How To Use Hashcat
Вставка
- Опубліковано 31 тра 2024
- Hashcat is best used with a word list and a mask, in this video I go over the basics of using Hashcat. This video explains brute force attacks, word list attacks and a mixture of word list with a brute force. I explain the -a 0 -a 3 and -a 6 flags in this video. For fun and profit try de-hashing this md5 5a96c6a5fff21b9e33d6be352a71d615
Give me money:
/ @thebuilder
Below are affiliate links, I may earn something if you purchase the mentioned product or service linked.
📚 Recommended Books
Fluent Python: amzn.to/3Za7PEN
Tour of C++: amzn.to/3FY0pxW
💵 Get $100 in credits from Vultr with this link
www.vultr.com/?ref=9190242-8H
0:00 - Intro
0:15 - Word lists
1:07 - Modes
3:00 - Hash Types
4:00 - Create Hashes
6:00 - Hashcat with Word List
8:00 - Hashcat with Brute Force
11:00 - Hashcat with Masks
13:00 - Hashcat with a List and Mask
#hashcat #cybersecurity - Наука та технологія
Subscribe for more
what do you mean?
@@user-dm6qx6ds3y download what???
@@user-dm6qx6ds3y you can probably find it as a package provided by your operating system. In this video I'm on Debian and I installed it from the package manager
One of the very few hashcat videos that are helpful thank you
This is the best Hashcat tutorial I've seen today.You explained all the aspects I wanted to know to start cracking hashes. Thanks for sharing!
could you tell me that in which file he codes
Thanks for the video. I've been looking around everywhere for an explanation on the attack types and this was perfect.
you are welcome. I recommend reading the official documentation its where I go first to learn stuff
@@TheBuilder Agreed with Drago! I wanted to lead a group discussion at my company today around password cracking and security, along with a demo showing how easy it is to crack simple passwords with poor hashing and found this video. It gave me a good outline for a demo as well as a video to share with the group if anyone to try it themselves or wanted more info. Thanks!
Great video man, it helped a lot,
thank you so much!
happy to help with these topics, if you want me to cover anything else feel free to ask
4:33 boblog :D Bob Log III one of the best artist in the "nasty-bluegrass-performed-in-a-jumpsuit-sung-through-a-telephone" artists. Great video.
quick question, I was testing the brute force with a hash from a .rar files with a 2 character password containing special characters and it seems to have moved on to 3 character guesses without trying any special character combinations, is there a setting to enable special characters or is there something else I need to do?
Hi, a couple of months back, I forgot my password for one of my encrypted drives, encrypted via VeraCrypt with PIM. Luckily, I do have a vague memory of what could be the combination, so I created my own worldlist which adds up to thousands of worlds. Additionally, I am certain of PIM. Now, after a month I only tried couple of hundreds, and still a lot more to go, not to mention it may have missed one or two. Is it possible to use Hashcat to try these passwords including the PIM. If yes, may you kindly make a tutorial about it? I am using windows as the OS (specifically windows 11)
Thanks for the intro. Currently learning how to test the security of password protected .zip files.
Happy to help
Thanks man
Saved my Life!!!
no prob
what if i wat try every combination with my dictionary and a mask, but the mask could be 2 or 3 or x digits? what i supposed to write?
How do I make every first word in the dic. upper case? Is there any way to do that in attack mode 6.Im not sure if I can add it to the mask or not. Thanks I sub and liked.
use the ?u charset, if you don't know how, look up how charsets work
7:14 It's because all of those passwords are found in the word list. It doesn't have to be a massive compilation of commonly used passwords you find online. Let's not give people ideas. 😉 "Researchers" have published these lists so that each of us can check if our passwords are secure or not... yes, of course they have our best interests in mind. 😇
For the purpose of education it would make more sense to create your own list with just a few words in it, so it doesn't appear as pure magic to the unknowing observer. It's basically just doing a text search for those hash values based on the words in the list. It's hashing the words (and permutations thereof) and then matching their hash values against the hash values in the list of hashes, i.e. it's doing a "straight" comparison.
I agree there is no magic when you understand the technology
10:02 What's most interesting here is that the hash rate increases dramatically from 8800 kH/s for a word list to 2200 MH/s (2200000 kH/s) for a brute force operation. That's a 250 fold increase! I wish it was just that simple to jump from 2200 MH/s to 550 GH/s without upgrading the GPU. That would be so sweet. I try to choose my words carefully, like "brute force operation" so I don't give away the real purpose of hashcat. Every hash cat (user of hashcat) needs to learn to insist that it's a "password recovery" tool and that they are doing "research". 😸
@@TheBuilder In a way, at a grand scheme of things, technology is magic. Magic is what people call things they do not understand. There are increasingly many things people do not understand, for it's difficult to catch up on all things in Tech. Thankfully we have many good resources for learning, one of them being UA-cam. So thank you for being part of that and helping debunk the myths about technology! I enjoyed watching your video.
I'm currently using a VM with 2 cores and all I get is 2400 kH/s for a word list operation and 9200 kH/s for a brute force operation. If you find yourself doing the same, just remember to use the --force. 😉 Otherwise, depending on configuration, it may fail to find a GPU and abort the operation. I'll be back (in a few hours) to tell you if it worked. It's 28% in, started 4 hours ago, remains 12 hours. Speaking of which, ability to pause and create a checkpoint are two very useful features of Hashcat.
Is there a way for hashcat to determine if it has got certain characters correct in a attack and then able to extract that data? For example if the password was Bingbong123, if hashcat figures out the first letter being B and the last being number 3?
no that's Hollywood nonsense
@@TheBuilder hahahaha bloody Holywood!!! Thanks for confirming 🙌🏽
at 5:55 this didn't work. what are the configurations settings for the vm?
it's just regular bash
can you please explain how to determine the hash function, by looking at the password dump file?
what type of hash are you trying to recover? it should be obvious if you look it up in the docs
@@TheBuilder i got it, thank you so much for responding
whats the font you used in this video
the font of the terminal
most likely the default font gnome terminal comes with
Il lnow this is pretty old but like how do you get in the zone where you write????
what zone?
Hey I’m having a huge problem with my attempts at running hashcat for some reason it either says separator unmatched or token length exception no hashes loaded. I’ve tried many different things to fix it like using different wordlists, Trying different text editors to build my hash files such as nano, echo. I even tried using different string structures of the same hash. If anyone has any idea of how to fix it your input would be greatly appreciated. Thank you
Try again, it's most likely something not being set right. make sure your hash type matches the one you're trying to dehash
Hey you were right I was hashing 1800 unix instead of 0 md5 it was such a basic mistake and took me hours to figure it out thanks a lot.
@@jaydenkeene2417 happy that helped
@@TheBuilder ur a legend for replying after 2 years
@@Kirya_xd my last video was only 3 days ago, this channel hasn't kicked the bucket...yet
Great video, I have a password I want to Hashcat, I know the password has only uppercase alpha, but i also know that the password only uses some of the alpha (G thru O and Z are not used) however I don't know how to apply this as a mask to save gpu time. Thx from a total noob.
there could be options to fine tune your mask but i wouldn't be so picky with it. if you are trying to recover your password the biggest problem will be the length
how do you open the hashcat terminal
in the video i use the gnome terminal to run hashcat
go to its directory and in the upper part is the search bar, type cmd into it
my question is how to identify which hash i do have ?
you can try guessing which function created it by looking at their size
when it finds a password, is it possible that it can be wrong?
it doesn't find passwords, it reverses hashes, and yes, it's possible a hash can have multiple collisions for various data
nice gave this video a thumbs up
thanks kat bro
Sir i am trying to crack ntlm hash with rockyou wordlist, almost 25%of wordlist had completed then it is showing exhausted..
is it not using the whole word list? is that the problem?
-bash: hashcat: command not found.
command : sudo apt-get install hashcat
!!
9:14
For goodness' sake, embrace dark mode, man. How on earth do you manage to use light mode?
I read a lot, so my eyes are used to light mode
Why are you using light mode jesus daam christ.
Othervise good video. Liking when you use darkmode
I fall asleep otherwise
@@TheBuilder thats fair. Imma drop a like on that
How to put ?d?d?d in front of word list
use mode 7
this barely helps
what was unclear?
I was able to crack your demo hash....so nice to see things work. Can you do a demo on using hashcat with the increment switch? I have a NTLM hash value that I know is 13 characters so I want to create an attack that doesn't waste any time banging away are possible passwords shorting that the 13 characters. I have tried hashcat.exe -a 3 -m1000 -i --increment-min13 hash.txt but the command is not correct.
have you tried using a mask ?a?a?a?a?a?a?a?a?a?a?a?a?a will limit your guesses to 13 characters
@@TheBuilder I did try using a Mask but I am getting an error message "Integer overflow detected in keyspace of mask". My command was "hashcat.exe -a 3 -m 1000 -i --increment-min=13 hash.txt ?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a" and as an alternative "hashcat.exe -a 3 -m 1000 -i --increment-min=13 hash.txt mask.txt" where the mask.txt contained the ?a?a etc
I get "exhausted" with hashcat attempts. It's just a 3 letter password with Ripemd-160(6000) hash.
then try without a word list
@@TheBuilder I did. I was using the wrong charset anyway. I was able to crack the 3 letter/number word. Now it's on to the 8 chars. The tutorial in their help manual is so poor. This whole thing is just a big headache.
hello sir i create file winrar with pass abcdef_123@ and i use your method but it can't find this password after scanning what i should do ?
Hello, before I try to answer your question, what is the command you're running to find your word?
@@TheBuilder i use the command of you to find this pass it running but it can't find and i don't know the formula of this app can you show me the formula of hashcat ?