技術

パスワードハッシュの解析をするHashcatを使う

はじめに

hashcatというパスワードハッシュを解析するためのツールを使ってみる。   セキュリティの検証やパスワードの強度テストなどに利用されるツールとのこと。

環境

Windows 11 Professional
WSL2 Ubuntu 24.04 LTS
hashcat 6.2.6

hashcatのインストール

sudo apt install hashcat
ログ
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following packages were automatically installed and are no longer required:
  crack-common libdouble-conversion3 libgl1-amber-dri libllvm19 libmd4c0 libpcre2-16-0 libqt5core5t64
  libqt5dbus5t64 libqt5gui5t64 libqt5network5t64 libqt5qml5 libqt5qmlmodels5 libqt5quick5 libqt5svg5
  libqt5waylandclient5 libqt5waylandcompositor5 libqt5widgets5t64 libqt5x11extras5 libxcb-damage0
  libxcb-xinerama0 libxcb-xinput0 mesa-utils-bin qt5-gtk-platformtheme qttranslations5-l10n qtwayland5
  xbitmaps
Use 'sudo apt autoremove' to remove them.
The following additional packages will be installed:
  clang-16 hashcat-data icu-devtools lib32gcc-s1 lib32stdc++6 libc6-i386 libclang-common-16-dev
  libclang-cpp16t64 libclang-rt-16-dev libclang1-16t64 libffi-dev libgc1 libhwloc-plugins libhwloc15
  libicu-dev libllvm16t64 libminizip1t64 libncurses-dev libobjc-13-dev libobjc4 libpfm4 libpocl2-common
  libpocl2t64 libxml2-dev libxnvctrl0 libz3-4 libz3-dev llvm-16 llvm-16-dev llvm-16-linker-tools
  llvm-16-runtime llvm-16-tools pocl-opencl-icd
Suggested packages:
  clang-16-doc wasi-libc beignet-opencl-icd nvidia-opencl-icd mesa-opencl-icd libhwloc-contrib-plugins
  icu-doc ncurses-doc llvm-16-doc
The following NEW packages will be installed:
  clang-16 hashcat hashcat-data icu-devtools lib32gcc-s1 lib32stdc++6 libc6-i386 libclang-common-16-dev
  libclang-cpp16t64 libclang-rt-16-dev libclang1-16t64 libffi-dev libgc1 libhwloc-plugins libhwloc15
  libicu-dev libllvm16t64 libminizip1t64 libncurses-dev libobjc-13-dev libobjc4 libpfm4 libpocl2-common
  libpocl2t64 libxml2-dev libxnvctrl0 libz3-4 libz3-dev llvm-16 llvm-16-dev llvm-16-linker-tools
  llvm-16-runtime llvm-16-tools pocl-opencl-icd
0 upgraded, 34 newly installed, 0 to remove and 84 not upgraded.
Need to get 169 MB of archives.
After this operation, 1015 MB of additional disk space will be used.
Do you want to continue? [Y/n] y
Get:1 http://archive.ubuntu.com/ubuntu noble/universe amd64 libllvm16t64 amd64 1:16.0.6-23ubuntu4 [25.6 MB]
Get:2 http://archive.ubuntu.com/ubuntu noble/universe amd64 libclang-cpp16t64 amd64 1:16.0.6-23ubuntu4 [12.6 MB]
Get:3 http://archive.ubuntu.com/ubuntu noble/main amd64 libgc1 amd64 1:8.2.6-1build1 [90.3 kB]
Get:4 http://archive.ubuntu.com/ubuntu noble-updates/universe amd64 libobjc4 amd64 14.2.0-4ubuntu2~24.04 [47.0 kB]
Get:5 http://archive.ubuntu.com/ubuntu noble-updates/universe amd64 libobjc-13-dev amd64 13.3.0-6ubuntu2~24.04 [194 kB]
Get:6 http://archive.ubuntu.com/ubuntu noble/universe amd64 libclang-common-16-dev amd64 1:16.0.6-23ubuntu4 [631 kB]
Get:7 http://archive.ubuntu.com/ubuntu noble/universe amd64 llvm-16-linker-tools amd64 1:16.0.6-23ubuntu4 [1301 kB]
Get:8 http://archive.ubuntu.com/ubuntu noble/universe amd64 libclang1-16t64 amd64 1:16.0.6-23ubuntu4 [7254 kB]
Get:9 http://archive.ubuntu.com/ubuntu noble/universe amd64 clang-16 amd64 1:16.0.6-23ubuntu4 [80.8 kB]
Get:10 http://archive.ubuntu.com/ubuntu noble/universe amd64 hashcat-data all 6.2.6+ds1-1build2 [2425 kB]
Get:11 http://archive.ubuntu.com/ubuntu noble/universe amd64 libpocl2-common all 5.0-2.1build3 [82.7 kB]
Get:12 http://archive.ubuntu.com/ubuntu noble/universe amd64 libhwloc15 amd64 2.10.0-1build1 [172 kB]
Get:13 http://archive.ubuntu.com/ubuntu noble/universe amd64 libpocl2t64 amd64 5.0-2.1build3 [16.2 MB]
Get:14 http://archive.ubuntu.com/ubuntu noble/universe amd64 pocl-opencl-icd amd64 5.0-2.1build3 [7182 B]
Get:15 http://archive.ubuntu.com/ubuntu noble-updates/universe amd64 libminizip1t64 amd64 1:1.3.dfsg-3.1ubuntu2.1 [22.2 kB]
Get:16 http://archive.ubuntu.com/ubuntu noble/universe amd64 hashcat amd64 6.2.6+ds1-1build2 [9523 kB]
Get:17 http://archive.ubuntu.com/ubuntu noble-updates/main amd64 icu-devtools amd64 74.2-1ubuntu3.1 [212 kB]
Get:18 http://archive.ubuntu.com/ubuntu noble-updates/main amd64 libc6-i386 amd64 2.39-0ubuntu8.4 [2787 kB]
Get:19 http://archive.ubuntu.com/ubuntu noble-updates/main amd64 lib32gcc-s1 amd64 14.2.0-4ubuntu2~24.04 [92.3 kB]
Get:20 http://archive.ubuntu.com/ubuntu noble-updates/main amd64 lib32stdc++6 amd64 14.2.0-4ubuntu2~24.04 [814 kB]
Get:21 http://archive.ubuntu.com/ubuntu noble/universe amd64 libclang-rt-16-dev amd64 1:16.0.6-23ubuntu4 [3400 kB]
Get:22 http://archive.ubuntu.com/ubuntu noble-updates/main amd64 libicu-dev amd64 74.2-1ubuntu3.1 [11.9 MB]
Get:23 http://archive.ubuntu.com/ubuntu noble/main amd64 libncurses-dev amd64 6.4+20240113-1ubuntu2 [384 kB]
Get:24 http://archive.ubuntu.com/ubuntu noble-updates/main amd64 libxml2-dev amd64 2.9.14+dfsg-1.3ubuntu3.2 [780 kB]
Get:25 http://archive.ubuntu.com/ubuntu noble/main amd64 libxnvctrl0 amd64 510.47.03-0ubuntu4 [12.6 kB]
Get:26 http://archive.ubuntu.com/ubuntu noble/universe amd64 llvm-16-runtime amd64 1:16.0.6-23ubuntu4 [524 kB]
Get:27 http://archive.ubuntu.com/ubuntu noble/universe amd64 libpfm4 amd64 4.13.0+git32-g0d4ed0e-1 [414 kB]
Get:28 http://archive.ubuntu.com/ubuntu noble/universe amd64 llvm-16 amd64 1:16.0.6-23ubuntu4 [23.4 MB]
Get:29 http://archive.ubuntu.com/ubuntu noble/main amd64 libffi-dev amd64 3.4.6-1build1 [62.8 kB]
Get:30 http://archive.ubuntu.com/ubuntu noble/universe amd64 llvm-16-tools amd64 1:16.0.6-23ubuntu4 [509 kB]
Get:31 http://archive.ubuntu.com/ubuntu noble/universe amd64 libz3-4 amd64 4.8.12-3.1build1 [5836 kB]
Get:32 http://archive.ubuntu.com/ubuntu noble/universe amd64 libz3-dev amd64 4.8.12-3.1build1 [72.2 kB]
Get:33 http://archive.ubuntu.com/ubuntu noble/universe amd64 llvm-16-dev amd64 1:16.0.6-23ubuntu4 [41.7 MB]
Get:34 http://archive.ubuntu.com/ubuntu noble/universe amd64 libhwloc-plugins amd64 2.10.0-1build1 [15.7 kB]
Fetched 169 MB in 11s (14.9 MB/s)
Extracting templates from packages: 100%
Selecting previously unselected package libllvm16t64:amd64.
(Reading database ... 121156 files and directories currently installed.)
Preparing to unpack .../00-libllvm16t64_1%3a16.0.6-23ubuntu4_amd64.deb ...
Unpacking libllvm16t64:amd64 (1:16.0.6-23ubuntu4) ...
Selecting previously unselected package libclang-cpp16t64.
Preparing to unpack .../01-libclang-cpp16t64_1%3a16.0.6-23ubuntu4_amd64.deb ...
Unpacking libclang-cpp16t64 (1:16.0.6-23ubuntu4) ...
Selecting previously unselected package libgc1:amd64.
Preparing to unpack .../02-libgc1_1%3a8.2.6-1build1_amd64.deb ...
Unpacking libgc1:amd64 (1:8.2.6-1build1) ...
Selecting previously unselected package libobjc4:amd64.
Preparing to unpack .../03-libobjc4_14.2.0-4ubuntu2~24.04_amd64.deb ...
Unpacking libobjc4:amd64 (14.2.0-4ubuntu2~24.04) ...
Selecting previously unselected package libobjc-13-dev:amd64.
Preparing to unpack .../04-libobjc-13-dev_13.3.0-6ubuntu2~24.04_amd64.deb ...
Unpacking libobjc-13-dev:amd64 (13.3.0-6ubuntu2~24.04) ...
Selecting previously unselected package libclang-common-16-dev.
Preparing to unpack .../05-libclang-common-16-dev_1%3a16.0.6-23ubuntu4_amd64.deb ...
Unpacking libclang-common-16-dev (1:16.0.6-23ubuntu4) ...
Selecting previously unselected package llvm-16-linker-tools.
Preparing to unpack .../06-llvm-16-linker-tools_1%3a16.0.6-23ubuntu4_amd64.deb ...
Unpacking llvm-16-linker-tools (1:16.0.6-23ubuntu4) ...
Selecting previously unselected package libclang1-16t64.
Preparing to unpack .../07-libclang1-16t64_1%3a16.0.6-23ubuntu4_amd64.deb ...
Unpacking libclang1-16t64 (1:16.0.6-23ubuntu4) ...
Selecting previously unselected package clang-16.
Preparing to unpack .../08-clang-16_1%3a16.0.6-23ubuntu4_amd64.deb ...
Unpacking clang-16 (1:16.0.6-23ubuntu4) ...
Selecting previously unselected package hashcat-data.
Preparing to unpack .../09-hashcat-data_6.2.6+ds1-1build2_all.deb ...
Unpacking hashcat-data (6.2.6+ds1-1build2) ...
Selecting previously unselected package libpocl2-common.
Preparing to unpack .../10-libpocl2-common_5.0-2.1build3_all.deb ...
Unpacking libpocl2-common (5.0-2.1build3) ...
Selecting previously unselected package libhwloc15:amd64.
Preparing to unpack .../11-libhwloc15_2.10.0-1build1_amd64.deb ...
Unpacking libhwloc15:amd64 (2.10.0-1build1) ...
Selecting previously unselected package libpocl2t64:amd64.
Preparing to unpack .../12-libpocl2t64_5.0-2.1build3_amd64.deb ...
Unpacking libpocl2t64:amd64 (5.0-2.1build3) ...
Selecting previously unselected package pocl-opencl-icd:amd64.
Preparing to unpack .../13-pocl-opencl-icd_5.0-2.1build3_amd64.deb ...
Unpacking pocl-opencl-icd:amd64 (5.0-2.1build3) ...
Selecting previously unselected package libminizip1t64:amd64.
Preparing to unpack .../14-libminizip1t64_1%3a1.3.dfsg-3.1ubuntu2.1_amd64.deb ...
Unpacking libminizip1t64:amd64 (1:1.3.dfsg-3.1ubuntu2.1) ...
Selecting previously unselected package hashcat.
Preparing to unpack .../15-hashcat_6.2.6+ds1-1build2_amd64.deb ...
Unpacking hashcat (6.2.6+ds1-1build2) ...
Selecting previously unselected package icu-devtools.
Preparing to unpack .../16-icu-devtools_74.2-1ubuntu3.1_amd64.deb ...
Unpacking icu-devtools (74.2-1ubuntu3.1) ...
Selecting previously unselected package libc6-i386.
Preparing to unpack .../17-libc6-i386_2.39-0ubuntu8.4_amd64.deb ...
Unpacking libc6-i386 (2.39-0ubuntu8.4) ...
Selecting previously unselected package lib32gcc-s1.
Preparing to unpack .../18-lib32gcc-s1_14.2.0-4ubuntu2~24.04_amd64.deb ...
Unpacking lib32gcc-s1 (14.2.0-4ubuntu2~24.04) ...
Selecting previously unselected package lib32stdc++6.
Preparing to unpack .../19-lib32stdc++6_14.2.0-4ubuntu2~24.04_amd64.deb ...
Unpacking lib32stdc++6 (14.2.0-4ubuntu2~24.04) ...
Selecting previously unselected package libclang-rt-16-dev:amd64.
Preparing to unpack .../20-libclang-rt-16-dev_1%3a16.0.6-23ubuntu4_amd64.deb ...
Unpacking libclang-rt-16-dev:amd64 (1:16.0.6-23ubuntu4) ...
Selecting previously unselected package libicu-dev:amd64.
Preparing to unpack .../21-libicu-dev_74.2-1ubuntu3.1_amd64.deb ...
Unpacking libicu-dev:amd64 (74.2-1ubuntu3.1) ...
Selecting previously unselected package libncurses-dev:amd64.
Preparing to unpack .../22-libncurses-dev_6.4+20240113-1ubuntu2_amd64.deb ...
Unpacking libncurses-dev:amd64 (6.4+20240113-1ubuntu2) ...
Selecting previously unselected package libxml2-dev:amd64.
Preparing to unpack .../23-libxml2-dev_2.9.14+dfsg-1.3ubuntu3.2_amd64.deb ...
Unpacking libxml2-dev:amd64 (2.9.14+dfsg-1.3ubuntu3.2) ...
Selecting previously unselected package libxnvctrl0:amd64.
Preparing to unpack .../24-libxnvctrl0_510.47.03-0ubuntu4_amd64.deb ...
Unpacking libxnvctrl0:amd64 (510.47.03-0ubuntu4) ...
Selecting previously unselected package llvm-16-runtime.
Preparing to unpack .../25-llvm-16-runtime_1%3a16.0.6-23ubuntu4_amd64.deb ...
Unpacking llvm-16-runtime (1:16.0.6-23ubuntu4) ...
Selecting previously unselected package libpfm4:amd64.
Preparing to unpack .../26-libpfm4_4.13.0+git32-g0d4ed0e-1_amd64.deb ...
Unpacking libpfm4:amd64 (4.13.0+git32-g0d4ed0e-1) ...
Selecting previously unselected package llvm-16.
Preparing to unpack .../27-llvm-16_1%3a16.0.6-23ubuntu4_amd64.deb ...
Unpacking llvm-16 (1:16.0.6-23ubuntu4) ...
Selecting previously unselected package libffi-dev:amd64.
Preparing to unpack .../28-libffi-dev_3.4.6-1build1_amd64.deb ...
Unpacking libffi-dev:amd64 (3.4.6-1build1) ...
Selecting previously unselected package llvm-16-tools.
Preparing to unpack .../29-llvm-16-tools_1%3a16.0.6-23ubuntu4_amd64.deb ...
Unpacking llvm-16-tools (1:16.0.6-23ubuntu4) ...
Selecting previously unselected package libz3-4:amd64.
Preparing to unpack .../30-libz3-4_4.8.12-3.1build1_amd64.deb ...
Unpacking libz3-4:amd64 (4.8.12-3.1build1) ...
Selecting previously unselected package libz3-dev:amd64.
Preparing to unpack .../31-libz3-dev_4.8.12-3.1build1_amd64.deb ...
Unpacking libz3-dev:amd64 (4.8.12-3.1build1) ...
Selecting previously unselected package llvm-16-dev.
Preparing to unpack .../32-llvm-16-dev_1%3a16.0.6-23ubuntu4_amd64.deb ...
Unpacking llvm-16-dev (1:16.0.6-23ubuntu4) ...
Selecting previously unselected package libhwloc-plugins:amd64.
Preparing to unpack .../33-libhwloc-plugins_2.10.0-1build1_amd64.deb ...
Unpacking libhwloc-plugins:amd64 (2.10.0-1build1) ...
Setting up libncurses-dev:amd64 (6.4+20240113-1ubuntu2) ...
Setting up libffi-dev:amd64 (3.4.6-1build1) ...
Setting up llvm-16-tools (1:16.0.6-23ubuntu4) ...
Setting up libllvm16t64:amd64 (1:16.0.6-23ubuntu4) ...
Setting up libxnvctrl0:amd64 (510.47.03-0ubuntu4) ...
Setting up hashcat-data (6.2.6+ds1-1build2) ...
Setting up libz3-4:amd64 (4.8.12-3.1build1) ...
Setting up libpfm4:amd64 (4.13.0+git32-g0d4ed0e-1) ...
Setting up libpocl2-common (5.0-2.1build3) ...
Setting up libhwloc15:amd64 (2.10.0-1build1) ...
Setting up icu-devtools (74.2-1ubuntu3.1) ...
Setting up libgc1:amd64 (1:8.2.6-1build1) ...
Setting up libminizip1t64:amd64 (1:1.3.dfsg-3.1ubuntu2.1) ...
Setting up libc6-i386 (2.39-0ubuntu8.4) ...
Setting up libicu-dev:amd64 (74.2-1ubuntu3.1) ...
Setting up libz3-dev:amd64 (4.8.12-3.1build1) ...
Setting up llvm-16-runtime (1:16.0.6-23ubuntu4) ...
Setting up libobjc4:amd64 (14.2.0-4ubuntu2~24.04) ...
Setting up libclang-common-16-dev (1:16.0.6-23ubuntu4) ...
Setting up libclang1-16t64 (1:16.0.6-23ubuntu4) ...
Setting up libhwloc-plugins:amd64 (2.10.0-1build1) ...
Setting up libclang-cpp16t64 (1:16.0.6-23ubuntu4) ...
Setting up llvm-16-linker-tools (1:16.0.6-23ubuntu4) ...
Setting up libxml2-dev:amd64 (2.9.14+dfsg-1.3ubuntu3.2) ...
Setting up lib32gcc-s1 (14.2.0-4ubuntu2~24.04) ...
Setting up lib32stdc++6 (14.2.0-4ubuntu2~24.04) ...
Setting up llvm-16 (1:16.0.6-23ubuntu4) ...
Setting up libobjc-13-dev:amd64 (13.3.0-6ubuntu2~24.04) ...
Setting up libclang-rt-16-dev:amd64 (1:16.0.6-23ubuntu4) ...
Setting up llvm-16-dev (1:16.0.6-23ubuntu4) ...
Setting up clang-16 (1:16.0.6-23ubuntu4) ...
Setting up libpocl2t64:amd64 (5.0-2.1build3) ...
Setting up pocl-opencl-icd:amd64 (5.0-2.1build3) ...
Setting up hashcat (6.2.6+ds1-1build2) ...
Processing triggers for libc-bin (2.39-0ubuntu8.4) ...
Processing triggers for systemd (255.4-1ubuntu8.5) ...
Processing triggers for man-db (2.12.0-4build2) ...
Processing triggers for install-info (7.1-3build2) ...

hashcatを使ってみる

hashcatはCPUやGPUを使用してパスワードハッシュの解析を行うツールである。
様々なハッシュアルゴリズムに対応しており、辞書攻撃やブルートフォース攻撃、ルールベース攻撃などの手法を使ってパスワードを復元することが可能となっている。
hashcatの使い方を次のセクションで記載する。

hashcatの使い方

hashcatの基本的なコマンド構文は以下となる。

hashcat [オプション]... ハッシュ [辞書ファイル]...

主なオプションは以下である。

  • -m, --hash-type: ハッシュタイプを指定(例: 0=MD5, 100=SHA1, 1000=NTLM)
  • -a, --attack-mode: 攻撃モードを指定(0=辞書攻撃、3=ブルートフォース)
  • -o, --outfile: 結果の出力先ファイル
  • --show: すでに解読されたパスワードを表示
  • -b, --benchmark: ベンチマークモード
  • -D, --opencl-device-types: 使用するデバイスタイプ(1=CPU, 2=GPU)

サポートされているハッシュタイプについては、--help- [ Hash modes ] - セクションを確認する必要がある。

hashcat --help

出力:

- [ Hash modes ] -

      # | Name                                                       | Category
  ======+============================================================+======================================
    900 | MD4                                                        | Raw Hash
      0 | MD5                                                        | Raw Hash
    100 | SHA1                                                       | Raw Hash
   1300 | SHA2-224                                                   | Raw Hash
   1400 | SHA2-256                                                   | Raw Hash
  10800 | SHA2-384                                                   | Raw Hash
   1700 | SHA2-512                                                   | Raw Hash
  17300 | SHA3-224                                                   | Raw Hash
  17400 | SHA3-256                                                   | Raw Hash
  17500 | SHA3-384                                                   | Raw Hash
  17600 | SHA3-512                                                   | Raw Hash
   ...

簡単なベンチマークを実行して、システムのパフォーマンスを確認ができる。

hashcat -b

hashcatで解析

1. 簡単なMD5ハッシュの解析例

例として、「password」という文字列のMD5ハッシュを解析してみる。
「password」のMD5ハッシュは 5f4dcc3b5aa765d61d8327deb882cf99 である。

まず、このハッシュをファイルに保存する

echo "5f4dcc3b5aa765d61d8327deb882cf99" > hash.txt

次に、辞書攻撃を使って解析を行う。
辞書ファイルがない場合は、以下のコマンドでrockYouの辞書ファイルをダウンロードをする

sudo apt install wordlists

または

wget https://github.com/brannondorsey/naive-hashcat/releases/download/data/rockyou.txt

hashcatには基本的な辞書ファイルが含まれている。

  • -m 0 (MD5)を指定
  • -a 0 (辞書攻撃)を指定
hashcat -m 0 -a 0 hash.txt /usr/share/wordlists/rockyou.txt
ログ
hashcat (v6.2.6) starting

OpenCL API (OpenCL 3.0 PoCL 5.0+debian  Linux, None+Asserts, RELOC, SPIR, LLVM 16.0.6, SLEEF, DISTRO, POCL_DEBUG) - Platform #1 [The pocl project]
==================================================================================================================================================
* Device #1: cpu-skylake-avx512-AMD Ryzen 9 7900X3D 12-Core Processor, 14794/29653 MB (4096 MB allocatable), 24MCU

Minimum password length supported by kernel: 0
Maximum password length supported by kernel: 256

Hashes: 1 digests; 1 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates
Rules: 1

Optimizers applied:
* Zero-Byte
* Early-Skip
* Not-Salted
* Not-Iterated
* Single-Hash
* Single-Salt
* Raw-Hash

ATTENTION! Pure (unoptimized) backend kernels selected.
Pure kernels can crack longer passwords, but drastically reduce performance.
If you want to switch to optimized kernels, append -O to your commandline.
See the above message to find out about the exact limits.

Watchdog: Hardware monitoring interface not found on your system.
Watchdog: Temperature abort trigger disabled.

Host memory required for this attack: 6 MB

Dictionary cache built:
* Filename..: rockyou.txt
* Passwords.: 14344391
* Bytes.....: 139921497
* Keyspace..: 14344384
* Runtime...: 0 secs

5f4dcc3b5aa765d61d8327deb882cf99:password

Session..........: hashcat
Status...........: Cracked
Hash.Mode........: 0 (MD5)
Hash.Target......: 5f4dcc3b5aa765d61d8327deb882cf99
Time.Started.....: Sun Apr 13 16:06:38 2025 (1 sec)
Time.Estimated...: Sun Apr 13 16:06:39 2025 (0 secs)
Kernel.Feature...: Pure Kernel
Guess.Base.......: File (rockyou.txt)
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........:   247.2 kH/s (0.37ms) @ Accel:1024 Loops:1 Thr:1 Vec:16
Recovered........: 1/1 (100.00%) Digests (total), 1/1 (100.00%) Digests (new)
Progress.........: 24576/14344384 (0.17%)
Rejected.........: 0/24576 (0.00%)
Restore.Point....: 0/14344384 (0.00%)
Restore.Sub.#1...: Salt:0 Amplifier:0-1 Iteration:0-1
Candidate.Engine.: Device Generator
Candidates.#1....: 123456 -> 280690

Started: Sun Apr 13 16:06:29 2025
Stopped: Sun Apr 13 16:06:39 2025

※10秒ほどで完了した.

2. ルールベース攻撃

ルールを使うことで、辞書の単語に対して様々な変換を適用できる

hashcat -m 0 -a 0 hash.txt /usr/share/wordlists/rockyou.txt -r /usr/share/hashcat/rules/best64.rule

3. マスク攻撃(ブルートフォース)

特定のパターンに基づいたブルートフォース攻撃も可能である

# 8文字の小文字アルファベットのパスワードを総当たり
hashcat -m 0 -a 3 hash.txt "?l?l?l?l?l?l?l?l"

マスクで使用できる主な文字セット:

  • ?l: 小文字アルファベット (a-z)
  • ?u: 大文字アルファベット (A-Z)
  • ?d: 数字 (0-9)
  • ?s: 特殊文字 (!@#$ など)
  • ?a: すべての文字

4. 結果の確認

解析が完了したら、結果を表示する。

hashcat --show -m 0 hash.txt

出力例:

5f4dcc3b5aa765d61d8327deb882cf99:password

参考

おわりに

hashcatでハッシュ値の解析を試してみた。
セキュリティの勉強の一環として使ってみたが、辞書攻撃はすさまじい速度で解析が完了するのを見て、よくある単語の羅列は容易に解析されるなという感想が出る。
今回は既にハッシュ関数としては脆弱なMD5を使っているため解析がすぐに終わったが他のものだとどうなるのかも試してみたいところ。

© 2020 - 2025 kbushi
Hugo で構築されています。
テーマ StackJimmy によって設計されています。