In this follow-up article, we will walk you through how to use Hashcat, a powerful tool that helps recover lost passwords by trying different guesses. Don’t worry if you’re new to this—I'll explain everything in simple terms with easy-to-follow examples.
What is Hashcat?
Hashcat is a tool used to recover passwords. It works by guessing the original password from a scrambled version of it called a hash. Think of a hash as a scrambled version of your password that hides what it really is, but with the right tools (like Hashcat), you can guess what the original password might be.
What Do You Need to Get Started?
A Mac (this guide is for macOS users)
Homebrew (a program that helps install other programs)
Basic understanding of how to use the Terminal (I’ll explain the commands)
Step 1: Installing Homebrew
If you don’t have Homebrew installed, follow these steps to install it:
Open Terminal on your Mac (you can find it in Applications > Utilities).
Copy and paste this command into Terminal and press Enter:
Copy code
/bin/ -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
This command installs Homebrew.
Follow the instructions on the screen, and once finished, you’ll be ready to use Homebrew to install Hashcat.
Step 2: Installing Hashcat
Once Homebrew is installed, installing Hashcat is easy. Run this command in Terminal:
Copy code
brew install hashcat
This tells Homebrew to download and install Hashcat on your Mac.
Step 3: Understanding Hashcat Basics
Hashcat works by taking a hash (a scrambled version of a password) and trying to figure out what the original password was by making guesses. These guesses can come from a list of possible passwords (called a wordlist) or by trying every possible combination of characters (called brute force).
Example 1: Cracking an MD5 Hash
Let's say you have an MD5 hash (a scrambled password) and want to find the original password. Here’s how you can do it with Hashcat.
Step 4: Create a Hash File
We need to create a file with the hash we want to crack. For example, let's use this MD5 hash:
Copy code
5f4dcc3b5aa765d61d8327deb882cf99
This is the hash for the password password.
Open a text editor (like TextEdit).
Paste the hash into the file.
Save the file as hash.txt.
Step 5: Running Hashcat
Now, let’s run Hashcat to figure out what the original password is.
Open Terminal and navigate to where you saved the hash.txt file. If it’s on your Desktop, type:
Copy code
cd ~/Desktop
Run this command:
Copy code
hashcat -m 0 -a 0 hash.txt /usr/share/wordlists/rockyou.txt
Let’s break down what this command means:
-m 0: This tells Hashcat that the hash type is MD5.
-a 0: This tells Hashcat to use a wordlist to guess the password.
hash.txt: This is the file that contains the hash.
/usr/share/wordlists/rockyou.txt: This is a popular list of passwords that Hashcat will use to guess the password.
Hashcat will go through each password in the list and compare it to the hash. When it finds a match, it will display the password. In this case, the result would be:
makefile
Copy code
5f4dcc3b5aa765d61d8327deb882cf99:password
This means the original password was password.
Example 2: Cracking a SHA1 Hash
Let’s try another type of hash, called SHA1.
Create a new file called sha1hash.txt with this SHA1 hash:
Copy code
5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8
This hash represents the password password.
Run this command:
Copy code
hashcat -m 100 -a 0 sha1hash.txt /usr/share/wordlists/rockyou.txt
In this case, -m 100 tells Hashcat that we’re working with a SHA1 hash. Hashcat will run through the same process and should find that the password is password.
Example 3: Using a Brute Force Attack
If you don’t have a wordlist or if the password isn’t a common one, you can use brute force. This means Hashcat will try every possible combination of characters.
Here’s how you can set up a brute force attack for an 8-character password using lowercase letters:
Copy code
hashcat -m 0 -a 3 hash.txt ?l?l?l?l?l?l?l?l
Here’s what that means:
-a 3: This tells Hashcat to use brute force.
?l?l?l?l?l?l?l?l: This means “try every combination of 8 lowercase letters.”
This attack can take longer, depending on the complexity of the password, but if the password is something like applepie, Hashcat will eventually find it.
Example 4: Cracking a ZIP File Password
Hashcat can also help you crack passwords for ZIP files. Here’s how you can do that:
First, install John the Ripper, which will help us extract the password hash from the ZIP file:
Copy code
brew install john
Next, use zip2john to extract the hash from the ZIP file:
Copy code
zip2john myzipfile.zip > ziphash.txt
Now, run Hashcat on the ZIP hash:
Copy code
hashcat -m 13600 -a 0 ziphash.txt /usr/share/wordlists/rockyou.txt
This tells Hashcat to use mode 13600, which is for ZIP file hashes.
Step 6: Adjusting Hashcat Settings on macOS
Hashcat can use both your computer’s processor and, if supported, your graphics card to speed up cracking. To see which devices are available, run this command:
Copy code
hashcat -I
This will list the available devices Hashcat can use. To use a specific device, use the -d option:
Copy code
hashcat -d 1 -m 0 -a 0 hash.txt /usr/share/wordlists/rockyou.txt
This tells Hashcat to use device 1 (like your graphics card, if available) for the cracking process.
Conclusion
Hashcat is a powerful tool for recovering passwords, and using it on macOS is straightforward once you break it down into simple steps. Whether you're recovering an MD5 hash, SHA1 hash, or even a ZIP file password, this guide gives you the foundation to get started. Remember, always use Hashcat responsibly—only on passwords you own or have permission to recover.
With these examples, you’ll be well-equipped to start using Hashcat on your Mac and unlock the potential of this versatile tool!
Emory “Casey” Mullis
Criminal Investigator
Coweta County Sheriff’s Office
Emory Casey Mullis has been in Law Enforcement for over 20 years, encompassing both military and civilian roles. His journey with computers began with a Gateway 266 MHz, which was the pinnacle of consumer technology at the time, costing around $2000. Driven by pure curiosity, he disassembled his new computer right out of the box, much to the dismay of his wife, who insisted, "It better work when you put it back together!" This hands-on experience provided him with a foundational understanding of computer hardware and sparked his career as a Cyber Investigator.
Over the years, Casey has tackled numerous cyber cases, continually honing his skills and knowledge. He emphasizes the importance of questioning, challenging, and testing daily to stay abreast of the latest tools, software, and technologies. Despite the ongoing challenges, he thrives on the dynamic nature of cyber forensics and eagerly embraces every opportunity to learn and grow in this ever-evolving field.