How To Crack phpBB, MD5 MySQL and SHA1 with Hashcat
How To Crack phpBB, MD5 MySQL and SHA1 with Hashcat
Hashcat or cudaHashcat is the self-proclaimed world’s fastest CPU-based password recovery tool. Versions are available for Linux, OSX, and Windows and can come in CPU-based or GPU-based variants. Hashcat or cudaHashcat currently supports a large range of hashing algorithms, including: Microsoft LM Hashes, MD4, MD5, SHA-family, Unix Crypt formats, MySQL, Cisco PIX, and many others.
[toc]Hashcat or cudaHashcat comes in two main variants:- Hashcat – A CPU-based password recovery tool
- oclHashcat or cudaHashcat – A GPU-accelerated tool
Many of the algorithms supported by Hashcat or cudaHashcat can be cracked in a shorter time by using the well-documented GPU-acceleration leveraged in oclHashcat or cudaHashcat (such as MD5, SHA1, and others). However, not all algorithms can be accelerated by leveraging GPUs.
Hashcat or cudaHashcat is available for Linux, OSX and Windows. oclHashcat or cudaHashcat is only available for Linux and Windows due to improper implementations in OpenCL on OSX.
My Setup
My setup is simple. I have a NVIDIA GTX 210 Graphics card in my machine running Kali Linux 1.0.6 and will use rockyou
dictionary for this whole exercise. In this post, I will show How to crack few of the most common hashes
- MD5
- MD5 – phpBB
- MySQL and
- SHA1
I will use 2 commands for every hash, hashcat
and then cudahashcat
. Because I am using a NVIDIA GPU, I get to use cudaHashcat
. If you’re using AMD GPU, then I guess you’ll be using oclHashcat
. Correct me if I am wrong here!
Before you enable GPU Cracking, I’ve spent last few months writing guides on how to enable those features in Kali Linux.
NVIDIA Users:
- Install proprietary NVIDIA driver on Kali Linux – NVIDIA Accelerated Linux Graphics Driver
- Install NVIDIA driver kernel Module CUDA and Pyrit on Kali Linux – CUDA, Pyrit and Cpyrit-cuda
AMD Users:
- Install AMD ATI proprietary fglrx driver in Kali Linux 1.0.6
- Install AMD APP SDK in Kali Linux
- Install Pyrit in Kali Linux
- Install CAL++ in Kali Linux
AMD is currently much faster in terms of GPU cracking, but then again it really depends on your card.
You can generate more hashes or collect them and attempt to crack them. Becuase I am using a dictionary, (it’s just 135MB), I am limited to selection number of passwords. The bigger your dictionary is, the more you’ll have success cracking an unknown hash. There are other ways to cracking them without using Dictionary (such as RainBow Tables etc.). I will try to cover and explain as much I can. Advanced users, I’m sure you already know these, so I would appreciate constructive comments. As always, read the manual and help file before you ask for help. Most of the things are covered in manuals and wiki available in www.hashcat.net.
A big thanks goes to the Hashcat or cudaHashcat Dev team, they are the ones who created and maintained this so well. Cudos!.
Getting hashes:
First of all, we need to get our hashes. You can download hash generator applications, but there’s online sites that will allow you to create them. I will use InsidePro who kindly created a page that allows you create hashes on the fly and it’s publicly available. Visit them and feel free to browse their website to understand more about hashes.
The password I am using is simple: abc123
All you need to do is enter this in password field of this page http://www.insidepro.com/hashes.php and click on generate.
Cracking hashed MD5 passwords
From the site, I copied the md5 hashed password and put it into a file.
vi md5-1.txt cat md5-1.txt
MD5 cracking using hashcat and cudahashcat
Now it’s simple, I just typed in the following command and it took few seconds.
hashcat -m 0 -a 0 /root/md5-1.txt /root/rockyou.txt
Similarly, I can use cudahashcat.
cudahashcat -m 0 -a 0 /root/md5-1.txt /root/rockyou.txt
Cracking hashed MD5 – phpBB passwords
From the site, copy the phpBB hashed password and put it into a file.
vi md5phpbb-1.txt cat md5phpbb-1.txt
What I didn’t explain in previous section, is that how do you know who mode to use or which attack code. You can type in hashcat --help
or cudahashcat --help
and read through it. Because I will stick with attack mode 0
(Straight Attack Mode), I just need to adjust the value for -m
where you specify which type of hash is that.
hashcat --help | grep php
So it’s 400
MD5 – phpBB cracking using hashcat and cudahashcat
Let’s adjust our command and run it.
hashcat -m 400 -a 0 /root/md5phpbb-1.txt /root/rockyou.txt
and cudahashcat
cudahashcat -m 400 -a 0 /root/md5phpbb-1.txt /root/rockyou.txt
Cracking hashed MySQL passwords
Similar step, we get the file from the website and stick that into a file.
vi mysql-1.txt cat mysql-1.txt
NOTE: *6691484EA6B50DDDE1926A220DA01FA9E575C18A
<– this was the hash from the website, remove * from this one before you save this hash.
First of all let’s find out the mode we need to use for MYSQL password hashes.
hashcat --help | grep My
Ah, I’m not sure which one to use here …
MySQL hashed password cracking using hashcat and cudahashcat
I’ll try 200 and see how that goes …
hashcat -m 200 -a 0 /root/mysql-1.txt /root/rockyou.txt
Nope not good, Let’s try 300 this time…
hashcat -m 300 -a 0 /root/mysql-1.txt /root/rockyou.txt
and cudahashcat
cudahashcat -m 300 -a 0 /root/mysql-1.txt /root/rockyou.txt
How To Crack phpBB, MD5 MySQL and SHA1 with Hashcat
Cracking hashed SHA1 passwords
Similar step, we get the file from the website and stick that into a file.
vi sha1-1.txt cat sha1-1.txt
Let’s find out the mode we need to use for SHA1 password hashes.
hashcat --help | grep SHA1
How To Crack phpBB, MD5 MySQL and SHA1 with Hashcat
SHA1 password cracking using hashcat and cudahashcat
We already know what to do next…
hashcat -m 100 -a 0 /root/sha1-1.txt /root/rockyou.txt
and cudahashcat
cudahashcat -m 100 -a 0 /root/sha1-1.txt /root/rockyou.txt
How To Crack phpBB, MD5 MySQL and SHA1 with Hashcat
Location of Cracked passwords
Hashcat or cudaHashcat saves all recovered passwords in a file. It will be in the same directory you’ve ran Hashcat or cudaHashcat or oclHashcat. In my case, I’ve ran all command from my home directory which is /root
directory.
cat hashcat.pot
Creating HASH’es using Kali
Conclusion
This guide is here to show you how you can crack passwords using simple attack mode.You might ask why I showed the same command over and over again! Well, by the end of this guide, you will never forget the basics. There’s of course advanced usage, but you need to have a strong basics.
I would suggest to read Wiki and Manuals from www.hashcat.net to get a better understanding of rule based attacks because that’s the biggest strength of Hashcat. The guys in Hashcat forums are very knowledgeable and know what they are doing. If you need to know anything, you MUST read manuals before you go and ask something. Usually RTFM is the first response … so yeah, tread lightly.
Thanks for reading. Feel free to share this article.