Cracking hashes with HashCat

Hashcat Is the fastest and most advanced password recovery utility supporting five unique attack modes for more than three hundred hashing algorithms.

Hashcat supports:

  • Processors:
    • CPU
    • GPU
  • Other hardware accelerators in:
    • Linux
    • Windows
    • macOS

Hashcat also has tools to help enable distributed password cracking.

HashCat supports the following attack modes:

  • Brute force
  • Combinatorial attack
  • Hybrid attack
  • Mask Attack
  • Permutation attack
  • Rule Based Attack
  • Table attack
  • Case switch attack

Using this command, you can check all available parameters:

hashcat –h

Today we will be using dictionary attack mode.

Content:

  • MD5 hashes
  • Salted MD5 hashes
  • MD5Crypt hash sums
  • HMAC-SHA1 key
    • SHA-1 hash sums
  • SHA2 hashes – 384
  • SHA3-512 hashes
  • NTLM hashes
  • CRC32 hashes

MD5 hashes

Make sure the input hashes are in a hashcat compatible format.

Example:

8743b52063cd84097a65d1633f5c74f5> hash.txt

Team:

hashcat -m 0 -a 0 hash.txt passwordlist.txt

Where:

  • -m 0: MD5 hashing mode
  • -a 0: dictionary attack mode
  • hash.txt: a text file containing a hash in a compatible format
  • passwordlist.txt: a dictionary file containing plain text passwords

Hacked hash:

8743b52063cd84097a65d1633f5c74f5 = hashcat

Salted MD5 hashes

Make sure the input hashes are in a hashcat compatible format.

Example:

md5 ($ pass. $ salt):
01dfae6e5d4d90d9892622325959afbe: 7050461> hash.txt

Team:

hashcat -m10 -a0 hash.txt passwordlist.txt

Where:

  • -m 10: salted MD5 hashing mode
  • -a 0: dictionary attack mode
  • hash.txt: a text file containing a hash in a compatible format
  • passwordlist.txt: a dictionary file containing plain text passwords

Hacked hash:

01dfae6e5d4d90d9892622325959afbe: 7050461 = hashcat

Hashes of MD5Crypt

Make sure the input hashes are in a hashcat compatible format.

Example:

md5crypt, MD5 (Unix), Cisco-IOS $ 1 $ (MD5)
$ 1 $ 28772684 $ iEwNOgGugqO9.bIz5sk8k /> hash.txt

Team:

hashcat -m 500 -a 0 hash.txt passwordlist.txt

Where:

  • -m 500: hashing mode MD5Crypt Digests
  • -a 0: dictionary attack mode
  • hash.txt: a text file containing a hash in a compatible format
  • passwordlist.txt: a dictionary file containing plain text passwords

Hacked hash:

1 $ 28772684 $ iEwNOgGugqO9.bIz5sk8k / = hashcat

HMAC-SHA1 key

Make sure the input hashes are in a hashcat compatible format.

Example:

HMAC-SHA1 (key = $ pass)
c898896f3f70f61bc3fb19bef222aa860e5ea717: 1234> hash.txt

Team:

hashcat -m150 -a 0 hash.txt passwordlist.txt

Where:

  • -m 150: HMAC-SHA1 key hashing mode
  • -a 0: dictionary attack mode
  • hash.txt: a text file containing a hash in a compatible format
  • passwordlist.txt: a dictionary file containing plain text passwords

Hacked hash:

c898896f3f70f61bc3fb19bef222aa860e5ea717: 1234 = hashcat

SHA-1 hash sums

Make sure the input hashes are in a hashcat compatible format.

Example:

b89eaac7e61417341b710b727768294d0e6a277b> hash.txt

Team:

hashcat -m100 -a 0 hash.txt passwordlist.txt

Where:

  • -m 100: SHA1 hashing mode
  • -a 0: dictionary attack mode
  • hash.txt: a text file containing a hash in a compatible format
  • passwordlist.txt: a dictionary file containing plain text passwords

Hacked hash:

b89eaac7e61417341b710b727768294d0e6a277b = hashcat

SHA2 hashes – 384

Make sure the input hashes are in a hashcat compatible format.

Example:

SHA2-384 07371af1ca1fca7c6941d2399f3610f1e392c56c6d73fddffe38f18c430a2817028dae1ef09ac683b62148a2c8757f42> hash.txt

Team:

hashcat -m 10800 -a 0 hash.txt passwordlist.txt

Where:

  • -m 10800: SHA-2 hashing mode
  • -a 0: dictionary attack mode
  • hash.txt: a text file containing a hash in a compatible format
  • passwordlist.txt: a dictionary file containing plain text passwords

Hacked hash:

07371af1ca1fca7c6941d2399f3610f1e392c56c6d73fddffe38f18c430a2817028dae1ef09ac683b62148a2c8757f42 = hashcat

SHA3-512 hashes

Make sure the input hashes are in a hashcat compatible format.

Example:

SHA3–512 7c2dc1d743735d4e069f3bda85b1b7e9172033dfdd8cd599ca094ef8570f3930c3f2c0b7afc8d6152ce4eaad6057a2ff22e71934b3a3dd0fah55a4fc>

Team:

hashcat -m 17600 -a 0 hash.txt passwordlist.txt

Where:

  • -m 17600: SHA3-512 hashing mode
  • -a 0: dictionary attack mode
  • hash.txt: a text file containing a hash in a compatible format
  • passwordlist.txt: a dictionary file containing plain text passwords

Hacked hash:

7c2dc1d743735d4e069f3bda85b1b7e9172033dfdd8cd599ca094ef8570f3930c3f2c0b7afc8d6152ce4eaad6057a2ff22e71934b3a3dd0fb55a7fc84h53144e

NTLM hashes

Make sure the input hashes are in a hashcat compatible format.

Example:

b4b9b02e6f09a9bd760f388b67351e2b> hash.txt

Team:

hashcat -m 1000 -a 0 hash.txt passwordlist.txt

Where:

  • -m 1000: NTLM hashing mode
  • -a 0: dictionary attack mode
  • hash.txt: a text file containing a hash in a compatible format
  • passwordlist.txt: a dictionary file containing plain text passwords

Hacked hash:

b4b9b02e6f09a9bd760f388b67351e2b = hashcat

CRC32 hashes

Make sure the input hashes are in a hashcat compatible format.

Example:

c762de4a: 00000000> hash.txt

Team:

hashcat -m 11500 -a 0 hash.txt passwordlist.txt

Where:

  • -m 11500: CRC32 hashing mode
  • -a 0: dictionary attack mode
  • hash.txt: a text file containing a hash in a compatible format
  • passwordlist.txt: a dictionary file containing plain text passwords

Hacked hash:

c762de4a: 00000000 = hashcat

image

Similar Posts

Leave a Reply