Hashcat is a powerful password recovery tool that security professionals widely use to crack complex passwords. It can crack a wide variety of password hashes, including those used in WPA/WPA2 wireless network authentication and MD5, SHA-1, and SHA-256 password hashes. In this article, I will walk you through the steps involved in installing Hashcat on Ubuntu.
What Is Hashcat?
Hashcat is a free and open-source password-cracking tool that has gained popularity among security professionals and enthusiasts for its powerful password recovery capabilities. It is based on the command-line interface and uses a variety of techniques to recover passwords from their hash values. One of its key features is its ability to use the computational power of GPUs to perform brute-force attacks, making it much faster than traditional CPU-based approaches.
Hashcat supports a wide range of hash types, including those used in common operating systems, web applications, and network protocols. For example, it can crack password hashes used in Microsoft Windows, Linux, macOS, and Android, as well as password hashes used in web applications such as WordPress and Joomla. Hashcat also supports a variety of attack modes, including Dictionary Attacks, Brute-force Attacks, Rule-based Attacks, and Mask Attacks, allowing users to choose the best approach based on the available information.
In addition to its flexibility and power, Hashcat is also known for its ease of use. Its command-line interface is designed to be simple and intuitive, and it comes with a variety of preconfigured attack modes and hash types that make it easy to get started. It also supports multiple platforms, including Linux, Windows, and macOS, and can run on a variety of hardware, including CPUs, GPUs, and APUs.
Before installing Hashcat, ensure that your Ubuntu system meets the following requirements:
- A 64-bit processor with SSE2 support
- At least 1GB of RAM or higher
- Ubuntu 16.04 or later
- OpenCL Runtime Environment
GPU Driver Requirements
- NVIDIA GPUs require NVIDIA Driver 440.64 or later and CUDA Toolkit 9.0 or later.
- AMD GPUs require AMDGPU 21.50 or later and ROCm 5.0 or later.
- Intel CPUs require OpenCL Runtime for Intel Core and Intel Xeon Processors 16.1.1 or later.
Step #1: Install nVidia Driver
You need to install the latest nVidia driver for your nVidia GPU. GPU is necessary to accelerate the attacks. To install the latest nVidia driver on Ubuntu:
Go to the applications menu and search for “Software & Updates“.
Open “Software & Updates” and go to the “Additional Drivers” tab.
Select the latest driver and click on “Apply Changes“. It will install the nVidia driver.
After that, click the “Restart” button to reboot your system.
Your nVidia driver is installed and ready to go.
Step #2: Install CUDA Toolkit
Now you need to install the CUDA Toolkit. I am using Ubuntu 22.04 LTS on an x64_86 architecture CPU and if you are using the same version, you can follow the instructions below. Or if you are using a different architecture and distribution, you can follow this link for the instructions.
wget https://developer.download.nvidia.com/compute/cuda/repos/ubuntu2204/x86_64/cuda-ubuntu2204.pin sudo mv cuda-ubuntu2204.pin /etc/apt/preferences.d/cuda-repository-pin-600 wget https://developer.download.nvidia.com/compute/cuda/12.1.0/local_installers/cuda-repo-ubuntu2204-12-1-local_12.1.0-530.30.02-1_amd64.deb sudo dpkg -i cuda-repo-ubuntu2204-12-1-local_12.1.0-530.30.02-1_amd64.deb sudo cp /var/cuda-repo-ubuntu2204-12-1-local/cuda-*-keyring.gpg /usr/share/keyrings/ sudo apt-get update sudo apt-get -y install cuda
Step #3: Installing Hashcat
Here are the steps to install Hashcat on Ubuntu using the apt-get command:
Open the Terminal by pressing Ctrl+Alt+T.
Update the package list using the following command:
sudo apt-get update
Install Hashcat using the following command:
sudo apt-get install hashcat
Once the installation is complete, verify that Hashcat is installed correctly by running the following command:
How To Check If Hashcat Detects The GPU?
It is essential to identify whether your GPU is working correctly or not. Run the following command to detect your GPUs:
If everything is done correctly, Hashcat will utilize your GPU with no errors. The output should look like this.
hashcat (v6.2.5) starting in backend information mode CUDA Info: ========== CUDA.Version.: 12.1 Backend Device ID #1 (Alias: #2) Name...........: NVIDIA GeForce GTX 1050 Ti Processor(s)...: 6 Clock..........: 1468 Memory.Total...: 4038 MB Memory.Free....: 3985 MB PCI.Addr.BDFe..: 0000:01:00.0 OpenCL Info: ============ OpenCL Platform ID #1 Vendor..: NVIDIA Corporation Name....: NVIDIA CUDA Version.: OpenCL 3.0 CUDA 12.1.68 Backend Device ID #2 (Alias: #1) Type...........: GPU Vendor.ID......: 32 Vendor.........: NVIDIA Corporation Name...........: NVIDIA GeForce GTX 1050 Ti Version........: OpenCL 3.0 CUDA Processor(s)...: 6 Clock..........: 1468 Memory.Total...: 4038 MB (limited to 1009 MB allocatable in one block) Memory.Free....: 3968 MB OpenCL.Version.: OpenCL C 1.2 Driver.Version.: 530.30.02 PCI.Addr.BDF...: 01:00.0
How To Use Hashcat?
Using Hashcat can be a complex and technical process, but here are some general steps for using Hashcat to crack a password hash:
- Obtain the password hash: The first step is to obtain the password hash that you want to crack. The hash could be obtained from various sources, such as a stolen database of password hashes, a captured WPA/WPA2 handshake, or a local password file on a target system.
- Choose the attack mode: Hashcat offers different attack modes, including dictionary attacks, brute-force attacks, rule-based attacks, and mask attacks. Choose the appropriate attack mode based on the available information, such as the length and complexity of the password, and the type of hash being cracked.
- Create a wordlist or rules file: If you are using a dictionary or rule-based attack, you may need to create a wordlist or rules file that contains potential passwords to be tested against the hash. There are many wordlists available online, or you can create your own by using tools such as Crunch or CeWL. You can also use the Rockyou password list to test against the hash.
- Configure Hashcat: Before running Hashcat, you may need to configure it to use your specific attack mode, wordlist, or rules file. This can be done through the command-line interface or by using a configuration file.
- Run Hashcat: Once Hashcat is configured, you can run it using the appropriate command-line arguments. Hashcat will then start attempting to crack the password hash using the chosen attack mode and wordlist or rules file.
- Analyze results: After the cracking process is complete, Hashcat will display the cracked password, if successful. If not successful, you may need to modify your attack mode or wordlist and run Hashcat again.
It’s important to note that Hashcat can be a resource-intensive process, especially when using GPU acceleration. It’s also important to use Hashcat ethically and legally and only with the permission of the owner of the system or data being attacked.
In this article, I have walked you through the steps involved in installing Hashcat on Ubuntu and the general approach to cracking a password hash using Hashcat.
Despite its powerful capabilities, it is essential to note that Hashcat should be used ethically and responsibly. It is intended to be used for legitimate purposes, such as recovering lost passwords or testing the strength of passwords and should not be used to violate the privacy or security of others.
Leave a Reply