Advanced Hash Manipulation
Dagon has a lot of options and is capable of cracking almost anything when used properly.
There are of course mandatory arguments that must be passed so that Dagon can run successfully, in this section I will go over each one of these arguments and tell you a little bit about it, lets begin.
To crack a hash you must provide a singular hash using the
-c/--crack flag. This flag will tell Dagon that you are trying to crack a single hash, after you have provided the
-c/--crack flag you will need to tell Dagon what sort of cracking needs to take place. Here’s an example of the cracking flag, for this example we will be using the MD5 hashing algorithm.
Notice that when a wordlist is not provided, Dagon will create its own. This wordlist will contain all possible combinations (up to one million lines) of the letters ‘abc’ from 7 to 15 characters long
After the wordlist has been generated, you will be able to crack the password, using that wordlist. Dagon will automatically attempt to verify the algorithm used to create the hash and attempt to crack using the most likely algorithms
To do a dictionary attack you will just need to use the wordlist flag (
--wordlist) in order for the bruteforce section to read from the wordlist.
To crack a list of hashes (file of hashes) you can use the
-l/--hash-list flag. You will need to provide a full path to a file so that Dagon can attempt to crack each hash. Lets use a file with three hashes in three different algorithms, SHA1, MD5, and WHIRLPOOL. Notice how it will prompt you if you want to crack the hash or not:
You ever have to crack a hash, and the next thing you know you needed to know the hashing algorithm that was used in order to finish the cracking? Well look no further! I have a fix for that as well, using the
-v/--verify flag! Dagon will not only automatically attempt to verify a hash before cracking, but it can also be provided a hash in order to verify what algorithm was used to create it.
You can also pass the
-L/--least-likely flag and see all possible algorithms that could have been used to create this hash, everything from most likely, to least likely.
These arguments are given to manipulate the way the application runs, or to manipulate the givens hashes.
There are many ways to manipulate the salt in Dagon, anything from using random Unicode salt
--urandom, random integers
-R, random characters
-R --use-chars, random characters & integers
-R --use-chars --use-int, or creating your own
-S\--salt <SALT>, <PLACEMENT>. You can also change the length of the salt using the
--salt-size flag. Most salts are around 10-12 characters long. So making the salt any bigger will produce a warning letting you know:
For random unicode salts, you will need to provide the length of the salt, please keep in mind that Unicode can make the hashing process slower.
Default for random salt is integers
Of course you can use just characters if you want to, it’s up to you not me
But where’s the fun in using just characters? You can also use characters and integers
Or, you can always just create your own
You can also change the salt size, because hey, who uses 12 character salts anymore?