Cracking Hashes
The point of hashes are that you can't reverse them, but we can sometimes find the original text by brute-forcing
Last updated
The point of hashes are that you can't reverse them, but we can sometimes find the original text by brute-forcing
Last updated
To automatically recognize and crack all kinds of hashes I made a cracking module part of my default tool:
A secure application should store any passwords using a hashing function. This is because the application does not need to know the exact password you set, only if it is the same one you put in when you created your account. Because of this, the application can store a scrambled password which is the hash and cannot be reversed back into the original password.
The only way to try and get back the original text from a hash, is to try lots of possible values for the original text until it matches te hash. But of course you would need to have a list that contains the original text. This is known as brute-forcing or cracking a hash.
There are a lot of different hashing functions that all have some differences. The biggest difference for cracking is the speed of the hashing function. The faster you can generate a hash, the faster you can try passwords to see if they generate the same hash. Here are some common hashes with their average speed on my RTX 2060 laptop with Hashcat:
Yes, you read that right. With today's computers, you can generate a billion MD5 or NT hashes in a tenth of a second. That's why it is important to use intentionally slow algorithms like Bcrypt which are a lot harder to brute-force.
Different applications and files have different formats to store hashes. Two common tools for cracking hashes are John the Ripper and Hashcat. These tools have different formats for some hashes, so they might need to be converted.
Hashcat has made a great list of example hashes to see what they all look like:
When comparing the two you'll find that john often has a few different possible ways to represent a hash. Sometimes including the filename or username in the hash as well. But with Hashcat the hash often needs to be completely stripped down. Take the PKZIP hash for example:
Sometimes you also need to extract a hash from a password-protected ZIP file for example. This is where John has a lot of useful tools. In the john/run directory of your John the Ripper installation, there should be a lot of scripts and programs that allow you to convert certain files to the john format. For .zip archives there is the zip2john utility:
There are a lot of files that can be converted to john like this, just find one for the file format you need and convert it using the script.
You can also use John to convert the hashes from a file, and then actually crack them with Hashcat. As stated above hashcat has a slightly different hash format, but from what I've found it's almost always just splitting the john hash by : colons and then taking the second part. That way you're only getting the hash without any other information.
Hashcat is a hash-cracking tool that is often used professionally because it can use the GPU to get really fast cracking speeds. It also supports a lot of hashes just like John, the only thing is that it's a bit finicky to get working sometimes. But if you have a GPU in your cracking machine I highly suggest using Hashcat for it.
Tip: To give hashcat as many resources as you can, you should try to not use it in a VM like Windows Subsystem Linux for example. To make sure it can use your GPU to the fullest run it in your main operating system
As seen in Converting hash formats, Hashcat cannot always directly read a hash. You might need to convert it to the right format the way it expects. If it cannot recognize the hash correctly you might get a "No hashes loaded." warning.
Hashcat does not automatically recognize hash types, but you need to provide a hash mode with -m [mode] as an argument. To find the correct number to use for your hash you can look at the example hashes or use Name-That-Hash which has RegExes to automatically recognize the hash and give you the hashcat mode.
Hashcat also has a few different attack modes for how to generate the passwords it tries. This is specified using the -a [mode] argument. Here are a few attack modes explained:
Tip: Hashcat caches results in order to not crack the same hash twice, and can show the found password again using --show. If you ever want to clear this cache simply remove the ~/.hashcat/hashcat.potfile file
To simply go through a wordlist for cracking, you can use attack mode 0 (-a 0). Then just provide the path to the wordlist after the file containing the hash:
Similar to the Dictionary attack, you can combine two dictionaries to try all combinations of both lists. This could be useful with first and last names for example. Just use attack mode 1 (-a 1) and specify 2 wordlists this time.
You can make this attack a lot more powerful using Rules to alter the words in the dictionary before guessing them (using the -j and -k arguments). This way you can mess with uppercase/lowercase, prefixes, suffixes, and a lot more. For an example using the combinator attack with rules see this writeup:
The Mask attack is basically just brute force. You can specify a pattern for the password to be in, and it will try all possible combinations of letters/numbers, etc. Using attack mode 3 (-a 3), you can write a pattern like ?l?l?l?l?l?l?l?l to try all lowercase 8-character passwords. There are a few more built-in character sets:
?l = lowercase alphabet (abcdefghijklmnopqrstuvwxyz)
?u = uppercase alphabet (ABCDEFGHIJKLMNOPQRSTUVWXYZ)
?d = digits (0123456789)
?s = special characters («space»!"#$%&'()*+,-./:;<=>?@[\]^_`{|}~)
?a = all of the above (?l?u?d?s)
?h = hex lowercase (0123456789abcdef)
?H = hex uppercase (0123456789ABCDEF)
?b = bytes (0x00 - 0xff)
You can even define your own charsets using the -1 (one) option and then just use the ?1 anywhere in your pattern:
Sometimes an IP address or things like 4-digit codes are hashed that don't have too many possibilities. These are often easy to crack with mask patterns in hashcat. For IP address there is a ipv4.hcmask mask that you can use to crack an IPv4 address in a few minutes. Digit codes can easily be cracked with multiple ?d charsets.
Rules in Hashcat are incredibly powerful. There are so many things you can do with them to create any password list you would want.
You can quickly use the -j argument to write a single rule in the argument. The 'u' rule for example just makes the password uppercase. Or use something like '$1$2$3' to append characters to the end.
To see exactly what passwords a rule generated you can use the --stdout flag to just print the generated passwords to the terminal instead of cracking anything:
Using actual .rule files with the -r argument you can even specify multiple rules to create lots of passwords quickly:
John the Ripper is a hash-cracking tool that is easy to use. It automatically recognizes hash types and has lots of tools built in to extract hashes from various password-protected files. It's also quick to get started, as not much setup is required. The only downside compared to hashcat is the fact that it's often a bit slower. This doesn't matter when a hash only takes seconds to crack, but it really matters if you're cracking for multiple hours.
PentestMonkey has made a list of example hashes for John the Ripper, and how to crack them. Not all hash types are included but a bit of googling should get you there:
John is pretty specific with its arguments. For a custom wordlist, make sure to use -wordlist= with the = sign. If you do not include the = sign it will give a weird "invalid UTF-8" error. Here is an example of how you should run john:
The /etc/shadow file on Linux contains the password hashes for all users with a password. Normally of course this would only be readable by root, but sometimes you can exploit a vulnerability to read files as root. You could read this file to get the password hashes, and then crack the hashes on your own machine.
To get the usernames and other useful information for John, also get the /etc/passwd file. We can then use these files with the unshadow tool from the john/run directory:
Then we get a hashes.txt file that john can read. Just put in your wordlist of choice, and get cracking!
When it finds a hash, it will output it to the terminal. But if you ever lose it, john saves it for you so you can always use --show on the hashes file to see what the password was that it found.
Finally, you can use su [username] to log into the user you cracked, and see if you can escalate more with your new privileges.
Packet captures can capture Wifi WEP/WPA handshakes, which can be cracked offline using a tool like Hashcat. When you get a .pcap file containing 802.11 encrypted data, you can crack the password to decrypt the packets.
To extract hashes from a .pcap file, you can use this site or download hcxtools yourself:
Then after it's installed, you can use the hcxpcapngtool command to extract the handshakes from the capture. Then use hashcat with mode 22000 or 22001 to crack the password:
WEP is an old Wifi encryption standard where every device uses the same key. It also happens to be easily crackable with enough traffic. It requires lots of IVs (Initialization Vectors), which can come from lots of normal traffic, or you can manually send specific packets that would trigger IVs to be generated if you have access to the network (see this tutorial). When you have a packet capture with enough information, you can use aircrack-ng to quickly find the key:
| Hash function | Speed | Time per 1.000.000.000 |
|---|---|---|
After you find the password, you can use Wireshark to decrypt the packets (see )
After it completes, you can use the key it found (hex format) to decrypt all the traffic (see )
Bcrypt ($2*$)
12 KH/s
23 hours
SHA512-crypt ($6$)
38 KH/s
7.3 hours
SHA1
4 GH/s
0.25 seconds
MD5
7.5 GH/s
0.133 seconds
NTLM
9.5 GH/s
0.105 seconds
