Starting a thread here. Sure, some people know this stuff, but maybe I'll reach one person who doesn't and is interested.
Want to try password cracking? Cool. Either install hashcat or a VM that has it, like Kali Linux.
Get yourself some hashes, the site has some. Figure out what kind they are, like md5, ntlm or and find the correct "m code" here:… Personally, I like to work on NTLM hashes, which use the code 1000.
Next up, find yourself a wordlist. If you are using Kali, you can find rockyou.txt in /usr/share/wordlists. You might just need to unzip it first.
Ok, now you should be able to get cracking! Try something like this:
hashcat -m<remember earlier?> <your hashfile> -a0 /usr/share/wordlists/rockyou.txt
But you might get an error in Kali, and you can try to bypass that by appending the --force flag onto it.
If it worked, great! You can also step it up a little bit by adding rules. Rules will take lines from your wordlist and munge them up. Change upper to lower, add a digit, etc. Makes your wordlist more powerful. Hashcat comes with rules.
If you find your hashcat directory, you'll see a rules directory. You can add those with the -r flag like this:
hashcat -m1000 hashfile -a0 -r rules/best64.rule /usr/share/wordlists/rockyou.txt
One last thing, what's that -a0? That's the attack type. Hashcat can do a few and 0 means a straight attack using a wordlist and rules.

Happy to answer questions too. Good luck!
Ok, you cracked some hashes. Where are the passwords now? Hash at puts them in a file called a potfile. You can find it as hashcat.potfile. But that file includes every hash that you've ever cracked. What if you only want ones in the current hashfile?
You can have hashcat tell you with this command:
hashcat -m<hashtype code> <hashfile> --show
If you want the usernames with it, just use the same command and add --username
Some others have noted that it's better to run hashcat installed and not in a VM. Yes, it is better, but if you have never cracked passwords before and want to try it out, a VM is a way to make that happen. Building/installing hc is a thread for another day.
So what is that "potfile" for? Well, it stores the hash and cleartext value of every hash that hashcat has cracked. It lets you find the cracked ones after each job, but it also helps with efficiency. When starting hashcat, you might see this:
"INFO: Removed 345 hashes found in potfile." or some different number. Hashcat is telling you that it already cracked those! Hooray for password re-use! It makes no sense for HC to re-crack a hash, so it doesn't even bother trying those again.
And the potfile is just a text file, so you can definitely open it up and read it, or add other "knowns" to it.
Much of the stuff in this thread is also applicable to John the Ripper (another password cracker), but I reference hashcat because that's what I use.

• • •

Missing some Tweet in this thread? You can try to force a refresh

Keep Current with Patrick Laverty

Patrick Laverty Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!


Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!