Introduction
Welcome to the world of hashing and password cracking! Hashing is a fundamental concept in cybersecurity, used to verify data integrity and store passwords securely. A hash function takes an input (like a password) and returns a fixed-size string of bytes, the hash. This process is designed to be one-way, meaning you can't easily reverse it to get the original input.
Hashcat is a world-renowned, powerful password recovery tool. Before you can use it effectively, you must understand the basics of what hashes are and how to handle them.
In this lab, you will learn the foundational concepts of hashing. You will explore common hash types, generate your own hash, prepare it for use with Hashcat, and understand the crucial difference between a password and its hash. This knowledge is the first essential step on your journey to mastering Hashcat.
Understand common hash types - MD5, SHA1, and NTLM
In this step, you will learn about three common hash types that you will frequently encounter in the field of cybersecurity: MD5, SHA1, and NTLM. There are no commands to run in this step; the goal is to understand these core concepts.
What is a Hash? A hash is a unique, fixed-size string of characters that is generated from a piece of data. Hashing algorithms are designed to be one-way functions, meaning that it's computationally infeasible to reverse the process and find the original input data from the hash alone.
MD5 (Message Digest 5) MD5 is one of the oldest and most widely known hashing algorithms. It produces a 128-bit (32-character hexadecimal) hash value. While it was once popular for password storage, it is now considered insecure for that purpose due to vulnerabilities that make it susceptible to "collisions" (where two different inputs produce the same hash). Today, it's primarily used for verifying file integrity to ensure a file has not been altered during transfer.
SHA-1 (Secure Hash Algorithm 1) SHA-1 was developed as a successor to MD5. It produces a 160-bit (40-character hexadecimal) hash. Like MD5, SHA-1 is also no longer considered secure for cryptographic purposes due to discovered weaknesses. However, you will still find it in older systems and legacy applications.
NTLM (NT LAN Manager) NTLM is a hashing algorithm used by Microsoft Windows to store user passwords. When you set a password on a Windows system, it is converted into an NTLM hash and stored. These are a common target in penetration testing engagements involving Windows environments.
Understanding these types is the first step in identifying a hash and choosing the correct method to crack it.
Create an MD5 hash from a string using 'echo' and 'md5sum'
In this step, you will generate an MD5 hash from a simple text string. This is a common task to quickly hash a piece of data from the command line. We will use two standard Linux utilities: echo and md5sum.
First, let's understand the tools:
echo: This command is used to display a line of text.md5sum: This command computes and checks MD5 message digests.|(Pipe): This operator sends the output of the command on its left as input to the command on its right.
We will hash the string password123. It's important to use the -n flag with echo. This tells echo not to output the trailing newline character, which would otherwise be included in the hash calculation and produce a different result.
Execute the following command in your terminal:
echo -n "password123" | md5sum
You will see the following output. The long string of characters is the MD5 hash of "password123", and the - indicates that md5sum read its input from standard input (the pipe) instead of a file.
482c811da5d5b4bc6d497ffa98491e38 -
You have now successfully created your first hash!
Prepare a text file containing a single target hash
In this step, you will create a file to store the hash you generated. Hashcat and other password cracking tools typically work with files containing one or more hashes, not direct string input. This allows you to target many hashes at once.
We will use the MD5 hash for password123 that you generated in the previous step: 482c811da5d5b4bc6d497ffa98491e38.
We can use the echo command again, but this time we will use the output redirection operator > to write the string into a new file named target_hash.txt. This command will create the file in your current directory (~/project).
Run the following command to create the file:
echo "482c811da5d5b4bc6d497ffa98491e38" > target_hash.txt
Now, let's verify that the file was created correctly and contains the hash. Use the cat command to display the contents of the file:
cat target_hash.txt
The output should be the hash itself:
482c811da5d5b4bc6d497ffa98491e38
You now have a properly formatted target file, ready for a cracking tool like Hashcat.
Identify the correct hash mode for MD5 from Hashcat's help
In this step, you will learn how to find the correct mode for a specific hash type in Hashcat. Hashcat supports hundreds of different hashing algorithms, and you must tell it exactly which type of hash you are trying to crack. This is done using a numeric "hash mode".
To find the correct mode, you can use Hashcat's built-in help menu. Running hashcat --help will display a very long list of all supported hash types and their corresponding modes. To find what we need quickly, we can pipe this output to the grep command to search for "md5".
Run the following command to search for the MD5 hash mode:
hashcat --help | grep -i "md5"
The -i flag in grep makes the search case-insensitive. You will see a lot of output, as there are many variations of MD5. Look for the most basic one.
...
0 | MD5 | Raw Hash
...
2410 | Cisco-ASA MD5 | Operating System
...
As you can see in the output, the hash mode for a standard, raw MD5 hash is 0. This is the number you would provide to Hashcat with the -m flag (e.g., -m 0) to tell it you are cracking an MD5 hash.
Differentiate between a hash and a password
In this final step, we will reinforce the critical difference between a password and its hash. This is a fundamental concept in password cracking.
- The Password is the secret, human-readable string. In our example, it is
password123. - The Hash is the scrambled, fixed-length string generated from the password. In our example, it is
482c811da5d5b4bc6d497ffa98491e38.
Password cracking does not reverse the hash. Instead, it works by taking a list of potential passwords (a wordlist), hashing each one, and comparing the result to the target hash. If they match, the password has been found.
To illustrate this, let's create a simple wordlist file. In a real scenario, this file would contain millions of password guesses. For this lab, it will just contain the one correct password.
Create a file named potential_passwords.txt with the original password:
echo "password123" > potential_passwords.txt
Now, let's look at the two files you have prepared. Use the ls command to see them in your directory.
ls
potential_passwords.txt target_hash.txt
You have target_hash.txt, which contains the hash to be cracked, and potential_passwords.txt, which contains the password to test. This separation is key to how password cracking tools operate.
Summary
Congratulations on completing this lab! You have successfully learned the essential fundamentals of hashing that are required before using a tool like Hashcat.
In this lab, you have:
- Learned the concepts behind common hash types like MD5, SHA-1, and NTLM.
- Generated an MD5 hash from a string using the
echoandmd5sumcommands. - Prepared a target hash file, which is the standard format for cracking tools.
- Used the
hashcat --helpcommand to identify the correct hash mode for MD5. - Solidified your understanding of the crucial difference between a password and its corresponding hash.
With this foundation, you are now better prepared to move on to more advanced labs where you will use these files and concepts to perform an actual password cracking attack with Hashcat.
