Duration:

5 Days

Course Objective:

This course equips students with the knowledge and skills needed to perform password auditing using tools like Hashcat and John the Ripper. By the end of this course, students will have an understanding of password cracking techniques, methodologies for different hash types, and hardware optimization for password recovery. Special focus will be placed on the application of advanced attack modes using Hashcat and John the Ripper, ensuring students can audit standard and complex password scenarios in real-world scenarios.

Note: While applicable to a wide variety of password types and scenarios, this course was designed with an emphasis on auditing 802.11 networks. Upon request (for organizations), that emphasis can be modified to better fit your needs.

Audience:

This course is available to law enforcement and US government personnel only.

This course is specifically targeted toward professionals in the following roles:

  • Security Researchers
  • Password/Security Auditors
  • Penetration Testers
  • Law Enforcement
  • Entities engaged in sanctioned offensive cybersecurity operations

Students should have at least basic knowledge in cryptography, networking, and scripting (shell, python). Expertise is not required and knowledge gaps can be filled during the course. However, this course is not appropriate for students that are new to cryptography, Linux and/or networking (especially WiFi networking).

Students will need a computer with hardware capable of running GPU-based attacks using Hashcat. When enrolling in class, discuss this with us to determine if this will be provided as part of your course kit or if you will provide your own device. If bringing your own device, system specs will be provided in advance.

Course Objectives:

Overview and History of Cryptography

  • Evolution of cryptography and its relevance to passwords
  • How cryptography has influenced password hashing

Modern Cryptography

  • Symmetric Cryptography: Block/stream ciphers (AES, DES)
  • Asymmetric Cryptography: RSA, ECC, relevance in secure systems
  • Hashing: Secure hashes (SHA-1, SHA-256, bcrypt, Argon2) and their application to passwords

Passwords & Password Cracking

  • Why Passwords Fail: Common weaknesses, human factors, and reuse
  • Password Strength: Key concepts (length, complexity, entropy)
  • Password Entropy: Measuring the difficulty of password guessing
  • Herd Immunity: Impact of password diversity on security
  • Ease of Recovery: Balancing memorability and security

Introduction to Password Cracking

  • Types of Password Cracking: Brute-force, dictionary, hybrid attacks
  • Cracking Methodology: From acquiring hashes to password recovery
  • Historical Password Analysis: Lessons from major breaches and password leaks
  • Overview of password hashing schemes (e.g., NTLM, MD5, SHA, bcrypt)

Time-Space Tradeoff in Password Cracking

  • The balance between computing power, time, and memory
  • Rainbow Tables and why they are less common today

Slow Hashes vs Fast Hashes

  • Comparison of slow (bcrypt, Argon2) vs fast (NTLM, MD5) hashes
  • Why fast hashes are weaker against modern cracking tools

Distributed Cracking

  • Benefits of distributed cracking using tools like Hashtopolis
  • Introduction to cloud-based cracking and CPU/GPU clusters

Choosing Password Cracking Hardware

  • GPU Choices
  • Power Supply & Overclocking: Importance of stable power and fine-tuning performance
  • CPU, RAM, and Storage: Supporting hardware components in cracking setups

Introduction to Hashcat

  • Overview of Hashcat: What makes Hashcat a powerful tool for password cracking
  • Supported Hash Types: Overview of common password hashing schemes
  • Identifying Hash Types: Using tools and techniques to classify hash algorithms
  • Base Loop & Mod Loop: Understanding Hashcat’s internal structure

Hashcat Attack Modes

  • Dictionary Attacks: Working with custom wordlists and common dictionaries
  • Combinator Attacks: Combining dictionaries for effective wordlist generation
  • Mask Attacks: Cracking passwords using patterns and custom masks
    • Markov Chains: Reducing the guessing space for efficiency
    • maskprocessor: Tool for generating complex masks
  • Hybrid Attacks: Combining dictionary and brute-force methods
  • Rule-Based Attacks: Custom rule creation for mangling wordlists

Optimizing Attacks for Fast and Slow Hashes

  • Choosing appropriate attack strategies based on the hash type
  • Working with potfiles to track cracked hashes and prevent duplicates
  • Session Management: Pausing, resuming, and saving attack progress

Advanced Hashcat Techniques

  • hcstatsgen & statsprocessor: Optimizing password guesses using statistical data
  • princeprocessor: Generating new wordlist combinations based on probability
  • Keyboard Walks: Targeting passwords based on common keyboard patterns
  • Hashcat Utils: Using hashcat-provided utilities for different cracking scenarios.

Distributed Cracking with Hashtopolis

  • Installation & Setup: Deploying Hashtopolis for managing large cracking tasks
  • Job Management: Scaling password attacks across multiple systems

Attacking WPA2

  • WPA2 Handshake Cracking: Capturing handshakes and using Hashcat to crack WPA2 PSKs
  • PMKID Attacks: Attacking WPA2 networks without full handshake captures

Using John the Ripper (JtR)

  • Overview of JtR: Why and when to use JtR instead of Hashcat
  • Supported Hash Types: Custom and legacy hashes suited for JtR
  • Cracking Methodologies: CPU-based cracking with JtR, rules, and dictionary attacks
  • Distributed Cracking: Setting up MPI (Message Passing Interface) for large-scale JtR attacks

Final Lab

Lab Focus

  • Practical Cracking Scenarios: Students will engage in real-world password cracking exercises