We've already mentioned rainbow tables as a method to crack hashes that don't have a salt, but what if there's a salt involved?
You can't "decrypt" password hashes. They're not encrypted. You have to crack the hashes by hashing a large number of different inputs (often rockyou, these are the possible passwords), potentially adding the salt if there is one and comparing it to the target hash. Once it matches, you know what the password was. Tools like Hashcat and John the Ripper are normally used for this.
Graphics cards have thousands of cores. Although they can’t do the same sort of work that a CPU can, they are very good at some of the maths involved in hash functions. This means you can use a graphics card to crack most hash types much more quickly. Some hashing algorithms, notably bcrypt, are designed so that hashing on a GPU is about the same speed as hashing on a CPU which helps them resist cracking.
It’s worth mentioning that virtual machines normally don’t have access to the host's graphics card(s) (You can set this up, but it’s a lot of work). If you want to run hashcat, it’s best to run it on your host (Windows builds are available on the website, run it from powershell). You can get Hashcat working with OpenCL in a VM, but the speeds will likely be much worse than cracking on your host. John the ripper uses CPU by default and as such, works in a VM out of the box although you may get better speeds running it on the host OS as it will have more threads and no overhead from running in a VM.
🚨🚨🚨 NEVER (I repeat, NEVER!) use --force for hashcat. It can lead to false positives (wrong passwords being given to you) and false negatives (skips over the correct hash).
UPDATE: As of Kali 2020.2, hashcat 6.0 will run on the CPU without --force. I still recommend cracking on your host OS if you have a GPU, as it will be much much faster.
I'll provide the hashes. Crack them. You can choose how. You'll need to use online tools, Hashcat, and/or John the Ripper. Remember the restrictions on online rainbow tables. Don't be afraid to use the hints. Rockyou or online tools should be enough to find all of these.
hashcat -m 3200 ~/hash rockyou.txthashid -m 9eb7ee7f551d2f0ac684981bd1f1e2fa4a37590199636753efe614d4db30e8e1The hash $6$GQXVvW4EuM$ehD6jWiMsfNorxy5SINsgdlxmAEl3.yif0/c3NqzGLa0P.S7KRDYjycw5bnYkF5ZtB8wQy8KnskuWQS3Yr1wQ0 is an example of a SHA-512crypt hash, as indicated by the
hashcat -m 1800 hash.txt /path/to/rockyou.txtb6b0d451bbf6fed658659a9e7e5598fe - Possible algorithms: MD5
im trying to use john to decrypt a hash that uses mode 25600 on the hashcat example_hashes, how do i put that in the "--format=" field To use John the Ripper to decrypt a hash that uses mode 25600 (which corresponds to SHA-512crypt), you should specify the format as raw-sha512. Here's how you can do it:
john --format=raw-sha512 <your_hash_file>Replace <your_hash_file> with the path to your file containing the SHA-512crypt hash.
In John the Ripper, the format name for SHA-512crypt is sha512crypt. So, to use John the Ripper for a hash that falls under Hashcat's mode 25600, you would specify:
john --format=sha512crypt <your_hash_file>This will tell John the Ripper to use the correct algorithm for decrypting your hash.
What about 28400? Mode 28400 in Hashcat corresponds to NTLMv2-HMAC-MD5. This mode is used for hashes generated by the NTLMv2 authentication protocol, which is commonly used in Windows environments.
show me with the --format= and the answer for the field For Hashcat mode 28400 (NTLMv2-HMAC-MD5), you can use John the Ripper with the NTLMv2 format. Here's how you specify it using the --format option:
john --format=netntlmv2 <your_hash_file>This tells John the Ripper to use the appropriate algorithm to attempt cracking the NTLMv2-HMAC-MD5 hash.