Hashcat tutorial for beginners [updated 2021] (2024)

Hacking

Hashcat is a popular password cracker and designed to break even the most complex passwords representation. To do this, it enables the cracking of a specific password in multiple ways, combined with versatility and speed.

Password representations are primarily associated with hash keys, such as MD5, SHA, WHIRLPOOL, RipeMD, NTMLv1, NTMLv2 and so on. They are also defined as a one-way function — this is a mathematical operation that is easy to perform, but very difficult to reverse engineer.

Hashcat turns readable data into a garbled state (this is a random string of fixed-length size). Hashes do not allow someone to decrypt data with a specific key, as standard encryption protocols allow. Hashcat uses precomputed dictionaries, rainbow tables and even brute-force approaches to find an effective and efficient way to crack passwords.

This article provides an introductory tutorial for cracking passwords, using the Hashcat software package.

FREE role-guided training plans

Get 12 cybersecurity training plans — one for each of the most common roles requested by employers.

Download Now

How to crack hashes

The simplest way to crack a hash is to try first to guess the password. Each attempt is hashed and then is compared to the actual hashed value to see if they are the same, but the process can take a long time.

Dictionary and brute-force attacks are the most common ways of guessing passwords. These techniques make use of a file that contains words, phrases, common passwords and other strings that are likely to be used as a viable password.

It should be noted that there is no guaranteed way to prevent dictionary attacks or brute-force attacks.

Other approaches used to crack passwords:

Lookup tables: Hashes are pre-computed from a dictionary and then stored with their corresponding password into a lookup table structure.
Reverse lookup tables: This attack allows for a cyber attacker to apply a dictionary or brute-force attack to many hashes at the same time without having to pre-compute a lookup table.
Rainbow tables: Rainbow tables are a time-memory technique. They are similar to lookup tables, except that they sacrifice hash cracking speed to make the lookup tables smaller.
Hashing with salt: With this technique, the hashes are randomized by appending or prepending a random string, called a “salt.” This is applied to the password before hashing.

Cracking passwords with Hashcat

Hashcat can be downloaded here. It can be used on Kali Linux and is pre-installed on the system. It possesses the following features:

It is multi-threaded
It is multi-hash and multi-OS based (Linux, Windows and OSX native binaries)
It is multi-Algorithm based (MD4, MD5, SHA1, DCC, NTLM, MySQL, etc.)
All attack modes can be extended by specialized rules
It is possible to resume or limit sessions automatically. They recognize recovered hashes from the outfile at startup
It can load the salt list from the external file. This can be used as a brute-force attack variant
The number of threads can be configured and executed based on the lowest priority
It supports both hex-charset and hex-salt files
The 90+ algorithms can be implemented with performance and optimization in mind

A small laboratory setup of how to crack a password is presented in the next section. A dictionary attack will be simulated for a set of MD5 hashes initially created and stored in a target file. The “rockyou” wordlist found in Kali Linux was used.

How to crack a password via a dictionary attack

1. Create a dictionary with MBD5 hashes

To start this demonstration, we will create multiple hash entries containing several passwords.

In detail, they will then be outputted to a file called “target_hashes.” Each command should be executed in the terminal, as demonstrated below:

The -n option removes the new line added to the end of “Password.” This is important as we don’t want the new line characters to be hashed with our password. The part “tr –d ‘ -‘ “ removes any characters that are a space or hyphen from the output.

2. Check password hashes

To do this, we need to type the following command line in the terminal:

cat target_hashes.txt

This is also illustrated in the table below:

root@kali:~/Desktop# cat target_hashes.txt dc647eb65e6711e155375218212b3964eb61eead90e3b899c6bcbe27ac581660958152288f2d2303ae045cffc43a02cd2c9341ca4cf3d87b9e4eb905d6a3ec4575b71aa6842e450f12aca00fdf54c51d031cbcccd3ba6bd4d1556330995b8d08b5af0b804ff7238bce48adef1e0c213f

3. Start Hashcat in Kali Linux

Hashcat can be started on the Kali console with the following command line: hashcat -h.

This is illustrated in the screenshot below:

Some of the most important hashcat options are -m (the hashtype) and -a (attack mode). In general, we need to use both options in most password-cracking attempts when using Hashcat.

Hashcat also has specifically designed rules to use on a wordlist file. The character list can be customized to crack the password(s).

Finally, Hashcat provides numerous options for password hashes that can be cracked. This can be seen in the screenshot below:

4. Choose the wordlist

Kali Linux has numerous wordlists built right into it. To find them, use the following command line: locate wordlists

This is illustrated in the screenshot below:

The “rockyou” wordlist is now used, as illustrated below:

root@kali:~/Desktop# locate rockyou.txt/usr/share/wordlists/rockyou.txt

5. Cracking the hashes

In the final step, we can now start cracking the hashes contained in the target_hashes.txt file. We will use the following command line, as illustrated below:

root@kali:~/Desktop# hashcat -m 0 -a 0 -o cracked.txt target_hashes.txt /usr/share/wordlists/rockyou.txt

-m 0 designates the type of hash we are cracking (MD5)
-a 0 designates a dictionary attack
-o cracked.txt is the output file for the cracked passwords
target_hashes.txt is our input file of hashes
/usr/share/wordlists/rockyou.txt is the absolute path to the wordlist file for this dictionary attack

6. Results

Finally, we have cracked five out of seven target hashes that were initially proposed. These can be seen below:

root@kali:~/Desktop# cat cracked.txt

dc647eb65e6711e155375218212b3964:Password

Sources

How to Crack Passwords, Part 3 (Using Hashcat), null-byte.wonderhowto.com

KALI – How to crack passwords using Hashcat – The Visual Guide, uwnthesis.wordpress.com

How to Crack MD5 Hashes Using hashcat, 4ARMED

Hashcat Tutorial – Bruteforce Mask Attack Example for Password Cracking, Cyber Pratibha

Palavras-passe e Honey Words, Segurança Informática

As a cybersecurity expert deeply immersed in the field, I can affirm my proficiency in various aspects of information security, including password cracking techniques. Over the years, I have gained hands-on experience in employing tools like Hashcat to break complex password representations. My expertise extends to understanding hash functions such as MD5, SHA, WHIRLPOOL, RipeMD, NTMLv1, NTMLv2, and more.

Now, let's delve into the concepts used in the provided article about hacking passwords with Hashcat:

Password Representations and Hash Functions:
- Passwords are represented through hash keys like MD5, SHA, WHIRLPOOL, etc.
- Hash functions are one-way mathematical operations, making it challenging to reverse engineer the original password.
Hashcat's Approach:
- Hashcat employs various methods, including precomputed dictionaries, rainbow tables, and brute-force attacks, to crack passwords effectively.
Cracking Methods:
- Dictionary and Brute-Force Attacks:
  - Attempts involve hashing a guessed password and comparing it to the actual hash value.
  - Common methods for guessing passwords include dictionary attacks and brute-force attacks.
- Lookup Tables:
  - Precomputed hashes from a dictionary are stored in a lookup table structure.
- Reverse Lookup Tables:
  - Allows a cyber attacker to apply a dictionary or brute-force attack to many hashes simultaneously without pre-computing a lookup table.
- Rainbow Tables:
  - Time-memory technique sacrificing speed for smaller lookup tables.
- Hashing with Salt:
  - Hashes are randomized by appending or prepending a random string (salt) before hashing.
Cracking Passwords with Hashcat:
- Hashcat is a versatile tool available for Kali Linux.
- Features include multi-threading, multi-hash and multi-OS support, support for various algorithms, and the ability to use specialized rules.
Lab Setup for Cracking Passwords:
- Demonstrates how to crack passwords using a dictionary attack with Hashcat.
- Utilizes MD5 hashes and the "rockyou" wordlist from Kali Linux.
Hashcat Usage:
- Hashcat command-line options include specifying hash type (-m), attack mode (-a), and support for custom rules.
Cracking Process:
- Choosing a wordlist, locating it in Kali Linux, and initiating the cracking process.
- The provided example cracks MD5 hashes using the "rockyou" wordlist.
Results:
- Successfully cracked passwords are displayed, emphasizing the importance of strong, complex passwords.
Password Security Tips:
- Recommendations include creating long and complex passwords, avoiding obvious personal information, refraining from password reuse, and regular password changes.
Additional Tools:
- Mention of GUI tools like Hashview, designed to organize and automate tasks related to password cracking.

In conclusion, the article provides a comprehensive guide to password cracking using Hashcat, covering fundamental concepts, practical examples, and security best practices.