This tool does it's slowest work when put up against WPA/WPA2 because of the 4 way handshake slowing it down. It does extremely well with other hash types For eg Md5 is cracked at 10million attempts per second and NTLM is a bit faster than Md5. The oclHashcat website has some more in depth .info.

Extreme GPU Brute-Force Hash Cracker

Unlike the extremely slow and computationally demanding bcrypt, MD5, SHA1, and a raft of other hashing algorithms were designed to place a minimum of strain on light-weight hardware. That's good for manufacturers of routers, say, and it's even better for crackers. Had Ashley Madison used MD5, for instance, Pierce's server could have completed 11 million guesses per second, a speed that would have allowed him to test all 36 million password hashes in 3.7 years if they were salted and just three seconds if they were unsalted (many sites still do not salt hashes). Had the dating site for cheaters used SHA1, Pierce's server could have performed seven million guesses per second, a rate that would have taken almost six years to go through the entire list with salt and five seconds without. (The time estimates are based on use of the RockYou list. The time required would be different if different lists or cracking methods were used. And of course, super fast rigs like the ones Gosney builds would complete the jobs in a fraction of these times.)

But Pierce's experiment also provides a cautionary tale to the large percentage of people who pick "p@$$w0rd", "1234567", and other weak passcodes to protect their valuable online assets. Bcrypt may drastically slow the time in which a large list can be cracked, but its benefit diminishes when crackers target a handful of hashes that, say, are all associated with a single e-mail domain such as navy.org or whitehouse.gov. The value further deteriorates when those targeted users choose a weak password.

John the Ripper is a popular password cracking tool that supports many common hash types as well as a useful autodetect feature. It has been around for a while now, and as such, it continues to be one of the strongest and easiest to use crackers available.

The next tool that we will look at is Hashcat. This is an extremely powerful hash-cracking tool with a ton of features and both CPU-based and GPU-based versions available. As of Hashcat v3.00, the CPU and GPU tools were merged, with the CPU-only version becoming Hashcat-legacy.

Tools which claim to be able to identify hashes simply use regular expressions to match the hash against common patterns. This method is extremely unreliable and often yields incorrect results. It is best to avoid using such tools.

This directory can be used to tell hashcat that a specific hash was cracked on a different computer/node or with another cracker (such as hashcat-legacy). The expected file format is not just plain (which sometimes confuses people), but instead the full hash[:salt]:plain.

Actually, Hashcat is a tool that can use the graphic cards to brute force a password hash instead of using your CPU which is shitty when it comes to speed, it is fast and extremely flexible- to writer made it in such a way that allows distributed cracking. aircrack-ng can only work with a dictionary, which severely limits its functionality, while oclHashcat also has a rule-based engine.

Though brute-force attacks (e.g. dictionary attacks) may be used to try to invert a hash function, they can become infeasible when the set of possible passwords is large enough. An alternative to brute-force is to use precomputed hash chain tables. Rainbow tables are a special kind of such table that overcome certain technical difficulties.

Rainbow tables are specific to the hash function they were created for e.g., MD5 tables can crack only MD5 hashes. The theory of this technique was invented by Philippe Oechslin[3] as a fast form of time/memory tradeoff,[1] which he implemented in the Windows password cracker Ophcrack. The more powerful RainbowCrack program was later developed that can generate and use rainbow tables for a variety of character sets and hashing algorithms, including LM hash, MD5, and SHA-1.

Another technique that helps prevent precomputation attacks is key stretching. When stretching is used, the salt, password, and some intermediate hash values are run through the underlying hash function multiple times to increase the computation time required to hash each password.[5] For instance, MD5-Crypt uses a 1000 iteration loop that repeatedly feeds the salt, password, and current intermediate hash value back into the underlying MD5 hash function.[4] The user's password hash is the concatenation of the salt value (which is not secret) and the final hash. The extra time is not noticeable to users because they have to wait only a fraction of a second each time they log in. On the other hand, stretching reduces the effectiveness of brute-force attacks in proportion to the number of iterations because it reduces the number of attempts an attacker can perform in a given time frame. This principle is applied in MD5-Crypt and in bcrypt.[6] It also greatly increases the time needed to build a precomputed table, but in the absence of salt, this needs only be done once.

Dictionary and brute-force attacks make tradeoffs between speed and guarantee of success. Most tools also support a hybrid attack mode which performs a dictionary attack first and then switches to a brute-force attack if unsuccessful. A lot of subject-matter expertise and optimization goes into these tools, making them extremely effective at password cracking.

Password cracking is a dying enterprise. Users are required to create ever more complex passwords, and some back-end developers are starting to utilize mechanisms such as Bcrypt to replace standard hashing functions. Bcrypt hashes take a drastically longer period of time to generate, and because of this, passwords become significantly more difficult to crack. Crackers need to generate hashes very quickly to effectively crack passwords, and thus Bcrypt is a very powerful tool against such attacks. To illustrate this example, a password cracker made from a 25-GPU cluster presented in 2012 was able to achieve an NTLM hash generation speed of 350 billion hashes per second compared to a Bcrypt hash generation speed of 71,000. Using this as a model of comparison, for every single Bcrypt hash generated, 5 million NTLM hashes can be generated. When faced with Bcrpyted algorithms, hackers must make much more calculated guesses against passwords and cannot rely on using brute force for every possibility.

Oftentimes, as penetration testers, even if we compromise a set of hashes, we may not have time to crack all of them. However, compromising them may help escalate access into the system and result in more helpful findings for the client. Therefore, when cracking passwords, it can be useful to determine how much time will be allotted for cracking a set of hashes. Using the structures that were found in the previous analysis, an attacker could determine that he or she wants to cover the top 10 popular structures based on the password complexity requirements sorted by quickest time to complete. Finally, the attacker may time box his or her approach by not spending any more than an hour to execute the cracking. This was identified in a recent penetration test in which hashes were obtained. Below is a snapshot of the results with a CPU-based cracker. 2ff7e9595c