# Cracking Tools ## `Hashcat` {% embed url="" %} Hashes examples list {% endembed %} ### Installation ```bash # usually installed by default on kali/parrot apt install hashcat ``` ### Usage ```bash # List of hashes hashcat --example-hashes | grep -i md5 # to see various types of hash examples ``` #### Examples ```bash # Decrypt md5 hashes hashcat -m 0 -a 0 -O hashes.txt /usr/share/wordlists/rockyou.txt # Decrypt Kerberos5 hashes hashcat -m 18200 -a 0 -O hashes.txt /usr/share/wordlists/rockyou.txt # Decrypt Django (PBKDF2-SHA256) hash hashcat -m 10000 -a 0 -O hash.txt --wordlist /usr/share/wordlists/rockyou.txt ``` {% hint style="info" %} **Rule based attacks** :boom: It is more like a **programming language** designed for password candidate generation. It has functions that can modify and mutate any given word list with literally anything you can imagine allowing you to have a higher rate of successly cracking a hash. For more information : {% endhint %} You can locate a handful of hashcat rules available by default on Kali Linux in : **/usr/share/hashcat/rules** The following is a list of rules that can be used if the password is not present in a word list chosen. **Note** : This list is sorted by its complexity, meaning the bottom rule will rule the rest of the rules :wink: * `best64.rule` * `rockyou-30000.rule` * `dive.rule` * `OneRuleToRuleThemAll` ```bash # Decrypt NTLM hashes with hashcat rule best64.rule hashcat -m 1000 -a 0 -O hashes.txt /usr/share/wordlists/rockyou.txt -r /usr/share/hashcat/rules/best64.rule ``` ## `John the Ripper` ### Installation ```bash git clone https://github.com/openwall/john.git cd john/src ./configure && make # use cd ../run ./john ``` ### Usage ```bash # Cracking MD5 hash john hash.txt --format=RAW-MD5 # Cracking SHA1 hash john hash.txt /usr/share/wordlists/rockyou.txt --format=RAW-SHA1 # Cracking Linux passwords sudo john /etc/shadow ``` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://book.redsquad.xyz/cracking-or-encoding/hash-cracking-tools.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.