Hashcat is an excellent tool to use or security audits of passwords. I will be doing a series of articles relating to anything from simple brute forcing such as the article to more complex techniques using Hashcat, oclHashcat, and the Hashcat-gui on both Windows and Linux operating systems. The goal is to make people more aware of the technologies available to crack passwords which should allow people to audit their companies passwords for more strict enforcement. This article relates to using the Hashcat-gui on Windows 7 to crack 10 MD5 hashes and assumes that you already have successfully installed Hashcat and the Hashcat-gui.
Use Hashcat-gui To Brute Force MD5 Hashes:
- Launch Hashcat: First launch the Hashcat-gui either by shortcut from your desktop or by the Windows program menu. Once launched the Hashcat-gui will look similar to the below.
As you can see above the interface is simple and easy to use. During the instructions below we will describe what needs to be entered to brute force MD5 hashes.
- Select Hashes To Crack: You will need the hashes you want to crack in a file. For this example we have 10 MD5 hashes which have been generated from various 2,3, and 4 letter character combinations.
10 MD5 Hashes Used:
b86fc6b051f63d73de262d4c34e3a0a9 39d5f03866e8fc7ec35269b0900f591d f0780ad0675aea0bb9020bd00686ec57 d93591bdf7860e1e4ee2fca799911215 fa246d0262c3925617b0c72bb20eeb1d cc7d1f45e3bf37c205a58225e6093906 2eabc29a6dd9283082f4229d1dbb05c6 b8a1e50a3650098af8a69e7d40ae7ce3 9ae5249810360f6d98f2190aa12dddb7 4346d362f67c89d7ab4e28732a1b1ce8
Click the folder to the right of the Hashfile field of Hashcat-gui and browse to the location of the file that includes the MD5 hashes you want to crack. Select the file so the full path displays in the Hashcat-gui as displayed in the below example image.
- Hashcat Mode, Hash Type, & Password Length: Make sure that the Hashcat-gui mode is set to Brute-Force and he Hash drop down is set to MD5 as shown in the above example image. Also set the Password Length to the amount of characters in length you want to test. It is recommended to start with a smaller length until you are familiar with the amount of time it takes to run on longer passwords that have been hashed. In this example we are going to run from a minimum length of one character to a maximum length of four characters so the fields have been set to 1 and 4.
- Enter Charset: After the above three settings have been configured you will need to enter the characters you want to be tested in the Charset field. In this example we are using a full US charset which is listed below in text and then displayed within Hashcat-gui in the example image.
Full Charset Used For Hashcat Brute-Force:
- Select Output File: Click the folder to the right of the Outfile field to browse to the location you want the results to be saved to. In this example I have selected the Desktop of my Windows 7 laptop and a filename of testmd5out.txt. If the file does not exist then it will pop open a warning such as the example image below asking if you want to create the file.
Click the Yes button in the Select Outfile warning which will create the file and place the path in the Hashcat-gui as shown below.
**NOTE** It is possible to get a Runtime Error if you leave the “Monitor Outfile” checked below the Select Outfile field. This appears to only be happening on specific versions of Windows and should be resolved soon. If this error occurs you can simply close it and the hash cracking process will still take place without issue and in future attempts to crack passwords using the Hashcat-gui simply uncheck the Monitor Outfield check box.
- Run Hash Cracking Process: Now click the “Hash me, I’m a digest” button to begin the brute forcing of the MD5 hashes which will open the progress window as shown below.
If all of the hashes are located then a “All hashes have been recovered” message will display followed by a command prompt again. In this case we know all of the hashes will be recovered since we generated the MD5 hashes ourselves.
- Review Cracked MD5 Hashes: Once the process is completed you can review the hashes that were recovered by opening the Outfile you specified. The contents of the Outfile from the above example after running the Hashcat brute force attempt are below.
b86fc6b051f63d73de262d4c34e3a0a9:AB 4346d362f67c89d7ab4e28732a1b1ce8:!1 39d5f03866e8fc7ec35269b0900f591d:$1H cc7d1f45e3bf37c205a58225e6093906:QD! 9ae5249810360f6d98f2190aa12dddb7:4L3x d93591bdf7860e1e4ee2fca799911215:4321 b8a1e50a3650098af8a69e7d40ae7ce3:p@s5 fa246d0262c3925617b0c72bb20eeb1d:9999 2eabc29a6dd9283082f4229d1dbb05c6:!Qd! f0780ad0675aea0bb9020bd00686ec57:$# @
The above describes very simple brute forcing with the Hashcat-gui. Be aware that the longer the charset and the longer the length of password that you are attempting to brute-force can make the process take a very long time.