How to Crack Passwords Using Hashcat on Linux – Guide

In systems and databases, passwords are rarely stored in plain text. Passwords are always hashed before being stored in the database and the hash is compared during the verification process. Depending on the encryption used, different systems store password hashes in different ways. And if you have hashes, you can crack any password easily. Hash converts normal input text into a fixed-length string of text using a mathematical function known as a hash function. Any text, regardless of its length, can be converted to a random combination of integers and letters using an algorithm. Hashcat is the fastest password recovery tool. It is designed to crack highly complex passwords in a short amount of time. And this tool is also capable of performing wordlist and brute force attacks. Hashcat has two variants. Based on CPU and GPU (Graphical Processing Unit). The GPU-based tool can crack hashes in less time than the CPU. You can check the GPU driver requirements on its official website. Password representations are mostly associated with hash keys such as MD5, SHA, WHIRLPOOL, RipeMD, NTMLv1, NTMLv2, and so on. They are also defined as a one-way function – this is a mathematical operation that is easy to perform but very difficult to reverse engineer.

How to break hashes

The easiest way to crack a hash is to try to guess the password first. Each attempt is hashed and then compared to the actual hash value to see if they are the same, but the process can take a long time. Dictionary and brute force attacks are the most common methods used to guess passwords. These techniques use a file containing words, phrases, common passwords, and other strings of characters that are likely to be used as viable passwords. It should be noted that there is no guaranteed way to prevent dictionary attacks or brute force attacks. Other approaches used to crack passwords:

Cracking passwords with Hashcat

Hashcat can be downloaded here. It can be used on Kali Linux and is pre-installed on the system. Has the following features:

How to crack a password through a dictionary attack

Create a dictionary with MBD5 hashes

To start this demo, we will create multiple hash entries containing multiple passwords. In detail, they will be sent to a file called “target_hashes”. Each command must be executed in the terminal, as shown below: The -n option removes the newline added to the final of “Password”. This is important as we don’t want newline characters to be encrypted with our password. The “tr –d ‘ -‘ “ part removes any characters that are a space or hyphen from the output.

Check password hashes

To do this, we need to type the following command line in the terminal:

Start Hashcat on Kali Linux

Hashcat can be started from the Kali console with the following command line: hashcat -h. Some of the most important hashcat options are -m (the hash type) and -a (attack mode). In general, we need to use both options in most password cracking attempts when using Hashcat. Hashcat also created specific rules to use in a wordlist file. The character list can be customized to crack the password(s). Finally, Hashcat offers several options for password hashes that can be cracked.

breaking the hashes

At the final step, now we can start breaking the hashes contained in the target_hashes.txt file. We will use the following command line as illustrated below:

Final note

I hope you like the guide How to Crack Passwords Using Hashcat on Linux. In case if you have any query regards this article you may ask us. Also, please share your love by sharing this article with your friends.