Hashcat basics

The following is specific to Kali Linux.

After recovering hashes from the target create a text file with the hashes separated by a new line. Save it in the current working directory as something like hash.txt.

Make sure you have unzipped the rockyou.txt password list as this is the password file we will be using to match the hashes against.

cd /usr/share/wordlists/

Once the directory is listed, look to see if the rockyou.txt has a gz after the .txt. If so you need to run the following to unpack it:

gunzip rockyou.txt.gz

Use the following command to begin the hashcat processs:

hashcat -m 0 --force hash.txt /usr/share/wordlists/rockyou.txt

This will then kick off the process of attempting to decode the hashes and provide a list of passwords.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s