We earn commission when you buy through affiliate links.
This does not influence our reviews or recommendations.Learn more.
In systems and databases, passwords are rarely saved in plain-text form.
Depending on the encryption employed, different systems store password hashes in different ways.
And if you have hashes, you’re able to easily crack any password.
So lets get started.
But before that…
What is a Hash function?
What is Hashcat?
Hashcatis the quickest password recovery tool.
It was designed to break the high complex passwords in a short amount of time.
And this tool is alsocapableofbothwordlistandbruteforceattacks.
Hashcat has two variants.
CPU and GPU (Graphical Processing Unit) based.
The GPU-based tool can crack the hashes in less time than the CPU.
it’s possible for you to check the GPU driver requirements on their official website.
And you’re able to see other features also from their website.
For this, open a terminal and jot down:
Hashcat is usually pre-installed in Kali Linux.
you’re able to find the tool under the password cracking section.
How to Use Hashcat
To get started with Hashcat, well need some password hashes.
If you dont have a hash to crack, we will create some hashes first.
To create hashes using the command line, just follow the below format.
And the output will be saved in the crackhash.txt file.
Now we will check the hashes which were saved in the given file.
you could see, now we have some hashes to crack.
This is the procedure to create a hash by using the algorithm of your choice.
The next step is to kick start a Hashcat tool in your Linux machine.
Just use the following command to use Hashcat.
Itll bring up all of the options youll need to know to trigger the tool.
On the terminal, you’re able to find all the attack and hashcat modes.
The wordlist I am going to use is rockyou wordlist.
you’re able to easily find that wordlist in the path /usr/share/wordlists.
you might even use the locate command to find that wordlist path.
And finally, to crack the hashes using the wordlist file, use the following command.
To resolve this, save each hash separately in a different file.
This error occurs if you have a low CPU or GPU speed.
So after fixing the error and everything, the result will be like this.
Conclusion
I hope you have gained a better understanding of using Hashcat to crack passwords.
You may also be interested in knowing about the variousbrute-force toolsfor penetration testing and some of thebest pentesting tools.
