Write it at the beginning of the article
1. For unknown passwords that exceed 8 digits, it is not recommended for beginners to use hashcat to crack them. Just do your business honestly.
2. The hashcat software relies heavily on the GPU, so NVIDIA graphics card users must install the CUDA library for acceleration. At the same time, the software not only supports NVIDIA graphics cards, but also AMD graphics cards and INTEL graphics cards.
Foreword
Ordinary people who get a compressed package and want to crack the password will usually search for tutorials on websites such as Bilibili Zhihu csdn. Among the retrieved methods, the joint cracking method using hashcat and john is the most recommended. However, in the process of practice, I found that these tutorials are mixed, and many of them are purely stupid bloggers pretending to be experts. The core value of the content can only be regarded as mentioning such a method, without mentioning some hidden pitfalls and techniques at all. This article will completely record the entire operation process, and at the same time impart some of the experiences I learned during the cracking process to provide guidance for those who come after me.
This article is divided into three parts. The first part records the operation process under smooth conditions. The second part is about the pitfalls that may easily occur during the cracking process. The third part is about things that have not yet been thought out.
Cracking process
The cracking process can be briefly described as: use john to extract the hash, and then use hashcat to calculate the password. (Sounds pretty simple, right)
Software required
john: John the Ripper password cracker
You can find several versions on the website. Taking Windows 64-bit system as an example, download the binaries version as shown below. The source version above is the source code. Novices cannot use it. They can directly download the compiled executable file. Version. 
hashcat: hashcat – advanced password recovery
The method of downloading hashcat is the same as john, download the binaries version
After downloading, unzip it for later use.
Operation process
Extract hash
There are two ways to use john to extract hash. One is to use the cd command in the cmd window to switch to the run directory, and the other is to use the powershell window. The commands for the two methods are slightly different. For the sake of simplicity, the method of using powershell is introduced here. After decompression, first enter john’s run directory, as shown in the figure below:
Hold down shift and click the right mouse button in the file to pop up the list, click: Open the powershell window here. Then enter
.\rar2john.exe "File address"
There are three key points here. The first one is rar2john.exe. If it is a rar compressed package, use this. If it is a compressed package ending in zip, use zip2john.exe. For other formats, please check the official website. The second key point is the file address. The file address is the compressed package address where the hash is to be extracted. You can click to select the compressed package, then hold down the right key of shift and select in the list: Copy file address. The copied address is directly followed by a blank space after the exe. Just press ctrl v to paste. Don’t delete the double quotes. The third point is that the hash extracted from a large file compressed package will be very long, so it is best to save the hash in a txt text file. Just add a code after the above code. as follows:
.\hashcat.exe "File address" > hashvalue.txt
The hashvalue.txt here will save the extracted hash and store it in john’s run directory.
hash preprocessing
The value saved in hashvalue.txt cannot be used directly. You need to use a website to query the hash type and then perform manual preprocessing.
The URL is: example_hashes [hashcat wiki]
We first open the txt saved earlier and observe the previous paragraph: The $RAR3$ after “rar:” here represents the hash type. You can query it by copying it to the above URL, and you can find two corresponding hashes.
Then observe the two hash structure types and find that the biggest difference is that the end of one is *30 and the other is *33. Here we open our txt and pull it to the end to observe. We find that it is *33 type, which is Hash-Mode 23800. , this value 23800 needs to be written down for later use.
Category judgment After that, you can process the hash. Delete the value in front of $RAR3$ and the value after *33. Remember not to leave spaces or newlines. After processing, save it for hashcat to crack the password.
hashcat cracks password
Open the decompressed hashcat folder, copy hashvalue.txt to the directory, and open powershell in the same manner as before.
First enter the following code to query the local CUDA information.
.\hashcat.exe -I
Display: 
It looks okay, you can enable CUDA acceleration. If there is no CUDA Info column, it means that the computer does not have CUDA (in special cases, it may have CUDA but it cannot be recognized. In this case, it is generally recommended to go directly to the NVIDIA website to download the latest version of CUDA)
Before officially starting, you need to run a test to test the cracking speed. The command is:
.\hashcat.exe -b
If no error is reported in this step, you can start normally. However, usually new users will encounter something like Failed to initialize NVIDIA RTC library at this step. The solution is to reinstall CUDA. This step of testing will last for a long time. If you are too lazy to wait, you can just fork and reopen a powershell window.
Then enter:
.\hashcat.exe -a 3 -m 23800 hashvalue.txt
Here -a represents the cracking mode, 3 represents the mask attack, -m represents the hash type, 23800 is the hash mode queried previously, and hashvalue.txt is the mask text extracted previously.
In addition to these parameters, you can also enter other parameters, such as the password pad, the cracking length, and the specified device number (GPU). However, these are beyond the level that a newbie should master, so I will not go into details. If you want to learn more deeply, you can go to Google and learn slowly.
After inputting, you can start to crack. During the cracking process, you can enter the corresponding keys to control the cracking process. For example, enter s to view the cracking status, cracking speed, estimated time, cracking length, etc.
The picture below is what I ran with four 2080ti. Due to the CPU and temperature wall, the speed was only 83974H/s. There was a pause in the middle. It actually took me 16 hours to crack it to 7 digits. It is expected to be cracked in 18 days. . . . . In addition, I used a 1063 graphics card to run it with a speed of 14000H/s and reached 6 figures in 16 hours. A 4060 graphics card runs at 26000H/s. In addition, different hash types will directly affect the speed of cracking.
Easy pitfalls
What to do if the hash is too long
Many students watched the tutorials demonstrated by other bloggers on the Internet, and after downloading the software, they were ready to crack hundreds of gigabytes of resources. They found that the hash of tm was extracted and it took a long time to copy. It is completely inconsistent with the one-line or two-line hash demonstrated by the blogger, and you will wonder if you have made a mistake in some step.
In fact, there is no mistake. The reason here is because the package demonstrated by the blogger is very small, so the hash is very short. If you really extract a package of tens, hundreds of Mb or even GB, the extracted hash will naturally become longer. In order to avoid copying An error occurred during the process. In order to simplify the operation, we directly added a > hashvalue command to save the HASH to txt text for processing, and finally loaded it into hashcat for cracking.
nvalid zip file, filename length too long!
This problem is usually caused by not processing the hash value in the hashvalue, that is, at the truncation point, all the content after *33 must be deleted. The hash format must correspond to the hash type queried on the example_hashes [hashcat wiki] website. After cleaning, import it into hashcat for cracking.
There are many files in the compressed package. What should I do if I cannot get the hash value?
This will be discussed in two situations, one is when there are multiple compressed packages in the compressed package, and the other is when the compressed package contains folders or files. Regarding the situation where the compressed package contains a compressed package, I haven’t tried it yet, so I won’t discuss it. Another situation where the compressed package contains folders or files. In this case, many hashes will be extracted. You only need to select one and use it to crack it after cleaning.
Usage experience
Generally computers can crack alphanumeric passwords of six digits and below. If it exceeds 6 digits, it is not recommended to crack it privately. Unless you are very ambitious and want to use 4090 or a server, Taobao also has agents, but I have not learned about the price. When it comes to passwords with Chinese characters, all brute-force algorithms available on the market will fail under existing hardware and algorithm conditions.