LabEx
Log InJoin Free

Perform a Basic Dictionary Attack in Hashcat

Kali LinuxBeginner
Practice Now

Introduction

Hashcat is a world-renowned password recovery tool, capable of cracking passwords using various attack methods. One of the most fundamental techniques is the dictionary attack, where the tool rapidly tests a list of potential passwords (a "dictionary" or "wordlist") against a target password hash.

In this lab, you will step into the shoes of a security analyst to understand password vulnerabilities. You will learn how to perform a basic dictionary attack against a sample MD5 hash using Hashcat. This hands-on experience will demonstrate why using common and simple passwords can be a significant security risk.

By the end of this lab, you will be able to:

  • Generate an MD5 hash.
  • Use a standard wordlist for an attack.
  • Execute a dictionary attack with Hashcat.
  • View the cracked password.

Let's get started!

Create a Sample MD5 Hash File

In this step, we will create the target for our attack. To perform a password attack, you first need a password hash. We will generate an MD5 hash for a simple password, "password123", and save it into a file. MD5 is a widely used but now insecure hashing algorithm, making it a good example for this educational exercise.

First, ensure you are in the ~/project directory. We will use the echo -n command to output our password string. The -n flag is crucial because it prevents echo from adding a newline character at the end, which would change the resulting hash.

We then pipe | this output to the md5sum command, which calculates the MD5 hash. Finally, we pipe the result to awk '{print $1}' to extract only the hash value itself, and redirect > the output to a file named myhashes.txt.

Execute the following command in your terminal:

echo -n "password123" | md5sum | awk '{print $1}' > myhashes.txt

Now, let's verify that the file was created correctly and contains the hash. Use the cat command to display its contents:

cat myhashes.txt

You should see the following output, which is the MD5 hash for "password123":

482c811da5d5b4bc6d497ffa98491e38

You now have a file containing the hash we will attempt to crack.

Locate the rockyou.txt Wordlist in Kali

In this step, we will identify the wordlist for our dictionary attack. A wordlist is simply a text file containing a large number of potential passwords, one per line. The rockyou.txt wordlist is one of the most famous and commonly used lists, containing over 14 million real-world passwords leaked from a 2009 data breach.

For your convenience, the lab setup script has already placed a copy of rockyou.txt into your current working directory, ~/project.

Let's confirm its presence and take a quick look at its contents. Use the ls -lh command to list the files in the directory and see the size of the wordlist:

ls -lh

You should see rockyou.txt in the output, along with your myhashes.txt file. Notice its size; it's a substantial file.

total 134M
-rw-r--r-- 1 labex labex   33 Dec  5 12:00 myhashes.txt
-rw-r--r-- 1 labex labex 134M Jun 11  2021 rockyou.txt

To get a glimpse of what the wordlist looks like, you can use the head command to view the first 10 lines of the file:

head rockyou.txt

The output will show you the first 10 passwords in the list:

123456
12345
123456789
password
iloveyou
12345678
1234567
111111
123123
qwerty

Now that we have our target hash and our wordlist, we are ready to build the attack command.

Construct the Dictionary Attack Command for MD5

In this step, we will learn how to construct the hashcat command for our dictionary attack. Understanding the command's components is key to using the tool effectively. We will not execute the command yet, but simply assemble it.

A basic hashcat command for a dictionary attack has the following structure:

hashcat [options] <hash-file> <wordlist-file>

Let's break down the specific options we will use:

  • -a 0: This specifies the attack mode. Mode 0 is for a "Straight" attack, which is the standard dictionary attack. Hashcat will simply go through the provided wordlist and try each password.
  • -m 0: This specifies the hash type. Hashcat supports hundreds of hash types, each with a unique code. The code for MD5 is 0. You can find a full list by running hashcat --help.
  • myhashes.txt: This is the first argument after the options, representing the file that contains the hash(es) we want to crack.
  • rockyou.txt: This is the second argument, representing the wordlist file to use for the attack.

Putting it all together, the complete command is:

hashcat -a 0 -m 0 myhashes.txt rockyou.txt

This command tells Hashcat to perform a dictionary attack (-a 0) on the MD5 hashes (-m 0) found in myhashes.txt, using the passwords from rockyou.txt.

In the next step, we will execute this command.

Execute the Attack on the Sample Hash

In this step, we will finally execute the command we constructed and launch the attack. Hashcat will read the hash from myhashes.txt and compare it against the MD5 hash of every password in rockyou.txt until it finds a match.

Run the following command in your terminal:

hashcat -a 0 -m 0 myhashes.txt rockyou.txt

Hashcat will start. You may see some warnings, which are normal. It will then display a status screen that updates periodically. Since "password123" is a very common password and is included in rockyou.txt, the cracking process should be very fast.

The output will look something like this (some details may vary):

hashcat (v6.2.6) starting

...

Session..........: hashcat
Status...........: Running
Hash.Name........: MD5
Hash.Target......: 482c811da5d5b4bc6d497ffa98491e38
Time.Started.....: ...
Time.Estimated...: ...
Guess.Base.......: File (rockyou.txt)
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........:  ... H/s (..., p:..., r:...)
...
Progress.........: 14344392/14344392 (100.00%)
Rejected.........: 0/14344392 (0.00%)
Restore.Point....: 14344392/14344392 (100.00%)
Restore.Sub.#1...: Salt:0 Amplifier:0-1 Iteration:0-1
Candidates.#1....: $HEX[50617373776f7264] -> zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz-a-zA-Z0-9+/=]{200,}

Approaching final keyspace - workload adjusted.

Cracked: 1/1 (100.00%)

Started: ...
Stopped: ...

Once the process is complete, Hashcat will show Status...........: Cracked. It automatically saves the cracked password in a file called a "potfile". This file acts as a database of cracked hashes so you don't have to re-crack them in the future.

View the Cracked Password using the --show Flag

In this step, you will learn how to view the results of a successful attack without running it again. Hashcat provides a convenient way to do this using the --show flag. This command checks the potfile for any hashes present in your input file and displays the corresponding plaintext passwords if they have been cracked.

To display the cracked password for the hash in myhashes.txt, run the following command:

hashcat -m 0 --show myhashes.txt

The -m 0 is still needed so Hashcat knows what type of hash to look for. The output will be clean and simple, showing the hash followed by its cracked password, separated by a colon:

482c811da5d5b4bc6d497ffa98491e38:password123

To further understand where this result is stored, you can view the contents of the potfile directly. The default location is ~/.local/share/hashcat/hashcat.potfile. Use cat to view it:

cat ~/.local/share/hashcat/hashcat.potfile

You will see the same hash and password pair stored there. Any future attacks will add new cracked passwords to this file.

482c811da5d5b4bc6d497ffa98491e38:password123

You have successfully cracked the MD5 hash and retrieved the original password!

Summary

Congratulations! You have successfully performed a basic dictionary attack using Hashcat.

In this lab, you have learned the fundamental workflow of password cracking for educational purposes. You started by creating a target MD5 hash, then utilized the common rockyou.txt wordlist. You constructed and executed a hashcat command, specifying the correct attack mode and hash type. Finally, you viewed the cracked password using the --show flag, confirming the success of your attack.

This exercise highlights the critical importance of using strong, unique, and complex passwords. A password found in a common wordlist, like "password123", can be cracked in seconds. Always use passwords that are long, random, and not easily guessable to protect your accounts.

Related Kali Linux Courses
Kali Linux for Beginners

Kali Linux for Beginners

cybersecuritykalilinux
Kali Server Exploitation in Action

Kali Server Exploitation in Action

cybersecuritykalilinux