How To Crack Password (Using Hash cat)

Step 1: Fire Up Kali and Open Hashcat 

We should begin by starting up Kali and opening hashcat. Go to Applications - > Kali Linux - > Password Attacks - > Offline Attacks - > hashcat, as seen beneath. 

When we tap on the hashcat menu thing, it opens the screen. 

At the highest point of the screen, you can see the essential hashcat linguistic structure: 

kali > hashcat alternatives hashfile mask|wordfiles|directories 

We can see a portion of the alternatives for hashcat showed underneath the essential grammar. The absolute most imperative of these are - m (the hashtype) and - an (assault mode). By and large, we should utilize both of these choices in most secret word splitting endeavors with hashcat. 

Step 2: More Extensive Options 

On the off chance that we check somewhat promote down this hashcat screen, we can see more alternatives. The initial two beneath are a portion of the key choices that hashcat empowers. 

To begin with, hashcat empowers decides that permit us to apply particularly outlined guidelines to use on our wordlist record. These principles can take our wordlist record and apply upper casing rules, uncommon characters, word blends, annexed and prepended numbers, et cetera. Each of these will help us to break passwords that have been made more perplexing to evade word reference assaults. 

The following stanza indicates us custom character sets. This empowers us to set the character set that we need to use to split the passwords. On the off chance that we know the organization's or establishment's secret key strategy, we can pick a subset of all characters to meet their arrangement and pace up our breaking. Case in point, if an organization permits an all-numeric character set, break the hashes with just numbers. These sorts of passwords are VERY simple to split. 

The following screen incorporates a portion of the more dark alternatives, including the yield document sort, the troubleshoot mode and the inherent character sets. 

At long last, we need to picked the sort of hash we are attempting to break. Hashcat gives us various alternatives. When we motivate prepared to break the hash, we have to assign in our summon what sort of hash we are working with by giving hashcat the number connected with the hash sort. Here we can see a rundown of a portion of the hash sorts hashcat can work with. 

Step 3: Choose Your Wordlist 

In this instructional exercise, we will utilize a basic word reference assault on some Linux hashes. To do as such, we require a wordlist to work from. There are truly a huge number of wordlists accessible on the web, however Kali has various wordlists manufactured right in, so how about we have a go at utilizing one of those. 

To locate the inherent wordlists in Kali, we can sort: 

kali > find wordlist 

When we do, we can see that there are many wordlists accessible 

I will utilize the wordlist worked for sqlmap, which has more than one million words and cross breed words. 

Step 4: Grab the Hashes 

In the following stride, we have to get the hashes on our Kali framework. On the off chance that we are signed in as root, we can see and snatch the hashes. In Linux, the hashes are put away in the/and so forth/shadow document, so in the event that we write: 

kali > tail/and so forth/shadow 

We can see the shadow record with the hashes, as beneath. 

Next, we have to recognize what kind of hashing the framework is utilizing. In Linux, we go to the/and so on/login.defs to view what encryption sort the framework is utilizing. We open that document by writing: 

kali > more/and so on/login.defs 

When we explore around 85% down the document, we can see that Kali is utilizing SHA512 encryption. This is vital, as we should tell hashcat this data when we are prepared to break the hashes. 

Step 5: Crack the Hashes! 

Presently, that we know the fundamentals of hashcat, where the hashes are found and the kind of encryption, we are prepared to start breaking the hashes. 

We should first put those hashes into a different record we will name hash.lst. 

kali > cp/and so forth/shadow hash.lst 

To ensure that they were replicated over, how about we check by writing: 

more hash.lst 

As should be obvious, the hashes have been replicated over to the hash.lst record. 

To set this up record for breaking, we have to evacuate the majority of the data in this document, with the exception of the hashes. The/and so forth/shadow record incorporates the username, then the salted hash, and after that data about the relevant client arrangement. We have to expel all that data leaving only the hash. 

We can see that this record begins with the username, i.e., "user1", "user2", and so forth. Open this document in your most loved word processor (vim, vi, leafpad) and erase the username and the accompanying colon. At that point, go to the end of the line and evacuate the data after the hash that begins with a colon (:). Presently we will have a record with recently the hashes and that's it. 

In the last stride, we can now begin splitting the hashes. Here's the order I utilized. 

kali > hashcat - m 1800 - a 0 - o cracked.txt - evacuate hash.lst/usr/offer/sqlmap/txt/wordlist.txt 

• - m 1800 assigns the kind of hash we are splitting (SHA-512) 
• - a 0 assigns a word reference assault 
• - o cracked.txt is the yield record for the split passwords 
• - expel advises hashcat to evacuate the hash after it has been broken 
• hash.lst is our information document of hashes 
• /usr/offer/sqlmap/txt/wordlist.txt is the total way to our wordlist for this lexicon assault 

Once the breaking procedure begins, we can hit <enter> to get a report on the procedure. At the point when hashcat has finished its work, you will see a screen like beneath where hashcat reports that it has recouped all my hashes after 9 :47:16 of work. 

Presently, we just need to open the cracked.txt record to see our broke passwords!