naive-hashcat: Crack password hashes without the fuss
Crack password hashes without the fuss. Naive hashcat is a plug-and-play script that is pre-configured with naive, empirically-tested, “good enough” parameters/attack types. Run hashcat attacks using
./naive-hashcat.sh without having to know what is going on “under the hood”.
DISCLAIMER: This software is for educational purposes only. This software should not be used for illegal activity. The author is not responsible for its use. Don’t be a dick.
git clone https://github.com/brannondorsey/naive-hashcat
# if you are on MacOS/OSX, run this. If on Linux, skip…
# download the 134MB rockyou dictionary file
curl -L -o dicts/rockyou.txt https://github.com/brannondorsey/naive-hashcat/releases/download/data/rockyou.txt
# cracks md5 hashes in hashcat-3.6.0/example0.hash by default
What does it do?
./naive-hashcat.sh assumes that you have hashed passwords that you would like to know the plaintext equivalent of. Likely, you’ve come across a text file that contains leaked accounts/emails/usernames matched with a cryptographic hash of a corresponding password. Essentially something that looks like:
naive-hashcat.sh takes, at most, three parameters. All parameters are expressed using Unix environment variables. The command below shows the default values set for each of the configurable environment variables that
HASH_FILE=hashcat-3.6.0/examples0.hash POT_FILE=hashcat.pot HASH_TYPE=0 ./naive-hashcat.sh
HASH_FILEis a text file with one hash per line. These are the password hashes to be cracked.
POT_FILEis the name of the output file that hashcat will write cracked password hashes to.
HASH_TYPEis the hash-type code. It describes the type of hash to be cracked.
0is md5. See the Hash types section below for a full list of hash type codes.
What naive-hashcat does
naive-hashcat.sh includes a small variety of dictionary, combination, rule-based, and mask (brute-force) attacks. If that sounds overwhelming, don’t worry about it! The point of naive hashcat is that you don’t have to know how it works. In this case, ignorance is bliss! In fact, I barely know what I’m doing here. The attacks I chose for
naive-hashcat.sh are very naive, one-size-kinda-fits-all solutions. If you are having trouble cracking your hashes, I suggest checking out the awesome hashcat wiki, and using the hashcat tool directly.
At the time of this writing,
naive-hashcat cracks ~60% of the hashes in
Copyright (c) 2017 Brannon Dorsey <email@example.com>