Crack WordPress Password Hashes com hashcat

 

By default, WordPress password hashes are simply salted MD5 hashes. This is a piece of cake to crack by today’s security standards. hashcat is a great multi-threaded password hash cracker which can eat these hashes for dinner. I’ll show you how to crack WordPress password hashes!


1. First, install hashcat. In this example I am using Gentoo Linux which has hashcat available in portage, otherwise you can just download from the hashcat.net website.

Gentoo:

$ sudo emerge -av hashcat-bin

 


2. Next you will need to find a good dictionary or wordlist. An excellent wordlist is available fromhttp://360percents.com/wordlist

 

The English > Big Wordlist is good for starters. Download and unzip that wordlist. Note that most ‘serious’ hackers have their own wordlists which can be 10G or more in size.


3. Next, make a text file of the WordPress password hashes from the wp_user table from a WordPress database, each on a single line.

 

For example, a file hash.txt could look like this:

$P$BjsWoVfZrkl13QryXsLRCEOomnoQpW0 
$P$BcSda3/tRXQcRZMPj3cUI0jZJFdMgL0 
$P$BNclJc4wbM.vSjKPYxKggDPtw3siXQ0 
$P$BdPnevgAM4xzttiTM3cRkwKcBUiDi5/ 
$P$BXepaVhs0UByWfkLcu62b6ONB5aTkF/ 
$P$BLxxnkSnCdIgKrzRvY4iGNWiDlEiMX.
$P$BgwpDDhzFKOrGHM5GmOqaEYpbZBApm/
$P$BNs8eOvBh2VwGmrvv1LCMUkXVp3dOS0
$P$BbOM8PaeWt2C0p4yBXma1SqXCiayR20
$P$BsxzJ5q0tp2fSbNyZwV4Y2kfP10li41
$P$B4UxiYkCiE849SisjMi80Wq1Q5QT9j.
$P$B77uJ.fF0CS9uXK1.WRY3prnpDSSGP.
$P$BYENdJJ9xjnO1Op4k3JaTMwa0eG4lt1
$P$BrxrMRnrUpU0CWl1mPxvrI5u90D1Gf/
$P$B0lALHh4n0FPChliDSaFc.1MT.rV6Q.
$P$BszaNsPu/kf6F7p6eDlRBISPmE8Bgu/
$P$B9fyhT.lw.uyjPvGrHJfsxylMGHOjX0
$P$BimzaP3WIOqO8edQwfPirHYUPomyaS/
$P$BPAl90Cin9RVTORHXf48PAN/NPX2be1
$P$B6hicNqHWfJw3xig14Zx4Yho4ycstr1
$P$BG3QbfGAl82SsroCXhhTiE7elitggz1
$P$B6QFSS8HR1ShgM2KXpY7qVGzboC3tf0
$P$Bb54FItDf4yrJ5u3Rjydsk6cuIdH9s/
$P$BSrIn.qn9YxycturSoJflmyaF8qk8X/
$P$Bff71tsrNjnXL.hU1wuxpnmNg9QyiI.
$P$BJOpY.sfGkwoMUdN5FJymo6wsjnkul/

 


4. Run hashcat-cli* –help

Running hashcat-cli32.bin –help will show options. Pay particular attention to the Hash types as well as Attack modes.


Crack away!

 

5. Now run hashcat as follows:

$ hashcat-cli32.bin -m[hash type] -a[attack mode] hashfile.txt wordlist.list

One example:

$ hashcat-cli32.bin -m400 -a4 /home/stmiller/hash.txt /home/stmiller/eng_alnum_big.lst

Warning: hashcat-cli32.bin is running from /opt/hashcat-bin so be careful of relative paths.
Initializing hashcat v0.44 by atom with 8 threads and 32mb segment-size...

Added hashes from file /home/stmiller/hash.txt: 1 (1 salts)
Activating quick-digest mode for single-hash with salt

NOTE: press enter for status-screen

Input.Mode: Dict (/home/stmiller/eng_alnum_big.lst)
Index.....: 1/1 (segment), 520644 (words), 8035785 (bytes)
Recovered.: 0/1 hashes, 0/1 salts
Speed/sec.: 4.28k plains, - words
Progress..: 17/520644 (0.00%)
Running...: 00:00:01:27
Estimated.: --:--:--:--

Input.Mode: Dict (/home/stmiller/eng_alnum_big.lst)
Index.....: 1/1 (segment), 520644 (words), 8035785 (bytes)
Recovered.: 0/1 hashes, 0/1 salts
Speed/sec.: 4.28k plains, - words
Progress..: 17/520644 (0.00%)
Running...: 00:00:01:29
Estimated.: --:--:--:--

 

Now go get some coffee!


For an easy hash to crack, this this:

 

hash.txt = 85267b760313713f2e5d5fe11a83af03

$ hashcat-cli32.bin -m0 -a2 /home/stmiller/nobackup/wordlist/hash.txt /home/stmiller/nobackup/wordlist/Super-WPA 
Warning: hashcat-cli32.bin is running from /opt/hashcat-bin so be careful of relative paths.
Initializing hashcat v0.44 by atom with 8 threads and 32mb segment-size...

Added hashes from file /home/stmiller/nobackup/wordlist/hash.txt: 1 (1 salts)
Activating quick-digest mode for single-hash

NOTE: press enter for status-screen

Input.Mode: Dict (/home/stmiller/nobackup/wordlist/Super-WPA)
Index.....: 1/344 (segment), 3377508 (words), 33550344 (bytes)
Recovered.: 0/1 hashes, 0/1 salts
Speed/sec.: 1.74M plains, 427.26k words
Progress..: 470572/3377508 (13.93%)
Running...: 00:00:00:01
Estimated.: 00:00:00:06

Input.Mode: Dict (/home/stmiller/nobackup/wordlist/Super-WPA)
Index.....: 1/344 (segment), 3377508 (words), 33550344 (bytes)
Recovered.: 0/1 hashes, 0/1 salts
Speed/sec.: 1.25M plains, 9.42k words
Progress..: 3002901/3377508 (88.91%)
Running...: 00:00:05:19
Estimated.: 00:00:00:39

85267b760313713f2e5d5fe11a83af03:ladiesman
All hashes have been recovered

hashchat is multi-threaded so it works faster than johntheripper. A video card using oclhashcat-plus is even faster if you have an available high end video card. For a better wordlist, a few good ones are floating around on piratebay.

Anúncios

Deixe um comentário

Preencha os seus dados abaixo ou clique em um ícone para log in:

Logotipo do WordPress.com

Você está comentando utilizando sua conta WordPress.com. Sair / Alterar )

Imagem do Twitter

Você está comentando utilizando sua conta Twitter. Sair / Alterar )

Foto do Facebook

Você está comentando utilizando sua conta Facebook. Sair / Alterar )

Foto do Google+

Você está comentando utilizando sua conta Google+. Sair / Alterar )

Conectando a %s