Using Hashcat to crack hash password
Today I think I’m full of spirit,, lolz .. dont know why I just want to spend all day long by writing and sharing my knowledge in blog. Yeah, maybey I just got a full of free time. And now, it’s already night in my place.
So, let us talk about hash cracking. I’m sure all of you who often deal with SQL injection or hacking, must be familiar enough on how to crack hash password. Yes, there are lot of website which provide hash cracking for free, but some of them may offer for premium services.
Some of popular website for cracking hash password, eg:
http://crackstation.net (my favourite site)
(Supports: LM, NTLM, md2, md4, md5, md5(md5), md5-half, sha1, sha1(sha1_bin()), sha224, sha256, sha384, sha512, ripeMD160, whirlpool, MySQL 4.1+)
(Supports: MySQL323, LM, NTLM, MD5, SHA1, MYSQL5, OSX)
and so on ..
Those examples above are online web-based for cracking hash password. But, you might be want to do cracking by your self with your local computer.
For local hash cracking process, there are many popular cracker softwares you can install, for example: Cain & Abel, John The Ripper, Hashcat, etc.
In this tutorial, I would like to show you how to use Hashcat. Why hashcat? Hashcat is the world’s fastest CPU-based password recovery tool. It can be set to utilize CPU power or GPU processor of video graphic device. Remember that, GPU from VGA card is more powerful than CPU processor power. Also, it works really nice and fast (depends on your CPU & GPU speed).
For more information of Hashcat, you can read from its official website on this link:
So, ready to install Hashcat?
1/ First, prepare wordlist needed for cracking based on dictionary word. Actually, you can use wordlist or you may not need it since you can use pattern-based algorithm for cracking process, but it will consume much time.
- You can google around to find for wordlist on the net. Get wordlist as much as you can. More wordlist means more chance to crack hash sucessfully. Mine is more than 10 GB wordlist file.
- Save the wordlist file in .dict format file extension (not in .txt).
2/ Download Hashcat. What we want to download and use it later is Hashcat GUI. Since it’s GUI-based, then we will need 3 modules, there are hashcat, oclHashcat-plus, and oclHashcat-lite.
- Download hashcat-gui
- Download hashcat
- Download oclHashcat-plus
- Download oclHashcat-lite
3/ Save those 4 files in your computer, then extract one by one.
- After extract the files, move the folder hashcat, oclHashcat-plus, oclHashcat-lite and place them under hashcat-gui folder.
Directory tree like this:
4/ Go into folder “hashcat-gui”, and then run hashcat-gui32.exe file. There are 3 options, use CPU only, NVIDIA (CUDA), or AMD (OpenCL). I’m using Nvidia VGA, so I choose NVIDIA (CUDA). You can choose other options based on your hardware types.
- There will be 3 tabs: hashcat, cudaHashcat-plus, and cudaHashcat-lite.
- To crack single hash, we can use cudaHashcat-plus or cudaHashcat-lite.
- To crack hash file, we can use hashcat or cudaHashcat-plus.
- Cracking single hash is as easy as you can see.
- To crack hash file contains more than 1 hash, then we have to create .hash file. Remember, file has to be in .hash format file extension.
After everything has been setup and understood well, now time to start cracking!
Again, cracking process time depends on your CPU & Graphical Processor (GPU) speed.
Enough for this night, I’m tired and wanna go bed. You need to take sleep also in the night, keep your body healthy. See you tomorrow. :D