Cracking Password Hashes with Hashcat Kali Linux Tutorial
Cracking Password Hashes: Hashcat is a powerful password recovery tool that is included in Kali Linux. Hashcat supports many different hashing algorithms such as Microsoft LM hashes, MD4, MD5, SHA, MySQL, Cisco PIX, Unix Crypt formats, and many more hashing algorithms. Hashcat is the World’s fastest and most advanced password recovery utility.
Hashcat is available for Windows, Linux, and OSX
In this tutorial, you will learn how to decrypt password hashes using Hashcat.
Hashcat is a process-intensive program it’s advised that you use a powerful CPU and GPU. You can use Hashcat even if you don’t have a GPU but it could take a while longer to crack the password hashes. You can use a single GPU or multiple GPUs in Hashcat. I have been using Kali Linux for some time now the lack of AMDPRO driver support is one of the only problems I’m having with Kali Linux I have an RX470 8GB and an RX570 8GB that I wanted to include in this tutorial. Since I can’t get my GPU working in Kali Linux I will demonstrate this tutorial using CPU only. I will make another tutorial using GPU using a Linux distro that is compatible with AMDPRO drivers.
In this tutorial, we will be using Kali Linux 2019.4
In this guide, we will be using Ryzen5 CPU to crack our passwords.
To understand how quickly your machine will be able to hash we can run Hashcat’s benchmark command to get our predicted hash rates.
hashcat --benchmark
We can list useful Hashcat options using the help command.
hashcat -h
To make this tutorial easier for you I have put together a small list of common hashes that you can use for testing purposes.
MD5 Hashes
We have created a small list of common password hashes to use in this tutorial.
482c811da5d5b4bc6d497ffa98491e38
eb61eead90e3b899c6bcbe27ac581660
b6d5b7586fba0fd61304658d4ca5877c
662af1cd1976f09a9f8cecc868ccc0a2
75b71aa6842e450f12aca00fdf54c51d
031cbcccd3ba6bd4d1556330995b8d08
b5af0b804ff7238bce48adef1e0c213f
Password123 = 482c811da5d5b4bc6d497ffa98491e38
HELLO = eb61eead90e3b899c6bcbe27ac581660
SECRETPASSWORD = b6d5b7586fba0fd61304658d4ca5877c
Test12345 = 662af1cd1976f09a9f8cecc868ccc0a2
P455w0rd = 75b71aa6842e450f12aca00fdf54c51d
GuessMe = 031cbcccd3ba6bd4d1556330995b8d08
S3CuReP455Word = b5af0b804ff7238bce48adef1e0c213f
Wordlists
Wordlists in Kali Linux are located at /usr/share/wordlists
You can download some of the best Wordlists for Hashcat from Crackstation a website that specializes in de-hashing passwords.
Crackstations Wordlists are results of a historical password hash leak from Linkedin and eHarmony.
My favorite wordlist from Crackstation is real human-small I like this wordlist because it contains a list of real human passwords that have been leaked online.
Let’s take a look at some of the Wordlists that are included in Kali Linux.
Open a terminal and enter the command below.
cd /usr/share/wordlists
This command will let us change into the wordlists directory we can now list the wordlists included in Kali Linux using the ls command.
ls
Now that you are a little more familiar with Hashcat we can start cracking our hashed passwords.
Create a new directory where you will store your hashes.txt file I will create a new directory with the name of Hashcat.
mkdir hashcat
Now change into the hashcat directory that we just created.
cd hashcat
Create hashes.txt file using nano.
nano hashes.txt
Copy these hashes line for line into nano your file should look like the screenshot below.
482c811da5d5b4bc6d497ffa98491e38
eb61eead90e3b899c6bcbe27ac581660
b6d5b7586fba0fd61304658d4ca5877c
662af1cd1976f09a9f8cecc868ccc0a2
75b71aa6842e450f12aca00fdf54c51d
031cbcccd3ba6bd4d1556330995b8d08
b5af0b804ff7238bce48adef1e0c213f
When you are finished pasting hashes into nano write changes using CTRL+O to exit use CTRL+X.
Now that we have a list of hashed passwords saved we can use Hashcat to de-hash our hashed passwords in hashes.txt.
hashcat -m 0 hashes.txt -o passwords.txt /usr/share/wordlists/fasttrack.txt
Passwords are stored inside pot files in Hashcat if de-hashed passwords are leftover in the pot file we can sometimes get the message eg. INFO: Removed 1 hash found in potfile this means that Hashcat won’t save our passwords.txt file to get past this issue we can use the tag –disable-potfile
hashcat -m 0 hashes.txt -o passwords.txt /usr/share/wordlists/fasttrack.txt --disable-potfile
• -m 0 designates the type of hash algorithm we are cracking. In this case, we are cracking MD5 Raw so we specify 0 we can find a list of hashing algorithms we are able to crack by using the command hashcat -h
• -o crackedpasswords.txt is the output file for the cracked passwords;
• hashes.txt is our input file of hashes
• /usr/share/wordlists/fasttrack.txt
is the path to the wordlist file for this dictionary attack.
Once Hashcat has done its work we can see that it was able to recover 1/7 of our password hashes lets see what hashes Hashcat has found. Let’s use the cat command to list the contents of our cracked passwords file.
We successfully de-hashed 1/7 of our hashed passwords. Sometimes it’s better to use bigger wordlists that contain a lot more passwords fasttrack.txt is small wordlist so Hashcat can work through it quickly bigger wordlists will take a lot longer for Hashcat to work through the number of password hashes that you are de-hashing. Hashcat uses your computers CPU and GPU to de-hash passwords the hash rate of your CPU and GPU plays a big factor in how much time it will take to de-hash a given password hash.
Once our GPU drivers are installed correctly we will do a tutorial will some bigger wordlists and more hashed passwords. We hope that you enjoyed this tutorial