Hash Cat (Universal Hash Cracker)

i'm going to explain you something about cryptography and hash cracking.First of all let me to introduce you guys about hashes,then we going to explain how to crack it.

1.Introduction
For a long time people used to "crypt" words.First know "crypted" word was by Roman king Julie Cesar.It was like this:
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

For example:
PLAIN TEXT: Xploiter forum
CRYPTED: ASORLWHU IRUXP

To decrypt this we must know key for decrypting and its done in reverse, with a right shift of 3 letters.

I think now u can imagine how today hashes work.
Today we have a lot of hash types: MD5(most used and not so secured!),SHA1,SHA-256,ROT13 and many more.
Notice that some popular cms have their own methods for crypting (Joomla,Wordpress,Nucleus,etc..)
If you want to know more about crypting and hash i suggest u next links:

http://en.wikipedia.org/wiki/MD5
http://www.adayinthelifeof.nl/2011/02/02...nd-salting
http://en.wikipedia.org/wiki/Cryptography

2.How to find out what hash is this?
For example u done SQLi on some site and u have something like this:

admin : 210cf7aa5e2682c9c9d4511f88fe2789
| |
Clear text Hash

Here is a nice script coded in python that will detect and try to crack your hash:
Source code link:

Click Here To Download Script
Greetz going to author of this script!

3.How to crack it?
Today we have tools specified for cracking different kinds of passwords including hashes.
Some of most popular tools:
John the Ripper,Can and Abel,THC Hydra,HashCat,SolarWinds,RainbowCrack
U can also find some online-based sites for cracking...
Notice that most of this tool working on Brute-Force method to crack it!

4.HashCat tool for cracking Hashes
Here is link to the hashcat download page:
Click Here To Download

• Download it and save to folder called HashCat

• Find a good wordlist on internet,name it "wdlist.txt" and save it in same folder

• Make new file (call it "hashes.txt" and put your hashes there like this--->:

21232f297a57a5a743894a0e4a801fc3
94cf09e7f0b7ee742cd54236a4a1940f
c95e3f93da09374bb8192b862366d2f1
969db1fd5f9e29f5692eacfcd614b6ac

• Copy file "hashes.txt" into HashCat folder
• Next open your CMD/Terminal and navigate to HashCat folder like this:

C:\Documents and Settings\Administrator>cd C:\HashCat

• If your hash type is MD5 u going to use next command:

C:\hashcat-0.46>hashcat-cli32.exe -m 0 hashes.txt wdlist.txt

Explained:
-->Parametar -m 0 will tell to hashcat that your hash type is MD5 (for example -m 100 will be used for SHA1 type of hash,-m 200 is MySQL,etc...)
NOTE: use next command to see more: hashcat-cli32.exe --help
-->hashes.txt is your file with hashes you want to crack
-->wdlist.txt is file with words for bruteforce

• You should have next output:

C:\HashCat>hashcat-cli32.exe -m 0 md5.txt wl.txt
Initializing hashcat v0.46 by atom with 8 threads and 32mb segment-size...

Added hashes from file md5.txt: 4 (1 salts)

NOTE: press enter for status-screen

21232f297a57a5a743894a0e4a801fc3:admin

Input.Mode: Dict (wl.txt)
Index.....: 1/1 (segment), 8 (words), 102 (bytes)
Recovered.: 1/4 hashes, 0/1 salts
Speed/sec.: - plains, - words
Progress..: 8/8 (100.00%)
Running...: --:--:--:--
Estimated.: --:--:--:--

• You see that 21232f297a57a5a743894a0e4a801fc3 is cracked and plain text is "admin"

At the end,if something isn't clear for you guys Comment below And here is one usefull video on youtube about using hashcat on linux (BackTrack):

Click Here To Watch For youtube

That's all for today.