Hashcat -- Crack Passwords in Minutes

Hashcat is an advanced free (License: MIT) multi-threaded password recovery tool and it is world's fastest password cracker and recovery utility, which supports multiple unique attack modes of attacks for more than 200 highly optimized hashing algorithms. Hashcat currently supports CPUs and GPUs and other hardware accelerators on Linux, Windows, and OSX, and has facilities to help enable distributed password cracking.

hashcat on Kali Linux
Hashcat comes pre-installed on our Kali Linux system, So we don't need to install it, but if installation is required we can use sudo apt install hashcat command.

Features of Hashcat

  • World's fastest password cracker.
  • World's first and only in-kernel rule engine.
  • Free and open source.
  • Multi-OS (Linux, Windows and macOS).
  • Multi-Platform (CPU, GPU, APU, etc., everything that comes with an OpenCL runtime).
  • Multi-Hash (Cracking multiple hashes at the same time).
  • Multi-Devices (Utilizing multiple devices in same system).
  • Multi-Device-Types (Utilizing mixed device types in same system).
  • Supports password candidate brain functionality.
  • Supports distributed cracking networks (using overlay).
  • Supports interactive pause / resume.
  • Supports sessions.
  • Supports restore.
  • Supports reading password candidates from file and stdin.
  • Supports hex-salt and hex-charset.
  • Supports automatic performance tuning.
  • Supports automatic keyspace ordering markov-chains.
  • Built-in benchmarking system.
  • Integrated thermal watchdog.
  • 350+ Hash-types implemented with performance in mind.
  • ... and much more.

Hashcat offers multiple unique attack modes for cracking passwords. Those are following: 

  • Brute-Force attack
  • Combinator attack
  • Dictionary attack
  • Fingerprint attack
  • Hybrid attack
  • Mask attack
  • Permutation attack
  • Rule-based attack
  • Table-Lookup attack
  • Toggle-Case attack
  • PRINCE attack

Now without wasting any more time lets dive into Hashcat.

Hashcat on Kali Linux

As we told Hashcat comes pre-installed with a Kali Linux and it is multi-threaded so first let we benchmark our system by using following command:

hashcat -b

In the following screenshot we can see the benchmark of our system and get an idea how it can perform while cracking various types of hashes.

benchmark of hashcat
Here we can get an idea about the performance of our system. Let's run this tool to crack some hashes. Here we have collected some hashed on a text file. For educational purposes we just generated these hashed not collected from any website's database.

hashes list on our system

Now we can crack these using Hashcat, and store the output in a craced.txt file by applying following command:

hashcat -m 0 -a 0 -o cracked.txt hashes.txt /usr/share/seclists/Passwords/Common-Credentials/10k-most-common.txt

Let's discuss about the above command, in this command we have used -m flag to specify the hash type, -a for attack mode and -o for output file, here we named our output file 'cracked.txt', then we give the target hash file to crack named 'hashes.txt', at last we specify the wordlist file to be used. In the following screenshot we can see that hashcat finishes the cracking job.

hashcat finishes cracking passwords

Let's see our output file (cracked.txt).

hashcat password recovered
In the above screenshot we can see that hashcat cracked the hashes. Here for the new readers, in this attack mode we can crack those password hashes if the plaintext of the hashes is available in the wordlist file. Using bigger wordlist file will increase the chance to crack hashes.

Hashcat & Type of Hashes & Attacks

In the above we saw that we need to specify our attack modes and type of hashes we want to crack. These attack modes and hashes are refereed by numbers. Here we are giving hashcat supported all numbers that referees to the attack modes and the type of hashes (as Sep 2021, update of Hashcat tool may include some new things).

Attack Types of Hashcat

  0 | Straight
  1 | Combination
  3 | Brute-force
  6 | Hybrid Wordlist + Mask
  7 | Hybrid Mask + Wordlist

Hash types in Hashcat

Hashcat supports so much types of hashes if we include all them here then this article will very lengthy. We encourage to use hashcat - h command on our Kali Linux system to get all the numbers corresponding to the hash type (Uff.. It's really large 😫).

types of hashes on hashcat

Whenever we are trying to crack a hash we have to know the type of the hash. We can use hash-id tool to know the type of hash. Then we need to choose our attack type and wordlist. That's all it's not hard.

This is all about Hashcat, and how we can use Hashcat to crack passwords on our Kali Linux. Hashcat (#🐈) is really a very widely used tool for cracking passwords.

Love our articles? Make sure to follow us on Twitter and GitHub, we post article updates there. To join our KaliLinuxIn family, join our Telegram Group. We are trying to build a community for Linux and Cybersecurity. For anything we always happy to help everyone on the comment section. As we know our comment section is always open to everyone. We read each and every comment and we always reply.

Kali Linux


No comments
Post a Comment