Hashcat Beginner's guide to cracking MD5 hashes with the Rockyou wordlist
HTML-код
- Опубликовано: 11 сен 2024
- I hope this guide helps some other new people understand how to use hashcat for this specific purpose. I realized that I accidentally cut the part out about the -h section. When you type hashcat -h it gives a list of the different modes and attack types. This is how you figure out to use -m 0 and -a 0 in the command line. I have put some links below to the distributions I mentioned and the rockyou text file.
Where to get Kali:
www.kali.org/
Where to get ParrotOS:
parrotsec.org/...
Where to get hashcat:
hashcat.net/ha...
Where to get rockyou.txt:
github.com/red...
Yo this channel is a gem!
Really good video, good editing, very good presentation and tone, you were made for this bro.
Insightful, helpful, taking things step by step.
This channel is going to blow up bro
@@TheAwillz I really appreciate that! Life has kind of gotten in the way of me making videos, but I need to get back at it.
@@mindofpaul9543 please do
This was amazing. It would have taken me forever to do this without your help. Thanks.
Bro comeback when you have time. It would be great to see some other tutorials from you, like John the ripper and the other tools. This video was really straightforward and clear. I'm pretty advanced in Windows 11, I know a bunch of things and I made some programs in python too but I'm dumb as fck in Linux. 😂 I subscribed.
Dude the video I learned this was taken down, but your use of text editor was way better! Subscribed and favorited this video.
just gained a subscriber, your explanation is cool, simple, detailed and everything amazing. wish all subscribers paid attention to all little details like you
Dude you explained each and everything so perfectly.
Awesome!! Thanks in a hundred folds for the guide.. It was quite refreshing.
Great video. Extremely helpful in completing the challenge. Explained perfectly. Much appreciated.
This video was incredibly helpful thank you so much
Thank you so much man, sat around watched over 20 videos. None of them helped but you!
😃
Glad I could help!
Thank you, I spent a while trying to figure out how to use john but this was way easier.
thanks from Canada... you talked it out and walked it out !!
🎉thank you for being the first to make it simple
Amazing video, I would have to say to date this is one of the most helpful videos explained exactly how I needed it! thank you so much!
Thank you for the compliment! And I am glad I could help!
Thank you so much bro!! This video helped me a lot ;)
Thanks for the helpful insight, well explained and keep up the good work
simple and easy to digest. thanks
Thank you! Glad I could help.
Amazing, I love your Tutorial
hye nice work dude. great video. hope YT treats you well
Thank you! I appreciate that.
4:18 princess paul is back! - "not off the top of my head"
Mad helpful, thanks man
This was a great video. And I thought your editing was great.
Thank you! I am glad I could help and appreciate the compliments!
super helpful, thanks!
the specified parameter cannot use 'file.name' as a value- must be a number how i can fix it
Nice video. However, my hashcat failed with reason "* Device #1: Not enough allocatable device memory for this attack.". I am running kali in a virtualbox
it is always showing "Status...........: Exhausted", how to fix it I already tried in many different ways.
Great intro my friend! Need more subs
Thank you! I appreciate it.
Thank you,
And do you mind doing for SHA-1 and SHA-256
The expliot doesnt crack the hash? please help
You had a 6317.2 kH/s which is a very high speed, which GPU and drivers are you using my friend ?
TypeError: Strings must be encoded before hasing, it cant cracked the hash. what am I doing wrong brother I followed your steps.
hey paul! could you please help me with some things? Do you have a writing platform or here,how do a figure out a hashed password?
Great video, thanks my guy!
Thank you! Glad I could help!
thank you dude you made it very easy to understand keep it up
Thanks. Glad I could help!
Why don't you upload new videos?
After this video i want you to make tutorial lol ❤️❤️
@@Peaker20 I appreciate that. School has been busy and I switched to software development so all of my time has been on java rather than security. Might switch it up and make some beginner coding videos
@@mindofpaul9543 it's okay good luck ❤️, i still waiting for your easy explaining of any tutorial,also i need to learn Java , waiting for you bro❤️ you got my subscripe.
Very good and easy explain Bravo
Hi mate you explained it realy well thanks , ive been practicing on my own wifi i manged to get the 4 way handshake but its downloaded in .cap file and i have no idea what to do now i cant find good information anywhere, first i tried to convert it on the hashcat wesite and said it was too big so then finally found a fourm on there showed me how to clean it in wire shark then now its a txt file but when i try put in the file path i just keep getting stuid errors like its too long no hashes or something and keeps saying no directory exists ,when it clearley does lol you have any ideas how i can sort it
Sounds like there are several problems happening here and would be near impossible to diagnose without being there myself. For the no directory part at least if you are on Linux make sure to use sudo when running hashcat and open your terminal in the folder that your hash file is in.
@@mindofpaul9543 yeah its hard to say i haf no luck with hashcat , i read on somefourums that has the file might need to be saved in the hashcat directory. Maby ? Anywya i managed to crack it with aircrack-ng very fast haha so now made a much stronger password , just thinking what is the next fun project to try
thank you so muchhhhhh
tysm that was really helpful
Glad I could help!
Great video brother...
Thank you. Glad I could help!
Is it show decimal password like 1.2 or 1.34
Looks interesting, but the examples you show are ridiculously easy. What happens if you use a more useful example of a passphrase like: "yourdogwagshistailalot"? I can only assume the difficulty goes absolutely exponential with that many words. You may want to try a SHA256 of the above and see if it's even crackable.
Also, something like the Rocky list seems to be ridiculous overkill for passphrases since the length of time to iterate though the entire list must be colossal! A simple list of common English vocabulary (probably less than 10,000 words) would seem to be far more efficient.
So like the title of the video says, this is a beginner's guide. There are many different things you can do with hashcat and this is the simplest. This is more geared to people just starting, or doing their first hackathon. And yes, the more complex the password, the more intensive the process is to crack it. You can quickly go from just a few minutes to crack to hours just by adding a few characters. And the reason for the rockyou list is that it is a document of people's actual passwords from a large data breach. You can hope to get a match from that before creating your own wordlists which is why it usually comes pre installed on kali linux.
@@mindofpaul9543 "the reason for the rockyou list is that it is a document of people's actual passwords from a large data breach"
Sort-of, it's one of _many_ combinations of passwords from data breaches, then padded with Wiki word lists, dictionary lists and all sorts of other pointless garbage that a Hashcat ruleset could do more efficiently (random character positions in known passwords, etc.)
By the look of it, the entire password-cracking "game" is rapidly dying since security of algorithms against brute-force attacks (work-factor) has jumped by a few orders of magnitude since MD5. Gone are the days where lazy admins will use the lamest hashing algo they could find since "it's good enough"; multi-million dollar lawsuits have made taking security seriously a thing. Bcrypt, Argon2id and others make brute-forcing a rather pointless exercise, unless you're the NSA or other agency with extremely deep pockets and a specific mission (cracking Facebook passwords won't qualify!).
Hey so do I need to get kali to be able to run a password crack for my Trezor? Do you have any idea how to do all that. I have my seed phrases I just must have accidentally typed a wrong letter or button mashed and created a hidden passphrase wallet with the public addresses I ended up using thinking it was my main wallet. Basically need to brute force but can create my own wordlist and if it’s not within my word list how can I create a parameter to guess the password. I think my best case is I button mashed but all lower case letters with nothing else
I've never messed with a trezor, so not sure exactly how it would work. Hashcat is the program doing the cracking and their are versions of it for other operating systems, but I'm not sure if the syntax is the same. When I have had to make wordlists in the past I have used crunch, but that is a whole other tutorial on its own.
you are great at explaining i like your video do more for us thanks
❤❤❤❤❤❤❤
Thank you! Glad I could help!
Mrs Richards: "I paid for a room with a view !"
Basil: (pointing to the lovely view) "That is Torquay, Madam ."
Mrs Richards: "It's not good enough!"
Basil: "May I ask what you were expecting to see out of a Torquay hotel bedroom window? Sydney Opera House, perhaps? the Hanging Gardens of Babylon? Herds of wildebeest sweeping majestically past?..."
Mrs Richards: "Don't be silly! I expect to be able to see the sea!"
Basil: "You can see the sea, it's over there between the land and the sky."
Mrs Richards: "I'm not satisfied. But I shall stay. But I expect a reduction."
Basil: "Why?! Because Krakatoa's not erupting at the moment?"
How to fix the error not enough allocated memory for this attack even though I'm just using 1 hash for test still not enough allocated memory how to fix this?
Not easy to diagnose the problem over youtube comments, but I would guess if you are using a virtual machine you may not have enough alloted memory. Look in the virtual machine settings and allocate more ram/ memory.
this video have some times behind him but really good ty for your help brother ( i'm not really good with your language : p )
Thank you for your compliment. Glad I could help!
yes sir, you explained it good 👍
Thank you!
Should rename channel to Huge Mind of Paul
I can't cd into documents
how do i get the hash without knowing the password though?
@Chris_derPole In a capture the flag contest they will probably just give you some hashes to crack. In a real life situation, you probably were able to get into someone's machine or database and their passwords are stored somewhere as hashes rather than plaintext.
Thx abunch 😊
No problem! Glad to help!
I followed you step by step but I still get an error /:
An error could occur for many reasons like a mistype or hardware limitations. Google hashcat and the error you got and hopefully a forum will have a fix for you. Usually someone else has experienced the same issue and has posted about it somewhere.
thx very much
Glad I could help.
thanks
can u hack any online pages with hashcat
From what I understand, hashcat is mostly for cracking hashed passwords. When I have done websites in competitions we would use things like burpsuite and chrome tools. If you go to hackthebox.com and follow their beginner path, they will show you how to crack websites.
And just to clarify, you may come across a list of encrypted passwords with those other tools, then you could use haschat to figure out what those passwords are.
@@mindofpaul9543 tnx for the info
sir how to fixerror "no hashes loaded"
Are you saving your text file with the hashes in it before trying to run hashcat? And make sure your path and file name are all spelled correctly in your hashcat command.
@@mindofpaul9543 can you decrypt this code sir "d0071ee9bf9b9cf772c0f2503123b35e"
thank you so muchh
Glad I could help.
thank you
No problem. Glad I could help!
thx sir
No problem. Glad I could help!
@@mindofpaul9543 pls keep uploading content about Linux and hashcat
When I am using hashcat it is showing
device #1: not enough allocatable device memory for this attack.
Pls help
@@rupesh9110 I haven't encountered that myself, but I looked it up. Are you using a virtual machine? On an actual machine it will use the GPU, but virtual machines don't get access to it fully, so instead it uses RAM. Try turning up your virtual machine settings to use more RAM. I use VirtualBox, and that setting is under system in the Virtualbox manager.
The Pokemon music rip off got me
You're telling me not everyone listens to 8-bit music all the time? Lol. The reality is trying to find decent copyright free music is not the easiest task.
ole kali linux looking....
Next time please zoom. Everything was really small
Are you blind? How big do you want it to be?
You think you know it all? I got a better video than this wack you call a video.
😄 քʀօʍօֆʍ
Dude, you rock
after i used this last night, for some reason my rockyou.txt turned into a rockyou.txt.gz, and i have no idea to get it back how it was. Any idea ?
Not sure why that would happen, but a .gz is just a zipped file so you just need to unzip it. Pretty sure the syntax is gzip -d file.gz
I have rock you.txt.gz, not rock you.txt. What should I do?
That's the zipped version. This command should unzip it. gzip -d rockyou.txt.gz
Thank you have a nice day!