases-to-hash | hashcat --stdout -r hashcat-ruleset-1 | while read line; do
echo -n "$line" | sha256sum | tr -d ' -'
done > hashes-to-crack
Given this ruleset file and given that passphrases-to-hash contains 'fake unknown password' as only line, hashcat would generate the following output:
fake unknown password
fake unknown password
Fake unknown password
Fake Unknown Password
Since it is piped into our loop, the output file (hashes-to-crack) will contain:
c0a83456df9674b48bfc0ee4386b225c445e623e3f596ee75d5fb586b2c3fec1
c0a83456df9674b48bfc0ee4386b225c445e623e3f596ee75d5fb586b2c3fec1
073c693e077b9e04226eca20a260037a9d3a8bbc3c77caed1c79d05ba53f8e34
46ceb7de66cc45bbbcaf8689cefeca2a99480634a713b9e1b0ac766beb2fbda2
If you add more rulesets (more -r options, as shown in the readme), you'll see it makes quite a few combinations, but they are still quite basic. For more intelligent mixing, you probably need to find another mixing engine or just manually mix them (since it's only for demo purposes anyway).