LabEx
Log InJoin Free

Automate Cracking with a Bash Script

Kali LinuxBeginner
Practice Now

Introduction

In penetration testing and security auditing, it's common to try multiple password cracking techniques against a set of hashes. Running each command manually can be time-consuming and inefficient. Bash scripting provides a powerful way to automate this process, creating a chain of attacks that run sequentially until the password is found.

In this lab, you will create a Bash script to automate a series of attacks using hashcat, a popular and powerful password recovery tool. You will learn how to structure a script to first attempt a dictionary attack, followed by a rule-based attack, and finally a mask attack. This hands-on experience will introduce you to the basics of automation in a cybersecurity context.

Upon completion of this lab, you will be able to:

  • Create and make a Bash script executable.
  • Add a sequence of hashcat commands to a script.
  • Understand and implement different hashcat attack modes.
  • Execute a script to automate a workflow.

Create a New Bash Script File

In this step, you will create an empty Bash script file, add the necessary shebang line, and make it executable. A Bash script is a plain text file containing a series of commands. The shebang (#!/bin/bash) at the beginning of the script tells the system which interpreter to use to execute the commands within the file.

First, create a new file named attack.sh in the ~/project directory using the touch command.

touch attack.sh

Next, open the file with the nano text editor to add the shebang line.

nano attack.sh

Inside the nano editor, add the following line to the top of the file. This declares the file as a Bash script.

#!/bin/bash

Press Ctrl+X, then Y, and Enter to save the file and exit nano.

Finally, you need to give the script execute permissions so that you can run it as a program. Use the chmod command with the +x flag to do this.

chmod +x attack.sh

You can verify the permissions using ls -l. You should see an 'x' in the permissions block for attack.sh.

ls -l attack.sh

Expected output:

-rwxr-xr-x 1 labex labex 12 May 20 10:00 attack.sh

Add a Hashcat Command for a Dictionary Attack

In this step, you will add the first command to your script: a dictionary attack. This is one of the most common and effective password cracking methods. It works by trying every word from a given list (the dictionary) as a potential password.

We will use hashcat to perform this attack. The lab environment has been pre-configured with a hash file hashes.txt and a wordlist wordlist.txt.

Open your attack.sh script again with nano.

nano attack.sh

Add the following hashcat command below the #!/bin/bash line.

hashcat -m 0 -a 0 /home/labex/project/hashes.txt /home/labex/project/wordlist.txt

Let's break down this command:

  • hashcat: The program we are running.
  • -m 0: Specifies the hash type. 0 corresponds to MD5.
  • -a 0: Specifies the attack mode. 0 corresponds to a straight dictionary attack.
  • /home/labex/project/hashes.txt: The file containing the hash(es) to crack.
  • /home/labex/project/wordlist.txt: The dictionary file to use for the attack.

Your attack.sh file should now look like this:

#!/bin/bash
hashcat -m 0 -a 0 /home/labex/project/hashes.txt /home/labex/project/wordlist.txt

Press Ctrl+X, then Y, and Enter to save and exit. For now, we are just building the script and will not execute it until the final step.

Add a Second Command for a Rule-Based Attack

In this step, you will add a second attack to the script. If the dictionary attack fails, a rule-based attack is often the next logical step. This attack takes a wordlist and applies a set of rules to each word to generate new password candidates. For example, a rule might append "123" to every word or capitalize the first letter.

We have prepared a separate wordlist wordlist_for_rule.txt and a simple rule file rules.txt for this demonstration.

Open attack.sh with nano again.

nano attack.sh

Add the following command on a new line, after the dictionary attack command.

hashcat -m 0 -a 0 /home/labex/project/hashes.txt /home/labex/project/wordlist_for_rule.txt -r /home/labex/project/rules.txt

The new part of this command is:

  • -r /home/labex/project/rules.txt: This flag tells hashcat to apply the rules defined in the specified file.

Your attack.sh script should now contain two hashcat commands:

#!/bin/bash
hashcat -m 0 -a 0 /home/labex/project/hashes.txt /home/labex/project/wordlist.txt
hashcat -m 0 -a 0 /home/labex/project/hashes.txt /home/labex/project/wordlist_for_rule.txt -r /home/labex/project/rules.txt

Press Ctrl+X, Y, and Enter to save the changes. The script will now execute these commands sequentially when run.

Add a Third Command for a Mask Attack

In this step, you will add the final attack method to your script: a mask attack. This method is also known as a brute-force attack and is useful when you know something about the password's structure, such as its length or the types of characters it contains.

The mask defines the structure. For example, ?l represents a lowercase letter, ?u an uppercase letter, ?d a digit, and ?s a special character.

Open attack.sh one last time with nano.

nano attack.sh

Add the following mask attack command on a new line at the end of the script. This mask ?l?l?l?l?l?l?l?l will try all combinations of 8-character lowercase passwords.

hashcat -m 0 -a 3 /home/labex/project/hashes.txt ?l?l?l?l?l?l?l?l

The key parts of this command are:

  • -a 3: This sets the attack mode to 3, which is the mask attack.
  • ?l?l?l?l?l?l?l?l: This is the mask itself, defining the password structure to test.

Your complete attack.sh script should now look like this:

#!/bin/bash
hashcat -m 0 -a 0 /home/labex/project/hashes.txt /home/labex/project/wordlist.txt
hashcat -m 0 -a 0 /home/labex/project/hashes.txt /home/labex/project/wordlist_for_rule.txt -r /home/labex/project/rules.txt
hashcat -m 0 -a 3 /home/labex/project/hashes.txt ?l?l?l?l?l?l?l?l

Save the file and exit nano by pressing Ctrl+X, Y, and Enter. Your automated attack script is now complete.

Execute the Script to Run the Attack Chain Automatically

In this final step, you will execute the script you've built. When you run ./attack.sh, the shell will execute the commands inside it one by one. hashcat is smart; once it cracks a hash, it stores the result in a "potfile" (~/.local/share/hashcat/hashcat.potfile) and won't try to crack it again.

Now, run the script from your terminal.

./attack.sh

The script will start the first hashcat command. Since our wordlist.txt contains the correct password ("password"), the first attack will succeed. You will see output from hashcat as it initializes and runs.

A successful run will show a Cracked status. Because the password is found in the first step, hashcat will add it to the potfile. The subsequent commands in the script will run, but hashcat will see that the hash is already cracked and will skip it.

To see the cracked password, you can use hashcat's --show option.

hashcat -m 0 --show /home/labex/project/hashes.txt

This command checks the potfile for any cracked hashes corresponding to the input file and displays them.

Expected output:

5f4dcc3b5aa765d61d8327deb882cf99:password

Congratulations! You have successfully created and executed a Bash script to automate a chain of password cracking attacks.

Summary

In this lab, you have learned the fundamentals of automating security tasks using Bash scripting. You successfully created a script that chains together multiple hashcat password cracking techniques.

You started by creating a new Bash script file and making it executable. Then, you progressively added commands for a dictionary attack, a rule-based attack, and a mask attack. Finally, you executed the script to see it in action, observing how hashcat efficiently finds the password in the first stage and records the result.

The key skills you've practiced include:

  • Basic Bash script creation (touch, chmod, shebang).
  • Using hashcat for different attack modes (-a 0, -a 3).
  • Implementing dictionary, rule-based, and mask attacks.
  • Automating a sequence of commands to create an efficient workflow.

This approach of scripting and automation is a core skill in cybersecurity, system administration, and many other IT fields, allowing you to perform complex, repetitive tasks with a single command.

Related Kali Linux Courses
Kali Linux for Beginners

Kali Linux for Beginners

cybersecuritykalilinux
Kali Server Exploitation in Action

Kali Server Exploitation in Action

cybersecuritykalilinux