Showing posts with label md5. Show all posts
Showing posts with label md5. Show all posts

Sunday, 6 September 2015

How to crack MD5 hashes with hashcat

OS: Ubuntu 15.04

There is also a GPU version (oclhashcat), but I am on my notebook so I have to use the CPU only version, which - of course - is much slower.

Download the latest hashcat version here:

Download a wordlist:

Create a MD5 hash: E.g.: 'hello'

echo -n "hello" | md5sum

Next, extract the hashcat archive and create a .txt file with the md5 hash(es) within the folder. Also, save the wordlist in the hashcat folder.

Start hashcat. Dictionary based attack.


./hashcat-cli64.bin -n 2 -m 0 -a 8  test.txt realhuman_phill.txt

-n,   --threads=NUM                 Number of threads
-m,  --hash-type=NUM              Hash-type
-a,  --attack-mode=NUM          Attack-mode

--> use ./hashcat-cli64.bin -h to display all available options.

test.txt is the file with the md5 hash(es) and realhuman_phill.txt is the wordlist.


hashcat will create a filed named hashcat.pot which contains successfully cracked hashes. You can display its contents with cat:

user@user:~/Desktop/hashcat-0.50$ cat '/home/user/Desktop/hashcat-0.50/hashcat.pot'

There you go: hello. 


If you want to read about brute-force (masked) attack have a look here:

Quick example of a brute-force attack for the md5 hash 'cat': 5d41402abc4b2a76b9719d911017c592

./hashcat-cli64.bin -n 2 -m 0 -a 3 test.txt ?a?a?a

?a?a?a specifies to go through all character combinations exactly 3 characters long. ?l?l?l would be lower-case only:
?l = abcdefghijklmnopqrstuvwxyz
?d = 0123456789
?s = !"#$%&'()*+,-./:;<=>?@[]^_`{|}~
?a = ?l?u?d?s