Home Kali Linux Tutorials Cracking MD5 Hashes with Hashcat in Kali Linux

Cracking MD5 Hashes with Hashcat in Kali Linux

Kali Linux Tutorials By · September 30, 2024 · 2 Comments
hashcat-home

Hashcat is a powerful password recovery tool widely used for cracking hashes. It supports a variety of hash algorithms, including MD5, and can leverage wordlists to streamline the cracking process. This article will walk you through using Hashcat in Kali Linux to crack MD5 hashes, covering the entire process from setting up the environment to viewing the cracked passwords.

Step 1: Log into Kali Linux and Verify the Environment

To begin, log into your Kali Linux system. Use the username kali and the password you’ve set for your installation.

Once logged in, navigate through the menu:

  1. Select Applications
  2. Go to 05 – Password Attacks
  3. Click on Hashcat

hashcat-kali-linux

This will ensure that Hashcat is installed and ready for use.

Step 2: Create a File Containing MD5 Hashes

Before we can crack passwords, we need to simulate the scenario of having MD5 hashes. In a real-world scenario, an attacker would typically have compromised a system to obtain password hashes. For our exercise, we will manually create a file with several MD5 hashes.

Open a terminal window and enter the following commands to generate hashes for five different passwords:

$ echo -n 'Password' | md5sum | awk '{ print $1 }' > my_pw_hashes.txt
$ echo -n 'Password123' | md5sum | awk '{ print $1 }' >> my_pw_hashes.txt
$ echo -n 'Letmein!' | md5sum | awk '{ print $1 }' >> my_pw_hashes.txt
$ echo -n 'ilovedogs' | md5sum | awk '{ print $1 }' >> my_pw_hashes.txt
$ echo -n '1234abcd' | md5sum | awk '{ print $1 }' >> my_pw_hashes.txt

hashcat1

hashcat2These commands create MD5 hashes of five different passwords and save them to a file named my_pw_hashes.txt.

To check that your hashes were created correctly, use the following command:

$ cat my_pw_hashes.txt

hashcat3

The output should display the five MD5 hashes you’ve just generated.

Step 3: Start Hashcat in Kali

Next, we need to familiarize ourselves with the Hashcat command options. Open a new terminal and type:

$ man hashcat

hashcat4

hashcat5

This command opens the Hashcat manual, where you can explore the different options available. Pay special attention to the -m and -a options:

  • -m specifies the hash type. For MD5 hashes, use 0.
  • -a defines the attack mode. The straightforward (dictionary) attack mode is 0.

Make sure to scroll through the manual to understand the different values you can use with these options.

Step 4: View Available Wordlists

Hashcat requires a wordlist to effectively crack the hashes. Kali Linux comes with several built-in wordlists. To view these, execute:

$ ls -lh /usr/share/wordlists/

hashcat6

Among the available lists, rockyou.txt is particularly popular, containing over 14 million passwords.

Since this file is compressed, you’ll need to unzip it. Change to the wordlists directory:

$ cd /usr/share/wordlists

hashcat7

Now, extract the rockyou.txt.gz file using:

$ sudo gzip -d rockyou.txt.gz

hashcat8

After extraction, list the contents to ensure the rockyou.txt file is present:

$ ls

hashcat9

To get a sense of the passwords in the list, you can view the file with:

$ more rockyou.txt

hashcat10

Press q or Ctrl + Z to exit the file viewer and return to the terminal.

Step 5: Crack Hashes with Hashcat

Now we’re ready to crack the hashes using Hashcat. Enter the following command:

$ sudo hashcat -m 0 -a 0 -o cracked.txt my_pw_hashes.txt /usr/share/wordlists/rockyou.txt

This command instructs Hashcat to use:

  • -m 0 for MD5 hashes
  • -a 0 for the straight attack mode
  • -o cracked.txt to output the cracked passwords to a new file

hashcat11

hashcat12

Once the command executes, it should quickly process the hashes and crack all five passwords.

To view the cracked passwords, use:

$ sudo cat cracked.txt

hashcat13

You should see the plaintext passwords corresponding to the MD5 hashes you created earlier.

Conclusion

Using Hashcat in Kali Linux provides a robust method for cracking MD5 hashes through straightforward steps. By generating hashes, utilizing built-in wordlists, and executing Hashcat commands, you can effectively recover plaintext passwords. This powerful tool not only aids in ethical hacking exercises but also enhances your understanding of password security and the vulnerabilities associated with weak password choices.

For further learning, consider experimenting with different attack modes and hash types to deepen your knowledge of Hashcat’s capabilities.

Related Posts

Crack Hashes using RainbowCrack and Rainbow Tables

Kali Linux Tutorials By · October 4, 2024 · 0 Comment
RainbowCrack-and-Rainbow-Tables-feature
In the realm of cybersecurity, cracking password hashes is a crucial skill for ethical hackers and security professionals. One of the most efficient ways to do this is through RainbowCrack and rainbow tables. Unlike traditional brute-force methods, which can be... Read more

Crack Hashes with John The Ripper in Kali Linux

Kali Linux Tutorials By · October 1, 2024 · 1 Comment
john-home
John the Ripper is a powerful and widely-used password cracking tool available in Kali Linux. This tool is essential for security professionals, ethical hackers, and anyone interested in testing password strength. In this guide, we will explore how to effectively... Read more

Nikto: Web Vulnerability Scanning Tool in Kali Linux

Kali Linux Tutorials By · September 18, 2024 · 0 Comment
nikto-main
Web applications are increasingly vulnerable to various attacks, making security a top priority for developers and system administrators. Among the tools available for identifying these vulnerabilities, Nikto stands out as a robust web vulnerability scanner. Pre-installed in Kali Linux, Nikto... Read more

SQLMap: The Best Tool for Automated SQL Injection Detection

Kali Linux Tutorials By · September 13, 2024 · 2 Comments
sqlmap
SQLMap is a powerful, open-source penetration testing tool designed to automate the detection and exploitation of SQL injection vulnerabilities in web applications. SQL injection is a critical security flaw that allows attackers to execute arbitrary SQL queries on a database,... Read more

Social Engineering Toolkit (SET): QRCode Generator Attack Vector

Kali Linux Tutorials By · September 4, 2024 · 0 Comment
SET-QRCode-Generator-Attack-Vector
In the world of cybersecurity, social engineering is a powerful tool for exploiting human psychology to gain unauthorized access to systems and data. One of the most intriguing methods within the Social Engineering Toolkit (SET) is the QRCode Generator Attack... Read more

Social Engineering Attacks: Social Engineering Toolkit (SET)

Kali Linux Tutorials By · August 19, 2024 · 2 Comments
Social Engineering Toolkit
In today’s digital landscape, social engineering attacks have become increasingly prevalent. These attacks exploit human psychology rather than technical vulnerabilities to gain unauthorized access to sensitive information. One of the powerful tools used in these types of attacks is the... Read more

Post Exploitation tool in Kali Linux : Weevely

Kali Linux Tutorials By · August 2, 2023 · 1 Comment
Post Exploitation tool in kali linux Weevely TechArry
Weevely is a stealth backdoor or PHP web shell that simulate telnet-like connection. This tool is used for post exploitation of vulnerability in web application. Syntax weevely generate <password> <file path> In this article we will do post exploitation of... Read more

Essential Nmap Commands in Kali Linux

Kali Linux Tutorials By · July 14, 2023 · 0 Comment
Essential Nmap Commands in Kali Linux TechArry
NMAP, short for Network Mapper, is an essential and powerful network scanning tool available in Kali Linux. With its extensive range of features and flexibility, Nmap has become the go-to tool for network administrators, security professionals, and ethical hackers alike.... Read more

Exploiting File Upload Vulnerabilities with Metasploit

Kali Linux Tutorials By · June 22, 2023 · 2 Comments
Exploiting File Upload Vulnerabilities with Metasploit Framework TechArry
File Upload vulnerabilities are a common security weakness found in many web applications. By taking advantage of these vulnerabilities, attackers can upload malicious files to a target system and potentially execute arbitrary code. In this article, we will explore how... Read more