Project Toolkit 005: HashCat
No matter how strong your bricks are, I will break them
Hey all!! Today I am going to discuss about hashcat, the world’s fastest password cracking tool. Don’t worry if you do not know anything about cyber security. This article will help you to get an impressive knowledge about hashing and hashcat tool.
Before going to know about the tool let me briefly explain about what is hashing and why it really important to increase cyber security.
Hashing is based on a one-way mathematical function that is relatively easy to compute but significantly harder to reverse.
The most common ways of hashing are dictionary attacks and brute force attacks.
Hashing is the process of mapping object data to a representative integer value using functions or algorithms. When locating these items on that object data map, a hash can be used to narrow down searches.
I think now you have a better understanding about what is hashing and why it is so important. But there are some situations where we want to crack the hashed passwords. So, for that the hashcat tool has been developed. So, now let me describe about hashcat tool.
Hashcat is a well-known password cracker that is capable of breaking even the most complex password representations. To accomplish this, it enables the cracking of a specific password in a variety of ways, combining versatility and speed.
Password representations are mostly associated with hash keys like MD5, SHA, WHIRLPOOL, RipeMD, NTMLv1, NTMLv2, and so on. They are also defined as a one-way function, which is a simple mathematical operation that is difficult to reverse engineer.
Hashes, unlike standard encryption protocols, do not allow someone to decrypt data with a specific key. Hashcat employs precomputed dictionaries, rainbow tables, and even brute-force approaches to crack passwords in an effective and efficient manner.
By the way if you want to know more details about hashcat visit the below website.
By reading the following article you can get to know how to crack any hashed value using hashcat.
How to install hashcat?
The hashcat can be installed to Linux, Windows, and macOS. The latest version of hashcat can be obtained from the hashcat website at http://www.hashcat.net/hashcat . You will need 7zip to decompress the downloaded archive.
Usually, Hashcat is pre-installed with Kali Linux. So, you can check whether it is pre-installed you can give the following command to check.
If you want to install it to Kali Linux, here is the command.
sudo apt-get install hashcat
Since hashcat is a password cracking tool, you can simply find it under the password cracking tools.
Like every tool we use in Linux, we can get information about commands use in hashcat using the following command
Alternatively, you can view the help page by clicking on the hashcat icon.
For password cracking, you primarily require two items. They are as follows:
Because dictionary-based attacks are more reliable, I will focus on them in this section.
The main argument in hashcat is -m, which stands for hash modes. So, we’ve arrived at the most interesting part of this article.
How to crack a password via a dictionary attack.
First of all, we have to put the hashed password in a file. I put the hashed value of ‘admin’ in a hash file.
The following step is to refer to the hashing modes. Each hashing mode has a number associated with it.
The following command can be used to refer to hashing modes.
Then you should refer to the available wordlists. You can choose any wordlist, but you must provide the proper path for that wordlist.
The following command displays the locations of all wordlists.
Remember to copy and paste the wordlist as you type the command because if you miss one letter, the output will be incorrect.
We are now ready to decrypt our hashed value. You can use the following command to accomplish this.
hashcat -m <mode_number> <hashed file’s location> <location of wordlist>
hashcat -m 0 input.txt /usr/share/wordlists/metasploit
Yess!! We have successfully cracked the hashed value.
These passwords are weak and cracking them requires little effort or time. It’s important to remember that the simpler the password, the easier it is to crack.
As a result, make your password long and complex. Additionally, avoid using obvious personal information; never reuse passwords, and change them on a regular basis.
My session has now come to an end. The above article provides an overview of the hashcat tool. This tool will also assist you with your CTF challenges. So, start cracking, but only for ethical reasons.
Keep in mind to “Never give up! Because good things take time”.
Stay safe and Happy cracking!
Written by Helani Herath — 2nd Year 2nd Semester -Cyber Security Student-SLIIT