Book Review: "Hash Crack"
"Hash Crack: Password Cracking Manual, V2.0", by Netmux is another info-sec quick reference, backpack-style hacking book. Similar to RTFM and BTFM, Hash Crack provides a book of hacking cheat sheets, that are widely available online, in a simple small notebook. It should be noted that these are cheat sheets for people already generally familiar with these tools and concepts. The book is cheap, at ~$15 on Amazon. Overall, I give this book 4 / 10 stars, I think a good bit of the content is filler and over priced compared to similar books. Ultimately, I think you can skip this one if you wanted, as there is such good documentation about hash cracking on the Internet, and it is a deep / serious subject with lots of nuance and edge case this book dosn't capture. I think a lot of people buy this book to compliment the RTFM and BTFM, and while it is a nice collection of cheat sheets I don't think it has as much general utility. The following is the table of contents to give you a better idea of the contents of the book:
Intro
Required Software
Core Hash Cracking Knowledge
Cracking Methodology
Basic Cracking Playbook
Cheat Sheets
Extract Hashes
Password Analysis
Dictionary / Wordlist
Rules & Masks
Foreign Character Sets
Advanced Attacks
Cracking Concepts
Common Hash Examples
Appendix
- Terms
- Online Resources
- John The Ripper Menu
- Hashcat Menu
- Hash Cracking Benchmarks
- Hash Cracking Speed
Some of my favorite parts of the book were the one liners in the Cheat Sheets section, these simple functions to transform files and format data are useful all over, not just hash cracking. They also have a github w/ "their sample code", but unfortunately it dosn't include the useful one liners from the Cheat Sheets section, rather just the example hashes and passwords they use throughout the book. Some of the filler content in my opinion were the blank notes pages or the pages of exact tool help menu. That said I really enjoyed the bit of theory during Cracking Concepts, I thought it was a really nice touch to add a section on cracking theory. I also really enjoyed the Hash Cracking Benchmarks and Hash Cracking Speed sections, I thought these were handy to have for a quick comparison. The Rules and Masks, as well as the theory about how to apply them was very interesting and the Advanced Attacks section also broke ground on some really awesome wordlist generation techniques. Finally, I'm going to leave you with the book's 10 Crack Commandments (Shoutout to Biggie):
1. Thou shalt know hash types & their origin/function
2. Thou shalt know cracking software strengths & weaknesses
3. Thou shalt study & apply password analysis techniques
4. Thou shalt be proficient at hash extraction methods
5. Thou shalt create custom/targeted dictionaries
6. Thou shalt know thy cracking rigs capabilities
7. Thou shalt understand basic human psychology/behavior
8. Thou shalt create custom masks, rules, & Markov chains
9. Thou shalt continually experiment with new techniques
10. Thou shalt support thy fellow cracking community members
Intro
Required Software
Core Hash Cracking Knowledge
Cracking Methodology
Basic Cracking Playbook
Cheat Sheets
Extract Hashes
Password Analysis
Dictionary / Wordlist
Rules & Masks
Foreign Character Sets
Advanced Attacks
Cracking Concepts
Common Hash Examples
Appendix
- Terms
- Online Resources
- John The Ripper Menu
- Hashcat Menu
- Hash Cracking Benchmarks
- Hash Cracking Speed
Some of my favorite parts of the book were the one liners in the Cheat Sheets section, these simple functions to transform files and format data are useful all over, not just hash cracking. They also have a github w/ "their sample code", but unfortunately it dosn't include the useful one liners from the Cheat Sheets section, rather just the example hashes and passwords they use throughout the book. Some of the filler content in my opinion were the blank notes pages or the pages of exact tool help menu. That said I really enjoyed the bit of theory during Cracking Concepts, I thought it was a really nice touch to add a section on cracking theory. I also really enjoyed the Hash Cracking Benchmarks and Hash Cracking Speed sections, I thought these were handy to have for a quick comparison. The Rules and Masks, as well as the theory about how to apply them was very interesting and the Advanced Attacks section also broke ground on some really awesome wordlist generation techniques. Finally, I'm going to leave you with the book's 10 Crack Commandments (Shoutout to Biggie):
1. Thou shalt know hash types & their origin/function
2. Thou shalt know cracking software strengths & weaknesses
3. Thou shalt study & apply password analysis techniques
4. Thou shalt be proficient at hash extraction methods
5. Thou shalt create custom/targeted dictionaries
6. Thou shalt know thy cracking rigs capabilities
7. Thou shalt understand basic human psychology/behavior
8. Thou shalt create custom masks, rules, & Markov chains
9. Thou shalt continually experiment with new techniques
10. Thou shalt support thy fellow cracking community members