A Beginner's Guide to Using Hashcat on a Mac (Casey Mullis)

 In this follow-up article, we will walk you through how to use Hashcat, a powerful tool that helps recover lost passwords by trying different guesses. Don’t worry if you’re new to this—I'll explain everything in simple terms with easy-to-follow examples.

What is Hashcat?

Hashcat is a tool used to recover passwords. It works by guessing the original password from a scrambled version of it called a hash. Think of a hash as a scrambled version of your password that hides what it really is, but with the right tools (like Hashcat), you can guess what the original password might be.

What Do You Need to Get Started?

• A Mac (this guide is for macOS users)
• Homebrew (a program that helps install other programs)
• Basic understanding of how to use the Terminal (I’ll explain the commands)

Step 1: Installing Homebrew

If you don’t have Homebrew installed, follow these steps to install it:

Open Terminal on your Mac (you can find it in Applications > Utilities).

Copy and paste this command into Terminal and press Enter:

Copy code

/bin/ -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"

This command installs Homebrew.

Follow the instructions on the screen, and once finished, you’ll be ready to use Homebrew to install Hashcat.

Step 2: Installing Hashcat

Once Homebrew is installed, installing Hashcat is easy. Run this command in Terminal:

 Copy code

brew install hashcat

This tells Homebrew to download and install Hashcat on your Mac.

Step 3: Understanding Hashcat Basics

Hashcat works by taking a hash (a scrambled version of a password) and trying to figure out what the original password was by making guesses. These guesses can come from a list of possible passwords (called a wordlist) or by trying every possible combination of characters (called brute force).

Example 1: Cracking an MD5 Hash

Let's say you have an MD5 hash (a scrambled password) and want to find the original password. Here’s how you can do it with Hashcat.

Step 4: Create a Hash File

We need to create a file with the hash we want to crack. For example, let's use this MD5 hash:

Copy code

5f4dcc3b5aa765d61d8327deb882cf99

This is the hash for the password password.

Open a text editor (like TextEdit).

Paste the hash into the file.

Save the file as hash.txt.

Step 5: Running Hashcat

Now, let’s run Hashcat to figure out what the original password is.

Open Terminal and navigate to where you saved the hash.txt file. If it’s on your Desktop, type: 

Copy code

cd ~/Desktop

Run this command: 

Copy code

hashcat -m 0 -a 0 hash.txt /usr/share/wordlists/rockyou.txt

Let’s break down what this command means:

-m 0: This tells Hashcat that the hash type is MD5.

-a 0: This tells Hashcat to use a wordlist to guess the password.

hash.txt: This is the file that contains the hash.

/usr/share/wordlists/rockyou.txt: This is a popular list of passwords that Hashcat will use to guess the password.

Hashcat will go through each password in the list and compare it to the hash. When it finds a match, it will display the password. In this case, the result would be:

makefile

Copy code

5f4dcc3b5aa765d61d8327deb882cf99:password

This means the original password was password.

Example 2: Cracking a SHA1 Hash

Let’s try another type of hash, called SHA1.

Create a new file called sha1hash.txt with this SHA1 hash:

Copy code

5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8

This hash represents the password password.

Run this command: 

Copy code

hashcat -m 100 -a 0 sha1hash.txt /usr/share/wordlists/rockyou.txt

In this case, -m 100 tells Hashcat that we’re working with a SHA1 hash. Hashcat will run through the same process and should find that the password is password.

Example 3: Using a Brute Force Attack

If you don’t have a wordlist or if the password isn’t a common one, you can use brute force. This means Hashcat will try every possible combination of characters.

Here’s how you can set up a brute force attack for an 8-character password using lowercase letters: 

Copy code

hashcat -m 0 -a 3 hash.txt ?l?l?l?l?l?l?l?l

Here’s what that means:

-a 3: This tells Hashcat to use brute force.

?l?l?l?l?l?l?l?l: This means “try every combination of 8 lowercase letters.”

This attack can take longer, depending on the complexity of the password, but if the password is something like applepie, Hashcat will eventually find it.

Example 4: Cracking a ZIP File Password

Hashcat can also help you crack passwords for ZIP files. Here’s how you can do that:

First, install John the Ripper, which will help us extract the password hash from the ZIP file: 

Copy code

brew install john

Next, use zip2john to extract the hash from the ZIP file:

Copy code

zip2john myzipfile.zip > ziphash.txt

Now, run Hashcat on the ZIP hash: 

Copy code

hashcat -m 13600 -a 0 ziphash.txt /usr/share/wordlists/rockyou.txt

This tells Hashcat to use mode 13600, which is for ZIP file hashes.

Step 6: Adjusting Hashcat Settings on macOS

Hashcat can use both your computer’s processor and, if supported, your graphics card to speed up cracking. To see which devices are available, run this command:

Copy code

hashcat -I

This will list the available devices Hashcat can use. To use a specific device, use the -d option:

Copy code

hashcat -d 1 -m 0 -a 0 hash.txt /usr/share/wordlists/rockyou.txt

This tells Hashcat to use device 1 (like your graphics card, if available) for the cracking process.

Conclusion

Hashcat is a powerful tool for recovering passwords, and using it on macOS is straightforward once you break it down into simple steps. Whether you're recovering an MD5 hash, SHA1 hash, or even a ZIP file password, this guide gives you the foundation to get started. Remember, always use Hashcat responsibly—only on passwords you own or have permission to recover.

With these examples, you’ll be well-equipped to start using Hashcat on your Mac and unlock the potential of this versatile tool!

Emory “Casey” Mullis

Criminal Investigator

Coweta County Sheriff’s Office

Emory Casey Mullis has been in Law Enforcement for over 20 years, encompassing both military and civilian roles. His journey with computers began with a Gateway 266 MHz, which was the pinnacle of consumer technology at the time, costing around $2000. Driven by pure curiosity, he disassembled his new computer right out of the box, much to the dismay of his wife, who insisted, "It better work when you put it back together!" This hands-on experience provided him with a foundational understanding of computer hardware and sparked his career as a Cyber Investigator.

Over the years, Casey has tackled numerous cyber cases, continually honing his skills and knowledge. He emphasizes the importance of questioning, challenging, and testing daily to stay abreast of the latest tools, software, and technologies. Despite the ongoing challenges, he thrives on the dynamic nature of cyber forensics and eagerly embraces every opportunity to learn and grow in this ever-evolving field.

---

Click on the image to request a demo

Hashcat on Windows: A Step-by-Step Guide for Password Cracking

 Introduction

In our previous article, we explored the capabilities and practical uses of Hashcat, a powerful password-cracking tool used in cybersecurity, ethical hacking, and digital forensics. In this follow-up, we will guide you through setting up and using Hashcat on Windows OS. This tutorial will walk you through downloading, configuring, and running Hashcat for various tasks, including practical examples of password cracking.

While Hashcat is commonly associated with Linux systems due to its command-line nature, it works perfectly on Windows, making it accessible to a broader range of users. With the right setup, you can harness the power of Hashcat to recover lost passwords, audit systems, or conduct penetration tests.

 

Prerequisites

Before you begin, ensure your system meets the following requirements:

• Windows OS: Hashcat works with Windows 7, 8, 10, and 11.

• GPU/CPU: For optimal performance, a modern GPU is recommended (e.g., NVIDIA or AMD). Hashcat supports both CPU and GPU cracking, but GPUs are much faster.

• Drivers: Install the latest drivers for your GPU. Hashcat relies on the GPU for high-speed cracking, so updated drivers are essential for optimal performance.

For NVIDIA cards, download the CUDA Toolkit. https://developer.nvidia.com/cuda-toolkit

For AMD cards, download the OpenCL drivers. https://www.amd.com/en/support

 

Step-by-Step Installation Guide for Hashcat on Windows

Step 1: Download Hashcat

Navigate to the official Hashcat website: https://hashcat.net/hashcat/.

Download the latest version of Hashcat for Windows by selecting the appropriate release.

Once downloaded, extract the .zip file to a directory of your choice, such as C:\Hashcat.

 

Step 2: Prepare Your System

Ensure GPU Drivers Are Installed: As mentioned above, ensure you have the correct drivers for either NVIDIA (CUDA) or AMD (OpenCL).

Set Up Command Line Interface (CLI): To use Hashcat, you will need to run it through the Command Prompt (CMD). To open CMD:

Press Win + R, type cmd, and hit Enter.

Alternatively, press Win + X and select "Command Prompt" or "Windows Terminal."

 

Step 3: Configure Hashcat

Hashcat is ready to use out of the box, but you need to make sure that the necessary hash files and wordlists (for dictionary attacks) are available.

 

Hash Files: These are the hashes you want to crack. These can be generated from various sources (e.g., password hashes from a Windows machine, network captures, etc.).

Wordlists: If you're using a dictionary attack, you'll need a wordlist. One of the most popular wordlists is RockYou.txt, which can be found online. You can store your wordlists in a folder like C:\Hashcat\wordlists.

 

Step 4: Running Hashcat on Windows

Once everything is set up, it's time to start using Hashcat to crack passwords. Below are some practical examples.

 

Practical Example 1: Cracking an MD5 Hash

MD5 is one of the oldest and most commonly cracked hashing algorithms. Suppose you've extracted an MD5 hash and want to crack it using Hashcat.

 

Steps:

Create a text file called hashes.txt in the C:\Hashcat folder. Inside hashes.txt, place the MD5 hash you want to crack (e.g., 5d41402abc4b2a76b9719d911017c592, which corresponds to the word "hello").

 

Open the Command Prompt and navigate to your Hashcat directory:

cd C:\Hashcat

 

Run Hashcat with a dictionary attack:

hashcat.exe -m 0 -a 0 hashes.txt wordlists\rockyou.txt

 

Here’s what each part means:

-m 0: Specifies that the hash type is MD5.

-a 0: Denotes a dictionary attack mode.

hashes.txt: The file that contains the MD5 hash.

wordlists\rockyou.txt: The wordlist file used for the dictionary attack.

 

Hashcat will now attempt to crack the hash by comparing each word in the wordlist to the hash in hashes.txt.

 

Expected Output:

If successful, Hashcat will display the cracked password in the command line, for example:

5d41402abc4b2a76b9719d911017c592:hello

Practical Example 2: Cracking a Windows NTLM Hash

NTLM hashes are commonly used in Windows systems. Suppose you obtained an NTLM hash from a Windows machine, and you want to crack it.

 

Steps:

Create a text file called ntlm_hashes.txt with the NTLM hash you want to crack. Place it in the C:\Hashcat folder.

 

In Command Prompt, navigate to the Hashcat folder:

cd C:\Hashcat

 

Run Hashcat with NTLM hash mode:

hashcat.exe -m 1000 -a 0 ntlm_hashes.txt wordlists\rockyou.txt

-m 1000: Specifies the hash type as NTLM.

ntlm_hashes.txt: The file containing the NTLM hash.

If the password is weak, Hashcat should find the match using the dictionary.

 

Practical Example 3: Mask Attack for Passwords with Known Patterns

If you know part of the password pattern (e.g., it always starts with "Pass" and ends with four digits), you can use a mask attack to narrow down possibilities.

 

Steps:

Create a text file called masked_hash.txt with the hash you want to crack.

 

Run Hashcat using the following command:

hashcat.exe -m 0 -a 3 masked_hash.txt Pass?d?d?d?d

-a 3: Specifies a mask attack.

Pass?d?d?d?d: Indicates the known part of the password (Pass) and that the last four characters are digits (?d).

Hashcat will then try all possible combinations that fit the pattern.

 

Tips for Optimizing Hashcat on Windows

Utilize GPU: Hashcat's real power comes from GPU cracking. If your system has a powerful GPU, you can specify GPU usage by default. Hashcat will automatically detect your GPU, but if needed, use -D 2 to force GPU use.

Example:

hashcat.exe -m 0 -a 0 -D 2 hashes.txt wordlists\rockyou.txt

 

Session Management: If you are working on long-running cracking tasks, you can pause and resume sessions using --session. This prevents data loss during a long password-cracking process.

 

Save Cracked Passwords: You can save cracked passwords to a file for later use with the --outfile option. Example:

 

hashcat.exe -m 1000 -a 0 ntlm_hashes.txt wordlists\rockyou.txt --outfile cracked_passwords.txt

 

Update Hashcat Regularly: New updates to Hashcat include performance improvements and support for more hash types. Always use the latest version to ensure compatibility and improved speed.

 

Conclusion

Running Hashcat on Windows is a straightforward process that, when paired with powerful hardware and the right configuration, allows you to efficiently crack passwords for ethical hacking, digital forensics, or system auditing. Whether you’re dealing with MD5, NTLM, or other hash types, Hashcat on Windows provides a flexible, fast, and powerful solution.

 

Always remember that password cracking should only be used for legal and ethical purposes. Unauthorized access or misuse can lead to serious legal consequences. Use these skills responsibly and always obtain the necessary permissions before testing systems.

 

By following the steps outlined in this article, you'll have the knowledge to set up and start using Hashcat on your Windows machine to crack passwords in a variety of scenarios.