Find answers, ask questions, and connect with our
welcoming community.

Home Page Forums Course Discussions Introduction to Application Security (AppSec) Cracking MD5 passwords with Hashcat in Kali Linux

  • Cracking MD5 passwords with Hashcat in Kali Linux

    Posted by Christophe on June 16, 2020 at 9:20 pm

    2021 UPDATE – view my response below if you’re still having errors. Hashcat 6.0.0+ is best run on the host OS versus inside of a virtualized environment.

    In the SQL injection lesson, we were able to output MD5-hashed passwords from the database. I then proceeded to use an online website to crack a couple of the hashes in order to see the plaintext password. I also mentioned we could use tools in Kali to do this instead of the website.

    One of those tools is called Hashcat. Here’s how we could have used it in the lesson to achieve the same outcome:

    hashcat '5f4dcc3b5aa765d61d8327deb882cf99' /usr/share/wordlists/rockyou.txt

    The default for hashchat is MD5, otherwise, we could use the -m option and specify a different hash type. Also, you can specify a different wordlist if you’d like.

    Note: if you get this error message:

    * Device #1: Not a native Intel OpenCL runtime. Expect massive speed loss. You can use --force to override, but do not report related errors. No devices found/left.

    You can use the –force flag. Since this is a basic MD5 hash, it will still go very fast.

    hashcat '5f4dcc3b5aa765d61d8327deb882cf99' /usr/share/wordlists/rockyou.txt --force

    Hashcat demonstration for cracking MD5 passwords

    Christophe replied 10 months, 2 weeks ago 1 Member · 1 Reply
  • 1 Reply
  • Christophe

    Administrator
    August 18, 2021 at 5:05 pm

    Since a hashcat upgrade to v6.0.0+, running hashcat within a virtualized environment is giving errors. The best approach is to not run hashcat inside of Virtual Box or VMWare, and instead, to run it on your host machine. There will be fewer issues with drivers and access to more of your hardware that way.