Cracking Passwords Using HASHCAT
Lets Begin the journey of Cracking Passwords…..
Download the latest Hashcat on your Linux distribution (My Distribution is Ubuntu) from the Hashcat website.
$ wget https://hashcat.net/files/hashcat-2.00.7z
To extract the archive, you need to have 7zip utility installed. If you don’t have it on your system, install it:
$ yum install p7zip
In case, if yum install didn’t work for you, then you need to setup YUM repository that contains p7zip package.
$ apt-get install p7zip
Extract the archive using the installed 7zip utility
$ 7za x hashcat-2.00.7z
$ p7zip -d hashcat-2.00.7z
Now change to the Hashcat directory:
$ cd hashcat-2.00
You can see the binary executable as shown below:
$ ls -l hashcat-cli*.bin
In latest version of HashCat 3.6.0
The binary file is named as hashcat64.bin if it is 64bit and hashcat32.bin if it is 32bit
Based on your Hardware & OS installation, choose either 32bit or 64 bit binary. You can find out using the command:
$uname -a Linux ubuntu 3.13.0-65-generic #106-Ubuntu SMP Fri Oct 2 22:08:27 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux
Since my OS is 64 bit, I would use Hashcat binary compiled on 64bit (hashcat-cli64.bin). Just to make our lives easier, lets copy the binary to the standard binary locations like : /usr/bin/
$ cp hashcat-cli64.bin /usr/bin/
Link to a shorter form :
ln -s /usr/bin/hashcat-cli64.bin /usr/bin/hashcat
Great! From now on you can use the command hashcat whenever you want to use Hashcat as shown below:
$ hashcat --help
Exited to start it, then first thing is to jump to examples directory to see how does the password cracking works:
$ ls examples/
The examples are arranged based on Attack Mode (A) and the hash type (M). Lets try the simple cracking of MD5 hash type using dictionary attack mode. Pass the Hash file and the corresponding password dictionary file as arguments to the executable hashcat as shown below:
$ hashcat A0.M0.hash A0.M0.word Initializing hashcat v2.00 with 2 threads and 32mb segment-size...
Added hashes from file A0.M0.hash: 102 (1 salts)
b19cdd8f0b55cb888c97ec77ab1ad402:rQ-Vv2&kog_p+CMyI;/VFDD.|MQe0/eV6bi9i^"yWP('iT 73ff3971460e3d4490049086207e4a1e:$<-+1Jz?dPL)[;)mg<so'R 5Ri0':.m^Rfv?,x[G 7718d0884dcdd356c77de6ff4c0ad58e:>RHc ::::::::::::::::::::::::::::: ::::::::::::::::::::::::::::: All hashes have been recovered
Input.Mode: Dict (A0.M0.word) Index.....: 1/1 (segment), 102 (words), 2769 (bytes) Recovered.: 102/102 hashes, 1/1 salts Speed/sec.: - plains, 101 words Progress..: 102/102 (100.00%) Running...: 00:00:00:01 Estimated.: --:--:--:--
Started: Wed Dec 16 04:41:18 2015 Stopped: Wed Dec 16 04:41:20 2015
The above execution could successfully recover 102 hashes! Fantastic isn’t it? Of course, cracking hashes on the real world won’t be this simple, but this is of a great first step.