Hashcat tutorial for beginners Compelete Guide by Blackhat Pakistan 2023
Today we wil learn about Hashcat tutorial for beginners.
Hashcat is a popular password cracker and designed to crack even the most complex password representations. To do this, it allows you to crack a specific password in several ways, combined with versatility and speed.
Password representations are primarily associated with hash keys such as MD5, SHA, WHIRLPOOL, RipeMD, NTMLv1, NTMLv2, and so on. They are also defined as a one-way function — a mathematical operation that is easy to perform but very difficult to reverse engineer.
Hashcat turns readable data into a garbled state (a fixed-length random string). Hashes do not allow someone to decrypt data with a specific key, as standard encryption protocols do. Hashcat uses precomputed dictionaries, rainbow tables, and even brute force approaches to find an efficient and effective way to crack passwords.
Also Read:Contemporary UEFI Bootkits by Blackhat Pakistan 2023
This article provides an introductory tutorial on cracking passwords using the Hashcat software package.
How to crack hashes[Hashcat tutorial for beginners]
The easiest way to crack a hash is to try to guess the password first. Each attempt is hashed and then compared to the actual hashed value to see if they are the same, but the process can take a long time.
Dictionary attacks and brute force attacks are the most common ways to guess passwords. These techniques use a file that contains words, phrases, common passwords, and other strings that are likely to be used as a viable password.
It should be noted that there is no guaranteed way to prevent dictionary or brute force attacks.
Other approaches used to crack passwords:
- Lookup Tables: Hashes are precomputed from a dictionary and then stored with the corresponding password in a lookup table structure.
- Reverse Lookup Tables: This attack allows a cyber attacker to use a dictionary or brute-force attack on many hashes simultaneously without having to calculate a lookup table beforehand.
- Rainbow tables: Rainbow tables are a time memory technique. They are similar to lookup tables, except that they sacrifice hashing speed to make the lookup tables smaller.
- Salt Hashing: In this technique, hashes are randomized by appending or prefixing a random string called a “salt”. This is applied to the password before hashing.
Cracking passwords with Hashcat
Hashcat can be downloaded here. It can be used on Kali Linux and is pre-installed on the system. It has the following properties:
- It is multi-threaded
- It is based on multi-hash and multi-OS (Linux, Windows and OSX native binaries)
- It is based on multiple algorithms (MD4, MD5, SHA1, DCC, NTLM, MySQL, etc.)
- All attack modes can be expanded with specialized rules
- Sessions can be automatically renewed or limited. On startup, they recognize the recovered hashes from the output file
- It can load a list of salts from an external file. This can be used as a brute force attack variant
- The number of threads can be configured and run based on the lowest priority
- It supports both hex-charset and hex-salt files
- More than 90 algorithms can be implemented with performance and optimization in mind
A small lab setup to crack the password is given in the next section. A dictionary attack will be simulated for the set of MD5 hashes initially created and stored in the target file. The “rockyou” wordlist found in Kali Linux was used.
How to crack a password via a dictionary attack
1. Create a dictionary with MBD5 hashes
To start this demo, we’ll create a few hash entries containing a few passwords.
The details will then be sent to a file called “target_hashes”. Each command should be executed in the terminal as shown below:
echo -n “Password” | md5sum | tr -d ” -” >> target_hashes.txt
echo -n “HELLO” | md5sum | tr -d ” -” >> target_hashes.txt
echo -n “MYSECRET” | md5sum | tr -d ” -” >> target_hashes.txt
echo -n “Test1234” | md5sum | tr -d ” -” >> target_hashes.txt
echo -n “P455w0rd” | md5sum | tr -d ” -” >> target_hashes.txt
echo -n “Guess” | md5sum | tr -d ” -” >> target_hashes.txt
echo -n “S3CuReP455Word” | md5sum | tr -d ” -” >> target_hashes.txt
The -n option removes the newline added to the end of “Password”. This is important because we don’t want newline characters to be hashed with our password. The “tr –d ‘ -‘ ” part removes all characters that are spaces or dashes from the output.
2. Check password hashes
To do this, we need to enter the following command line in the terminal:
cat target_hashes.txt
This is also shown in the table below:
[email protected]:~/Desktop# cat target_hashes.txt
dc647eb65e6711e155375218212b3964
eb61eead90e3b899c6bcbe27ac581660
958152288f2d2303ae045cffc43a02cd
2c9341ca4cf3d87b9e4eb905d6a3ec45
75b71aa6842e450f12aca00fdf54c51d
031cbcccd3ba6bd4d1556330995b8d08
b5af0b804ff7238bce48adef1e0c213f
3. Start Hashcat in Kali Linux
Hashcat can be started on the Kali console with the following command line: hashcat -h.
This is illustrated in the screenshot below:
Some of the most important hashcat options are -m (hash type) and -a (attack mode). In general, when using Hashcat, we have to use both options in most attempts to crack a password.
Hashcat also has specifically designed rules for use in a wordlist file. The character list can be modified to crack the password(s).
Finally, Hashcat provides a number of options for hashing passwords that can be cracked. This can be seen in the screenshot below:
4. Choose the wordlist
Kali Linux has numerous wordlists built right into it. To find them, use the following command line: locate wordlists
This is illustrated in the screenshot below:
The “rockyou” wordlist is now used, as illustrated below:
| [email protected]:~/Desktop# locate rockyou.txt /usr/share/wordlists/rockyou.txt |
5. Cracking the hashes
In the final step, we can now start cracking the hashes contained in the target_hashes.txt file. We will use the following command line, as illustrated below:
| [email protected]:~/Desktop# hashcat -m 0 -a 0 -o cracked.txt target_hashes.txt /usr/share/wordlists/rockyou.txt |
- -m 0 designates the type of hash we are cracking (MD5)
- -a 0 designates a dictionary attack
- -o cracked.txt is the output file for the cracked passwords
- target_hashes.txt is our input file of hashes
- /usr/share/wordlists/rockyou.txt is the absolute path to the wordlist file for this dictionary attack
6. Results
Finally, we have cracked five out of seven target hashes that were initially proposed. These can be seen below:
| [email protected]:~/Desktop# cat cracked.txtdc647eb65e6711e155375218212b3964:Password eb61eead90e3b899c6bcbe27ac581660:HELLO 75b71aa6842e450f12aca00fdf54c51d:P455w0rd 2c9341ca4cf3d87b9e4eb905d6a3ec45:Test1234 958152288f2d2303ae045cffc43a02cd:MYSECRET |
These passwords are weak, and it does not take much effort or time to crack them. It is important to note that the simpler the password is, the easier it will be to detect.
Therefore, make your password long and complex. Avoid using obvious personal information; never reuse passwords and change them regularly.
Additionally, there are several GUIs that make hashcat easy to use. Hashview is one of the projects. It is a tool for security professionals that helps organize and automate repetitive password cracking tasks. In detail, it is a web application that manages hashcat commands.
Sources
How to Crack Passwords, Part 3 (Using Hashcat), null-byte.wonderhowto.com
KALI – How to crack passwords using Hashcat – The Visual Guide, uwnthesis.wordpress.com
How to Crack MD5 Hashes Using hashcat, 4ARMED
Hashcat Tutorial – Bruteforce Mask Attack Example for Password Cracking, Cyber Pratibha
Palavras-passe e Honey Words, Segurança Informática
