Password Hashing with Hashcat
This article briefly describes how you can hash any accessed user credentials on a student matriculation website to crack passwords using the advanced password recovery tool named Hashcat. A User or admin within the course of this project - a teacher who supervises small coaching or tuition might utilize this student registration.
- Login / Logout
- Change Password
- Add New Student
- Delete Student
- View Student Details
- Edit Student Data
- Export Student Data in Excel file
- View short student data
Hashcat GPU Driver requirements:
- AMD GPUs on Linux require "RadeonOpenCompute (ROCm)" Software Platform (3.1 or later)
- AMD GPUs on Windows require "AMD Radeon Adrenalin 2020 Edition" (20.2.2 or later)
- Intel CPUs require "OpenCL Runtime for Intel Core and Intel Xeon Processors" (16.1.1 or later)
- NVIDIA GPUs require "NVIDIA Driver" (440.64 or later) and "CUDA Toolkit" (9.0 or later)
- XAMPP Server
- LAMP Server
An outline of the technology is as follows
- HTML: HTML is used to create and save web document. E.g. Notepad/Notepad++
- CSS : (Cascading Style Sheets) Create attractive Layout
- Bootstrap : responsive design mobile freindly site
- Back end: PHP, MySQL
- PHP: Hypertext Preprocessor (PHP) is a technology that allows software developers to create dynamically generated web pages, in HTML, XML, or other document types, as per client request. PHP is open-source software.
- MySQL: MySql is a database, widely used for accessing querying, updating, and managing data in databases.
- hashcat.sh: script that is pre-configured with naive, emperically-tested, "good enough" parameters/attack types. Run hashcat attacks using ./naive-hashcat.sh to hash the passwords.
Download and extract the Hashcat binaries on the test device.
Hashcat.sh only accepts three arguments. The expression of all arguments uses unix environment variables. The following command displays the predetermined default values for each of the environment variables that can be customized by hashcat.sh:
HASH_FILE=/examples0.hash POT_FILE=hashcat.pot HASH_TYPE=0 ./hashcat.sh
- HASH_FILE is a text file with one hash per line. These are the password hashes to be cracked.
- POT_FILE is the name of the output file that hashcat will write cracked password hashes to.
- HASH_TYPE is the hash-type code. It describes the type of hash to be cracked. 0 is md5.
- LIGHT/ DICTIONARY ATTACK - begin with a very simple and naive dictionary attack. This is blazing fast and it cracks ~20% of hashes
"$HASHCAT" -m "$HASH_TYPE" -a 0 "$HASH_FILE" dicts/rockyou.txt --potfile-path "$POT_FILE"
- DICTIONARY ATTACK WITH RULES - now lets move on to a rule based attack, d3ad0ne.rule is a great one to start with
"$HASHCAT" -m "$HASH_TYPE" -a 0 "$HASH_FILE" dicts/rockyou.txt -r hashcat/rules/d3ad0ne.rule --potfile-path "$POT_FILE"
- Rockyou is good and well-known leaked password file, and not too slow
"$HASHCAT" -m "$HASH_TYPE" -a 0 "$HASH_FILE" dicts/rockyou.txt -r hashcat/rules/rockyou-30000.rule --potfile-path "$POT_FILE"
- MEDIUM- dive is an excellent rule file, but it takes a bit longer to run, so we will run it after d3ad0ne and rockyou
"$HASHCAT" -m "$HASH_TYPE" -a 0 "$HASH_FILE" dicts/rockyou.txt -r hashcat/rules/dive.rule --potfile-path "$POT_FILE"
- HEAVY- MASK ATTACK (BRUTE-FORCE)
"$HASHCAT" -m "$HASH_TYPE" -a 3 "$HASH_FILE" hashcat/masks/rockyou-1-60.hcmask --potfile-path "$POT_FILE"
- COMBINATION ATTACK- this one can take 12+ hours, don't use it by default
"$HASHCAT" -m "$HASH_TYPE" -a 1 "$HASH_FILE" dicts/rockyou.txt dicts/rockyou.txt --potfile-path "POT_FILE"
Hashcat is a very powerful tool. If hashcat can crack them, so can an attacker. Cracking stolen password hashes to take active steps throughout a network or to provide admin user rights is a common task for penetration testers on engagement.
- Using HTTPS, a protocol that enables secure communication over your computer network and guarantees that no outsiders will be able to tap into your material, is the ideal approach to add a security socket layer (SSL) to your website.
- In contrast to other attacks (like a SQL Injection), an XSS, or cross-site scripting, attack is intended to target users of a service or server rather than the program or server itself--> Using an advanced SDL, or security development lifecycle, in your Web application will be the strongest defense against an XSS attack. Simply said, an SDL's goal is to reduce the amount of coding errors in your program.Require users to enter their credentials again in order to access specific website pages. The user must enter their login credentials again even if they have a cookie that automatically logs them into your site. This will significantly lower the likelihood of an XSS attack.