Hashing passwords before storing them in databases is a common technique used to protect password information. Hashed passwords cannot be decrypted back to the original text, protecting databases even if breached. However, using specialized password cracking tools like Hashcat, hashed passwords can be revealed by cracking them.
In this comprehensive guide, we will cover everything you need to know about using the powerful Hashcat password cracking tool, from beginner basics to advanced optimization techniques.
What is Password Hashing?
Password hashing refers to the one way encryption of passwords before storing them. Some common hashing algorithms used are:
- MD5
- SHA1
- SHA256
- bcrypt
- PBKDF2
The hash output contains fixed length gibberish text that cannot be converted back to the original password. When a user provides login password, it is hashed again and matched with stored hash to authenticate.
This protects passwords even if a hacker gains access to password database, since hashes cannot be decrypted. However, hackers use brute force or dictionary attacks with password cracking tools to break hashes.
Introducing Hashcat Password Cracker
Hashcat is likely the world‘s fastest CPU-based password recovery tool, widely used by ethical hackers and forensics specialists. Key features include:
- Open source password cracker
- Supports GPU cracking for faster speeds
- Cracks many hashing algorithms like MD5, SHA series, MySQL, etc.
- Brute force, combinator, dictionary, rule-based attacks
- Multi-threaded and multi-hash attack modes
- Benchmarking, session management and restore features
With diverse attack modes and optimization techniques, Hashcat can crack complex passwords within reasonable times by leveraging GPU compute power.
Installing Hashcat in Linux
As an open source tool, Hashcat is included in pentesting distros like Kali Linux. For manual install, run below apt commands:
sudo apt update
sudo apt install hashcatEnsure you have latest GPU drivers before running Hashcat GPU version. AMD and Nvidia provide Linux drivers to utilize GPU hardware acceleration properly.
Cracking Password Hashes with Hashcat
With Hashcat installed, we can start cracking password hashes. This covers the basics – from generating hashes to cracking them.
1. Generate Password Hashes
Let‘s create some sample MD5 password hashes to crack:
echo -n "mypassword" | md5sum | tr -d "-" >> hashes.txt
echo -n "123456" | md5sum | tr -d "-" >> hashes.txtThis hashes mypassword and 123456 passwords using MD5 algorithm and stores the output to hashes.txt file.
2. Prepare Password Dictionary File
Dictionaries contain list of popular passwords that Hashcat tries against hash to check for matches. Using rockyou dictionary found in Kali at below path:
/usr/share/wordlists/rockyou.txt 3. Launch Hashcat Attack
Basic Hashcat command format:
hashcat -a 0 -m 0 hashes.txt dictionary.txtHere,
- -a 0 = Straight attack mode
- -m 0 = MD5 hash type
Run the attack:
hashcat -a 0 -m 0 hashes.txt /usr/share/wordlists/rockyou.txtThis tries all words in rockyou dictionary against given hashes with MD5 algorithm. On cracking passwords, they will be displayed in console.
Hashcat Attack Modes
Beyond basic dictionary attack, Hashcat supports more advanced attacks to greatly improve your odds of cracking passwords.
Straight Attack
Runs through every combination of characters in specified keyspace. Simple brute force attack.
Combinator Attack
Combines two wordlists and generates all combinations of words from both lists. Creates more password guesses.
Mask Attack
Define a custom charset and length to generate password permutations. Useful for directed guessing of patterns.
Rule-Based Attacks
Apply predefined modification rules such as append numbers, substitute characters, etc. and mutate the wordlists
Prince Attack
Special optimized attack mode based on Markov chains for quickly guessing frequently used passwords.
Choosing suitable attacks with right optimizations is key for cracking difficult passwords.
Distributed Password Cracking with Hashcat
Hashcat supports distributed computing by allowing to split workload across multiple systems equipped with GPUs. Cracking speeds scale almost linearly with more GPUs.
This video demonstrates 18 GPUs cracking an NTLM password hash in 9 seconds, which is otherwise projected by Hashcat to take over a year!
https://www.youtube.com/watch?v=7klırjZNUI8
Hashcat Optimization Tips
To improve Hashcat performance, try these optimizations:
- Use GPU acceleration instead of CPU
- Benchmark hashes first to estimate cracking times
- Generate custom wordlists from breached password lists
- Create targeted password masks based on policies
- Append common wordlist rule mutations
- Use Prince attack for faster initial guesses
- Distribute load across more GPUs
Optimized attacks can successfully crack complex passwords. Brute forcing all possibilities takes ages.
Ethical Usage of Password Cracking Tools
Password cracking tools like Hashcat should only be used for legal purposes on authorized systems. Common ethical use cases are:
- Penetration testing and security research
- Recovering lost passwords with authorization
- Evaluating password policy strengths
- Preparing for forensic investigation
- Student education and training
Do not use these tools with malicious intent or attack systems where you don‘t have explicit permission.
Conclusion
Hashcat is one of the most powerful CPU-based password cracking tools, providing cutting-edge performance and diverse attacks for breaching hashes.
With suitable attack modes, optimizations and GPU acceleration, security professionals can utilize Hashcat to evaluate password systems and recover lost passwords.
By mastering this tool, ethical hackers gain a very useful skill for penetrations testing and forensics jobs requiring deep knowledge of passwords. However responsible usage following laws is critical.
