Posted on 6 Comments

Beginners guide to hash cracking

Hello aspiring ethical hackers. In our previous blogpost on cryptography, apart from learning the uses of encryption in cybersecurity, you learnt about various encryption techniques. One such method is hashing. In this article, you will learn about hash cracking.

The process of cracking a password hash is known as hash cracking. In ethical hacking, you will definitely encounter password hashes. You will have to learn how to crack these hashes to be able to move forward in pen testing or Red teaming. For example, let’s say you encounter NewsP Free News Script 1.4.7 software in the target network. This particular version of software had a credential disclosure vulnerability as shown below. The only thing that stops me from accessing the website is the password in encrypted format.

Image explaining how to crack hash es with kali linux

The first step in cracking hashes is to identify the type of hash we are trying to crack. We can identify a hash type using a tool named hash-identifier. This tool is installed by default on Kali. Open a terminal and type command given below.

hash-identifier
Hash Identifier1

Enter the hash we need to identify as shown above and hit ENTER. It will show the possible hash type as shown below. In our case, it is MD5 hash or a variant of it.

Hash Identifier2

We can also use another tool “hashid” for hash identification. It’s syntax is as shown below.

hashid <hash>
Hashid1

Since now we know that the hash type is Md5, it’s time to crack the hash. We will use a tool called ‘findmyhash’. This tool tries to crack the hash by using various online hash crackers available. To use this tool, we need to specify the hash type ( which we already know ) and hash after it as shown below.

findmyhash <hash type> -h <hash>
Findmyhash2

After successfully cracking the hash, it will display us the password as shown below. In our case, the password is admin.

Findmyhash3

Follow Us

6 thoughts on “Beginners guide to hash cracking

  1. Nice Article, Does “findmyhash” uses rainbow tables or Brute Force Attack in the background?

    1. Thanks Waqar afridi and sorry for the delay in the reply. Findmyhash connects to the online hash cracking websites to crack a hash. Most of these online hash crackers use rainbow tables to crack a hash.

      1. I am unable to crack sha-256 hash using findmyhash,, IS there any other way to crack it

        1. Technically speaking, SHA 256 is unbreakable. atleast till now. SHA-256 is one of the strongest hash functions available. It has not yet been compromised in any way until now. This produces a 256 bit key as output which is irreversible.

          1. Probably hashcat do some magic there… not entirely sure,, but there git profile seems very promising and they also poses a very good track record till now

      2. Hi, I am not able to crack the password using findmyhash with hashcat. Can you help? I found the findmyhash for Kali.

        https://pkg.kali.org/pkg/findmyhash

Comments are closed.