Hashcat used to be a very popular tool for hackers for cracking passwords. Have you thought how secure is your password? Many times we are advised to use strong password with random characters. But hackers always get through it. How do they do it ?
Today, we are going to explain you what is Hashcat Tool, one of the most popular tools used for real by hackers to crack passwords. Also you will learn to use Hashcat Tool to test your password.
What is Hashcat
Hashcat is considered as the world’s fastest CPU-based password recovery tool (well recovery for you, but for hackers is a crack tool). It is a free tool, but it has a a proprietary codebase. Hascat is available for Linux, OSX, and Windows and can come in CPU-based or GPU-based variants. Hashcat supports following hashing algorithms: Microsoft LM Hashes, MD4, MD5, SHA-family, Unix Crypt formats, MySQL, Cisco PIX.
Hashcat is a popular tool that was in the news many times for the optimizations and flows discovered.
How Hashcat Works
Hashcat uses some strategies to recover passwords, actually most of strategies works for lazy users that are not to imaginative to choose a password.
For example, if passwords consists of two English words, hashcat tries to figure the words if they have letter replacements or random capitalization, very easy. Also does the same thing if letters from words are replaced with numbers.
Other strategies are to use words of products you user, or your pets names.
Knowing this, we can start to generate very strong passwords which would be hard to break the hash. A strong password is important, we have to remember that a modern computer is very fast and can try million of variants of your passwords per second. So your password sooner or later can be hacked.
How to Test Your Password With Hashcat
To try Hashcat on your own password you will have to get Hashcat from the hashcat.net web page. Download and unzip it somewhere in a folder.
Then you will need some data for the tool in order to work. The tools needs huge word-list or you can call it a huge database of passwords, this will be the starting point for the tool. Download the rockyou.txt.bz2 file and unzip it, then stick the ‘rockyou.txt’ file it in the Hashcat folder. Make sure you leave ‘rockyou.txt’ file name.
Now, we will have to generate hashes using WinMD5 tool. Download it and unzip it and drop it into the Hashcat directory.
Now, in the Hashcat directory, make two new text files: hashes.txt and password.txt.
You are ready to test your password with Hashcat! See the next step bellow.
How to Use Hascat
First we will have to generate the hashes. Open the ‘password.txt’ file and enter your password, only one password and save the file.
Next, make sure that you saved the ‘hashes.txt’ file.
Open Windows PowerShell. Navigate to the Hashcat folder using cd command. The ls command will list the current files. When you are in Hashcat folder type ./hashcat-cli32.exe –hash-type=0 –attack-mode=8 hashes.txt rockyou.txt.
That command will run the Hashcat application and will attack the file with the hashes and will use different strategies to create variations on the words in the list.
Hit enter, and accept the EULA agreement, which basically will say that you will not hack anything with this tool. Then the hash for password should pop up in a second or two, then you will have to wait some time, depends of the passwords, easy passwords will appear in minutes, strong passwords can take some time, like 10 minutes or much more. It also depends on how fast is the CPU.
You can leave the Hashcat runing as much as you wish, for example overnight. If your password will not be discovered in 24 hours, probably you have a strong enough password. Anyway, remember that Hackers may be willing to run these attacks days and weeks. If you think that your password will not resist, better generate a stronger one.