Starting a thread here. Sure, some people know this stuff, but maybe I'll reach one person who doesn't and is interested.
Want to try password cracking? Cool. Either install hashcat or a VM that has it, like Kali Linux.
Want to try password cracking? Cool. Either install hashcat or a VM that has it, like Kali Linux.
Get yourself some hashes, the haveibeenpwned.com site has some. Figure out what kind they are, like md5, ntlm or and find the correct "m code" here: hashcat.net/wiki/doku.php?… Personally, I like to work on NTLM hashes, which use the code 1000.
Next up, find yourself a wordlist. If you are using Kali, you can find rockyou.txt in /usr/share/wordlists. You might just need to unzip it first.
Ok, now you should be able to get cracking! Try something like this:
Ok, now you should be able to get cracking! Try something like this:
hashcat -m<remember earlier?> <your hashfile> -a0 /usr/share/wordlists/rockyou.txt
But you might get an error in Kali, and you can try to bypass that by appending the --force flag onto it.
If it worked, great! You can also step it up a little bit by adding rules. Rules will take lines from your wordlist and munge them up. Change upper to lower, add a digit, etc. Makes your wordlist more powerful. Hashcat comes with rules.
If you find your hashcat directory, you'll see a rules directory. You can add those with the -r flag like this:
hashcat -m1000 hashfile -a0 -r rules/best64.rule /usr/share/wordlists/rockyou.txt
hashcat -m1000 hashfile -a0 -r rules/best64.rule /usr/share/wordlists/rockyou.txt
One last thing, what's that -a0? That's the attack type. Hashcat can do a few and 0 means a straight attack using a wordlist and rules.
Happy to answer questions too. Good luck!
Happy to answer questions too. Good luck!
Ok, you cracked some hashes. Where are the passwords now? Hash at puts them in a file called a potfile. You can find it as hashcat.potfile. But that file includes every hash that you've ever cracked. What if you only want ones in the current hashfile?
You can have hashcat tell you with this command:
hashcat -m<hashtype code> <hashfile> --show
hashcat -m<hashtype code> <hashfile> --show
If you want the usernames with it, just use the same command and add --username
Some others have noted that it's better to run hashcat installed and not in a VM. Yes, it is better, but if you have never cracked passwords before and want to try it out, a VM is a way to make that happen. Building/installing hc is a thread for another day.
So what is that "potfile" for? Well, it stores the hash and cleartext value of every hash that hashcat has cracked. It lets you find the cracked ones after each job, but it also helps with efficiency. When starting hashcat, you might see this:
"INFO: Removed 345 hashes found in potfile." or some different number. Hashcat is telling you that it already cracked those! Hooray for password re-use! It makes no sense for HC to re-crack a hash, so it doesn't even bother trying those again.
And the potfile is just a text file, so you can definitely open it up and read it, or add other "knowns" to it.
Much of the stuff in this thread is also applicable to John the Ripper (another password cracker), but I reference hashcat because that's what I use.
Much of the stuff in this thread is also applicable to John the Ripper (another password cracker), but I reference hashcat because that's what I use.
• • •
Missing some Tweet in this thread? You can try to
force a refresh
