Kill the hash with hashKill
About:
Hashkill is an multithreaded password cracker that uses the OpenSSL library to crack different types of password hashes. Several plugins are available to extend the cracking capabilities, the most commons are md5md5, cisco-pix, mysql5 and oracle11g. Hashkill is capable to use the ‘cracking session’, so that in case of power failure or incidental kill/crash of the program, you may continue from the last checkpoint. In this howto I’m going to illustrate how to install and use hashKill on ubuntu 10.04.
DISCLAIMER:
This tools can cause harm to the normal operation of your network/servers if used improperly. Use this tool on your own networks/servers, or networks/servers for which you have been given permission to test. Before using this tools, please read the documentation available.
Main Features:
* allow cracking lots of different types of password hashes on linux
* employ easy to use command-line interface
* multithreaded
* SSE2 accelerated
* open-sourced, GPL-licensed
Disadvantages at that moment are that it does not support GPU-based cracking.
Installation (ubuntu 10.04 32 bit):
apt-get install build-essential checkinstall pkg-config libssl-dev zlib1g-dev zlib1g libcompfaceg1-dev automake1.9
wget http://ignum.dl.sourceforge.net/project/hashkill/hashkill-0.2.3b.tar.gz
tar xvfz hashkill-0.2.3b.tar.gz
./configure
make
checkinstall
dpkg -i hashkill_0.2.3b-1_i386.deb
Plugins available:
apr1, cisco-pix, desunix, hashunix, ipb2, ldap-sha, ldap-ssha, lm, md4, md5md5, md5-passsalt, md5-saltpass, md5, mssql-2000, mssql-2005, mysql5, mysql-old, ntlm, oracle11g, oracle-old, phpbb3, privkey, ripemd160, , sha1, sha256, sha512, smf, vbulletin, wordpress, zip
Examples:
Simple md5 hash list
e206a54e97690cce50cc872dd70ee896
106a6c241b8797f52e1e77317b96a201
9a1f30943126974075dbd4d13c8018ac
hashkill -f hashlist.txt
Attack statistics…
Speed: 8005 KPlaintexts/sec Cracked: 3 hashes
[hashkill] Markov attack complete. It took 5 seconds…
[hashkill] -= Cracked list =-
Username: Hash: Preimage:
———————————————————————————–
N/A 9a1f30943126974075dbd4d13c8018ac rock
N/A 106a6c241b8797f52e1e77317b96a201 home
N/A e206a54e97690cce50cc872dd70ee896 linux
[hashkill] Bye bye 
Mysql 5 hash
hashkill –plugin mysql5 6F3CAE7C3BBB2A5B5D933738682953BC21AEBEE7
Attack statistics…
Speed: 1304 KPlaintexts/sec Cracked: 1 hashes
[hashkill] Markov attack complete. It took 15 seconds…
[hashkill] -= Cracked list =-
Username: Hash: Preimage:
———————————————————————————–
N/A 6f3cae7c3bbb2a5b5d933738682953bc21aebee7 linux
[hashkill] Bye bye
Cisco Pix hash
hashkill –plugin cisco-pix PVSASRJovmamnVkD
Attack statistics…
Speed: 4652 KPlaintexts/sec Cracked: 1 hashes
[hashkill] Markov attack complete. It took 6 seconds…
[hashkill] -= Cracked list =-
Username: Hash: Preimage:
———————————————————————————–
PIX enable pwd PVSASRJovmamnVkD admin
[hashkill] Bye bye
27/09/2010 at 1:31 pm Permalink
Quite interesting. Do you know if there is a plugin for sha1?
27/09/2010 at 1:49 pm Permalink
@sha1 hash
Hello, sha1 is fully supported.
Phillip
Plugins available:
apr1, cisco-pix, desunix, hashunix, ipb2, ldap-sha, ldap-ssha, lm, md4, md5md5, md5-passsalt, md5-saltpass, md5, mssql-2000, mssql-2005, mysql5, mysql-old, ntlm, oracle11g, oracle-old, phpbb3, privkey, ripemd160, , sha1, sha256, sha512, smf, vbulletin, wordpress, zip
04/03/2011 at 11:02 am Permalink
This is kind of a silly question, but,….
1. i’m trying to see how secure the password is on my linux notebook
2. i have hashkill installed and working (works on the above hashes in this article)
3. i try to load the password information from /etc/shadow into hashkill, but it just gives an error:
[hashkill] Version 0.2.3
[hashkill] Plugin ‘md5′ loaded successfully
[hashkill] (hash.txt): 0 hashes loaded successfully, 26 errors
[error] (main.c:448) No hashes loaded! (try –help)
is there a tool that i need to use to convert these crypted passswords (sha512 types they seem to be) into a crackable hash?
sorry if this is a bit noobish.
07/03/2011 at 9:50 pm Permalink
Hello, Kevin
you should use the hashunix plugin ( -p hashunix ) to crack /etc/shadow passwords.
17/03/2011 at 10:01 am Permalink
Hi I have problem. After install hashkill 0.2.3 i write
‘hashkill -p hashunix”
and show me:
“[hashkill] Plugin ‘hashunix’ loaded successfully
[error] (main.c:448) No hashes loaded! (try –help)”
What I do?
21/03/2011 at 9:43 am Permalink
Hello Todor,
You’ve got to load some password hashes. You can do that directly with a shadow file, e.g
# hashkill -phashunix -f /etc/shadow
Please note that there is a new version (0.2.4) that fixes many of the 0.2.3 bugs, works faster and supports GPU cracking on some plugins (hashunix not supported on GPUs yet).