How to crack passwords using Hashcat – The Visual Guide
Windows passwords are stored as MD5 hashes, that can be cracked using Hashcat.
Step 1 – Root terminal
mkdir hashes
cd /hashes
gedit hashes.txt
This organises a hashes directory for you, and a hashes.txt file which will contain the hashes to be cracked.
Step 2 – Generate hashes for you to crack
Hashes.txt is the file of password hashes to be cracked – we’ll create hashes to paste into this file.
To generate hashes, use:
Enter the word “password” – and the site will return the MD5 hash, paste it into the hashes.txt
Next, hash a second password ie “password1”, paste the md5 hashes into hashes.txt.
Fill up your hashes.txt with five test md5 hashes.
This is your test hash file complete. Now we move into attack mode.
Hashcat options. Jump to step 4 – to attack.
This is background information so that you can adapt your attack for windows hashes or unix hashes etc.
hashcat –help
-m = hash type (the hash varies by operating system)
-a = Attack Mode (we’ll use both Straight and Combination Attack)
-r = rules file (look for xyz.rule)
ATTACK CODE:
(Carries out a straight through attack against MD5 hashes using the rockyou dictionary).
hashcat -m 0 -a 0 /root/hashes/hashes.txt /root/rockyou.txt
Attack Modes – just for reference
-a 0 (Each number is a DIFFERENT attack mode)
0 = Straight
1 = Combination
2 = Toggle case
3 = Brute Force
I’ve found that straight or -a 0 is ridiculously fast on simple passwords.
You have been warned.
Hash Type – Just for reference
The operating system determines the hash used. You need to know the hash type.
Unix = MD5 hash
Kali = SHA512 hash
Windows 7 = HMAC-MD5
-m 0 (Each number is a different Hash Type)
0 = MD5 hash…. so we use -m 0
50 = HMAC-MD5….so we use -m 50
Step 3 – Locate password database for the attack
To locate the Rockyou password database in KALI type:
locate *rock*
To locate Hashcat Rules files
cd /usr/share/hashcat/rules
ls -l
You can gedit each rule file to read it if you wish…. that’s a great way to learn more about hashcat
Step 4 – the REAL ATTACK code
hashcat -m 0 -a 1 /root/hashes/hashes.txt /root/rockyou.txt
(to launch a combination attack against MD5 password hashes)
or
hashcat -m 0 -a 0 /root/hashes/hashes.txt /root/rockyou.txt
(a straight through attack is super fast on simple passwords)
The attack looks like this:
The hashes are shown – with the plain text password given next to it.
The Rockyou database has several million passwords, but if it’s not in there, then it won’t be cracked.
The 2 major cracking dictionaries are Rockyou, and CrackStation.
Rockyou contains 14 million unique passwords.
CrackStation. For MD5 and SHA1 hashes, there is a 190GB, 15-billion-entry lookup table, and for other hashes, they offer a 19GB 1.5-billion-entry lookup table.
Download CrackStation by Torrent:
https://crackstation.net/buy-crackstation-wordlist-password-cracking-dictionary.htm
Some hashes will fail to be cracked, this is due to several reasons, it may not be a md5 hash, it may not be in your password list etc.
Hashes are case sensitive, so Password1 is not the same as password1.
oclHashcat-Plus uses your GPU rather than your CPU to crack passwords. Graphics cards are MUCH faster as an attack tool, than a CPU… MANY times faster.
BRUTE FORCE HACKING – Brute force Calculator – A Visual Guide
SupraFortix – Hashcat Password Cracking – Uni South Wales blog
