Cracking MD5 passwords with Hashcat in Kali Linux
2021 UPDATE – view my response below if you’re still having errors. Hashcat 6.0.0+ is best run on the host OS versus inside of a virtualized environment.
In the SQL injection lesson, we were able to output MD5-hashed passwords from the database. I then proceeded to use an online website to crack a couple of the hashes in order to see the plaintext password. I also mentioned we could use tools in Kali to do this instead of the website.
One of those tools is called Hashcat. Here’s how we could have used it in the lesson to achieve the same outcome:
hashcat '5f4dcc3b5aa765d61d8327deb882cf99' /usr/share/wordlists/rockyou.txt
The default for hashchat is MD5, otherwise, we could use the -m option and specify a different hash type. Also, you can specify a different wordlist if you’d like.
Note: if you get this error message:
* Device #1: Not a native Intel OpenCL runtime. Expect massive speed loss. You can use --force to override, but do not report related errors. No devices found/left.
You can use the –force flag. Since this is a basic MD5 hash, it will still go very fast.
hashcat '5f4dcc3b5aa765d61d8327deb882cf99' /usr/share/wordlists/rockyou.txt --force