LabEx
Log InJoin For Free

Crack Hashes in Hashcat

Beginner
Practice Now

Introduction

In this lab, you will learn how to use Hashcat, the world's fastest password recovery tool, to crack cryptographic hashes. You'll practice installing Hashcat, preparing hash files, configuring GPU acceleration, and executing brute-force attacks against sample MD5 hashes.

The hands-on exercises will guide you through cracking real-world password examples while optimizing performance. You'll gain practical experience with essential cybersecurity techniques for password recovery and security testing.

Skills Graph

Install Hashcat

In this step, you will install Hashcat, the world's fastest password recovery tool. Hashcat is a powerful utility used for cracking hashes through various attack methods like brute-force, dictionary, and rule-based attacks.

Before we begin, let's understand what hashes are. A hash is a fixed-length string generated by a mathematical function that takes an input (like a password) and produces a scrambled output. Password systems store these hashes instead of plain text passwords for security. Hashcat helps recover the original password by trying different combinations to match the stored hash.

First, we need to ensure we're in the correct working directory. The ~/project directory is where we'll perform all our lab operations:

cd ~/project

Now we'll install Hashcat using Ubuntu's package manager. The package manager handles downloading and setting up software along with its dependencies. We run two commands together: first updating the package list (update), then installing Hashcat (install):

sudo apt-get update && sudo apt-get install -y hashcat

The -y flag automatically confirms the installation, saving us from having to type 'yes' during the process.

After installation completes, let's verify Hashcat is properly installed by checking its version. This is a good practice to confirm the software is ready for use:

hashcat --version

You should see output showing the installed version number, for example:

v6.2.6

Seeing this version number means Hashcat is correctly installed on your system. In the next steps, we'll use it to work with actual hash files and perform cracking operations. The version number is also useful when looking up documentation or troubleshooting, as features may vary between versions.

Prepare a Hash File

In this step, you will create a sample hash file that will be used for cracking in subsequent steps. A hash is a fixed-length string generated by a cryptographic algorithm that represents input data. Hash files contain these cryptographic hashes that we'll attempt to crack using Hashcat.

First, ensure you're in the correct working directory. The cd command changes your current directory:

cd ~/project

Let's create a simple text file containing MD5 hashes. MD5 is a widely-used cryptographic hash function that produces a 128-bit hash value. We'll use the nano text editor to create and edit a new file:

nano hashes.txt

Add the following sample MD5 hashes to the file. These are common test hashes with known plaintext values (press Ctrl+O to save and Ctrl+X to exit nano):

5f4dcc3b5aa765d61d8327deb882cf99  ## password: "password"
098f6bcd4621d373cade4e832627b4f6  ## password: "test"

Alternatively, you can create the file directly using echo commands. The > operator creates a new file, while >> appends to an existing file:

echo "5f4dcc3b5aa765d61d8327deb882cf99" > hashes.txt
echo "098f6bcd4621d373cade4e832627b4f6" >> hashes.txt

Verify the contents of your hash file using the cat command, which displays file contents in the terminal:

cat hashes.txt

You should see the two MD5 hashes displayed in your terminal. This file will serve as our target for hash cracking in the next steps when we configure Hashcat and run brute-force attacks. Having known test hashes helps verify that our cracking setup is working correctly.

Configure GPU Support

In this step, you will configure Hashcat to utilize GPU acceleration for faster hash cracking. Hashcat can leverage both CPU and GPU resources, but GPUs are particularly effective for password cracking because they contain thousands of small cores that can perform many calculations simultaneously. This parallel processing capability makes GPUs much faster than CPUs for brute-force attacks.

Before configuring GPU support, let's first check what hardware devices are available to Hashcat. Run this command to list all detected OpenCL devices:

hashcat -I

This command will display available OpenCL devices. In the LabEx VM environment, you should see output similar to:

OpenCL Platform #1: NVIDIA Corporation
* Device #1: NVIDIA GeForce GTX 1080 Ti, 10240/11264 MB allocatable, 28MCU

The output shows your GPU details, including its model and memory capacity. Now we'll create a configuration file to optimize Hashcat's performance. Configuration files help automate settings so you don't need to type them every time.

Create and edit the configuration file with:

nano ~/.hashcat/hashcat.conf

Add the following configuration (press Ctrl+O to save and Ctrl+X to exit):

--force
--opencl-device-types=1,2
--workload-profile=4

Let's understand what each parameter does:

  • --force tells Hashcat to continue even if it detects potential issues (useful in lab environments)
  • --opencl-device-types=1,2 enables both CPU (type 1) and GPU (type 2) devices for processing
  • --workload-profile=4 sets the highest performance profile, prioritizing speed over power saving

To confirm everything is working correctly, run a benchmark test:

hashcat -b

The benchmark will test various hash algorithms and display performance metrics like:

Speed.#1.........: 12345.7 MH/s (98.23ms) @ Accel:1024 Loops:1024 Thr:256 Vec:1

These numbers show how many hashes your system can attempt per second. Higher values mean faster cracking. The benchmark confirms GPU acceleration is active and ready for use in the next step where we'll perform the actual brute-force attack.

Run a BruteForce Attack

In this step, you will execute a brute-force attack using Hashcat to crack the MD5 hashes we prepared earlier. A brute-force attack is a trial-and-error method that systematically checks all possible character combinations until it finds the correct password. This approach is particularly useful when you have no information about the password structure.

First, let's navigate to our working directory where we stored the hash file. This ensures Hashcat can access the file we want to crack:

cd ~/project

Now we'll use Hashcat with specific parameters designed for our attack:

  • -m 0 tells Hashcat we're working with MD5 hashes (each hash type has a specific number in Hashcat)
  • -a 3 sets the attack mode to brute-force
  • ?a?a?a?a defines our password mask - this means we're looking for exactly 4-character passwords that could include:
    • Lowercase letters (a-z)
    • Uppercase letters (A-Z)
    • Numbers (0-9)
    • Special characters (!@#$% etc.)

Execute the brute-force attack with this command:

hashcat -m 0 -a 3 hashes.txt ?a?a?a?a --force

As Hashcat runs, it will display real-time statistics in your terminal. This output helps you monitor the cracking progress:

Session..........: hashcat
Status...........: Running
Hash.Name........: MD5
Hash.Target......: hashes.txt
Time.Started.....: [timestamp]
Speed.#1.........: [speed] H/s
Recovered........: 0/2 (0.00%)
Progress.........: [progress]
Rejected.........: 0
Restore.Point....: 0

The cracking speed (H/s) shows how many hash calculations your system is performing per second. The progress indicator helps estimate remaining time. For a 4-character password, this might take several minutes depending on your hardware.

When the attack completes, we can check the results. The following command displays any successfully cracked passwords:

hashcat -m 0 hashes.txt --show

Successful output will pair each hash with its discovered plaintext password:

5f4dcc3b5aa765d61d8327deb882cf99:password
098f6bcd4621d373cade4e832627b4f6:test

This output confirms Hashcat successfully reversed both MD5 hashes in our test file back to their original passwords. The first column shows the hash we started with, while the second column reveals the actual password that created that hash.

Verify Cracked Hashes

In this final step, you will verify and analyze the results of your brute-force attack. Hashcat automatically stores successfully cracked passwords in a special file called the "potfile". This acts as a database of all passwords you've recovered during your cracking sessions. We'll examine this to confirm which passwords were successfully cracked.

First, let's navigate to our working directory where we stored our hash file. This ensures we're working with the correct files:

cd ~/project

To view all cracked hashes from your attack, we use the --show flag with Hashcat. This command specifically looks for MD5 hashes (mode 0) in our hashes.txt file and displays any matches found in the potfile:

hashcat -m 0 hashes.txt --show

You should see output similar to this, showing the original hash followed by its cracked plaintext password:

5f4dcc3b5aa765d61d8327deb882cf99:password
098f6bcd4621d373cade4e832627b4f6:test

For a more comprehensive understanding of your cracking session, the --status flag provides valuable statistics. This shows how many hashes were cracked, the hash type, and performance metrics:

hashcat -m 0 hashes.txt --status

This will display important information including:

Session.Name.....: hashcat
Status..........: Exhausted
Hash.Name.......: MD5
Hash.Target.....: hashes.txt
Time.Started....: [timestamp]
Time.Estimated..: [timestamp]
Recovered.......: 2/2 (100.00%)
Progress.......: [progress]
Speed.#1.......: [speed] H/s

To generate a complete report of your cracking session that you can save and review later, use the following commands. The first creates a formatted report file, and the second displays its contents:

hashcat -m 0 hashes.txt --outfile-format=2 --outfile=results.txt
cat results.txt

The report will contain detailed information about each cracked hash, including the hash type, plaintext password, and the exact time it took to crack each one. This documentation is particularly useful when you need to analyze your cracking performance or share results with others.

Summary

In this lab, you have learned how to install and configure Hashcat, a powerful password recovery tool, by updating the package manager and verifying its version. You also prepared a hash file containing sample MD5 hashes and confirmed its contents using basic Linux commands.

Additionally, you explored Hashcat's GPU support for performance optimization and conducted a brute-force attack to crack the sample hashes. This practical exercise demonstrated Hashcat's essential role in cybersecurity for password recovery and vulnerability assessment scenarios.