Breaking password hashes


Passwords are still a critical component of information systems. During an intrusion, various password hashes are collected and cracking them as fast as possible can be crucial. This training aims to cover the techniques and the tools so you can crack hashes faster. Also, a review of historical hash formats will be presented in order to show bad examples and mistakes in well-known projects.

Password cracking is a beginner to advanced training designed for security teams, system administrators and developers.


1 day / 2 hours of theory / 4 hours of practice


  • Theory of password storage and generation


    Reminder of how password are usually stored and explanation of various generic generation techniques


    • Password storage types

    • Hash functions

    • Attacking hash functions

    • Generation passwords

    • Computing technologies


  • Review of historical hash formats


    Interactive session with a review of hash formats in well-known projects.


  • Exercises


    These exercises will cover various aspects of practical password cracking.


    • Install and master John the Ripper:

      • Review of available modes

      • Derivation rules writing

      • Password filter writing to comply with password policy

      • Dynamic format configuration (based on common hash functions)

      • Implementation or modification of a native format

    • Install and quick tour of hashcat: review of available modes

    • Advanced passwords generation

      • Prince combination

      • Genetic mutation with Siga

      • Rules and wordlists generation