展示HN:我花了4年时间专注于掌握离线密码破解技术
大家好,
我是Bojta Lepenye,首先,我想感谢Hashcat的核心开发者。在我的经验中,它确实是目前可用于离线密码破解的最强大工具,适用于各种使用场景。
在过去的四年里(从14岁到18岁),我广泛使用Hashcat及其相关工具,并在我的第一本书中记录了我在这段时间所学到的知识(自2022年1月18日起)。在此期间,我还不得不不断更新和重写主要章节,因为这个领域在不断发展。例如,Argon2和其他内存硬密码哈希算法的GPU支持的引入,显著改变了一些破解工作流程。
我对这本书的热情,或者说它的“快速入门”,源于我在学校进行的一次经过伦理批准的渗透测试。这是我既感到犹豫又相当自豪的事情。
起初,我只是把从YouTube视频和在线博客中学到的所有知识写下来。然而,在项目开始不久后,我意识到我对密码安全几乎一无所知,而我写的那10到15页内容在有人寻找专业的密码破解指南时根本不够。
这本书的另一个主要驱动力是,在网上研究、浏览论坛、阅读学术论文和白皮书、观看视频、探索博客、检查演示文稿和审查信息图表时,我没有找到任何一个全面覆盖和解释离线密码破解所需了解的所有内容的来源。真的,没有一个。
因此,我继续我的研究,学习了密码哈希算法、哈希函数的安全属性、高级哈希破解技术、密码分析、攻击优化等等。
从一开始,我就希望与社区分享这些知识,因为拥有这样一个资源在我刚开始学习密码破解时会对我帮助巨大。
我真诚希望这本书对初学者和经验丰富的专业人士都有所帮助,期待听到你们的想法和反馈。
我还制作了一个小视频,让大家提前了解一下。这段视频在Google Drive上,是官方域名,您无需下载任何东西。链接在这里: [https://drive.google.com/file/d/13LeysSZO8Mx-LGKt8UQjUGBKOYH7MqiS/view?usp=sharing](https://drive.google.com/file/d/13LeysSZO8Mx-LGKt8UQjUGBKOYH7MqiS/view?usp=sharing)
如果您感兴趣,这本书现在在亚马逊上公开发行,使用Kindle Unlimited订阅可以免费阅读:[https://www.amazon.com/dp/B0GX36XRCD](https://www.amazon.com/dp/B0GX36XRCD)
查看原文
Hi everyone,<p>I am Bojta Lepenye, and first of all, I want to thank the core developers of Hashcat. In my experience, it is quite literally the most capable tool available for offline password cracking across a wide range of use cases.<p>I have spent the last 4 years (from age 14 to 18) extensively working with Hashcat and the tools surrounding it, and I have documented what I have learned throughout that time (since January 18, 2022) in my first book. During that period, I also had to continuously update and rewrite major sections as the field evolved. One example was the introduction of GPU support for Argon2 and other memory-hard password hashing algorithms, which significantly changed some cracking workflows.<p>My passion for this book, or its “quick starter,” if you will, came from an ethically conducted penetration test I performed with full authorization at my school. This is something I am both hesitant and quite proud to acknowledge.<p>At the beginning, I simply wrote down everything I had learned from YouTube videos and online blogs. However, not long after starting my project, I realized I practically knew nothing about password security, and that small 10 to 15 pages I had written would never be enough if someone was looking for a professional guide to cracking passwords.<p>The other main driving force behind the book was the fact that while researching online, browsing forums, reading academic papers and white papers, watching videos, exploring blogs, inspecting presentations, and examining infographics, I did not find a single source that comprehensively covers and explains everything one needs to understand about offline password cracking. Literally. Not one.<p>Therefore, I continued my research and learned about password hashing algorithms, the security properties of hash functions, advanced hash cracking techniques, password analysis, attack optimization, and much, much more.<p>From the very beginning, I wanted to share this knowledge with the community because having access to a resource like this would have helped me tremendously when I first started learning password cracking.<p>I sincerely hope this work will be useful to both beginners and experienced professionals alike, and I look forward to hearing your thoughts and feedback.<p>I have also put together a little video to give you a little sneak peek into it. It is on Google Drive. It is the official domain, and you do not need to download anything. Here it is: <a href="https://drive.google.com/file/d/13LeysSZO8Mx-LGKt8UQjUGBKOYH7MqiS/view?usp=sharing" rel="nofollow">https://drive.google.com/file/d/13LeysSZO8Mx-LGKt8UQjUGBKOYH...</a><p>If you are interested, the book is now publicly available on Amazon, and can be read for free with a Kindle Unlimited subscription: <a href="https://www.amazon.com/dp/B0GX36XRCD" rel="nofollow">https://www.amazon.com/dp/B0GX36XRCD</a>