Basic Password Cracking with Hashcat
As a developer, it could be very useful to know how can you test the security of your password hashes. How a hacker could break your hashes? In how much time he could get all the passwords in plain text?
There are a lot of different ways to do it, in this article, we will use the hashcat command utility.
Wait, what type of hash is it?
I can be sure that you know what type of hash your application uses, but how can a hacker identify it quickly?
There are very simple tools to use, like a pip package called hashid.
# you need python3 already installed
pip install hashid
hashid <hash>
Once installed, it can identify what type of hash could be based on multiple factors like the string length or the characters used.
Below we can see different hashes of the same string “password”:
# MD5
5f4dcc3b5aa765d61d8327deb882cf99# LM
E52CAC67419A9A224A3B108F3FA6CB6D# SHA1
5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8# SHA2
5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8
These are the results for the hashid analysis of the first hash: