Hello aspiring hackers. In this article, we will learn how to crack password hash es using kali. n many hacking scenarios, we encounter hashes. To those newbies who have no idea what hashes are, they are encrypted text ( literally we can’t call it text ). Normally they are used to encrypt passwords for website users, operating system users etc. Today our tutorial is about cracking hashes.
For this howto, we will use NewsP Free News Script 1.4.7 which had a credential disclosure vulnerability as shown below. Imagine we got the username and password hash as shown below. The only thing that stops me from accessing the website is password in encrypted format.
The first step in cracking hashes is to identify the type of hash we are cracking. Kali Linux has an inbuilt tool to identify the type of hash we are cracking. It’s hash-identifier. Open a terminal and type command hash-identifier.
Enter the hash we need to crack as shown above and hit ENTER. It will show the possible hash type as shown below. In our case, it is MD5 or a variant of it.
We can also use another tool hashid for similar purpose. It’s syntax is as shown below.
We know what the type of hash is. Now, it’s time to crack the hash. We will use a tool called ‘findmyhash’. To use this tool, we need to specify the hash type ( which we already know ) and hash after it as shown below. This tool tries to crack the hash by using various online hash crackers available.
After successfully cracking the hash, it will display us the corresponding password as shown below. In our case, the password is admin.
That’s all in how to crack password hash with Kali. Learn how to do SMB enumeration with Kali.
Follow Us
Nice Article, Does “findmyhash” uses rainbow tables or Brute Force Attack in the background?
Thanks Waqar afridi and sorry for the delay in the reply. Findmyhash connects to the online hash cracking websites to crack a hash. Most of these online hash crackers use rainbow tables to crack a hash.
I am unable to crack sha-256 hash using findmyhash,, IS there any other way to crack it
Technically speaking, SHA 256 is unbreakable. atleast till now. SHA-256 is one of the strongest hash functions available. It has not yet been compromised in any way until now. This produces a 256 bit key as output which is irreversible.
Probably hashcat do some magic there… not entirely sure,, but there git profile seems very promising and they also poses a very good track record till now
Hi, I am not able to crack the password using findmyhash with hashcat. Can you help? I found the findmyhash for Kali.
https://pkg.kali.org/pkg/findmyhash