Skip to content

KALI – How to crack passwords using Hashcat – The Visual Guide


Windows passwords are stored as MD5 hashes, that can be cracked using Hashcat.

Step 1 – Root terminal

mkdir hashes

cd /hashes

gedit hashes.txt

This organises a hashes directory for you, and a hashes.txt file which will contain the hashes to be cracked.


Step 2 – Generate hashes for you to crack

Hashes.txt is the file of password hashes to be cracked – we’ll create hashes to paste into this file.


To generate hashes, use:

Enter the word “password” – and the site will return the MD5 hash, paste it into the hashes.txt

md5 generator

Next, hash a second password ie “password1”,  paste the md5 hashes into hashes.txt.


Fill up your hashes.txt with five test md5 hashes.


This is your test hash file complete.  Now we move into attack mode.


Hashcat options.  Jump to step 4 – to attack.

This is background information so that you can adapt your attack for windows hashes or unix hashes etc.

hashcat –help

-m = hash type  (the hash varies by operating system)

-a = Attack Mode (we’ll use both Straight and Combination Attack)

-r = rules file (look for xyz.rule)




(Carries out a straight through attack against MD5 hashes using the rockyou dictionary).

hashcat -m 0 -a 0 /root/hashes/hashes.txt /root/rockyou.txt

hashcat a0


Attack Modes – just for reference

-a 0  (Each number is a DIFFERENT attack mode)

0 = Straight

1 = Combination

2 = Toggle case

3 = Brute Force

attack modesI’ve found that straight or -a 0 is ridiculously fast on simple passwords.

You have been warned.


Hash Type – Just for reference

The operating system determines the hash used.  You need to know the hash type.

Unix = MD5 hash

Kali = SHA512 hash

Windows XP = LM Hash

Windows 7 = NTLM Hash

-m 0 (Each number is a different Hash Type)

0 = MD5 hash…. so we use -m 0

50 = HMAC-MD5….so we use -m 50

1000 = NTLM….so we use -m 1000



Step 3 – Locate password database for the attack

To locate the Rockyou password database in KALI type:

locate *rock*


To locate Hashcat Rules files

cd /usr/share/hashcat/rules

ls -l


You can gedit each rule file to read it if you wish…. that’s a great way to learn more about hashcat🙂


Step 4 – the REAL ATTACK code

hashcat -m 0 -a 1 /root/hashes/hashes.txt /root/rockyou.txt

(to launch a combination attack against MD5 password hashes)


hashcat -m 0 -a 0 /root/hashes/hashes.txt /root/rockyou.txt

(a straight through attack is super fast on simple passwords)


The attack looks like this:

hashcat output

The hashes are shown – with the plain text password given next to it.

The Rockyou database has several million passwords, but if it’s not in there, then it won’t be cracked.

The 2 major cracking dictionaries are Rockyou, and CrackStation.

Rockyou contains 14 million unique passwords.

CrackStation.  For MD5 and SHA1 hashes, there is a 190GB, 15-billion-entry lookup table, and for other hashes, they offer a 19GB 1.5-billion-entry lookup table.

Download CrackStation by Torrent:


Free Rainbow Tables can also be found here (lots of them)

free rainbow tables

ntlm rainbow tables

Some hashes will fail to be cracked,  this is due to several reasons, it may not be a md5 hash, it may not be in your password list etc.

Hashes are case sensitive, so Password1 is not the same as password1.

oclHashcat-Plus uses your GPU rather than your CPU to crack passwords.  Graphics cards are MUCH faster as an attack tool, than a CPU… MANY times faster.




Hash Lengths

MD5 Hash Length 16 Bytes
SHA-1 Hash Length 20 Bytes
SHA-256 Hash Length 32 Bytes
SHA-512 Hash Length 64 Bytes

Hash Examples

Likely just use hash-identifier for this but here are some example hashes:

MD5 Hash Example 8743b52063cd84097a65d1633f5c74f5
MD5 $PASS:$SALT Example 01dfae6e5d4d90d9892622325959afbe:7050461
MD5 $SALT:$PASS f0fda58630310a6dd91a7d8f0a4ceda2:4225637426
SHA1 Hash Example b89eaac7e61417341b710b727768294d0e6a277b
SHA1 $PASS:$SALT 2fc5a684737ce1bf7b3b239df432416e0dd07357:2014
SHA1 $SALT:$PASS cac35ec206d868b7d7cb0b55f31d9425b075082b:5363620024
SHA-256 127e6fbfe24a750e72930c220a8e138275656b
SHA-256 $PASS:$SALT c73d08de890479518ed60cf670d17faa26a4a7
SHA-256 $SALT:$PASS eb368a2dfd38b405f014118c7d9747fcc97f4
SHA-512 82a9dda829eb7f8ffe9fbe49e45d47d2dad9
SHA-512 $PASS:$SALT e5c3ede3e49fb86592fb03f471c35ba13e8
SHA-512 $SALT:$PASS 976b451818634a1e2acba682da3fd6ef
NTLM Hash Example b4b9b02e6f09a9bd760f388b67351e2b



Password hacking / password cracking –

BRUTE FORCE HACKING – Brute force Calculator – A Visual Guide


SupraFortix – Hashcat Password Cracking – Uni South Wales blog

KALI – First things to do after installing Kali Debian Linux – The Visual Guide

How to write a password that takes over 35 quadrillion years to crack (but is easy to remember)

  1. Reblogged this on oogenhand and commented:
    Very important.


  2. A very helpful article brilliantly illustrated.
    Good work! Cheers


  3. A very good post.

    You can find a new sorted & uniq dictionary list for hashcat && jtr. DCHTPassv1.0 is available. Check it out and Enjoy!


    • No problem with helping! I’ve been exactly where you are.. and opted for a more expensive wifi adapter – which totally failed. Hopefully I can guide you, so that you don’t waste any money.
      The key to wifi hacking is the chipset inside the wifi adapter.
      Here are the most common chipsets used with Kali Linux. Any USB adapter that uses these chipsets will most likely work with Kali.

      Atheros AR9271
      Ralink RT3070
      Ralink RT3572
      Realtek 8187L (Wireless G adapters)

      Alfa adapters continue to dominate Pen Testing in 2015. Here are the top Kali Linux compatible wireless USB adapters with links to Amazon and AliExpress if available.

      The AWUS036H is where I started – it’s a great adapter, but showing it’s age. It’s only a G adapter, and ideally you need an N adapter.
      g = 54 mbps at 2.4 ghz
      n = 300 mbps at 5 ghz
      Most routers these days are n type routers. So you’d want to go for an adapter that can attack them.

      Don’t buy anything related to signalking – its’ useless!

      Here’s another link that details the chipsets used.

      Have fun!


  4. tyler m permalink

    Hi uwnthesis! I just recieved my ALFA AWUS036NH. Very excited to get started! Having some issues early on though. The first being that I run a macbook air with cd/dvd drive so that makes it difficult to install the adapter! Do you know of anywhere that I can download the driver utility software for a mac running El Capitan? Thanks! If you also know of an excellent guide to get started with Wi-Fi hacking, please send me the link! Hope to be in touch soon! Thanks for your help.
    Cheers, Tyler


    • Hi Tyler,

      Wifi cracking is such fun.
      Try out “Fern” wifi hacking tool as one of the easiest. Use a WEP router, then a router with WPS on it – and let FERN crack the key for you.🙂


  5. Sarah permalink

    Hii, would you be willing to crack this hash for me?


    I simply have no idea how it works, but i really need my password back😦

    I’d appreciate it a lot!


Trackbacks & Pingbacks

  1. BRUTEFORCE HACKING – Bruteforce Calculator – A Visual Guide | University of South Wales: Information Security and Privacy
  2. BRUTEFORCE HACKING Bruteforce Calculator A Visual Guide … – News4Security
  3. University of South Wales: Posts about KALI | Người Đến Từ Bình Dương
  4. How to crack passwords on Windows 7 – Hashcat | University of South Wales: Information Security and Privacy
  5. How to crack passwords using a GUI on Windows 7 – Hashcat ... - News4Security
  6. Password Cracking – What is a password hash? | University of South Wales: Information Security and Privacy
  7. How to get same crypt(3) function in Mac OS X as Linux gcc/gnu crypt(3)? Linux gcc crypt(3) has MD5 and SHA512. Apple Gcc crypt(3) *only* uses DES - BlogoSfera
  8. KALI – How to crack passwords using Hashcat – The Visual Guide | LUG Mureş
  9. Password hacking / password cracking – | University of South Wales: Information Security for Privacy
  10. Hashing Password with Bcrypt – NHR InfoSec and Software Development

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: