How to Use hashcat to Crack Hashes on Linux
Hashcat is a free and open-source password cracking utility that supports more than 200 algorithms out of the box. Hashcat is primarily designed to crack password hashes, but it’s also used for other purposes such as finding hidden messages in files or cracking WPA/WPA2 wireless network keys.
– A Linux system.
– Hashcat installed.
– A file containing hashes to crack.
– A wordlist containing possible passwords.
Once you have the above requirements, let’s dive into the steps.
Step 1: Create a Hash File
The first step to cracking hashes is to create a hash file. A hash file contains hashes that you want to crack. You can create a hash file by copying and pasting hashes into a text file or by generating a hash file using a tool like Hashcat. To create a hash file with Hashcat, execute the following command:
$ echo ‘password’ | hashcat -m 0 -o hash.txt
This command will create a hash file named hash.txt that contains the MD5 hash of the password ‘password’. The -m option specifies the hash type, and in this case, it’s ‘0’, which corresponds to MD5.
Step 2: Create a Wordlist
The second step is to create a wordlist containing possible passwords. You can create your wordlist by using any text editor or by downloading one from the internet. The more words your wordlist contains, the higher the chance you will crack the hash. Keep in mind that a larger wordlist will also take more time to process.
Step 3: Run Hashcat
Now that you have created a hash file and a wordlist, it’s time to put Hashcat into action. To start Hashcat, execute the following command:
$ hashcat -m 0 hash.txt wordlist.txt
This command will instruct Hashcat to use the hash file ‘hash.txt’ and the wordlist file ‘wordlist.txt’ to perform the cracking process. The -m option specifies the hash type that Hashcat should use, and in this case, it’s ‘0’.
Step 4: Perform Brute-force Attack (Optional)
If you don’t have a wordlist, you can still crack the hash using a brute-force attack. A brute-force attack involves trying every possible combination of characters until the correct password is found. To perform a brute-force attack with Hashcat, execute the following command:
$ hashcat -m 0 hash.txt ?a?a?a?a?a?a
This command will use a brute-force attack to crack the hash file ‘hash.txt’. The ‘?’ symbol represents a character that Hashcat will try to guess. The ‘a’ symbol specifies that Hashcat should use all lowercase letters to guess the character.