Sunday, 6 September 2015

How to crack MD5 hashes with hashcat

OS: Ubuntu 15.04

There is also a GPU version (oclhashcat), but I am on my notebook so I have to use the CPU only version, which - of course - is much slower.

Download the latest hashcat version here: https://hashcat.net/hashcat/

Download a wordlist: https://crackstation.net/buy-crackstation-wordlist-password-cracking-dictionary.htm

Create a MD5 hash: E.g.: 'hello'

echo -n "hello" | md5sum
5d41402abc4b2a76b9719d911017c592

Next, extract the hashcat archive and create a .txt file with the md5 hash(es) within the folder. Also, save the wordlist in the hashcat folder.

Start hashcat. Dictionary based attack.


Command:

./hashcat-cli64.bin -n 2 -m 0 -a 8  test.txt realhuman_phill.txt

-n,   --threads=NUM                 Number of threads
-m,  --hash-type=NUM              Hash-type
-a,  --attack-mode=NUM          Attack-mode

--> use ./hashcat-cli64.bin -h to display all available options.

test.txt is the file with the md5 hash(es) and realhuman_phill.txt is the wordlist.

Wait...


hashcat will create a filed named hashcat.pot which contains successfully cracked hashes. You can display its contents with cat:

user@user:~/Desktop/hashcat-0.50$ cat '/home/user/Desktop/hashcat-0.50/hashcat.pot'
5d41402abc4b2a76b9719d911017c592:hello

There you go: hello. 

Brute-force


If you want to read about brute-force (masked) attack have a look here: http://www.unix-ninja.com/p/Exploiting_masks_in_Hashcat_for_fun_and_profit/

Quick example of a brute-force attack for the md5 hash 'cat': 5d41402abc4b2a76b9719d911017c592


./hashcat-cli64.bin -n 2 -m 0 -a 3 test.txt ?a?a?a

?a?a?a specifies to go through all character combinations exactly 3 characters long. ?l?l?l would be lower-case only:
?l = abcdefghijklmnopqrstuvwxyz
?u = ABCDEFGHIJKLMNOPQRSTUVWXYZ
?d = 0123456789
?s = !"#$%&'()*+,-./:;<=>?@[]^_`{|}~
?a = ?l?u?d?s

8 comments:

  1. Thanks for this helpful tip! I bet many of us who have been knocking ourselves out with this can get great benefit from this. Many thanks once again

    ReplyDelete
  2. Thanks for sharing the codes. I needed it to crack md5! Please visit this page https://www.slideshare.net/edubirdie to learn about professional writing.

    ReplyDelete
  3. I had a great time reading this kind of valuable post. Please keep sharing and enlightening your readers' minds. Visit my Lawrence Todd Maxwell pinterest page when you have some spare time.

    ReplyDelete
  4. Pretty blog, so many ideas in a single site, thanks for the informative article, keep updating more article.

    ReplyDelete
  5. I love this post.

    โปรโมชั่นGclub ของทางทีมงานตอนนี้แจกฟรีโบนัส 50%
    เพียงแค่คุณสมัคร Gclub กับทางทีมงานของเราเพียงเท่านั้น
    ร่วมมาเป็นส่วนหนึ่งกับเว็บไซต์คาสิโนออนไลน์ของเราได้เลยค่ะ
    สมัครสมาชิกที่นี่ >>> Gclub online

    ReplyDelete
  6. Very cool!

    เว็บไซต์คาสิโนออนไลน์ที่ได้คุณภาพอับดับ 1 ของประเทศ
    เป็นเว็บไซต์การพนันออนไลน์ที่มีคนมา สมัคร Gclub Royal1688
    และยังมีเกมส์สล็อตออนไลน์ 1688 slot อีกมากมายให้คุณได้ลอง
    สมัครสมาชิกที่นี่ >>> Gclub Royal1688

    ReplyDelete