How to Install and use Hashcat for password recovery on Linux : [Cyber Forensics]

Updated on October 12, 2017

Hashcat is an advanced CPU-based password recovery utility available for Windows, Mac and Linux. It provides 7 unique modes of attack (like Brute-force, Dictionary, Permutation, Prince, Table-Lookup, Combination etc., ) for over 100 optimized hashing algorithms (like md5, sha256, sha512 etc.,). Hashcat is considered to be world’s fastest CPU-based password recovery tool. Meanwhile Hashcat’s counterpart oclHashcat runs on GPU much faster than Hashcat. Hashcat’s current version is 2.00 and can be obtained from its website.

How passwords are stored?

If an application or service is storing your password – like Google, SSH on Linux the password is generally stored in the form of hash. A hash is basically a secure way of storing passwords based upon mathematical algorithm which is not reversible. Once you have a hash, it is theoretically impossible to get the original password from it.

How to crack hashed passwords ?

Consider an attacker gets the password hash. To crack a password from the hash, he need to start generating various combinations of hashes from the known dictionary based passwords until he eventually matches with the hash.

Essentially, the attacker has to be very patient as he has to try thousands, millions, billions and sometimes trillions of passwords before he finds the right one!

Alright, but how do you make so many guesses to find a matching hash?

Here, the Hashcat tool comes to your rescue. Hashcat automates the guessing process and compare the results for you.
In this tutorial, I would be explaining how to use the CPU version of Hashcat. Additionally, As my system is 64-bit, I would be using 64-bit version of Hashcat.

Hashcat - A Password Recovery Utility on Linux

Lets Begin the journey of Cracking Passwords…..

Download Hashcat:

Download the latest Hashcat on your Linux distribution (My Distribution is Ubuntu) from the Hashcat website.

$ wget https://hashcat.net/files/hashcat-2.00.7z

To extract the archive, you need to have 7zip utility installed. If you don’t have it on your system, install it:

Redhat/Centos/Fedora

$ yum install p7zip

In case, if yum install didn’t work for you, then you need to setup YUM repository that contains p7zip package.

Ubuntu/Debian

$ apt-get install p7zip

Unpack:

Extract the archive using the installed 7zip utility

Redhat/Centos/Fedora

$ 7za x hashcat-2.00.7z

Ubuntu/Debian

$ p7zip -d hashcat-2.00.7z

Now change to the Hashcat directory:

$ cd hashcat-2.00

You can see the binary executable as shown below:

$ ls -l hashcat-cli*.bin
In latest version of HashCat 3.6.0

The binary file is named as hashcat64.bin if it is 64bit and hashcat32.bin if it is 32bit

Based on your Hardware & OS installation, choose either 32bit or 64 bit binary. You can find out using the command:

$uname -a
 Linux ubuntu 3.13.0-65-generic #106-Ubuntu SMP Fri Oct 2 22:08:27 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux

Since my OS is 64 bit, I would use Hashcat  binary compiled on 64bit (hashcat-cli64.bin). Just to make our lives easier, lets copy the binary to the standard binary locations like : /usr/bin/

$ cp hashcat-cli64.bin /usr/bin/

Link to a shorter form :

ln -s /usr/bin/hashcat-cli64.bin /usr/bin/hashcat

Great! From now on you can use the command hashcat whenever you want to use Hashcat as shown below:

$ hashcat --help

Exited to start it, then first thing is to jump to examples directory to see how does the password cracking works:

$ ls examples/

The examples are arranged based on Attack Mode (A) and the hash type (M). Lets try the simple cracking of MD5 hash type using dictionary attack mode. Pass the Hash file and the corresponding password dictionary file as arguments to the executable hashcat as shown below:

$ hashcat A0.M0.hash A0.M0.word
 Initializing hashcat v2.00 with 2 threads and 32mb segment-size...
Added hashes from file A0.M0.hash: 102 (1 salts)
b19cdd8f0b55cb888c97ec77ab1ad402:rQ-Vv2&kog_p+CMyI;/VFDD.|MQe0/eV6bi9i^"yWP('iT
 73ff3971460e3d4490049086207e4a1e:$<-+1Jz?dPL)[;)mg<so'R 5Ri0':.m^Rfv?,x[G
 7718d0884dcdd356c77de6ff4c0ad58e:>RHc
 :::::::::::::::::::::::::::::
 :::::::::::::::::::::::::::::
 All hashes have been recovered
Input.Mode: Dict (A0.M0.word)
 Index.....: 1/1 (segment), 102 (words), 2769 (bytes)
 Recovered.: 102/102 hashes, 1/1 salts
 Speed/sec.: - plains, 101 words
 Progress..: 102/102 (100.00%)
 Running...: 00:00:00:01
 Estimated.: --:--:--:--
Started: Wed Dec 16 04:41:18 2015
 Stopped: Wed Dec 16 04:41:20 2015

The above execution could successfully recover 102 hashes! Fantastic isn’t it? Of course, cracking hashes on the real world won’t be this simple, but this is of a great first step.

Read On: How to guide for cracking Password Hashes with Hashcat using dictionary method

Happy Cracking!

Was this article helpful?

Related Articles

Comments Leave a Comment

    1. get ubuntu on termux and follow the ubuntu method. just google “ubuntu on termux” and youll find it

Leave a Comment