A tool for automating cracking methodologies through Hashcat from the TrustedSec team.

Installation

Get the latest hashcat binaries (https://hashcat.net/hashcat/)

OSX Install (https://www.phillips321.co.uk/2016/07/09/hashcat-on-os-x-getting-it-going/)

Download hate_crack

  • Customize binary and wordlist paths in “config.json”
  • Make sure that at least “rockyou.txt” is within your “wordlists” path

Create Optimized Wordlists

wordlist_optimizer.py – parses all wordlists from <input file list>, sorts them by length and de-duplicates into <output directory>

Usage

$ ./hate_crack.py usage: python hate_crack.py <hash_file> <hash_type>
The <hash_type> is attained by running hashcat –help
Example Hashes: http://hashcat.net/wiki/doku.php?id=example_hashes

Quick Crack

>Runs a dictionary attack using all wordlists configured in your “hcat Optimized Wordlists” path and applies the “best64.rule”, with the option of chaining the “best64.rule”.

Extensive Pure_Hate Methodology Crack

Runs several attack methods provided by Martin Bos (formerly known as pure_hate)

  • Brute Force Attack (7 characters)
  • Dictionary Attack
    > All wordlists in “hcat Optimized Wordlists” with “best64.rule”
    >  wordlists/rockyou.txt with “d3ad0ne.rule”
    > wordlists/rockyou.txt with “T0XlC.rule”
  • Top Mask Attack (Target Time = 4 Hours)
  • Fingerprint Attack
  • Combinator Attack
  • Hybrid Attack
  • Extra – Just For Good Measure
    > Runs a dictionary attack using wordlists/rockyou.txt with chained “combinator.rule” and “InsidePro-PasswordsPro.rule” rules

Brute Force Attack

Brute forces all characters with the choice of a minimum and maximum password length.

Top M.ask Attack

Uses StatsGen and MaskGen from PACK (https://thesprawl.org/projects/pack/) to perform a top mask attack using passwords already cracked for the current session. Presents the user a choice of target cracking time to spend (default 4 hours).

Fingerprint Attack

https://hashcat.net/wiki/doku.php?id=fingerprint_attack

Runs a fingerprint attack using passwords already cracked for the current session.

Combinator Attack

https://hashcat.net/wiki/doku.php?id=combinator_attack

Runs a combinator attack using the “rockyou.txt” wordlist.

Hybrid Attack

https://hashcat.net/wiki/doku.php?id=hybrid_attack

Runs several hybrid attacks using the “rockyou.txt” wordlists.

  • Hybrid Wordlist + Mask – ?s?d wordlists/rockyou.txt ?1?1
  • Hybrid Wordlist + Mask – ?s?d wordlists/rockyou.txt ?1?1?1
  • Hybrid Wordlist + Mask – ?s?d wordlists/rockyou.txt ?1?1?1?1
  • Hybrid Mask + Wordlist – ?s?d ?1?1 wordlists/rockyou.txt
  • Hybrid Mask + Wordlist – ?s?d ?1?1?1 wordlists/rockyou.txt
  • Hybrid Mask + Wordlist – ?s?d ?1?1?1?1 wordlists/rockyou.txt

Pathwell Top 100 Mask Brute Force Crack

Runs a brute force attack using the top 100 masks from KoreLogic:

https://blog.korelogic.com/blog/2014/04/04/pathwell_topologies

PRINCE Attack

https://hashcat.net/events/p14-trondheim/prince-attack.pdf

Runs a PRINCE attack using wordlists/rockyou.txt

YOLO Combinator Attack

Runs a continuous combinator attack using random wordlists from the optimized wordlists for the left and right sides.

Download Hate_Crack