How to Use the Command 'hashcat' (with examples)

How to Use the Command 'hashcat' (with examples)

Hashcat is a powerful and widely-used password recovery tool that is known for its speed and advanced capabilities. It is an open-source tool that supports numerous hashing algorithms, including MD5, SHA-1, and bcrypt. Hackers, IT professionals, cybersecurity experts, and forensic analysts leverage Hashcat to crack hashed passwords through different methods, such as brute-force attacks and dictionary attacks. Whether you are conducting a penetration test or recovering lost passwords legally, Hashcat provides flexible and customizable functionality.

Use Case 1: Perform a Brute-Force Attack with the Default Hashcat Mask

Code:

hashcat --hash-type hash_type_id --attack-mode 3 hash_value

Motivation:

The brute-force attack is one of the most basic yet powerful methods of cracking hashed passwords. It systematically attempts every possible combination until the correct one is found. This method is invaluable when you don’t have prior knowledge of the password’s structure.

Explanation:

  • --hash-type hash_type_id: Specifies the type of hash you are trying to crack. Each hash algorithm has a unique ID that Hashcat uses to identify what it’s working with.
  • --attack-mode 3: This denotes a brute-force attack. Hashcat has several attack modes, with mode 3 being designed for brute-force.
  • hash_value: The hash that you need to crack. This is the target of the brute-force attack.

Example Output:

Hash.Type.......: SHA-256
Status..........: Cracked
Hash............: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Password........: password123

Use Case 2: Perform a Brute-Force Attack with a Known Pattern of 4 Digits

Code:

hashcat --hash-type hash_type_id --attack-mode 3 hash_value "?d?d?d?d"

Motivation:

When you know that a password consists solely of digits, you can drastically reduce the time it takes to crack it by using a specific mask pattern like ?d?d?d?d, which represents exactly four digits.

Explanation:

  • ?d: Represents a numeric digit, from 0 to 9. The four ?d placeholders specify that you are targeting a four-digit numeric password.

Example Output:

Hash.Type.......: SHA-256
Status..........: Cracked
Hash............: 25f9e794323b453885f5181f1b624d0b
Password........: 1234

Use Case 3: Perform a Brute-Force Attack Using at Most 8 of All Printable ASCII Characters

Code:

hashcat --hash-type hash_type_id --attack-mode 3 --increment hash_value "?a?a?a?a?a?a?a?a"

Motivation:

When a password can be made up of any printable ASCII characters and could be variable in length, starting from 1 character up to 8, the --increment option is an ideal way to efficiently handle the search. This caters to finding passwords which could be as short as a single character or as long as eight.

Explanation:

  • ?a: Represents all possible printable ASCII characters.
  • --increment: Enables increment mode, which begins at one character, and progressively tries larger character lengths up to the maximum specified.

Example Output:

Hash.Type.......: SHA-256
Status..........: Cracked
Hash............: 2d711642b726b04401627ca9fbac7f8
Password........: @#4abC*(

Use Case 4: Perform a Dictionary Attack Using the RockYou Wordlist

Code:

hashcat --hash-type hash_type_id --attack-mode 0 hash_value /usr/share/wordlists/rockyou.txt

Motivation:

Dictionary attacks are highly effective when you expect the password might be a commonly used one. The RockYou wordlist is famous for containing numerous real-world passwords and is useful for penetrating via a known set of passwords.

Explanation:

  • --attack-mode 0: Denotes a dictionary attack which involves using a list of potential passwords.
  • /usr/share/wordlists/rockyou.txt: This is the path to the RockYou wordlist file, which will be used in attempts to decode the hash.

Example Output:

Hash.Type.......: SHA-256
Status..........: Cracked
Hash............: 5f4dcc3b5aa765d61d8327deb882cf99
Password........: password

Use Case 5: Perform a Rule-Based Dictionary Attack with RockYou Wordlist

Code:

hashcat --hash-type hash_type_id --attack-mode 0 --rules-file /usr/share/hashcat/rules/best64.rule hash_value /usr/share/wordlists/rockyou.txt

Motivation:

A rule-based attack modifies words in the wordlist according to specified rules to generate variations that might correspond to a stronger version of a common password. This approach balances between guessing common passwords and those with typical structures but added complexity.

Explanation:

  • --rules-file /usr/share/hashcat/rules/best64.rule: Applies predefined transformation rules to each word in the wordlist to produce variations and permutations.

Example Output:

Hash.Type.......: SHA-256
Status..........: Cracked
Hash............: 848662e355ae4cb43c41aeb62aaa942
Password........: Passw0rd!

Use Case 6: Perform a Combination Attack Using Two Custom Dictionaries

Code:

hashcat --hash-type hash_type_id --attack-mode 1 hash_value /path/to/dictionary1.txt /path/to/dictionary2.txt

Motivation:

When a password is suspected to be a combination of words or phrases from two different dictionaries, a combination attack can be highly effective. This type of attack will use all possible concatenations of entries from each dictionary as potential passwords.

Explanation:

  • --attack-mode 1: Specifies a combination attack, which tries each word in the first dictionary with each word in the second.

Example Output:

Hash.Type.......: SHA-256
Status..........: Cracked
Hash............: 60b725f10c9c85c70d97880dfe8191b3
Password........: hello123

Use Case 7: Show Result of an Already Cracked Hash

Code:

hashcat --show hash_value

Motivation:

Sometimes, after running a cracking session, you want to verify which passwords were successfully cracked. This command allows viewing the results without having to crack the hash again.

Explanation:

  • --show: Displays the cracked password associated with the given hash if a successful match was found in a previous session.

Example Output:

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:password123

Use Case 8: Show All Example Hashes

Code:

hashcat --example-hashes

Motivation:

Before beginning any password recovery work, it’s valuable to understand the format your target hash should look like, especially if you’re unfamiliar with the specific hash type you’re working with. This command provides examples of what you should expect.

Explanation:

  • --example-hashes: Outputs different example hashes that Hashcat can work with, organized by hash type.

Example Output:

SHA-256  : 1111111112f0e06f3ac20daf3b4393fc5f2278e3437e1c73db5839f8d0c9c8fb
MD5      : f379eaf3c831b04de153469d1bec345e

Conclusion

Hashcat is an adaptable tool with a wide range of capabilities tailored for password recovery across various methodologies. From brute-force attacks to combination and dictionary attacks, Hashcat provides robust options for efficiently retrieving passwords from hashes. By understanding how to utilize each of these approaches through specific commands, cybersecurity experts and IT professionals are well-equipped to tackle password cracking scenarios legally and ethically.

Tags :

Related Posts

How to Use the Command 'go mod' (with Examples)

How to Use the Command 'go mod' (with Examples)

The go mod command is an essential tool in the Go programming language ecosystem.

Read More
How to use the command 'shift' (with examples)

How to use the command 'shift' (with examples)

The shift command is a built-in shell command commonly used in bash and other shell environments.

Read More
How to Use the Command 'crane export' (with examples)

How to Use the Command 'crane export' (with examples)

The crane export command is a tool from the go-containerregistry project, primarily used for exporting the filesystem of a container image as a tarball.

Read More