Hashcat Tutorial: How to use Hashcat on Kali Linux for password recovery?

Hashcat is a password recovery tool that supports a wide range of hashing algorithms and attack modes. This tutorial will guide you in installing Hashcat, preparing for a password recovery task, and executing it with an example, including some important features and tricks.

Hashcat on Kali Linux1330×720 183 KB

Step 1: Install Hashcat

1. On Kali Linux:

   sudo apt-get update
   sudo apt-get install hashcat
   

2. On Windows:

   • Download the latest Hashcat binaries from Hashcat’s official website.
   • Extract the downloaded archive to a preferred directory.

3. On macOS:

   brew install hashcat
   

Step 2: Prepare Your Hashes

For this example, let’s assume you have a list of MD5 hashed passwords you want to recover.

1. Create a file named hashes.txt and place your hashes inside. Each hash should be on a new line:

   5f4dcc3b5aa765d61d8327deb882cf99
   e99a18c428cb38d5f260853678922e03
   098f6bcd4621d373cade4e832627b4f6
   

Step 3: Choose a Wordlist

Hashcat uses wordlists to perform dictionary attacks. You can use the built-in rockyou.txt wordlist for this example, which is included in Kali Linux.

1. Locate the wordlist:

   /usr/share/wordlists/rockyou.txt.gz
   

2. If it’s compressed, extract it:

   gzip -d /usr/share/wordlists/rockyou.txt.gz
   

Step 4: Run Hashcat

Execute Hashcat with the following command:

hashcat -m 0 -a 0 -o recovered_passwords.txt hashes.txt /usr/share/wordlists/rockyou.txt

Description:

• -m 0: Specifies the hash type (0 is for MD5).
• -a 0: Specifies the attack mode (0 is for dictionary attack).
• -o recovered_passwords.txt: Output file to save recovered passwords.
• hashes.txt: The file containing your hashes.
• /usr/share/wordlists/rockyou.txt: The wordlist to use for the attack.

Step 5: Check the Results

After the attack completes, Hashcat will save the recovered passwords in recovered_passwords.txt. Open this file to view the results:

cat recovered_passwords.txt

You should see output similar to this:

5f4dcc3b5aa765d61d8327deb882cf99:password
e99a18c428cb38d5f260853678922e03:abc123
098f6bcd4621d373cade4e832627b4f6:test

Important Features of Hashcat

1. Multi-Algorithm Support:

   • Supports over 200 hashing algorithms, including MD5, SHA1, SHA256, bcrypt, and others.
   • List all supported algorithms with: hashcat --help | grep -A 25 "Hash modes"

2. Rule-Based Attacks:

   • Apply rules to modify passwords in the wordlist.
   • Use built-in rule sets like best64.rule:

     hashcat -m 0 -a 0 -r /usr/share/hashcat/rules/best64.rule hashes.txt /usr/share/wordlists/rockyou.txt
     

3. Mask Attacks:

   • Useful for targeted brute-force attacks with known patterns.
   • Example for a pattern where passwords are 8 characters long, start with an uppercase letter, followed by 5 lowercase letters and ending with 2 digits:

     hashcat -m 0 -a 3 hashes.txt ?u?l?l?l?l?l?d?d
     

4. Hybrid Attacks:

   • Combine dictionary and mask attacks.
   • Example:

     hashcat -m 0 -a 6 hashes.txt /usr/share/wordlists/rockyou.txt ?d?d?d
     

5. GPU Acceleration:

   • Leverage GPU power for faster hash cracking.
   • Ensure proper drivers are installed and use the --force flag if necessary.

6. Session Management:

   • Save and restore sessions to pause and resume long-running tasks.
   • Save session: hashcat -m 0 -a 0 -o recovered_passwords.txt --session=mySession hashes.txt /usr/share/wordlists/rockyou.txt
   • Restore session: hashcat --session=mySession --restore

7. Benchmarking:

   • Test performance for different algorithms on your hardware.
   • Run: hashcat -b

8. Distributed Cracking:

   • Distribute the workload across multiple machines for faster results.
   • Use tools like Hashtopolis for managing distributed tasks.

Tips and Tricks

1. Using Custom Wordlists:

   • You can create custom wordlists tailored to the target environment using tools like CeWL or Crunch.

2. Combining Multiple Wordlists:

   • You may combine multiple wordlists to increase the chances of successful recovery:

     cat wordlist1.txt wordlist2.txt > combined_wordlist.txt
     

3. Optimizing Rules:

   • You can create custom rules to reflect common password creation habits observed in the target environment.

4. Analyzing Results:

   • Use tools like pw-inspector to analyze recovered passwords for patterns and improve subsequent attacks.

After following the instructions of this tutorial, you may understand that Hashcat is a powerful tool for password recovery, with numerous features and attack modes to improve your efforts. You can recover passwords and improve your overall cybersecurity posture.