搜索
查看: 11606|回复: 1

[经验分享] GPU破解WIN登录密码

[复制链接]
发表于 2014-12-27 23:49:34 | 显示全部楼层 |阅读模式
http://hashcat.net/oclhashcat/
这个软件 可以用GPU 计算破解密码

速度非常快 ,当然前提是要有好显卡

有HD7990、R9 295X 280X.等高性能显卡的朋友可以拿去试试

按照官方的数据简单计算一下

一个8位大小写数字混合的密码一共有62的八次方 ,也就是218,340,105,584,896种组合
大约218,340,105M,按照8个R9 290X的速度 183528 Mh/s

最多需要1190秒,大约20分钟就可以破解出来



但是,如果密码位数达到10位,破解所需时间大约是52天,仍然是很长。


猜想:如果能利用这个工具生成彩虹表,是不是能更方便呢


回复

使用道具 举报

 楼主| 发表于 2014-12-28 13:14:38 | 显示全部楼层
帮助文件
cudaHashcat, advanced password recovery

Usage: cudaHashcat [options]... hash|hashfile|hccapfile [dictionary|mask|directory]...

=======
Options
=======

* General:

  -m,  --hash-type=NUM               Hash-type, see references below
  -a,  --attack-mode=NUM             Attack-mode, see references below
  -V,  --version                     Print version
  -h,  --help                        Print help
       --eula                        Print EULA
       --quiet                       Suppress output

* Benchmark:

  -b,  --benchmark                   Run benchmark
       --benchmark-mode=NUM          Benchmark-mode, see references below

* Misc:

       --hex-charset                 Assume charset is given in hex
       --hex-salt                    Assume salt is given in hex
       --hex-wordlist                Assume words in wordlist is given in hex
       --force                       Ignore warnings
       --status                      Enable automatic update of the status-screen
       --status-timer=NUM            Seconds between status-screen update
       --status-automat              Display the status view in a machine readable format
       --loopback                    Add new plains to induct directory
       --weak-hash-threshold=NUM     Threshold when to stop checking for weak hashes, default is 100 salts

* Markov:

       --markov-hcstat=FILE          Specify hcstat file to use, default is hashcat.hcstat
       --markov-disable              Disables markov-chains, emulates classic brute-force
       --markov-classic              Enables classic markov-chains, no per-position enhancement
  -t,  --markov-threshold=NUM        Threshold when to stop accepting new markov-chains

* Session:

       --runtime=NUM                 Abort session after NUM seconds of runtime
       --session=STR                 Define specific session name
       --restore                     Restore session from --session
       --restore-disable             Do not write restore file

* Files:

  -o,  --outfile=FILE                Define outfile for recovered hash
       --outfile-format=NUM          Define outfile-format for recovered hash, see references below
       --outfile-autohex-disable     Disable the use of $HEX[] in output plains
       --outfile-check-timer         Seconds between outfile checks
  -p,  --separator=CHAR              Separator char for hashlists and outfile
       --show                        Show cracked passwords only
       --left                        Show un-cracked passwords only
       --username                    Enable ignoring of usernames in hashfile (recommended: also use --show)
       --remove                      Enable remove of hash once it is cracked
       --remove-timer=NUM            Update input hash file each NUM seconds
       --potfile-disable             Do not write potfile
       --debug-mode=NUM              Defines the debug mode (hybrid only by using rules), see references below
       --debug-file=FILE             Output file for debugging rules (see also --debug-mode)
       --induction-dir=FOLDER        Specify induction directory to use, default is $session.induct
       --outfile-check-dir=FOLDER    Specify the outfile directory which should be monitored, default is $session.outfiles
       --logfile-disable             Disable the logfile

* Resources:

  -c,  --segment-size=NUM            Size in MB to cache from the wordfile
       --bitmap-max=NUM              Maximum number of bits allowed for bitmaps
       --cpu-affinity=STR            Locks to CPU devices, seperate with comma
       --gpu-async                   Use non-blocking async calls (NV only)
  -d,  --gpu-devices=STR             Devices to use, separate with comma
  -w,  --workload-profile=NUM        Enable a specific workload profile, see references below
  -n,  --gpu-accel=NUM               Workload tuning: 1, 8, 40, 80, 160
  -u,  --gpu-loops=NUM               Workload fine-tuning: 8 - 1024
       --gpu-temp-disable            Disable temperature and fanspeed readings and triggers
       --gpu-temp-abort=NUM          Abort session if GPU temperature reaches NUM degrees celsius
       --gpu-temp-retain=NUM         Try to retain GPU temperature at NUM degrees celsius (AMD only)
       --powertune-disable           Disable automatic power tuning option (AMD OverDrive 6 only)

* Distributed:

  -s,  --skip=NUM                    skip number of words
  -l,  --limit=NUM                   limit number of words
       --keyspace                    show keyspace base:mod values and quit

* Rules:

  -j,  --rule-left=RULE              Single rule applied to each word from left dict
  -k,  --rule-right=RULE             Single rule applied to each word from right dict
  -r,  --rules-file=FILE             Rules-file, multi use: -r 1.rule -r 2.rule
  -g,  --generate-rules=NUM          Generate NUM random rules
       --generate-rules-func-min=NUM Force NUM functions per random rule min
       --generate-rules-func-max=NUM Force NUM functions per random rule max
       --generate-rules-seed=NUM     Force RNG seed to NUM

* Custom charsets:

  -1,  --custom-charset1=CS          User-defined charsets
  -2,  --custom-charset2=CS          Example:
  -3,  --custom-charset3=CS          --custom-charset1=?dabcdef : sets charset ?1 to 0123456789abcdef
  -4,  --custom-charset4=CS          -2 mycharset.hcchr : sets charset ?2 to chars contained in file

* Increment:

  -i,  --increment                   Enable increment mode
       --increment-min=NUM           Start incrementing at NUM
       --increment-max=NUM           Stop incrementing at NUM

==========
References
==========

* Workload Profile:

    1 = Reduced performance profile (low latency desktop)
    2 = Default performance profile
    3 = Tuned   performance profile (high latency desktop)

* Benchmark Settings:

    0 = Manual Tuning
    1 = Performance Tuning, default

* Outfile Formats:

    1 = hash[:salt]
    2 = plain
    3 = hash[:salt]:plain
    4 = hex_plain
    5 = hash[:salt]:hex_plain
    6 = plain:hex_plain
    7 = hash[:salt]:plain:hex_plain
    8 = crackpos
    9 = hash[:salt]:crackpos
   10 = plain:crackpos
   11 = hash[:salt]:plain:crackpos
   12 = hex_plain:crackpos
   13 = hash[:salt]:hex_plain:crackpos
   14 = plain:hex_plain:crackpos
   15 = hash[:salt]:plain:hex_plain:crackpos

* Debug mode output formats (for hybrid mode only, by using rules):

    1 = save finding rule
    2 = save original word
    3 = save original word and finding rule
    4 = save original word, finding rule and modified plain

* Built-in charsets:

   ?l = abcdefghijklmnopqrstuvwxyz
   ?u = ABCDEFGHIJKLMNOPQRSTUVWXYZ
   ?d = 0123456789
   ?s =  !"#$%&'()*+,-./:;<=>?@[\]^_`{|}~
   ?a = ?l?u?d?s
   ?b = 0x00 - 0xff

* Attack modes:

    0 = Straight
    1 = Combination
    3 = Brute-force
    6 = Hybrid dict + mask
    7 = Hybrid mask + dict

* Generic hash types:

     0 = MD5
    10 = md5($pass.$salt)
    20 = md5($salt.$pass)
    30 = md5(unicode($pass).$salt)
    40 = md5($salt.unicode($pass))
    50 = HMAC-MD5 (key = $pass)
    60 = HMAC-MD5 (key = $salt)
   100 = SHA1
   110 = sha1($pass.$salt)
   120 = sha1($salt.$pass)
   130 = sha1(unicode($pass).$salt)
   140 = sha1($salt.unicode($pass))
   150 = HMAC-SHA1 (key = $pass)
   160 = HMAC-SHA1 (key = $salt)
   190 = sha1(LinkedIn)
   200 = MySQL323
   300 = MySQL4.1/MySQL5
   400 = phpass, MD5(Wordpress), MD5(phpBB3), MD5(Joomla)
   500 = md5crypt, MD5(Unix), FreeBSD MD5, Cisco-IOS MD5
   501 = Juniper IVE
   900 = MD4
  1000 = NTLM
  1100 = Domain Cached Credentials, mscash
  1400 = SHA256
  1410 = sha256($pass.$salt)
  1420 = sha256($salt.$pass)
  1430 = sha256(unicode($pass).$salt)
  1440 = sha256($salt.unicode($pass))
  1450 = HMAC-SHA256 (key = $pass)
  1460 = HMAC-SHA256 (key = $salt)
  1500 = descrypt, DES(Unix), Traditional DES
  1600 = md5apr1, MD5(APR), Apache MD5
  1700 = SHA512
  1710 = sha512($pass.$salt)
  1720 = sha512($salt.$pass)
  1730 = sha512(unicode($pass).$salt)
  1740 = sha512($salt.unicode($pass))
  1750 = HMAC-SHA512 (key = $pass)
  1760 = HMAC-SHA512 (key = $salt)
  1800 = sha512crypt, SHA512(Unix)
  2100 = Domain Cached Credentials2, mscash2
  2400 = Cisco-PIX MD5
  2410 = Cisco-ASA MD5
  2500 = WPA/WPA2
  2600 = Double MD5
  3000 = LM
  3100 = Oracle 7-10g, DES(Oracle)
  3200 = bcrypt, Blowfish(OpenBSD)
  3710 = md5($salt.md5($pass))
  3810 = md5($pass.$salt.$pass)
  4300 = md5(strtoupper(md5($pass)))
  4400 = md5(sha1($pass))
  4500 = Double SHA1
  4700 = sha1(md5($pass))
  4800 = MD5(Chap), iSCSI CHAP authentication
  5000 = SHA-3(Keccak)
  5100 = Half MD5
  5200 = Password Safe v3
  5300 = IKE-PSK MD5
  5400 = IKE-PSK SHA1
  5500 = NetNTLMv1-VANILLA / NetNTLMv1+ESS
  5600 = NetNTLMv2
  5700 = Cisco-IOS SHA256
  5800 = Android PIN
  6000 = RipeMD160
  6100 = Whirlpool
  62XY = TrueCrypt 5.0+ (see below)
  6300 = AIX {smd5}
  6400 = AIX {ssha256}
  6500 = AIX {ssha512}
  6600 = 1Password, agilekeychain
  6700 = AIX {ssha1}
  6800 = Lastpass
  6900 = GOST R 34.11-94
  7100 = OSX v10.8 / v10.9
  7200 = GRUB 2
  7300 = IPMI2 RAKP HMAC-SHA1
  7400 = sha256crypt, SHA256(Unix)
  7500 = Kerberos 5 AS-REQ Pre-Auth etype 23
  7700 = SAP CODVN B (BCODE)
  7800 = SAP CODVN F/G (PASSCODE)
  7900 = Drupal7
  8000 = Sybase ASE
  8100 = Citrix Netscaler
  8200 = 1Password, cloudkeychain
  8300 = DNSSEC (NSEC3)
  8400 = WBB3, Woltlab Burning Board 3
  8500 = RACF
  8600 = Lotus Notes/Domino 5
  8700 = Lotus Notes/Domino 6
  8800 = Android FDE <= 4.3
  8900 = scrypt
  9000 = Password Safe v2
  9100 = Lotus Notes/Domino 8
  9200 = Cisco $8$
  9300 = Cisco $9$
  9400 = Office 2007
  9500 = Office 2010
  9600 = Office 2013
  9700 = MS Office <= 2003 MD5 + RC4, oldoffice$0, oldoffice$1
  9710 = MS Office <= 2003 MD5 + RC4, collider-mode #1
  9720 = MS Office <= 2003 MD5 + RC4, collider-mode #2
  9800 = MS Office <= 2003 SHA1 + RC4, oldoffice$3, oldoffice$4
  9810 = MS Office <= 2003 SHA1 + RC4, collider-mode #1
  9820 = MS Office <= 2003 SHA1 + RC4, collider-mode #2
  9900 = Radmin2
10000 = Django (PBKDF2-SHA256)
10100 = SipHash

* Specific hash types:

    11 = Joomla < 2.5.18
    12 = PostgreSQL
    21 = osCommerce, xt:Commerce
    22 = Juniper Netscreen/SSG (ScreenOS)
    23 = Skype
   101 = nsldap, SHA-1(Base64), Netscape LDAP SHA
   111 = nsldaps, SSHA-1(Base64), Netscape LDAP SSHA
   112 = Oracle 11g/12c
   121 = SMF > v1.1
   122 = OSX v10.4, v10.5, v10.6
   123 = Django (SHA-1)
   131 = MSSQL(2000)
   132 = MSSQL(2005)
   133 = PeopleSoft
   141 = EPiServer 6.x < v4
  1421 = hMailServer
  1441 = EPiServer 6.x > v4
  1711 = SSHA-512(Base64), LDAP {SSHA512}
  1722 = OSX v10.7
  1731 = MSSQL(2012), MSSQL(2014)
  2611 = vBulletin < v3.8.5
  2612 = PHPS
  2711 = vBulletin > v3.8.5
  2811 = IPB2+, MyBB1.2+
  3711 = Mediawiki B type
  62XY = TrueCrypt 5.0+
    X  = 1 = PBKDF2-HMAC-RipeMD160
    X  = 2 = PBKDF2-HMAC-SHA512
    X  = 3 = PBKDF2-HMAC-Whirlpool
    X  = 4 = PBKDF2-HMAC-RipeMD160 + boot-mode
    X  = 5 = PBKDF2-HMAC-RipeMD160 + hidden-volume
    X  = 6 = PBKDF2-HMAC-SHA512    + hidden-volume
    X  = 7 = PBKDF2-HMAC-Whirlpool + hidden-volume
    X  = 8 = PBKDF2-HMAC-RipeMD160 + hidden-volume + boot-mode
     Y = 1 = XTS AES
     Y = 2 = XTS Serpent              --- unfinished
     Y = 3 = XTS Twofish              --- unfinished
     Y = 4 = XTS AES-Twofish          --- unfinished
     Y = 5 = XTS AES-Twofish-Serpent  --- unfinished
     Y = 6 = XTS Serpent-AES          --- unfinished
     Y = 7 = XTS Serpent-Twofish-AES  --- unfinished
     Y = 8 = XTS Twofish-Serpent      --- unfinished
  7600 = Redmine Project Management Web App
回复

使用道具 举报

联系我们(Contact)|手机版|萝卜头IT论坛 ( 苏ICP备15050961号-1 )

GMT+8, 2024-11-22 03:37 , Processed in 0.091733 second(s), 21 queries , Gzip On.

Powered by Discuz! X3.5

© 2001-2024 Discuz! Team.

快速回复 返回顶部 返回列表