How to Crack Passwords with Hashcat

Objective

Learn how to use Hashcat, a powerful password recovery tool, to crack password hashes in a controlled environment. This lab demonstrates how to identify hash types, perform dictionary and brute-force attacks, and interpret results.

Prerequisites

1. Hashcat Installed:
   • Install Hashcat on your system:
     • Linux:

       sudo apt update && sudo apt install hashcat
       

     • Windows:
       • Download from https://hashcat.net/hashcat/.
     • macOS:

       brew install hashcat
       

2. Hash File:
   • A file containing password hashes to test.
   • Example hash:

     $6$rounds=656000$6DxTvhECQZs...$UEQoPV...
     

3. Wordlist File (for dictionary attacks):
   • Download a wordlist like rockyou.txt from SecLists.
4. GPU Support (Optional):
   • Hashcat can utilize GPUs for faster cracking. Ensure proper GPU drivers are installed.
5. Testing Environment:
   • Ensure you have explicit permission to test any hashes.

Step 1: Identifying the Hash Type

1. Use Hashcat’s Built-in Documentation:

   hashcat --help
   

2. Identify the Hash Type:
   • Use tools like hash-identifier:

     sudo apt install hash-identifier
     hash-identifier
     

   • Enter your hash to determine its type.
3. Example Hash Types:
   • MD5: $1$...
   • SHA-256: $5$...
   • bcrypt: $2b$...

Step 2: Performing a Dictionary Attack

1. Use the following command:

   hashcat -m <hash_type> -a 0 <hash_file> <wordlist_file>
   

   • Replace <hash_type> with the hash mode (e.g., 0 for MD5, 100 for SHA1).
   • Replace <hash_file> with the file containing the hashes.
   • Replace <wordlist_file> with your wordlist.
2. Example:

   hashcat -m 0 -a 0 hashes.txt /usr/share/wordlists/rockyou.txt
   

3. Monitor Progress:
   • Hashcat will display the cracking progress and results in real-time.
4. View Cracked Passwords:

   cat hashcat.potfile
   

Step 3: Performing a Brute-Force Attack

1. Use the following command:

   hashcat -m <hash_type> -a 3 <hash_file> <mask>
   

   • Replace <mask> with a pattern (e.g., ?a?a?a?a for any 4-character password).
2. Example:

   hashcat -m 0 -a 3 hashes.txt ?d?d?d?d
   

   • ?d: Digit (0–9).
   • ?l: Lowercase letter.
   • ?u: Uppercase letter.
   • ?a: Any character.
3. Increase Password Length:
   • Use the --increment flag to try progressively longer passwords:

     hashcat -m 0 -a 3 --increment hashes.txt ?d?d?d
     

Step 4: Cracking Salts and Complex Hashes

1. Some hashes include salts (additional random data).
2. Add the salt to the hash file if needed:

   $6$salt$hash
   

3. Use the appropriate hash type and wordlist for cracking.

Step 5: Using Rules for Smarter Cracking

1. Apply a rule file for transformations:

   hashcat -m <hash_type> -a 0 -r <rule_file> <hash_file> <wordlist_file>
   

   • Replace <rule_file> with a rules file (e.g., rules/best64.rule).
2. Example:

   hashcat -m 0 -a 0 -r rules/best64.rule hashes.txt /usr/share/wordlists/rockyou.txt
   

3. Hashcat will modify entries in the wordlist based on the rules (e.g., adding numbers, reversing).

Step 6: Interpreting Results

1. Cracked passwords are stored in the hashcat.potfile.
2. View the results:

   cat hashcat.potfile
   

3. Example Output:

   $6$rounds=656000$6DxTvhECQZs...:password123
   

   • The cracked password follows the hash.

Step 7: Ethical Considerations

1. Permission Required:
   • Only test hashes you own or have explicit authorization to test.
2. Secure the Hash File:
   • Store hashes and cracked passwords securely to prevent misuse.
3. Minimize Brute-Force Attacks:
   • Focus on dictionary and rule-based attacks to save resources and time.

Additional Tips and Insights

1. Optimize Performance:
   • Use --force to bypass warnings but only in safe environments.
   • Ensure GPU drivers are updated for better performance.
2. Combine with Other Tools:
   • Use john or hashid for hash identification and cracking alongside Hashcat.
3. Automate Testing:
   • Create scripts to automate hash cracking tasks.
4. Test Custom Wordlists:
   • Generate wordlists with tools like crunch or CeWL tailored to the target.

Key Takeaways

1. Hashcat is a powerful tool for cracking password hashes in a controlled, ethical environment.
2. Understanding hash types and selecting the appropriate attack method is critical for success.
3. Always follow ethical guidelines and ensure permission for any testing activity.