Skip to content

KALI – How to crack passwords using Hashcat – The Visual Guide

07/08/2013

Windows passwords are stored as MD5 hashes, that can be cracked using Hashcat.  There is a Windows 10 password hacking version here:

https://wordpress.com/stats/post/4497/uwnthesis.wordpress.com

Step 1 – Root terminal

mkdir hashes

cd /hashes

gedit hashes.txt

This organises a hashes directory for you, and a hashes.txt file which will contain the hashes to be cracked.

*****

Step 2 – Generate hashes for you to crack

http://www.miraclesalad.com/webtools/md5.php

Hashes.txt is the file of password hashes to be cracked – we’ll create hashes to paste into this file.

hashesfile

To generate hashes, use:

http://www.miraclesalad.com/webtools/md5.php

Enter the word “password” – and the site will return the MD5 hash, paste it into the hashes.txt

md5 generator

Next, hash a second password ie “password1”,  paste the md5 hashes into hashes.txt.

hashpwd1

Fill up your hashes.txt with five test md5 hashes.

hashesfile

This is your test hash file complete.  Now we move into attack mode.

******

Hashcat options.  Jump to step 4 – to attack.

This is background information so that you can adapt your attack for windows hashes or unix hashes etc.

hashcat –help

-m = hash type  (the hash varies by operating system)

-a = Attack Mode (we’ll use both Straight and Combination Attack)

-r = rules file (look for xyz.rule)

options

******

ATTACK CODE:

(Carries out a straight through attack against MD5 hashes using the rockyou dictionary).

hashcat -m 0 -a 0 /root/hashes/hashes.txt /root/rockyou.txt

hashcat a0

*********

Attack Modes – just for reference

-a 0  (Each number is a DIFFERENT attack mode)

0 = Straight

1 = Combination

2 = Toggle case

3 = Brute Force

attack modesI’ve found that straight or -a 0 is ridiculously fast on simple passwords.

You have been warned.

******

Hash Type – Just for reference

The operating system determines the hash used.  You need to know the hash type.

Unix = MD5 hash

Kali = SHA512 hash

Windows XP = LM Hash

Windows 7 = NTLM Hash

-m 0 (Each number is a different Hash Type)

0 = MD5 hash…. so we use -m 0

50 = HMAC-MD5….so we use -m 50

1000 = NTLM….so we use -m 1000

hashtypes

*****

Step 3 – Locate password database for the attack

To locate the Rockyou password database in KALI type:

locate *rock*

locate

To locate Hashcat Rules files

cd /usr/share/hashcat/rules

ls -l

rules

You can gedit each rule file to read it if you wish…. that’s a great way to learn more about hashcat 🙂

*****

Step 4 – the REAL ATTACK code

hashcat -m 0 -a 1 /root/hashes/hashes.txt /root/rockyou.txt

(to launch a combination attack against MD5 password hashes)

or

hashcat -m 0 -a 0 /root/hashes/hashes.txt /root/rockyou.txt

(a straight through attack is super fast on simple passwords)

*****

The attack looks like this:

hashcat output

The hashes are shown – with the plain text password given next to it.

The Rockyou database has several million passwords, but if it’s not in there, then it won’t be cracked.

The 2 major cracking dictionaries are Rockyou, and CrackStation.

Rockyou contains 14 million unique passwords.

CrackStation.  For MD5 and SHA1 hashes, there is a 190GB, 15-billion-entry lookup table, and for other hashes, they offer a 19GB 1.5-billion-entry lookup table.

Download CrackStation by Torrent:

https://crackstation.net/buy-crackstation-wordlist-password-cracking-dictionary.htm

****

Free Rainbow Tables can also be found here (lots of them)

free rainbow tables

https://www.freerainbowtables.com/en/tables2/

ntlm rainbow tables

Some hashes will fail to be cracked,  this is due to several reasons, it may not be a md5 hash, it may not be in your password list etc.

Hashes are case sensitive, so Password1 is not the same as password1.

oclHashcat-Plus uses your GPU rather than your CPU to crack passwords.  Graphics cards are MUCH faster as an attack tool, than a CPU… MANY times faster.

Cryptography

Hash Lengths

HASH SIZE
MD5 Hash Length 16 Bytes
SHA-1 Hash Length 20 Bytes
SHA-256 Hash Length 32 Bytes
SHA-512 Hash Length 64 Bytes

Hash Examples

Likely just use hash-identifier for this but here are some example hashes:

HASH EXAMPLE
MD5 Hash Example 8743b52063cd84097a65d1633f5c74f5
MD5 $PASS:$SALT Example 01dfae6e5d4d90d9892622325959afbe:7050461
MD5 $SALT:$PASS f0fda58630310a6dd91a7d8f0a4ceda2:4225637426
SHA1 Hash Example b89eaac7e61417341b710b727768294d0e6a277b
SHA1 $PASS:$SALT 2fc5a684737ce1bf7b3b239df432416e0dd07357:2014
SHA1 $SALT:$PASS cac35ec206d868b7d7cb0b55f31d9425b075082b:5363620024
SHA-256 127e6fbfe24a750e72930c220a8e138275656b
8e5d8f48a98c3c92df2caba935
SHA-256 $PASS:$SALT c73d08de890479518ed60cf670d17faa26a4a7
1f995c1dcc978165399401a6c4
SHA-256 $SALT:$PASS eb368a2dfd38b405f014118c7d9747fcc97f4
f0ee75c05963cd9da6ee65ef498:560407001617
SHA-512 82a9dda829eb7f8ffe9fbe49e45d47d2dad9
664fbb7adf72492e3c81ebd3e29134d9bc
12212bf83c6840f10e8246b9db54a4
859b7ccd0123d86e5872c1e5082f
SHA-512 $PASS:$SALT e5c3ede3e49fb86592fb03f471c35ba13e8
d89b8ab65142c9a8fdafb635fa2223c24e5
558fd9313e8995019dcbec1fb58414
6b7bb12685c7765fc8c0d51379fd
SHA-512 $SALT:$PASS 976b451818634a1e2acba682da3fd6ef
a72adf8a7a08d7939550c244b237c72c7d4236754
4e826c0c83fe5c02f97c0373b6b1
386cc794bf0d21d2df01bb9c08a
NTLM Hash Example b4b9b02e6f09a9bd760f388b67351e2b

Reference

 

Amazon.co.uk link to Kali Linux – How to crack passwords using Hashcat

 

book cover

https://www.amazon.co.uk/s/ref=nb_sb_noss_2?url=search-alias%3Daps&field-keywords=hashcat

https://highon.coffee/blog/penetration-testing-tools-cheat-sheet/

*****

Password hacking / password cracking – http://www.hashkiller.co.uk

https://uwnthesis.wordpress.com/2016/06/12/password-hacking-password-cracking-www-hashkiller-co-uk/

BRUTE FORCE HACKING – Brute force Calculator – A Visual Guide

https://uwnthesis.wordpress.com/2014/04/18/bruteforce-hacking-bruteforce-calculator-a-visual-guide/

*****

SupraFortix – Hashcat Password Cracking – Uni South Wales blog

http://suprafortix.wordpress.com/2014/06/13/hashcat-password-craking/

KALI – First things to do after installing Kali Debian Linux – The Visual Guide

https://uwnthesis.wordpress.com/2014/07/20/kali-first-things-to-do-after-installing-kali-debian-linux-the-visual-guide/

How to write a password that takes over 35 quadrillion years to crack (but is easy to remember)

https://uwnthesis.wordpress.com/2016/03/27/how-to-write-a-password-that-takes-over-35-quadrillion-years-to-crack-but-is-easy-to-remember/

Advertisements
49 Comments
  1. Reblogged this on oogenhand and commented:
    Very important.

    Like

  2. A very helpful article brilliantly illustrated.
    Good work! Cheers

    Like

  3. A very good post.

    You can find a new sorted & uniq dictionary list for hashcat && jtr. DCHTPassv1.0 is available. Check it out and Enjoy!

    Like

    • No problem with helping! I’ve been exactly where you are.. and opted for a more expensive wifi adapter – which totally failed. Hopefully I can guide you, so that you don’t waste any money.
      The key to wifi hacking is the chipset inside the wifi adapter.
      http://www.wirelesshack.org/top-kali-linux-compatible-usb-adapters-dongles-2015.html
      Here are the most common chipsets used with Kali Linux. Any USB adapter that uses these chipsets will most likely work with Kali.

      Atheros AR9271
      Ralink RT3070
      Ralink RT3572
      Realtek 8187L (Wireless G adapters)

      Alfa adapters continue to dominate Pen Testing in 2015. Here are the top Kali Linux compatible wireless USB adapters with links to Amazon and AliExpress if available.

      The AWUS036H is where I started – it’s a great adapter, but showing it’s age. It’s only a G adapter, and ideally you need an N adapter.
      g = 54 mbps at 2.4 ghz
      n = 300 mbps at 5 ghz
      Most routers these days are n type routers. So you’d want to go for an adapter that can attack them.

      Don’t buy anything related to signalking – its’ useless!

      Here’s another link that details the chipsets used.
      http://www.inkthat.us/kali-linux/best-kali-linux-compatible-usb-wireless-adapters/

      Have fun!

      Like

  4. tyler m permalink

    Hi uwnthesis! I just recieved my ALFA AWUS036NH. Very excited to get started! Having some issues early on though. The first being that I run a macbook air with cd/dvd drive so that makes it difficult to install the adapter! Do you know of anywhere that I can download the driver utility software for a mac running El Capitan? Thanks! If you also know of an excellent guide to get started with Wi-Fi hacking, please send me the link! Hope to be in touch soon! Thanks for your help.
    Cheers, Tyler

    Like

    • Hi Tyler,

      Wifi cracking is such fun.
      Try out “Fern” wifi hacking tool as one of the easiest. Use a WEP router, then a router with WPS on it – and let FERN crack the key for you. 🙂

      Like

  5. Sarah permalink

    Hii, would you be willing to crack this hash for me?

    78df07b5ecedd34aece6c84d7c13356d

    I simply have no idea how it works, but i really need my password back 😦

    I’d appreciate it a lot!

    Like

Trackbacks & Pingbacks

  1. BRUTEFORCE HACKING – Bruteforce Calculator – A Visual Guide | University of South Wales: Information Security and Privacy
  2. BRUTEFORCE HACKING Bruteforce Calculator A Visual Guide … – News4Security
  3. University of South Wales: Posts about KALI | Người Đến Từ Bình Dương
  4. How to crack passwords on Windows 7 – Hashcat | University of South Wales: Information Security and Privacy
  5. How to crack passwords using a GUI on Windows 7 – Hashcat ... - News4Security
  6. Password Cracking – What is a password hash? | University of South Wales: Information Security and Privacy
  7. How to get same crypt(3) function in Mac OS X as Linux gcc/gnu crypt(3)? Linux gcc crypt(3) has MD5 and SHA512. Apple Gcc crypt(3) *only* uses DES - BlogoSfera
  8. KALI – How to crack passwords using Hashcat – The Visual Guide | LUG Mureş
  9. Password hacking / password cracking – www.hashkiller.co.uk | University of South Wales: Information Security for Privacy
  10. Hashing Password with Bcrypt – NHR InfoSec and Software Development
  11. Yahoo reveals yet another billion-user breach – Technology Spoon
  12. Yahoo reveals yet another billion-user breach – Darby's
  13. Yahoo reveals yet another billion-user breach | Easy notes
  14. Yahoo reveals yet another billion-user breach | Daily Rant Online 
  15. Yahoo reveals yet another billion-user breach | MyFads
  16. Yahoo reveals yet another billion-user breach – TheNycPlug
  17. Yahoo reveals yet another billion-user breach | Intelligent Jamaica
  18. Yahoo reveals yet another billion-user breach - techietricks.com
  19. Yahoo reveals yet another billion-user breach | ZERO DAY TECH
  20. Yahoo reveals yet another billion-user breach | Jamaican Moments™
  21. Tech Connecto - Let's Talk Tech
  22. Yahoo reveals yet another billion-user breach – The Verge | Newsist

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: