Passwords associated with hash keys, such as MD5, SHA, WHIRLPOOL, RipeMD, etc. Hashes are one-way functions —mathematical operation that is easy to perform, but very difficult to reverse engineer. Hash functions turns readable data into a random string of fixed length size. Hashes do not allow someone to decrypt data with a specific key, as standard encryption protocols allow.

1. Sreekanth N

2. Agenda • Introduction
• How to crack Hashes
• Hash cat - Features
• How to crack a password via a dictionary attack
• Results
• Conclusion
• References

3. Introduction • Passwords associated with hash keys, such as MD5,
SHA,WHIRLPOOL, RipeMD, etc.
• Hashes are one-way functions —mathematical
operation that is easy to perform, but very difficult to
reverse engineer.
• Hash functions turns readable data into a random
string of fixed length size.
• Hashes do not allow someone to decrypt data with a
specific key, as standard encryption protocols allow.

4. How to
Crack
Hashes
• Simplest way to crack a hash is to guess the password.
• Each attempt is hashed and then is compared to the
actual hashed value.
• Dictionary and brute-force - the most common ways of
guessing passwords.
• These make use of a file containing words, phrases,
common passwords, and other strings that are likely to
be used as a viable password.

5. Hash Cat
Features
• It is multi-threaded.
• It is multi-hash and multi-OS based (Linux,Windows and
OSX native binaries).
• It is multi-Algorithm based (MD4, MD5, SHA1, DCC,
NTLM, MySQL, etc.).
• All attack-modes can be extended by specialized rules.
• It is possible to resume or limit sessions automatically.
They recognize recovered hashes from the dump at
startup.
• It can load the salt list from the external file.This can be
used as a brute-force attack variant.
• The number of threads can be configured and executed
based on the lowest priority.
• It supports both hex-charset and hex-salt files.
• The 90+ Algorithm can be implemented with performance
and optimization in mind.

6. Cracking
password
#1 Create a dictionary with MBD5 hashes:

7. Cracking
password
#2 Check password hashes:

8. Cracking
password
#3 Start Hashcat in Kali Linux:

9. Cracking
password
#4 Locate wordlist for cracking (Using rockyou.txt – 139.9 MB; Contains 14344385 words)

10. Cracking
password
#5 Cracking the hashes:

11. Hash Cat
Features
#5 Cracking the hashes:

12. Results
Out of seven four
passwords were cracked

13. Results-
Brute
forcing
• Time to solve alphabetic passwords of various lengths
Word Time(Sec
onds)
z 0
hj 3
hft 5
lkuh 6
ksthq 15
gjdyhi 36
0
5
10
15
20
25
30
35
40
1 2 3 4 5 6
TimeVs Password Length
Alphabets Alphanumeric
Word Time(Sec
onds)
5 0
z4 2
$s3 4
78yh 6
dg67r 12
64dyhi 35
T
I
M
E
NO OF DIGITS

14. Conclusion • These passwords are weak, and it does not take much
effort or time to crack them.
• It is important to note that the simpler the password is,
the easier it will be to detect.
• Make your password into a long and complex one.
• Also, avoid using obvious personal information
• Never reuse passwords and
• Change them regularly.
Always exercise good habits when creating a
password for yourself!

15. References • https://null-byte.wonderhowto.com/how-to/hack-like-
pro-crack-passwords-part-3-using-hashcat-0156543/
• http://www.100security.com.br/revelando-hashs-com-
hashcat/
• https://uwnthesis.wordpress.com/2013/08/07/kali-how-
to-crack-passwords-using-hashcat/
• https://www.4armed.com/blog/hashcat-crack-md5-
hashes/
• https://www.cyberpratibha.com/hashcat-tutorial-for-
password-cracking/
• https://hashcat.net/hashcat/
• https://seguranca-informatica.pt/palavras-passe-e-
honey-words/

16. Thank
You