Hashcat is the most popular password cracker and is designed to crack even the most complex password.
Passwords are mainly protected with hash keys, such as MD5, SHA, WHIRLPOOL, RipeMD, NTMLv1, NTMLv2 and so on. They are also defined as a one-way function and it is a mathematical function that is easy to perform, but it is very difficult to reverse.
Hashcat converts readable data into a corrupted state. Dashes do not allow anyone to decrypt data with a specific key, as standard encryption protocols do. Hashcat uses dictionaries, rainbow tables, and even careful approaches to find an effective and efficient way to crack passwords.
This article provides an introductory tutorial on breaking passwords using Hashcat software.
How to break hashes
The simplest way to crack a hash password (ie a hashed password) is to first try to guess the password. Each attempt should be fragmented and then compared to the actual hash value to see if it is the same, but this process can take a long time.
Attacks with ready-made password dictionaries and brute force are the most common ways of guessing passwords. These techniques use a file that contains words, phrases, shared passwords, and other strings that may have been used as your password.
It should be noted that there is no guaranteed way to prevent dictionary attacks or brute-force attacks.
Other approaches used to crack passwords:
- Lookup tables (search tables): The hashed codes are pre-calculated from a dictionary and then stored in a table along with the corresponding password.
- Reverse lookup tables (reverse lookup tables): This attack allows an attacker to apply a dictionary or a brute-force attack to multiple hashes at once.
- Rainbow tables: Rainbow tables are a time-memory technique. They are similar to search engines, except that they sacrifice the hash speed of hashes to make search engines smaller.
- Hashing with salt: With this technique, hashes are randomized by attaching or preparing a random string, called a "salt". This applies to the password before hashing.
- It is multi-threaded
- It is multi-hash and for multiple operating systems (Linux, Windows and OSX)
- Uses many algorithms (MD4, MD5, SHA1, DCC, NTLM, MySQL, etc.)
- All attack functions can be expanded with specialized rules
- It is possible to resume or restrict sessions automatically. Recognize recovered hashes from the file at boot time
- It can load a salt list from an external file. This can be used as a brute-force attack variant
- The number of threads can be adjusted and executed based on the lowest priority
- Supports hex-charset and hex-salt files
- 90+ algorithms can be implemented based on performance and optimization
A small lab setting on how to crack a password is shown in the next section. A dictionary attack will be simulated for a set of MD5 hashes that were originally created and saved to a file. The list of "rockyou" words found in Kali Linux was used.
How to crack a password through a dictionary attack
1. Create a dictionary with MBD5 hashes
To start this demo, we will create many hash code entries.
In detail, they will then be exported to a file called "target_hashes.txt". Each command must be executed in the terminal, as shown below:
|echo -n “Password” | md5sum | tr -d ”-” >> target_hashes.txt
echo -n “HELLO” | md5sum | tr -d ”-” >> target_hashes.txt
echo -n “MYSECRET” | md5sum | tr -d ”-” >> target_hashes.txt
echo -n “Test1234 ″ | md5sum | tr -d ”-” >> target_hashes.txt
echo -n “P455w0rd” | md5sum | tr -d ”-” >> target_hashes.txt
echo -n “GuessMe” | md5sum | tr -d ”-” >> target_hashes.txt
echo -n “S3CuReP455Word” | md5sum | tr -d ”-” >> target_hashes.txt
The choice -n removes the new line added at the end of the "Password". This is important as we do not want new line characters to be fragmented with our password. The "tr –d '-'" section removes any characters that are blank or hyphenated from the output.
2. Check password fragmentation
To do this, we need to type the following command line in the terminal:
This is also illustrated in the table below:
root @ kali: ~ /Desktop # cat target_hashes.txt dc647eb65e6711e155375218212b3964 eb61eead90e3b899c6bcbe27ac581660 958152288f2d2303ae045cffc43a02cd 2c9341ca4cf3d87b9e4eb905d6a3ec45 75b71aa6842e450f12aca00fdf54c51d 031cbcccd3ba6bd4d1556330995b8d08 b5af0b804ff7238bce48adef1e0c213f
3. Start Hashcat on Kali Linux
Hashcat can be started on the Kali console with the following command line: hashcat -h.
This is shown in the following screenshot:
Some of the most important options of hashcat are -m (the hashtype) and -a (attack mode). In general, we should use both options in most attempts to crack a password.
Hashcat also has specific rules for use in a wordlist file. The character list can be customized to crack passwords.
Finally, Hashcat provides many options for password fragmentation that can be broken. This is shown in the image below:
4. Select the word list
Kali Linux has many built-in word lists. To find them, use the following command line:
This is shown in the image below:
The "rockyou" word list is now in use, as shown below:
|root @ kali: ~ / Desktop # locate rockyou.txt /usr/share/wordlists/rockyou.txt
5. Breaking the hashes
In the final step, we can begin to we break the hashes contained in the file target_hashes.txt . We will use the following command line:
|root @ kali: ~ / Desktop # hashcat -m 0 -a 0 -o cracked.txt target_hashes.txt /usr/share/wordlists/rockyou.txt|
- -m 0 specifies the type of fragmentation we will break (MD5)
- -a 0 defines a dictionary attack
- -o cracked.txt is the output file for the passwords they have destroyed
- The target_hashes.txt is the hash input file
- /Usr/share/wordlists/rockyou.txt is the absolute path to the word list file for this dictionary attack
root @ kali: ~ / Desktop # cat cracked.txt
These passwords are weak and do not take much effort or time to crack. It is important to note that the simpler the password, the easier it will be to detect.
So, make your password long and complicated. Avoid using blatant personal information. Never reuse passwords.
In addition, there are some GUIs that make hashcat easy to use. Hashview is one of these projects. It is a tool for security professionals to help organize and automate repetitive password-breaking projects. It is a web application that manages Hashcat commands.
How to Crack Passwords, Part 3 (Using Hashcat), null-byte.wonderhowto.com
KALI - How to crack passwords using Hashcat - The Visual Guide, uwnthesis.wordpress.com
Hashcat Tutorial - Bruteforce Mask Attack Example for Password Cracking, Cyber Pratibha
Words and Honey Words, Computer Security