Hashcat is a password recovery tool. It had a proprietary code base until 2015, but was then released as open source software. Versions are available for Linux, OS X, and Windows.
What is Hashcat
is the quickest password recovery tool. It was designed to break the high complex passwords in a short amount of time. And this tool is also capable of both wordlist and brute force attacks.
Hashcat has two variants. CPU and GPU (Graphical Processing Unit) based. The GPU-based tool can crack the hashes in less time than the CPU. You can check the GPU driver requirements on their official website.
What is a Hash function?
Hashing is the process of converting a normal input text into a fixed-size string of text using some mathematical function which is known as the Hash Function. Any text, regardless of length, can be turned into a random combination of integers and alphabets using an algorithm.
- Input refers to the message that will be hashed.
- The hash function is the encryption algorithm like MD5 and SHA-256 that converts a string into a hash value.
- And finally, the hash value is the result.
Features of Hashcat
- It is worlds fastest password cracker.
- It is free to use.
- Multiple OS (Linux, Windows and macOS).
- Multiple Hash (CPU, GPU, APU, etc., everything that comes with an OpenCL runtime).
- Supports distributed cracking networks (using overlay).
- Supports reading password candidates from file and stdin.
- Hex-salt and hex-charset files are supported, along with the automatic performance tuning.
Installation of Hashcat
First, make sure your Linux system is up to date with the newest programs and tools.
For this, open a terminal and type:
$ sudo apt update && sudo apt upgrade
Hashcat is usually pre-installed in Kali Linux. You can find the tool under the password cracking section. But if you need to install it manually in any Linux distribution, type the following command in the terminal.
$ sudo apt-get install hashcat
Hashcat offers multiple attack modes for obtaining effective and complex coverage over a hash’s key space. These modes are:
- Brute-Force attack
- Combinator attack
- Dictionary attack
- Fingerprint attack
- Hybrid attack
- Mask attack
- Permutation attack
- Rule-based attack
- Table-Lookup attack
- Toggle-Case attack
- PRINCE attack
To get started with Hashcat, we’ll need some password hashes. If you don’t have a hash to crack, we will create some hashes first.
To create hashes using the command line, just follow the below format.
echo -n "input" | algorithm | tr -d "-">>outputfiename
For example, you can see I turned some words into hashes using the md5 algorithm below:
┌──(root💀kali)-[/home/writer/Desktop] └─# echo -n "geekflare" | md5sum | tr -d "-">>crackhash.txt echo -n "password123" | md5sum | tr -d "-">>crackhash.txt echo -n "Webtechnology" | md5sum | tr -d "-">>crackhash.txt echo -n "microsoftteams" | md5sum | tr -d "-">>crackhash.txt echo -n "recyclebin" | md5sum | tr -d "-">>crackhash.txt
And the output will be saved in the crackhash.txt file.
Now we will check the hashes which were saved in the given file.
┌──(root💀kali)-[/home/writer/Desktop] └─# cat crackhash.txt
066d45208667198296e0688629e28b14 482c811da5d5b4bcd497ffeaa98491e3 72a2bc267579aae943326d17e14a8048 2192d208d304b75bcd00b29bc8de5024 caae8dd682acb088ed63e2d492fe1e13
You can see, now we have some hashes to crack. This is the procedure to create a hash by using the algorithm of your choice.
The next step is to kick start a Hashcat tool in your Linux machine. Just use the following command to use Hashcat.
The general form of the command is:
$ hashcat -a num -m num hashfile wordlistfile
Here the ‘num’ represents a specific attack and hash mode to use. If you scroll the terminal, you can find the exact numbers for every attack and hash mode, like for md4 – the number is 0, and for sha256 algorithm – the number is 1740.
The wordlist I am going to use is rockyou wordlist. You can easily find that wordlist in the path /usr/share/wordlists.
You can even use the locate command to find that wordlist path.
┌──(root💀kali)-[/home/writer] └─# locate rockyou.txt
And finally, to crack the hashes using the wordlist file, use the following command:
$ hashcat -a 0 -m 0 ./crackhash.txt rockyou.txt
After running this command, you may get a runtime error ( Token length exception error ) which can be resolved easily.
To resolve this, save each hash separately in a different file. This error occurs if you have a low CPU or GPU speed. If your computer has a high-speed processor, you can easily crack all the hashes at the same time as a single file itself.
So after fixing the error and everything, the result will be like this:
In the above result, after the dictionary cache details, you can notice, the hash was cracked, and the password was revealed.