Hashcat tutorial for beginners [updated 2021]
Hashcat is a popular password cracker and designed to break even the most complex passwords representation. To do this, it enables the cracking of a specific password in multiple ways, combined with versatility and speed.
Password representations are primarily associated with hash keys, such as MD5, SHA, WHIRLPOOL, RipeMD, NTMLv1, NTMLv2 and so on. They are also defined as a one-way function — this is a mathematical operation that is easy to perform, but very difficult to reverse engineer.
Hashcat turns readable data into a garbled state (this is a random string of fixed-length size). Hashes do not allow someone to decrypt data with a specific key, as standard encryption protocols allow. Hashcat uses precomputed dictionaries, rainbow tables and even brute-force approaches to find an effective and efficient way to crack passwords.
This article provides an introductory tutorial for cracking passwords, using the Hashcat software package.
Earn two pentesting certifications at once!
Enroll in one boot camp to earn both your Certified Ethical Hacker (CEH) and CompTIA PenTest+ certifications — backed with an Exam Pass Guarantee.
How to crack hashes
The simplest way to crack a hash is to try first to guess the password. Each attempt is hashed and then is compared to the actual hashed value to see if they are the same, but the process can take a long time.
Dictionary and brute-force attacks are the most common ways of guessing passwords. These techniques make use of a file that contains words, phrases, common passwords and other strings that are likely to be used as a viable password.
It should be noted that there is no guaranteed way to prevent dictionary attacks or brute-force attacks.
Other approaches used to crack passwords:
- Lookup tables: Hashes are pre-computed from a dictionary and then stored with their corresponding password into a lookup table structure.
- Reverse lookup tables: This attack allows for a cyber attacker to apply a dictionary or brute-force attack to many hashes at the same time without having to pre-compute a lookup table.
- Rainbow tables: Rainbow tables are a time-memory technique. They are similar to lookup tables, except that they sacrifice hash cracking speed to make the lookup tables smaller.
- Hashing with salt: With this technique, the hashes are randomized by appending or prepending a random string, called a “salt.” This is applied to the password before hashing.
Cracking passwords with Hashcat
Hashcat can be downloaded here. It can be used on Kali Linux and is pre-installed on the system. It possesses the following features:
- It is multi-threaded
- It is multi-hash and multi-OS based (Linux, Windows and OSX native binaries)
- It is multi-Algorithm based (MD4, MD5, SHA1, DCC, NTLM, MySQL, etc.)
- All attack modes can be extended by specialized rules
- It is possible to resume or limit sessions automatically. They recognize recovered hashes from the outfile at startup
- It can load the salt list from the external file. This can be used as a brute-force attack variant
- The number of threads can be configured and executed based on the lowest priority
- It supports both hex-charset and hex-salt files
- The 90+ algorithms can be implemented with performance and optimization in mind
A small laboratory setup of how to crack a password is presented in the next section. A dictionary attack will be simulated for a set of MD5 hashes initially created and stored in a target file. The “rockyou” wordlist found in Kali Linux was used.
How to crack a password via a dictionary attack
1. Create a dictionary with MBD5 hashes
To start this demonstration, we will create multiple hash entries containing several passwords.
In detail, they will then be outputted to a file called “target_hashes.” Each command should be executed in the terminal, as demonstrated below:
The -n option removes the new line added to the end of “Password.” This is important as we don’t want the new line characters to be hashed with our password. The part “tr –d ‘ -‘ “ removes any characters that are a space or hyphen from the output.
2. Check password hashes
To do this, we need to type the following command line in the terminal:
This is also illustrated in the table below:
3. Start Hashcat in Kali Linux
Hashcat can be started on the Kali console with the following command line: hashcat -h.
This is illustrated in the screenshot below:
Some of the most important hashcat options are -m (the hashtype) and -a (attack mode). In general, we need to use both options in most password-cracking attempts when using Hashcat.
Hashcat also has specifically designed rules to use on a wordlist file. The character list can be customized to crack the password(s).
Finally, Hashcat provides numerous options for password hashes that can be cracked. This can be seen in the screenshot below:
4. Choose the wordlist
Kali Linux has numerous wordlists built right into it. To find them, use the following command line: locate wordlists
This is illustrated in the screenshot below:
The “rockyou” wordlist is now used, as illustrated below:
5. Cracking the hashes
In the final step, we can now start cracking the hashes contained in the target_hashes.txt file. We will use the following command line, as illustrated below:
- -m 0 designates the type of hash we are cracking (MD5)
- -a 0 designates a dictionary attack
- -o cracked.txt is the output file for the cracked passwords
- target_hashes.txt is our input file of hashes
- /usr/share/wordlists/rockyou.txt is the absolute path to the wordlist file for this dictionary attack
6. Results
Finally, we have cracked five out of seven target hashes that were initially proposed. These can be seen below:
dc647eb65e6711e155375218212b3964:Password
eb61eead90e3b899c6bcbe27ac581660:HELLO
75b71aa6842e450f12aca00fdf54c51d:P455w0rd
2c9341ca4cf3d87b9e4eb905d6a3ec45:Test1234
958152288f2d2303ae045cffc43a02cd:MYSECRETThese passwords are weak, and it does not take much effort or time to crack them. It is important to note that the simpler the password is, the easier it will be to detect.
Become a Certified Ethical Hacker, guaranteed!
Get training from anywhere to earn your Certified Ethical Hacker (CEH) Certification — backed with an Exam Pass Guarantee.
Thus, make your password into a long and complex one. Avoid using obvious personal information; never reuse passwords, and change them regularly.
Additionally, there are some GUI that makes hashcat easy to use. Hashview is one of the projects. This is a tool for security professionals to help organize and automate the repetitious tasks related to password cracking. In detail, it is a web application that manages Hashcat commands.
Sources
How to Crack Passwords, Part 3 (Using Hashcat), null-byte.wonderhowto.com
KALI – How to crack passwords using Hashcat – The Visual Guide, uwnthesis.wordpress.com
How to Crack MD5 Hashes Using hashcat, 4ARMED
Hashcat Tutorial – Bruteforce Mask Attack Example for Password Cracking, Cyber Pratibha
Palavras-passe e Honey Words, Segurança Informática
Enroll in an Ethical Hacking Boot Camp and earn two of the industry’s most respected certifications — guaranteed.
- CEH exam voucher
- PenTest+ exam voucher
- Exam Pass Guarantee
- Live online hacking training
In this Series
- Hashcat tutorial for beginners [updated 2021]
- The rise of ethical hacking: Protecting businesses in 2024
- How to crack a password: Demo and video walkthrough
- Inside Equifax's massive breach: Demo of the exploit
- Wi-Fi password hack: WPA and WPA2 examples and video walkthrough
- How to hack mobile communications via Unisoc baseband vulnerability
- How to build a hook syscall detector
- Top tools for password-spraying attacks in active directory networks
- NPK: Free tool to crack password hashes with AWS
- Tutorial: How to exfiltrate or execute files in compromised machines with DNS
- Top 19 tools for hardware hacking with Kali Linux
- 20 popular wireless hacking tools [updated 2021]
- 13 popular wireless hacking tools [updated 2021]
- Man-in-the-middle attack: Real-life example and video walkthrough [Updated 2021]
- Decrypting SSL/TLS traffic with Wireshark [updated 2021]
- Dumping a complete database using SQL injection [updated 2021]
- Hacking clients with WPAD (web proxy auto-discovery) protocol [updated 2021]
- Hacking communities in the deep web [updated 2021]
- How to hack Android devices using the StageFright vulnerability [updated 2021]
- How to hack a phone charger
- What is a side-channel attack?
- Copy-paste compromises
- Hacking Microsoft teams vulnerabilities: A step-by-step guide
- PDF file format: Basic structure [updated 2020]
- 10 most popular password cracking tools [updated 2020]
- Popular tools for brute-force attacks [updated for 2020]
- Top 7 cybersecurity books for ethical hackers in 2020
- How quickly can hackers find exposed data online? Faster than you think …
- Hacking the Tor network: Follow up [updated 2020]
- Podcast/webinar recap: What's new in ethical hacking?
- Ethical hacking: TCP/IP for hackers
- Ethical hacking: SNMP recon
- How hackers check to see if your website is hackable
- Ethical hacking: Stealthy network recon techniques
- Getting started in Red Teaming
- Ethical hacking: IoT hacking tools
- Ethical hacking: BYOD vulnerabilities
- Ethical hacking: Wireless hacking with Kismet
- Ethical hacking: How to hack a web server
- Ethical hacking: Top 6 techniques for attacking two-factor authentication
- Ethical hacking: Port interrogation tools and techniques
- Ethical hacking: Top 10 browser extensions for hacking
- Ethical hacking: Social engineering basics
- Ethical hacking: Breaking windows passwords
- Ethical hacking: Basic malware analysis tools
- Ethical hacking: How to crack long passwords
- Ethical hacking: Passive information gathering with Maltego
- Ethical hacking: Log tampering 101
- Ethical hacking: What is vulnerability identification?
- Ethical hacking: Breaking cryptography (for hackers)
- Ethical hacking: Attacking routers
Get certified and advance your career
- Exam Pass Guarantee
- Live instruction
- CompTIA, ISACA, (ISC)², Cisco, Microsoft and more!
