Hashcat

Cracking examples

  1. JSON Web Tokens (JWT)

Eg. Cracking a JWT secret:

  • jwt.txt: entire JWT sequence (header, payload and signature) (eg. eyJhbGxxx.eyJ1c2xxx.gLYfqxxx )

  • jwt.secrets.list: JWT secrets wordlist

$ hashcat -m 16500 -a 0 jwt.txt jwt.secrets.list

Flags

  • -m/--hash-type: Hash type

    • Eg. -m 16500 : Hash type of JWT (JSON Web Tokens)

  • -a: Attack mode

    • Eg. -a 0: Dictionary attack

Possible wordlists

  1. scraped JWT secrets: https://github.com/danielmiessler/SecLists/blob/master/Passwords/scraped-JWT-secrets.txt

  2. rockyou.txt: https://github.com/danielmiessler/SecLists/blob/master/Passwords/Leaked-Databases/rockyou.txt.tar.gz

Logohashcat [hashcat wiki]
PreviousJohn the ripperNexthash-identifier

Last updated