Ранее мы уже рассказывали про Hashcat в статье «Использовании Hashcat на Kali Linux». Сегодня покажу, как установить и использовать Hashcat на Windows. Будем взламывать хеш пароля в MD5, MD4, SHA1, SHA3 и коснемся других способов взлома хешей.
Еще по теме: Создание флешки Kali Linux (быстрый способ)
Hashcat — самый быстрый инструментом для взлома паролей. Он кроссплатформенный и доступен для Windows, macOS и Linux. Взломщик паролей поддерживает большое количество алгоритмов хеширования, включая LM Hash, NT hash, MD4, MD5, SHA-1 и 2 и многие другие. На сегодняшний день поддерживает 237 различных типов хешей.
Как пользоваться Hashcat на Windows
Рассмотрим команду использования Hashcat в Windows:
|
.\hashcat —m 0 —a 0 .\crackme.txt .\rockyou.txt |
.\hashcat -m 0 -a 0 .\файл_хешей.txt .\словарь.txt
- -m (тип хеша) — Например, MD5, SHA1 и т. д. В этом примере мы будем использовать
—m 0 для MD5. - -a (тип атаки) — Указывает Hashcat, каким методом взламывать пароль. Например, с использованием словаря слов, или перебора, или знаменитой комбинированной атаки. В этом примере мы будем использовать
—a 0 для атаки по словарю. - [файл_хешей.txt] — Задает расположение файла, содержащего хеш-коды, которые вы собираетесь взломать. В примере я использовал
crackme.txt. - [словарь.txt | маска | каталог] — Задает используемый словарь (список слов), маску или каталог. В этом примере мы будем использовать словарь для брута
rockyou.txt.
Установка и настройка Hashcat в Windows
Зайдите на сайт Хешкэт и скачайте бинарник (версию для Windows).
Запустите командную строку и с помощью команды
cd перейдите в папку с извлеченным из архива Hashcat.
Убедитесь, что находитесь в папке Hashcat введя hashcat.exe.
Создайте новый текстовый документ внутри папки hashcat, где будут хранятся хеши ваших паролей, в моем случае — это файл crackme.txt. Ниже приведен список тестовых хэшей, которые вы можете использовать.
|
6c569aabbf7775ef8fc570e228c16b98 e10adc3949ba59abbe56e057f20f883e 25f9e794323b453885f5181f1b624d0 5f4dcc3b5aa765d61d8327deb882cf9 d8578edf8458ce06fbc5bb76a58c5ca4 fcea920f7412b5da7be0cf42b8c93759 96e79218965eb72c92a549dd5a330112 25d55ad283aa400af464c76d713c07ad e99a18c428cb38d5f260853678922e03 7c6a180b36896a0a8c02787eeafb0e4c 3f230640b78d7e71ac5514e57935eb69 f6a0cb102c62879d397b12b62c092c06 |
Добавьте не менее 5 хешей.
Можете сгенерировать свои собственные хэши каким-нибудь онлайн-сервисом.
Теперь создайте словарь для брута. Hashcat имеет свой словарь example (файл DICT), но лучше использовать словарь Kali Linux rockyou.txt или свой словарь.
Использование Hashcat в Windows
Откройте командную строку и убедитесь, что находитесь в папке Hashcat.
Для справки введите команду:
Большой выбор алгоритмов хеширования:
Для взлома наших хешей используем атаку по словарю
—a 0 на хеш MD5
—m 0.
Как можно видеть на скрине ниже, Хешкэт взломал несколько хешей.
Hashcat добавляет все взломанные пароли в файл potfile и сохраняет в своей папке.
На этом все. Теперь вы знаете как пользоваться мощным инструментом Хешкэт, для взлома паролей.
ПОЛЕЗНЫЕ ССЫЛКИ:
- Лучшие словари для Hashcat
- Актуальные методы взлома паролей
- Брут секретного ключа JWT с помощью Hashcat
Can you Use Hashcat on Windows 10?
This is a guide to installing hashcat on a windows 10 build. Hashcat allows for the use of GPUs to crack hashes which is significantly faster then within a VM and/or using a CPU alone. Keep in mind by using your GPU the faster the clock speed the faster it will crack hashes.
Is Hashcat only for Linux?
hashcat-legacy is available for Linux, OSX and Windows. hashcat is available for macOS, Windows, and Linux with GPU, CPU and generic OpenCL support which allows for FPGAs and other accelerator cards.
What Hashes can Hashcat Crack?
MD5 Hashes.
Salted MD5 Hashes.
MD5Crypt Digests.
a) HMAC-SHA1 key.
What is OclHashcat?
oclHashcat is a GPGPU-based multi-hash cracker using a brute-force attack (implemented as mask attack), combinator attack, dictionary attack, hybrid attack, mask attack, and rule-based attack.
Is Hashcat Safe to Use?
Since penetration testers work to find security holes on purpose, under contract, so that their customer can improve their security, this is also a perfectly legitimate use case. The real takeaway is that both illegal attackers and legit defenders use hashcat.
How is John the Ripper Different from Hashcat?
In short words, john was customized to work with CPU for cracking passwords, whereas the hashcat (in its earlier days of release) was only a tool to work with the graphical processing power, the developers now made it to work with CPU as well, but at cost of reduced efficiency.
How does a Hashcat Work?
How does hashcat work? At its most basic level , hashcat guesses a password, hashes it, and then compares the resulting hash to the one its trying to crack. If the hashes match, we know the password. If not, keep guessing.
Can I Run Hashcat on Windows?
This is a guide to installing hashcat on a windows 10 build. Hashcat allows for the use of GPUs to crack hashes which is significantly faster then within a VM and/or using a CPU alone.
Does Hashcat Need a Wordlist?
Hashcat can be started on the Kali console with the following command line : hashcat h. In general, we need to use both options in most passwordcracking attempts when using Hashcat. Hashcat also has specifically designed rules to use on a wordlist file. The character list can be customized to crack the passwords.
Why is Hashcat Exhausted?
The exhausted status means that HashCat has reached the end of the wordlist and failed to find a matching hash. The password policy note gives me a new idea to play with. A combinator attack uses two lists to guess the password.
What is Hashcat in Termux?
Hashcat is a popular password cracker and designed to break even the most complex passwords representation. To do this, it enables the cracking of a specific password in multiple ways, combined with versatility and speed.
How to Use Hashcat on Windows 10
Hashcat является одним из наиболее мощных инструментов для взлома паролей. Если вы хотите использовать Hashcat на вашем ПК с Windows 10, следуйте этому пошаговому руководству.
Шаг 1: Скачать Hashcat
Перейдите на официальный сайт Hashcat (https://hashcat. net/hashcat/) и загрузите соответствующую версию для вашей операционной системы. Затем распакуйте архив в папку по вашему выбору.
Шаг 2: Установить драйверы OpenCL
Hashcat использует технологию OpenCL для ускорения процесса взлома паролей. Чтобы это работало на вашем ПК, вам необходимо установить соответствующие драйверы. Скачайте драйверы OpenCL для вашей видеокарты с сайта производителя и установите их.
Шаг 3: Выбрать тип атаки
Перед тем, как начать работу с Hashcat, вы должны решить, какую атаку использовать в вашей задаче. Существуют различные типы атак, такие как подбор по словарю, по маске и по комбинации. Выберите наиболее подходящую атаку для вашей конкретной задачи.
Шаг 4: Подготовить пароли
Перед тем, как запустить Hashcat, необходимо подготовить пароли для взлома. Вы можете использовать файл со списком хешей паролей или сразу подставить хеши в команду Hashcat.
Шаг 5: Запустить Hashcat
Откройте командную строку Windows и перейдите в папку, где вы распаковали Hashcat. Затем введите нужную вам команду, чтобы запустить Hashcat с соответствующими параметрами (например, для подбора по словарю: hashcat. exe — m 0 — a 0 hash. txt wordlist. txt).
Шаг 6: Ожидать результатов
После того, как Hashcat начнет работу, вам нужно будет подождать, пока он закончит свою задачу. Это может занять некоторое время в зависимости от сложности паролей и выбранной атаки.
Советы:
— Перед запуском Hashcat убедитесь, что ваш ПК соответствует требованиям программы.
— Для повышения скорости работы Hashcat используйте видеокарты с максимальной мощностью.
— Не забывайте, что взлом паролей является незаконным действием, если вы не имеете на это разрешения.
If you want to use Hashcat for password cracking, you’ve come to the right place.
Hashcat is a great tool for cracking passwords offline using the power of your graphics processor unit computational power. It can process an astounding number of password guesses per second, cutting down the time it takes to crack password hashes.
In this article, we will show you how to use Hashcat. We will discuss password lists, and running Hashcat in different environments, be it on a local machine, a virtual environment, or even in the cloud.
Finally, we’ll provide hands-on demonstrations to show you how to deploy Hashcat to crack some of the most commonly encountered hashes.
What Is Hashcat?
Let’s look at what Hashcat is and how it can use the power of the graphics processing unit (GPU) to crack hashes.
Hashcat
Hashcat is a popular open-source software for cracking passwords that can crack various hashes using various attack modes.
It takes advantage of hardware acceleration from the GPU, which can perform computational tasks more efficiently than a general-purpose CPU could.
The speed of a GPU directly affects the cracking speed because a faster GPU can process more password guesses simultaneously, significantly reducing the time required to find the correct password.
Depending on the type of hash, the complexity of the password, and the GPU being used, Hashcat can test up to millions of password combinations per second during a brute force attack, greatly beyond the capacity of a CPU.
What’s a Hash?
A hash is a fixed-length string representation created from the password using a hash function.
Simply put, a hash function takes input data and returns a fixed-length string through mathematical computations. Once the data has been hashed, there is no way to reverse the process and retrieve the original data from the hash.
Here is an example of an MD5 hash of the password “password123”.
And here is the MD5 hash of the password “password1234”.
As you can see, even though we only added a single number to the end of “password123”, it created a completely unique hash.
Websites create a hash of the password as a measure of security to protect users’ sensitive data. When a user logs in, the password entered is hashed, and if this hash matches the hash stored in the database, the user is logged in.
Now that you understand Hashcat and password hashes, let’s look at where we can find password lists to use with it.
Password Lists In Kali
Kali comes pre-packaged with wordlists that can be used for cracking passwords. The wordlist files are in the /usr/share/wordlists directory.
The one that is used the most, especially when doing a CTF (capture the flag), is the rockyou.txt file. This file is massive, It contains over fourteen million user passwords.
The rockyou.txt file comes from the over 32 million user credentials exposed due to a data breach in 2009 on the social media platform RockYou. These passwords were kept in plain text, not hashed or otherwise obfuscated.
Other Locations for Password Lists
Another great resource for passwords is SecLists on GitHub. This list contains many password lists, including “500-worst-passwords.txt” and “darkweb2017-top10000.txt.” The password lists are collections of commonly used, default, or leaked passwords.
The right wordlist for Hashcat can significantly boost the effectiveness of password cracking by being tailored to the organization or demographic being tested.
It should be comprehensive yet specific and consider common weak passwords, organization-specific terms, language and localization, and common password mutations.
Hashcat in Virtual Machine, Host Machine, or the Cloud?
Now let’s discuss three options for running Hashcat.
Hashcat in a Virtual Machine
Hashcat can be run inside a virtual machine such as Kali Linux, however it will not use the GPU but the CPU instead, making it much slower.
If you’re looking to install Kali Linux in a virtual machine, we have two great articles on installing it on VirtualBox and VMware.
It can have both advantages and disadvantages. Here’s a quick rundown:
Pros:
Environment Isolation: Running Hashcat in a VM keeps your main OS separate from your Host OS
Ease of Setup: Hashcat is already installed on Kali, making it easier to get up and running without installation or configuration.
Testing and Experimentation: Using Hashcat in a VM allows you to test and experiment without affecting your host OS.
Cons:
Performance Overhead: Running Hashcat in a VM is slower than running it on native hardware, especially due to its GPU-intensive tasks, because of the additional layer of abstraction provided by the VM.
Hardware Access: While most VM solutions support passing through USB devices to the guest operating system, GPU passthrough (beneficial for a tool like Hashcat) can be complex and may only be supported on some systems or with some VM software.
Resource Allocation: VMs require a portion of your system’s resources. Running intensive applications in a VM could impact the performance of the host system.
Hashcat on Host Machine
The decision to run Hashcat directly on the host OS versus in a VM depends on your specific needs and resources. Running Hashcat natively on the host operating system like Windows has its own set of pros and cons.
Pros:
Performance: Running Hashcat on the host OS performs better than running it inside a VM. This is because there are no additional layers of abstraction between the application and the hardware.
Simplicity: It might be simpler to install and run for users who are more comfortable working in a Windows environment than a Linux one or for those unfamiliar with setting up VMs.
Cons:
Resource Consumption: Hashcat is designed to use as much of your system’s resources as possible to perform its tasks quickly. While running, your computer might be slow to respond to other tasks.
System Compatibility: While Hashcat is built to be compatible with a wide range of systems and hardware, there can always be unforeseen compatibility issues or bugs that could impact its performance or stability on some systems.
Installing Hashcat on Windows
Let’s walk you through installing Hashcat on a Windows system.
The first step is to download the binary from the Hashcat site.
Once downloaded, you will need to extract the 7Zip file, we put ours in the C:\Hashcat folder, but you can put yours wherever makes the most sense for you.
To start using Hashcat in Windows, head to the command line and move into the directory you saved it. Next, you need to load hashcat.exe and any options you want to run. We’ll discuss these in another section.
Hashcat in the Cloud
Running Hashcat in the cloud, like on AWS, Azure, or Google Cloud, also comes with its own set of advantages and disadvantages:
Pros:
Scalability: Cloud platforms offer the ability to easily scale up your resources. If you need more computing power quickly, you can start a powerful GPU instance, run your task, and shut it down when you’re done.
Cost-Effectiveness: You only pay for what you use. This can be much more cost-effective than buying expensive hardware, particularly if you only need it occasionally.
Access from Anywhere: Your cloud environment can be accessed from anywhere, which can be beneficial if you work from different locations or collaborate with others.
Cons:
Price: While cloud services can be cost-effective, the costs can also add up quickly if you’re running powerful instances for long periods of time. GPU instances can be particularly expensive.
Complexity: While cloud platforms can offer a lot of flexibility, they can also be complex to set up and manage, particularly if you’re unfamiliar with the particular service.
Legal and Ethical Considerations: Using cloud resources for cracking passwords might violate the provider’s terms of service. Be sure to verify this before proceeding.
If you’re interested in setting up resources in the cloud to perform your cracking, we recommend checking out a few resources:
Cracking With Hashcat in the Cloud
Good cloud GPU providers?
Now that you’ve seen the pros and cons of running Hashcat on a VM, host machine, or in the cloud, the choice ultimately depends on your specific requirements, resource availability, and the level of risk you’re willing to accept.
Cracking Hashes With Hashcat
Now that you’re ready to crack hashes with Hashcat, let’s talk about the different hashes you may encounter and how to identify them. Then, we’ll show you this tool in action.
Hashes Available in Hashcat
The Hashcat Wiki has a great resource for finding all the hashes that work with the program. It gives you a table view of hashes.
You can easily search through this with the find command in your browser. This will help you find which hash mode to use with the hash you need to crack.
You can also view the list of hashes from the command line using --help.
And scroll down a little until you see the section titled “Hash modes.”
On a Linux system, you can also use the grep command to search quickly for a specific hash, such as hashcat --help | grep md5.
Popular Hashes Used
Here are some hash types you may see as a penetration tester or ethical hacker.
SHA-256 (Secure Hash Algorithm 256-bit): This is part of the SHA-2 family and is widely used in cryptographic applications and protocols, including TLS and SSL, PGP, SSH, and Bitcoin, among others.
Here is an example of an SHA-256 hash:
f2881bb653e5a11780fad1b3a7ef2d4fd10f1cced3d71c76443d7670aa0257d8
AS-REP (Authentication Service Response): This hash is part of the Kerberos protocol used for network authentication, including in Windows Active Directory domains and some Unix environments. This hash is acquired through AS-REP roasting, which extracts users’ password hashes with the activated «Do not require Kerberos preauthentication» setting.
Here is an example of a Kerberos AS-REP hash:
$krb5asrep$23$auston@xyz.local:3171EA207B3A6FDAEE52BA247C20362E$56FE7DC0CABA8CB7D3A02A140C612A917DF3343C01BCDAB0B669EFA15B29B2AEBBFED2B4F3368A897B833A6B95D5C2F1C2477121C8F5E005AA2A588C5AE72AADFCBF1AEDD8B7AC2F2E94E94CB101E27A2E9906E8646919815D90B4186367B6D5072AB9EDD0D7B85519FBE33997B3D3B378340E3F64CAA92595523B0AD8DC8E0ABE69DDA178D8BA487D3632A52BE7FF4E786F4C271172797DCBBDED86020405B014278D5556D8382A655A6DB1787DBE949B412756C43841C601CE5F21A36A0536CFED53C913C3620062FDF5B18259EA35DE2B90C403FBADD185C0F54B8D0249972903CA8FF5951A866FC70379B9DA
NTLM Hash: The NTLM hash is utilized in older Microsoft systems and applications, notably in workgroup environments and for local authentication on non-domain controllers. While it remains in use, more secure protocols like Kerberos are favored. NTLM support remains across all Windows systems to maintain compatibility with older server and client setups.
Here is an example of an NTLM hash:
58A478135A93AC3BF058A5EA0E8FDB71
Identify Hashes
If you come across a hash and aren’t sure what hashing algorithm is being used, some tools can help you identify them, such as Hash-Identifer or hashID.
hashID replaces Hash-Identifier, although it can still be used and is installed by default on Kali.
hashID can be installed from the command line using the following.
pip install hashid
Once installed, you simply type hashid -m and the hash you need to be identified, as seen below. This will show the corresponding Hashcat mode alongside the potential hash. Let’s take the following hash and put it into hashID.
7eb126739275d3717e981a78311dbdf6f71b7a74
The hash is identified as being a SHA-1 hash.
These tools do their best at guessing the correct hash but may not be able to accurately identify all hashes you input. Understanding the technology you are working with will go a long way in knowing which hash is being used.
Using Hashcat
Now we will show you how to crack multiple hashes using Hashcat.
Hashcat can run different attacks, such as a dictionary, combination, mask, and hybrid, but we will use the dictionary attack for our demo.
In dictionary attacks, each word in the password file is hashed and compared with the target hashes. If the hashes match, then the original password has been found.
You can run a basic Hashcat dictionary attack using the following command.
hashcat -m 0 -a 0 hash.txt wordlist.txt
- hashcat: This is the main command to run the Hashcat program (on Windows, use hashcat.exe).
- -m 0: This is the option for the hash type. In this case, 0 represents MD5. The value here would change depending on the hash type you are trying to crack. For instance, -m 1000 would be used for NTLM hashes.
- -a 0: This is the attack mode. In this case, 0 stands for «straight» mode, a dictionary attack.
- hash.txt: This file contains the hash or hashes you’re trying to crack. It should be a text file with one hash per line.
- wordlist.txt: This is your dictionary or list of potential passwords. Like the hash file, this should be a text file with one entry per line.
Hahscat can be used with other options, depending on what you need. Here are some examples:
- -r: This option allows you to specify a rules file. Rules in Hashcat allow you to modify the words from your wordlist in certain ways, which can greatly expand the number of potential passwords you’re testing. For example, a rule could be to try the word in lowercase and uppercase or to append certain numbers to the end of the word.
- —debug: This option enables debug mode. In debug mode, Hashcat will provide additional output to help you troubleshoot issues. For instance, if you’re using a rules file, debug mode can show you exactly how the rules modify the words from your wordlist.
- —force: This option forces Hashcat to start even if it detects that your system might not be capable of running it correctly. Using this option’s generally only recommended if you know what you’re doing, as it could lead to incorrect results or even damage your hardware.
Let’s try to crack two of the hashes from our popular hashes section. We will be using the rockyou.txt as our wordlist file.
This demonstration will show you how to run Hashcat in Windows, but it’s the same syntax when you run this in Linux. Ensure that you save the hash as a .txt file.
Our first hash is the Kerberos AS-Rep one shown in the previous section.
hashcat.exe -m 18200 asrep.txt -a 0 rockyou.txt
And we’ve cracked the password in only two seconds. As you can see, the weaker the password, the easier for Hashcat to crack.
You’re likely to encounter the NTLM hash, our second hash type, quite frequently if you’re pursuing a career as a penetration tester or interested in learning to attack Active Directory. The NTLM hash is still frequently used today in Windows operating systems.
The syntax you need to use is:
hashcat.exe -m 1000 ntlmhash.txt -a 0 rockyou.txt
This time we have the password cracked in only three seconds.
Conclusion
Hashcat is a potent tool that can be deployed to crack a diverse range of hashed passwords, from SHA-256 to NTLM and Kerberos. Hashcat can swiftly crack many passwords by harnessing your GPU’s power using a dictionary attack.
You’ve now learned how Hashcat works and how to use it. Additionally, you’ve discovered that Hashcat can run in various environments, including in a virtual machine (VM) or the cloud, expanding its versatility.
If you’re ready to level up your skills, join our VIP section for a massive selection of courses.
Frequently Asked Questions
What is password hashing?
Password hashing transforms a password by passing it through a hashing function, resulting in some fixed-length string. An example of the MD5 hash of the password “MyPassword” is 48503dfd58720bd5ff35c102065a52d7. Each password will have a unique string.
Can I use Hashcat without GPU?
Yes, you can use Hashcat without a GPU. In this case, Hashcat will default to using the CPU for processing, but be aware that this will result in significantly slower performance compared to using a GPU.
Is Hashcat better than John the Ripper?
If you’re cracking common hashes and speed is your primary concern, Hashcat is typically the better choice. However, if you’re dealing with a wider variety of hashes or non-standard hashes, John the Ripper may be more suitable. It ultimately depends on your specific requirements and resources.
How do you use Hashcat on Windows?
To use Hashcat on Windows, you need to download the binary, extract the 7zip file and then run it in the command line from the folder you installed it in. Such as hashcat.exe -m 1000 hash.txt -a 0 wordlist.txt
Level Up in Cyber Security: Join Our Membership Today!
-
Richard is a cyber security enthusiast, eJPT, and ICCA who loves discovering new topics and never stops learning. In his home lab, he’s always working on sharpening his offensive cyber security skills. He shares helpful advice through easy-to-understand blog posts that offer practical support for everyone. Additionally, Richard is dedicated to raising awareness for mental health. You can find Richard on LinkedIn, or to see his other projects, visit his Linktree.
View all posts
This is a guide to installing hashcat on a windows 10 build. Hashcat allows for the use of GPUs to crack hashes which is significantly faster then within a VM and/or using a CPU alone.
Legal Usage:
The information provided by executeatwill and this website is to be used for educational purposes only. The website creator and/or editor is in no way responsible for any misuse of the information provided. All the information on this website is meant to help the reader develop penetration testing and vulnerability aptitude to prevent attacks discussed. In no way should you use the information to cause any kind of damage directly or indirectly. Information provided by this website is to be regarded from an “ethical hacker” standpoint. Only preform testing on systems you OWN and/or have expressed written permission. Use information at your own risk.
By continued reading, you acknowledge the aforementioned user risk/responsibilities.
Keep in mind by using your GPU the faster the clock speed the faster it will crack hashes. Understand with increased speed comes increased heat. Our goal should be to ensure we control the heat being generated from large password lists to which I recommend MSI Afterburner.
(recommended) — MSI Afterburner can be used to monitor/overclock GPUs and is found at:
within the hash.txt — add hashes you would like to crack.
within the cracked.txt — you should have cracked hashes append here.
Testing a MD5 hash
create a quick MD5 hash at: http://www.miraclesalad.com/webtools/md5.php
1 |
|
change directory and navigate to hashcat directory.
1 |
|
1 |
|
in my case I have x1 GTX 1070 for cracking.
In this example it took 10s to crack this MD5 hash using brute force with x1 GTX 1070.
Hashcat GUI
For a bit easier user experience I recommend checking out Hashcat GUI.
Setup:
Start by downloading the HashcatGUI_1.1beta0.zip from above website.
We are going to need to extract the zip and copy all the contents from the orginal hashcat into GUI directory.
files from hashcat folder were pasted into GUI folder.
where are you going to find wordlists you ask? Lets checkout SecLists on github: https://github.com/danielmiessler/SecLists
hashkiller download section also has an frequently updated password list:
https://hashkiller.co.uk/downloads.aspx
configure the input file to the hash.txt and the output file to the cracked.txt.
untick “Disabled Pot File”
untick “CPU only”
change Format: Plain
change Hashcat Path
configured in my case to crack MD5 hashes.