Hashcat is a password cracker used to crack
password hashes. A hash is a one-way function that takes a word
or string of words and turns them into a fixed length of random
characters. This is a much more secure method of storing passwords rather than
storing them in plain text. It is not reversible.
Hashcat attempts to crack these
passwords by guessing a password, hashing it, and then comparing
the resulting hash to the one it’s trying to crack.
Hash
Analyzer Tunnelsup.com Hash Analyser allows you to stick a hash
into there site and will give you there best guess at what the hash is. This
was all i used for the Crack the hash challenge and was pretty much spot on
until some of the later tasks.
Hash-Identifier can be found pre-installed in Kali Linux and will tell you the
possible hashing algorithm for the hash you enter. The Nice thing about this
other then it already being installed in kali is that it gives you a few
alternatives which can help finding finding the right mode in hashcat.
HashID
This is a python based hash identifying tool which needs to be
downloaded from there GitHub Repo. The cool thing about this tool is not only does it identify the hashes but
also can give you the corresponding hashcat mode as part of the
output.
hashcat -h | grep sha256
hashcat -h | grep md5
hashcat
-h | grep salt
hashcat -h | grep sha
hashcat --help
In this lab, we will create a set of hashes and then use a dictionary to
crack these hashes. The first step is to create the hashes. Open a terminal
and use the following command to create a new txt document filled with some
hashes:
echo "dc647eb65e6711e155375218212b3964 eb61eead90e3b899c6bcbe27ac581660 958152288f2d2303ae045cffc43a02cd 2c9341ca4cf3d87b9e4eb905d6a3ec45 75b71aa6842e450f12aca00fdf54c51d 031cbcccd3ba6bd4d1556330995b8d08 b5af0b804ff7238bce48adef1e0c213f" > target-hashes.txt
These hashes comprise 7 different password which we will attempt to crack.
The next step is to choose the wordlist we will use for cracking
the hashes. We will be using the “rockyou.txt” file. Type the following
to locate the file:
locate rockyou.txt
Navigate back to the home directory by typing cd. We are now ready to begin
the attack.
We will use the following command to crack the password
hashes:
hashcat -m 0 -a 0 -o cracked.txt target-hashes.txt
/home/hackerboy/Dcouments/rockyou.txt
Let’s break down each of these options.
#
The -m 0 option tells hashcat that we are attempting to
crack MD5 hash types
# The -a 0 option tells
hashcat we are using a dictionary attack
# The
-o cracked.txt option is creating the output file for the cracked
passwords
# The target_hashes.txt is the file containing
the hashes
# The /home/hackerboy/Dcouments/rockyou.txt
is the wordlist we will use for this
dictionary attack
If you want to more cracking hashes, follow below the article on TryHackMe
Cracking Hashes.
Disclaimer
All tutorials are for informational and educational
purposes only and have been made using our own routers, servers, websites and
other vulnerable free resources. we do not contain any illegal activity. We
believe that ethical hacking, information security and cyber security should
be familiar subjects to anyone using digital information and computers.
Hacking Truth is against misuse of the information and we strongly suggest
against it. Please regard the word hacking as ethical hacking or penetration
testing every time this word is used. We do not promote, encourage, support or
excite any illegal activity or hacking.