Disclaimer! Today, We are going to learn, some basics of hash cracking with hashcat using dictionary attack.
Like, last hashcat tutorial, we are going to use hash type & attack mode & first I use sha2-512 hash, that counts in strong hashes. We use straight mode for wordlist or dictionary attack. Before we start, you need word lists for dictionary attack. If you are currently running Kali Linux, you can find many wordlists in it.
Some wordlists you find on “/usr/share/wordlists”, just press double tab to see contents in wordlists folder. There are many dictionaries, if you want to check these, you should do. But I am only interested in “rock you”.
Txt”wordlist, that contains at least 14 million passwords. Now first thing is, that password we want to crack, that actually inside the wordlist, or not. So, what am I going to do is, grep that password, like “JustLinux”, from RockYou wordlist.
As you see, I got no output, that means, this word list did not have it. But I still want to put that password in the wordlist. So, type echo, then password, & double greater sign (>>), then the path of the wordlist, then press enter.
Now my password is inside the dictionary.
But an interesting thing is, that is the last password of the dictionary. So, if I check that password position in the dictionary, that will be the last password of a dictionary. On that position of password and number of passwords in the dictionary are the same. So, this is the number of that last password,& also amount of passwords in the dictionary.
So, this is a little bit information, that you should like to before start hash cracking using dictionary attack. First, an open site where you want to like generate a hash code and pick a hash algorithm that’s you like, but I like to pick sha2 512 hash for crack, then I generate a hash for that password, that’sI put in wordlist a few minutes before.
You should generate your own password into hash, but before that, make sure that is in the wordlist, or not. After generating a password into a hash, copy that hash. And move on the terminal.
Now type hashcat.
–a 0, for straight mode, then -m, 1700, forsha2 512 hash, & paste hash code by press ctrl +shift + v then type wordlist file path.
Now put –force in the command line, then presenter. As you see, that password will crack in 24 seconds. In my case, this will take the whole time that is showing, because that password is the last password of wordlist, & hashcat try all passwords in the wordlist.
As I said, This tries all passwords if your password is the last password in the wordlist and other think is hashcat try 14 million passwords in 24 seconds, that is really fast.
Now, think about it, when you have two or maybe more wordlists but have no idea, which one contains the right password for crack the hash.
So, I am going to use rock you, and darkc0de wordlist, both dictionaries at the same time.
This method will be good if you don’t want to use custom wordlists one by one.
So, first, pick a password from a wordlist, then convert that password into hash.
After converting the password into a hash, move on the terminal, & type hashcat -a 0, for straight mode, then -m, & enter the hash type, Then paste hash, & if you have a hash file, then provide the file as well.
Now enter wordlists path that’s you are going to use & put –force in command, then press enter.
Here guess queue is showing, we are using two wordlists & hashcat is matching hashes from the first wordlist. Now hashcat try the second wordlist, because it’snot found right password hash on the first wordlist & hash has been cracked.
So, with this method, you can use multiple wordlists at the same time, without using one by one. Now, in next hash cracking method, we are going to use combination mode, that’s in, we use two wordlists, & first wordlist use in the left side, and second wordlist use in right side.
This method will be useful when you know your victim use some kind of pattern like he or she always put 123, abc or, @123 words at the end of the password. Or start password with a special word and characters. So, pick a password from wordlist, that you think the victim’s first password will be one of these passwords. After pick password, paste that in hash generator and put another password after the first password from the second wordlist. Then generate hash for that password, & back on a terminal.
Now, first check, what is the attack mode for combination in hashcat. So, 1 is for combination attack mode. Now type hashcat, -a, 1, for combination attack mode & -m, 1700 for sha 512 hash.
Then paste hash by ctrl + shift + v & enter first wordlist path, that uses for left-hand side passwords & after that enter second wordlist path, and that use for right-hand side passwords.
That means is, in password combination, the first password will from the first wordlist, and the second password will from the second wordlist. Now put –force in command, for getting rid of the error, then press enter. So, that password hash has been cracked.
That for we apply combination attack, first password from first, and the second password from the second wordlist & you can easily find out, which wordlist is working on the left side and which one on the right side.
So, as you see, how easy is a combination attack, like straight attack mode &, in the next method, we use straight to attack mode, but we use hashcat rules &, hashcat already provides some rule files, you can use these rules according to victim password pattern style.
These rule files are available on this path.Now, press double tab, for see available contents in the rules directory. Like the previous command, we combined two wordlists, but with combinator rule, you can do the same with one wordlist.
But I am interested in leet speak rule. Because, nowadays, most of people use leet words, to make these passwords strong. So, if you don’t know, what is the leet words, then open the Unix ninja leet speak rule.
As you see, in leet words, only characters are swapped. As, a swaps into, @. -i into 1, q into 9, s into 5, t into 7, and x into %. Using these characters, created passwords or words, called as leet words.
Now, choose a password from a wordlist, that you are going used for practice. I choose a word from a dark code wordlist, & that word exists in this word list. Now, first, convert this password in leet word, then convert that leet password in hash. After the copy, the hash, move on a terminal, & enter the command for straight mode attack.
After enter wordlist path, assign a rule for an attack. If you are not sure about rules name, then press double tab, and you will see contents inside the directory. Now type one or two first character of rule file, then press tab to autocomplete the file name.
And put –force in command, then press enter. As you see, this will take 2 hours, and 20 min. If you are working only on wordlist, then this will not take that time. But working with rule file will take longer than single wordlist, and this will also depend on your rule file, how much that contains combination inside. As you see, that password is cracked, and this password is not so far from starting of wordlist so, that is not taking too much time to crack.
Now, in the next method, we use wordlist and mask attack mode. So, take help for attack mode. We already use brute force, combination, & straight mode, in this, and previous hashcat tutorial. Now is time for use hybrid wordlist + mask attack, and hybrid mask + wordlist attack mode.
First I use hybrid wordlist + mask attack mode. So, again, pick a password from a wordlist, that you are going to use. Now enter that password in hash generator, and, add a new number, for a mask. Or you can add other characters for a mask.
Now generate hash for that password, and copy that hash, then back on a terminal. Now type hashcat -a 6 for hybrid wordlist + mask attack.
Then -m, and put hash mode And paste, the hash (ctrl + shift + v). After the hash, enter wordlist path then after it, specify the mask.
Here, I am fixing 19 in the mask, and the last two numbers are random. And put –force, to get rid of errors. So, this is the command line for wordlist + mask attack, and I don’t think, you should like to know about, hybrid mask + wordlist attack mode.
Because, attack mode 6, and 7 is the same, just you need to do is, put wordlist on the mask place, and a mask will on wordlist place and change attack mode value 6 to 7. And that will hybrid mask + wordlist attack.
Now press enter to crack the hash & cracking process with attack 6 and 7, depends on passwords in the wordlist, and how much passwords are in mask. The higher value of passwords in wordlist and mask will increase the cracking time.
So, this tutorial is only for wordlist attack, if you are interested in hash cracking with brute force attack, you would like our previous hashcat tutorial.