Hashcat Beginner's guide to cracking MD5 hashes with the Rockyou wordlist

Подписаться 290

Просмотров 28 тыс.

50% 1

I hope this guide helps some other new people understand how to use hashcat for this specific purpose. I realized that I accidentally cut the part out about the -h section. When you type hashcat -h it gives a list of the different modes and attack types. This is how you figure out to use -m 0 and -a 0 in the command line. I have put some links below to the distributions I mentioned and the rockyou text file.
Where to get Kali:
www.kali.org/
Where to get ParrotOS:
parrotsec.org/...
Where to get hashcat:
hashcat.net/ha...
Where to get rockyou.txt:
github.com/red...

Опубликовано:

28 сен 2024

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 119

@TheAwillz Месяц назад

Yo this channel is a gem! Really good video, good editing, very good presentation and tone, you were made for this bro. Insightful, helpful, taking things step by step. This channel is going to blow up bro

@mindofpaul9543 Месяц назад

@@TheAwillz I really appreciate that! Life has kind of gotten in the way of me making videos, but I need to get back at it.

@TheAwillz Месяц назад

@@mindofpaul9543 please do

@AndrewZimba-w5r 4 месяца назад

Thank you, And do you mind doing for SHA-1 and SHA-256

@hanhatquang6405 Год назад

Amazing, I love your Tutorial

@austinweaver8112 2 месяца назад

super helpful, thanks!

@travispatt907 Год назад

Great video, thanks my guy!

@mindofpaul9543 Год назад

Thank you! Glad I could help!

@poorinvestor Год назад

Great intro my friend! Need more subs

@mindofpaul9543 Год назад

Thank you! I appreciate it.

@JerrySwan 2 года назад

Should rename channel to Huge Mind of Paul

@mariojules1814 6 месяцев назад

Dude, you rock

@haribardolia5505 2 года назад

yes sir, you explained it good 👍

@mindofpaul9543 2 года назад

Thank you!

@vortexflickens2 2 года назад

can u hack any online pages with hashcat

@mindofpaul9543 2 года назад

From what I understand, hashcat is mostly for cracking hashed passwords. When I have done websites in competitions we would use things like burpsuite and chrome tools. If you go to hackthebox.com and follow their beginner path, they will show you how to crack websites.

@mindofpaul9543 2 года назад

And just to clarify, you may come across a list of encrypted passwords with those other tools, then you could use haschat to figure out what those passwords are.

@vortexflickens2 2 года назад

@@mindofpaul9543 tnx for the info

@rio2rio27 2 года назад

sir how to fixerror "no hashes loaded"

@mindofpaul9543 2 года назад

Are you saving your text file with the hashes in it before trying to run hashcat? And make sure your path and file name are all spelled correctly in your hashcat command.

@afriotriputras7517 2 года назад

@@mindofpaul9543 can you decrypt this code sir "d0071ee9bf9b9cf772c0f2503123b35e"

@strudolla4684 Год назад

thank you so muchh

@mindofpaul9543 Год назад

Glad I could help.

@rupesh9110 2 года назад

thx sir

@mindofpaul9543 2 года назад

No problem. Glad I could help!

@rupesh9110 2 года назад

@@mindofpaul9543 pls keep uploading content about Linux and hashcat

@rupesh9110 2 года назад

When I am using hashcat it is showing device #1: not enough allocatable device memory for this attack.

@rupesh9110 2 года назад

Pls help

@mindofpaul9543 2 года назад

@@rupesh9110 I haven't encountered that myself, but I looked it up. Are you using a virtual machine? On an actual machine it will use the GPU, but virtual machines don't get access to it fully, so instead it uses RAM. Try turning up your virtual machine settings to use more RAM. I use VirtualBox, and that setting is under system in the Virtualbox manager.

@shriram5494 Год назад

The Pokemon music rip off got me

@mindofpaul9543 Год назад

You're telling me not everyone listens to 8-bit music all the time? Lol. The reality is trying to find decent copyright free music is not the easiest task.

@anejiclovisndep813 Год назад

Awesome!! Thanks in a hundred folds for the guide.. It was quite refreshing.

@lottan2197 Год назад

simple and easy to digest. thanks

@mindofpaul9543 Год назад

Thank you! Glad I could help.

@albertwesker2k24 28 дней назад

Bro comeback when you have time. It would be great to see some other tutorials from you, like John the ripper and the other tools. This video was really straightforward and clear. I'm pretty advanced in Windows 11, I know a bunch of things and I made some programs in python too but I'm dumb as fck in Linux. 😂 I subscribed.

@MunishMehta-i1p Месяц назад

Nice video. However, my hashcat failed with reason "* Device #1: Not enough allocatable device memory for this attack.". I am running kali in a virtualbox

@jamesrushforth1026 Год назад

Hi mate you explained it realy well thanks , ive been practicing on my own wifi i manged to get the 4 way handshake but its downloaded in .cap file and i have no idea what to do now i cant find good information anywhere, first i tried to convert it on the hashcat wesite and said it was too big so then finally found a fourm on there showed me how to clean it in wire shark then now its a txt file but when i try put in the file path i just keep getting stuid errors like its too long no hashes or something and keeps saying no directory exists ,when it clearley does lol you have any ideas how i can sort it

@mindofpaul9543 Год назад

Sounds like there are several problems happening here and would be near impossible to diagnose without being there myself. For the no directory part at least if you are on Linux make sure to use sudo when running hashcat and open your terminal in the folder that your hash file is in.

@jamesrushforth1026 Год назад

@@mindofpaul9543 yeah its hard to say i haf no luck with hashcat , i read on somefourums that has the file might need to be saved in the hashcat directory. Maby ? Anywya i managed to crack it with aircrack-ng very fast haha so now made a much stronger password , just thinking what is the next fun project to try

@matthewstocker8816 Месяц назад

This was amazing. It would have taken me forever to do this without your help. Thanks.

@nazulgomez8594 22 дня назад

This video was incredibly helpful thank you so much

@montypythondot 6 месяцев назад

Thank you so much bro!! This video helped me a lot ;)

@vinaypillai744 8 месяцев назад

Is it show decimal password like 1.2 or 1.34

@itzyaboyj4199 7 месяцев назад

The expliot doesnt crack the hash? please help

@alexidk4641 Год назад

this video have some times behind him but really good ty for your help brother ( i'm not really good with your language : p )

@mindofpaul9543 Год назад

Thank you for your compliment. Glad I could help!

@HungNguyen-il4cg Месяц назад

thank you so muchhhhhh

@wesleystoudenmier-z5v 5 месяцев назад

Mad helpful, thanks man

@xanris3271 6 месяцев назад

ole kali linux looking....

@siyambhuiyan8798 Год назад

thanks

@zilog1 Год назад

hye nice work dude. great video. hope YT treats you well

@mindofpaul9543 Год назад

Thank you! I appreciate that.

@Chris_derPole Месяц назад

how do i get the hash without knowing the password though?

@mindofpaul9543 Месяц назад

@Chris_derPole In a capture the flag contest they will probably just give you some hashes to crack. In a real life situation, you probably were able to get into someone's machine or database and their passwords are stored somewhere as hashes rather than plaintext.

@fredflintstoner596 Год назад

Mrs Richards: "I paid for a room with a view !" Basil: (pointing to the lovely view) "That is Torquay, Madam ." Mrs Richards: "It's not good enough!" Basil: "May I ask what you were expecting to see out of a Torquay hotel bedroom window? Sydney Opera House, perhaps? the Hanging Gardens of Babylon? Herds of wildebeest sweeping majestically past?..." Mrs Richards: "Don't be silly! I expect to be able to see the sea!" Basil: "You can see the sea, it's over there between the land and the sky." Mrs Richards: "I'm not satisfied. But I shall stay. But I expect a reduction." Basil: "Why?! Because Krakatoa's not erupting at the moment?"

@samratgupta731 9 месяцев назад

it is always showing "Status...........: Exhausted", how to fix it I already tried in many different ways.

@itzyaboyj4199 7 месяцев назад

TypeError: Strings must be encoded before hasing, it cant cracked the hash. what am I doing wrong brother I followed your steps.

@subliminalcipher5660 6 месяцев назад

Great video. Extremely helpful in completing the challenge. Explained perfectly. Much appreciated.

@jaylee5031 5 месяцев назад

Dude the video I learned this was taken down, but your use of text editor was way better! Subscribed and favorited this video.

@javlaboss8353 Год назад

hey paul! could you please help me with some things? Do you have a writing platform or here,how do a figure out a hashed password?

@ahmadkhalidhotak9399 Год назад

You had a 6317.2 kH/s which is a very high speed, which GPU and drivers are you using my friend ?

@manoelaldrine1602 10 месяцев назад

just gained a subscriber, your explanation is cool, simple, detailed and everything amazing. wish all subscribers paid attention to all little details like you

@furyzlm7853 2 года назад

tysm that was really helpful

@mindofpaul9543 2 года назад

Glad I could help!

@Arno_Saks 8 месяцев назад

the specified parameter cannot use 'file.name' as a value- must be a number how i can fix it

@DARG0N 5 месяцев назад

Thank you, I spent a while trying to figure out how to use john but this was way easier.

@TapThatCuz_ 5 месяцев назад

Thanks for the helpful insight, well explained and keep up the good work

@iustin1174 Год назад

thx very much

@mindofpaul9543 Год назад

Glad I could help.

@confidencenwanyanwu9975 3 месяца назад

Next time please zoom. Everything was really small

@vitamin_protein001 3 месяца назад

Are you blind? How big do you want it to be?

@confidencenwanyanwu9975 3 месяца назад

You think you know it all? I got a better video than this wack you call a video.

@CriticalGamer150 Год назад

How to fix the error not enough allocated memory for this attack even though I'm just using 1 hash for test still not enough allocated memory how to fix this?

@mindofpaul9543 Год назад

Not easy to diagnose the problem over youtube comments, but I would guess if you are using a virtual machine you may not have enough alloted memory. Look in the virtual machine settings and allocate more ram/ memory.

@TheRandom_Uzer 2 года назад

Thx abunch 😊

@mindofpaul9543 2 года назад

No problem! Glad to help!

@anirudh5101 4 месяца назад

Dude you explained each and everything so perfectly.

@TeeHud 6 месяцев назад

thanks from Canada... you talked it out and walked it out !!

@legendofgeoffry6521 2 года назад

4:18 princess paul is back! - "not off the top of my head"

@xDEADxINSIDEx 4 месяца назад

🎉thank you for being the first to make it simple

@ShadyDylan 2 года назад

I followed you step by step but I still get an error /:

@mindofpaul9543 2 года назад

An error could occur for many reasons like a mistype or hardware limitations. Google hashcat and the error you got and hopefully a forum will have a fix for you. Usually someone else has experienced the same issue and has posted about it somewhere.

@koffiepou3030 10 месяцев назад

Very good and easy explain Bravo

@ashur6773 Год назад

I can't cd into documents

@Giskrenov Год назад

Hey so do I need to get kali to be able to run a password crack for my Trezor? Do you have any idea how to do all that. I have my seed phrases I just must have accidentally typed a wrong letter or button mashed and created a hidden passphrase wallet with the public addresses I ended up using thinking it was my main wallet. Basically need to brute force but can create my own wordlist and if it’s not within my word list how can I create a parameter to guess the password. I think my best case is I button mashed but all lower case letters with nothing else

@mindofpaul9543 Год назад

I've never messed with a trezor, so not sure exactly how it would work. Hashcat is the program doing the cracking and their are versions of it for other operating systems, but I'm not sure if the syntax is the same. When I have had to make wordlists in the past I have used crunch, but that is a whole other tutorial on its own.

@MichaelSantimauro Год назад

Amazing video, I would have to say to date this is one of the most helpful videos explained exactly how I needed it! thank you so much!

@mindofpaul9543 Год назад

Thank you for the compliment! And I am glad I could help!

@jesikaemma Год назад

you are great at explaining i like your video do more for us thanks ❤❤❤❤❤❤❤

@mindofpaul9543 Год назад

Thank you! Glad I could help!

@srikumarma Год назад

Thank you so much man, sat around watched over 20 videos. None of them helped but you! 😃

@mindofpaul9543 Год назад

Glad I could help!

@awebuser5914 Год назад

Looks interesting, but the examples you show are ridiculously easy. What happens if you use a more useful example of a passphrase like: "yourdogwagshistailalot"? I can only assume the difficulty goes absolutely exponential with that many words. You may want to try a SHA256 of the above and see if it's even crackable. Also, something like the Rocky list seems to be ridiculous overkill for passphrases since the length of time to iterate though the entire list must be colossal! A simple list of common English vocabulary (probably less than 10,000 words) would seem to be far more efficient.

@mindofpaul9543 Год назад

So like the title of the video says, this is a beginner's guide. There are many different things you can do with hashcat and this is the simplest. This is more geared to people just starting, or doing their first hackathon. And yes, the more complex the password, the more intensive the process is to crack it. You can quickly go from just a few minutes to crack to hours just by adding a few characters. And the reason for the rockyou list is that it is a document of people's actual passwords from a large data breach. You can hope to get a match from that before creating your own wordlists which is why it usually comes pre installed on kali linux.

@awebuser5914 Год назад

@@mindofpaul9543 "the reason for the rockyou list is that it is a document of people's actual passwords from a large data breach" Sort-of, it's one of _many_ combinations of passwords from data breaches, then padded with Wiki word lists, dictionary lists and all sorts of other pointless garbage that a Hashcat ruleset could do more efficiently (random character positions in known passwords, etc.) By the look of it, the entire password-cracking "game" is rapidly dying since security of algorithms against brute-force attacks (work-factor) has jumped by a few orders of magnitude since MD5. Gone are the days where lazy admins will use the lamest hashing algo they could find since "it's good enough"; multi-million dollar lawsuits have made taking security seriously a thing. Bcrypt, Argon2id and others make brute-forcing a rather pointless exercise, unless you're the NSA or other agency with extremely deep pockets and a specific mission (cracking Facebook passwords won't qualify!).

@johnaloe 2 года назад

thank you

@mindofpaul9543 2 года назад

No problem. Glad I could help!

@wilmerbossley6742 2 года назад

😄 քʀօʍօֆʍ

@esmetakhom9259 Год назад

Great video brother...

@mindofpaul9543 Год назад

Thank you. Glad I could help!

@marg4686 Год назад

This was a great video. And I thought your editing was great.

@mindofpaul9543 Год назад

Thank you! I am glad I could help and appreciate the compliments!

@davidduque2202 Год назад

thank you dude you made it very easy to understand keep it up

@mindofpaul9543 Год назад

Thanks. Glad I could help!

@Peaker20 Год назад

Why don't you upload new videos? After this video i want you to make tutorial lol ❤️❤️

@mindofpaul9543 Год назад

@@Peaker20 I appreciate that. School has been busy and I switched to software development so all of my time has been on java rather than security. Might switch it up and make some beginner coding videos

@Peaker20 Год назад

@@mindofpaul9543 it's okay good luck ❤️, i still waiting for your easy explaining of any tutorial,also i need to learn Java , waiting for you bro❤️ you got my subscripe.

@MichaelSantimauro Год назад

after i used this last night, for some reason my rockyou.txt turned into a rockyou.txt.gz, and i have no idea to get it back how it was. Any idea ?

@mindofpaul9543 Год назад

Not sure why that would happen, but a .gz is just a zipped file so you just need to unzip it. Pretty sure the syntax is gzip -d file.gz