Hashcat

Examples

  1. JSON Web Tokens (JWT)

Eg. Cracking a JWT secret:

  • jwt.txt: entire JWT sequence (header, payload and signature) (eg. eyJhbGxxx.eyJ1c2xxx.gLYfqxxx )

  • jwt.secrets.list: JWT secrets wordlist

$ hashcat -m 16500 -a 0 jwt.txt jwt.secrets.list

Flags

  • -m/--hash-type: Hash type/mode

    • Eg. -m 16500 : Hash type of JWT (JSON Web Tokens)

  • -a: Attack mode

    • Eg. -a 0: Dictionary attack

Possible wordlists

  1. scraped JWT secrets: https://github.com/danielmiessler/SecLists/blob/master/Passwords/scraped-JWT-secrets.txt

  2. rockyou.txt: https://github.com/danielmiessler/SecLists/blob/master/Passwords/Leaked-Databases/rockyou.txt.tar.gz

List of hash type/mode

Logohashcat [hashcat wiki]hashcat.net
Logoexample_hashes [hashcat wiki]hashcat.net

  1. 13100

  • Kerberos 5, etype 23, TGS-REP (RC4-HMAC)

$krb5tgs$23$*<SERVICE_USERNAME>$<DOMAIN>$<SPN>@<DOMAIN>*$<HASH_VALUE>

Notice the value 23 in the first section of the hash: krb5tgs$23$ , this refers to the etype 23

a. <SERVICE_USERNAME>: service account username

  • eg. svc-user

b. <DOMAIN>: Domain

  • eg. test.loc

c. <SPN>: Service Principal Name

  • eg. http/mach.test.loc@test.loc

d. <HASH_VALUE>: Rest of the hash value

  1. 19600

  • Kerberos 5, etype 17, TGS-REP (AES128-CTS-HMAC-SHA1-96)

$krb5tgs$17$<SERVICE_USERNAME>$<DOMAIN>$<HASH_VALUE>

Notice the value 17 in the first section of the hash: krb5tgs$17$ , this refers to the etype 17

  1. 19700

  • Kerberos 5, etype 18, TGS-REP (AES256-CTS-HMAC-SHA1-96)

$krb5tgs$18$<SERVICE_USERNAME>$<DOMAIN>$<HASH_VALUE>

Notice the value 18 in the first section of the hash: krb5tgs$18$ , this refers to the etype 18

General documentation page

Logohashcat [hashcat wiki]hashcat.net
PreviousJohn the ripperNexthash-identifier

Last updated