top of page
Writer's pictureTony Fortunato

Hashcat on Windows: A Step-by-Step Guide for Password Cracking (Casey Mullis)

Introduction

In our previous article, we explored the capabilities and practical uses of Hashcat, a powerful password-cracking tool used in cybersecurity, ethical hacking, and digital forensics. In this follow-up, we will guide you through setting up and using Hashcat on Windows OS. This tutorial will walk you through downloading, configuring, and running Hashcat for various tasks, including practical examples of password cracking.

While Hashcat is commonly associated with Linux systems due to its command-line nature, it works perfectly on Windows, making it accessible to a broader range of users. With the right setup, you can harness the power of Hashcat to recover lost passwords, audit systems, or conduct penetration tests.

 

Prerequisites

Before you begin, ensure your system meets the following requirements:

  • Windows OS: Hashcat works with Windows 7, 8, 10, and 11.

  • GPU/CPU: For optimal performance, a modern GPU is recommended (e.g., NVIDIA or AMD). Hashcat supports both CPU and GPU cracking, but GPUs are much faster.

  • Drivers: Install the latest drivers for your GPU. Hashcat relies on the GPU for high-speed cracking, so updated drivers are essential for optimal performance.

For NVIDIA cards, download the CUDA Toolkit. https://developer.nvidia.com/cuda-toolkit

For AMD cards, download the OpenCL drivers. https://www.amd.com/en/support

 

Step-by-Step Installation Guide for Hashcat on Windows

Step 1: Download Hashcat

Navigate to the official Hashcat website: https://hashcat.net/hashcat/.

Download the latest version of Hashcat for Windows by selecting the appropriate release.

Once downloaded, extract the .zip file to a directory of your choice, such as C:\Hashcat.

 

Step 2: Prepare Your System

Ensure GPU Drivers Are Installed: As mentioned above, ensure you have the correct drivers for either NVIDIA (CUDA) or AMD (OpenCL).

Set Up Command Line Interface (CLI): To use Hashcat, you will need to run it through the Command Prompt (CMD). To open CMD:

Press Win + R, type cmd, and hit Enter.

Alternatively, press Win + X and select "Command Prompt" or "Windows Terminal."

 

Step 3: Configure Hashcat

Hashcat is ready to use out of the box, but you need to make sure that the necessary hash files and wordlists (for dictionary attacks) are available.

 

Hash Files: These are the hashes you want to crack. These can be generated from various sources (e.g., password hashes from a Windows machine, network captures, etc.).

Wordlists: If you're using a dictionary attack, you'll need a wordlist. One of the most popular wordlists is RockYou.txt, which can be found online. You can store your wordlists in a folder like C:\Hashcat\wordlists.

 

Step 4: Running Hashcat on Windows

Once everything is set up, it's time to start using Hashcat to crack passwords. Below are some practical examples.

 

Practical Example 1: Cracking an MD5 Hash

MD5 is one of the oldest and most commonly cracked hashing algorithms. Suppose you've extracted an MD5 hash and want to crack it using Hashcat.

 

Steps:

Create a text file called hashes.txt in the C:\Hashcat folder. Inside hashes.txt, place the MD5 hash you want to crack (e.g., 5d41402abc4b2a76b9719d911017c592, which corresponds to the word "hello").

 

Open the Command Prompt and navigate to your Hashcat directory:

cd C:\Hashcat

 

Run Hashcat with a dictionary attack:

hashcat.exe -m 0 -a 0 hashes.txt wordlists\rockyou.txt

 

Here’s what each part means:

-m 0: Specifies that the hash type is MD5.

-a 0: Denotes a dictionary attack mode.

hashes.txt: The file that contains the MD5 hash.

wordlists\rockyou.txt: The wordlist file used for the dictionary attack.

 

Hashcat will now attempt to crack the hash by comparing each word in the wordlist to the hash in hashes.txt.

 

Expected Output:

If successful, Hashcat will display the cracked password in the command line, for example:

5d41402abc4b2a76b9719d911017c592:hello

Practical Example 2: Cracking a Windows NTLM Hash

NTLM hashes are commonly used in Windows systems. Suppose you obtained an NTLM hash from a Windows machine, and you want to crack it.

 

Steps:

Create a text file called ntlm_hashes.txt with the NTLM hash you want to crack. Place it in the C:\Hashcat folder.

 

In Command Prompt, navigate to the Hashcat folder:

cd C:\Hashcat

 

Run Hashcat with NTLM hash mode:

hashcat.exe -m 1000 -a 0 ntlm_hashes.txt wordlists\rockyou.txt

-m 1000: Specifies the hash type as NTLM.

ntlm_hashes.txt: The file containing the NTLM hash.

If the password is weak, Hashcat should find the match using the dictionary.

 

Practical Example 3: Mask Attack for Passwords with Known Patterns

If you know part of the password pattern (e.g., it always starts with "Pass" and ends with four digits), you can use a mask attack to narrow down possibilities.

 

Steps:

Create a text file called masked_hash.txt with the hash you want to crack.

 

Run Hashcat using the following command:

hashcat.exe -m 0 -a 3 masked_hash.txt Pass?d?d?d?d

-a 3: Specifies a mask attack.

Pass?d?d?d?d: Indicates the known part of the password (Pass) and that the last four characters are digits (?d).

Hashcat will then try all possible combinations that fit the pattern.

 

Tips for Optimizing Hashcat on Windows

Utilize GPU: Hashcat's real power comes from GPU cracking. If your system has a powerful GPU, you can specify GPU usage by default. Hashcat will automatically detect your GPU, but if needed, use -D 2 to force GPU use.

Example:

hashcat.exe -m 0 -a 0 -D 2 hashes.txt wordlists\rockyou.txt

 

Session Management: If you are working on long-running cracking tasks, you can pause and resume sessions using --session. This prevents data loss during a long password-cracking process.

 

Save Cracked Passwords: You can save cracked passwords to a file for later use with the --outfile option. Example:

 

hashcat.exe -m 1000 -a 0 ntlm_hashes.txt wordlists\rockyou.txt --outfile cracked_passwords.txt

 

Update Hashcat Regularly: New updates to Hashcat include performance improvements and support for more hash types. Always use the latest version to ensure compatibility and improved speed.

 

Conclusion

Running Hashcat on Windows is a straightforward process that, when paired with powerful hardware and the right configuration, allows you to efficiently crack passwords for ethical hacking, digital forensics, or system auditing. Whether you’re dealing with MD5, NTLM, or other hash types, Hashcat on Windows provides a flexible, fast, and powerful solution.

 

Always remember that password cracking should only be used for legal and ethical purposes. Unauthorized access or misuse can lead to serious legal consequences. Use these skills responsibly and always obtain the necessary permissions before testing systems.

 

By following the steps outlined in this article, you'll have the knowledge to set up and start using Hashcat on your Windows machine to crack passwords in a variety of scenarios.


 

1,312 views

Recent Posts

See All
bottom of page