26/3/2018 KALI – How to crack passwords using Hashcat – The Visual Guide | University of South Wales: Information Security

on Security & Privacy

University of South Wales: Information Security & Privacy

Aim: To enhance privacy, security, encryption and VPN's
TAGS
brute force hacking calculator, bruteforce cracking, cracking passwords, Hashcat, how to crack
passwords using Hashcat, how to use hashcat, KALI

KALI – How to crack passwords using Hashcat –

The Visual Guide

07/08/2013
Windows passwords are stored as MD5 hashes, that can be cracked using Hashcat. There is a
Windows 10 password hacking version here:

h ps://wordpress.com/stats/post/4497/uwnthesis.wordpress.com
(h ps://wordpress.com/stats/post/4497/uwnthesis.wordpress.com)

Step 1 – Root terminal

mkdir hashes

cd /hashes

gedit hashes.txt

This organises a hashes directory for you, and a hashes.txt file which will contain the hashes to be
cracked.

*****

https://uwnthesis.wordpress.com/2013/08/07/kali-how-to-crack-passwords-using-hashcat/ 1/26
26/3/2018 KALI – How to crack passwords using Hashcat – The Visual Guide | University of South Wales: Information Security & Privacy

Step 2 – Generate hashes for you to crack

http://www.miraclesalad.com/webtools/md5.php

Hashes.txt is the file of password hashes to be cracked –

we’ll create hashes to paste into this file.

(h ps://uwnthesis.files.wordpress.com/2013/08/hashesfile.png)

To generate hashes, use:

http://www.miraclesalad.com/webtools/md5.php
https://uwnthesis.wordpress.com/2013/08/07/kali-how-to-crack-passwords-using-hashcat/ 2/26
26/3/2018 KALI – How to crack passwords using Hashcat – The Visual Guide | University of South Wales: Information Security & Privacy

Enter the word “password” – and the site will return the MD5 hash,
paste it into the hashes.txt

(h ps://uwnthesis.files.wordpress.com/2013/08/md5-generator.png)

Next, hash a second password ie “password1”, paste the md5

hashes into hashes.txt.

(h ps://uwnthesis.files.wordpress.com/2013/08/hashpwd1.png)

https://uwnthesis.wordpress.com/2013/08/07/kali-how-to-crack-passwords-using-hashcat/ 3/26
26/3/2018 KALI – How to crack passwords using Hashcat – The Visual Guide | University of South Wales: Information Security & Privacy

Fill up your hashes.txt with five test md5 hashes.

(h ps://uwnthesis.files.wordpress.com/2013/08/hashesfile.png)

This is your test hash file complete. Now we move into a ack mode.

******

Hashcat options. Jump to step 4 – to attack.

This is background information so that you can adapt your a ack for windows hashes or unix hashes
etc.

hashcat –help

-m = hash type (the hash varies by operating system)

https://uwnthesis.wordpress.com/2013/08/07/kali-how-to-crack-passwords-using-hashcat/ 4/26
26/3/2018 KALI – How to crack passwords using Hashcat – The Visual Guide | University of South Wales: Information Security & Privacy

-a = Attack Mode (we’ll use both Straight and

Combination Attack)

-r = rules file (look for xyz.rule)

(h ps://uwnthesis.files.wordpress.com/2013/08/options.png)

******

ATTACK CODE:

(Carries out a straight through attack against MD5

hashes using the rockyou dictionary).

hashcat -m 0 -a 0 /root/hashes/hashes.txt
/root/rockyou.txt
https://uwnthesis.wordpress.com/2013/08/07/kali-how-to-crack-passwords-using-hashcat/ 5/26
26/3/2018 KALI – How to crack passwords using Hashcat – The Visual Guide | University of South Wales: Information Security & Privacy

(h ps://uwnthesis.files.wordpress.com/2013/08/hashcat-a0.png)

*********

Attack Modes – just for reference

-a 0 (Each number is a DIFFERENT attack mode)

0 = Straight

1 = Combination

2 = Toggle case

3 = Brute Force
https://uwnthesis.wordpress.com/2013/08/07/kali-how-to-crack-passwords-using-hashcat/ 6/26
26/3/2018 KALI – How to crack passwords using Hashcat – The Visual Guide | University of South Wales: Information Security & Privacy

(https://uwnthesis.files.wordpress.com/2013/08/attack-
modes.png)I’ve found that straight or -a 0 is ridiculously fast on
simple passwords.

You have been warned.

******

Hash Type – Just for reference

The operating system determines the hash used. You need to

know the hash type.

Unix = MD5 hash

Kali = SHA512 hash

Windows XP = LM Hash
https://uwnthesis.wordpress.com/2013/08/07/kali-how-to-crack-passwords-using-hashcat/ 7/26
26/3/2018 KALI – How to crack passwords using Hashcat – The Visual Guide | University of South Wales: Information Security & Privacy

Windows 7 = NTLM Hash

-m 0 (Each number is a different Hash Type)

0 = MD5 hash…. so we use -m 0

50 = HMAC-MD5….so we use -m 50

1000 = NTLM….so we use -m 1000

(h ps://uwnthesis.files.wordpress.com/2013/08/hashtypes.png)

*****

https://uwnthesis.wordpress.com/2013/08/07/kali-how-to-crack-passwords-using-hashcat/ 8/26
26/3/2018 KALI – How to crack passwords using Hashcat – The Visual Guide | University of South Wales: Information Security & Privacy

Step 3 – Locate password database for the attack

To locate the Rockyou password database in KALI type:

locate *rock*

(h ps://uwnthesis.files.wordpress.com/2013/08/locate.png)

To locate Hashcat Rules files

cd /usr/share/hashcat/rules

ls -l

https://uwnthesis.wordpress.com/2013/08/07/kali-how-to-crack-passwords-using-hashcat/ 9/26
26/3/2018 KALI – How to crack passwords using Hashcat – The Visual Guide | University of South Wales: Information Security & Privacy

(h ps://uwnthesis.files.wordpress.com/2013/08/rules.png)

You can gedit each rule file to read it if you wish…. that’s a great way to learn more about hashcat

*****

Step 4 – the REAL ATTACK code

hashcat -m 0 -a 1 /root/hashes/hashes.txt
/root/rockyou.txt

(to launch a combination a ack against MD5 password hashes)

or

https://uwnthesis.wordpress.com/2013/08/07/kali-how-to-crack-passwords-using-hashcat/ 10/26
26/3/2018 KALI – How to crack passwords using Hashcat – The Visual Guide | University of South Wales: Information Security & Privacy

hashcat -m 0 -a 0 /root/hashes/hashes.txt
/root/rockyou.txt

(a straight through a ack is super fast on simple passwords)

*****

The attack looks like this:

(h ps://uwnthesis.files.wordpress.com/2013/08/hashcat-output.png)

The hashes are shown – with the plain text password given next to it.

The Rockyou database has several million passwords, but if it’s not in there, then it won’t be cracked.

The 2 major cracking dictionaries are Rockyou, and

CrackStation.

Rockyou contains 14 million unique passwords.

https://uwnthesis.wordpress.com/2013/08/07/kali-how-to-crack-passwords-using-hashcat/ 11/26
26/3/2018 KALI – How to crack passwords using Hashcat – The Visual Guide | University of South Wales: Information Security & Privacy

CrackStation. For MD5 and SHA1 hashes, there is a

190GB, 15-billion-entry lookup table, and for other
hashes, they offer a 19GB 1.5-billion-entry lookup table.

Download CrackStation by Torrent:

https://crackstation.net/buy-crackstation-wordlist-
password-cracking-dictionary.htm

****

Free Rainbow Tables can also be found here (lots of

them)

(h ps://uwnthesis.files.wordpress.com/2013/08/free-rainbow-tables.jpg)

https://www.freerainbowtables.com/en/tables2/

https://uwnthesis.wordpress.com/2013/08/07/kali-how-to-crack-passwords-using-hashcat/ 12/26
26/3/2018 KALI – How to crack passwords using Hashcat – The Visual Guide | University of South Wales: Information Security & Privacy

(h ps://uwnthesis.files.wordpress.com/2013/08/ntlm-rainbow-tables.jpg)

Some hashes will fail to be cracked, this is due to several reasons, it may not be a md5 hash, it may
not be in your password list etc.

Hashes are case sensitive, so Password1 is not the same as password1.

oclHashcat-Plus uses your GPU rather than your CPU to crack

passwords. Graphics cards are MUCH faster as an attack tool,
than a CPU… MANY times faster.

Cryptography

Hash Lengths

HASH SIZE
MD5 Hash Length 16 Bytes
SHA-1 Hash Length 20 Bytes
SHA-256 Hash Length 32 Bytes
SHA-512 Hash Length 64 Bytes

Hash Examples

Likely just use hash-identifier for this but here are some example hashes:

HASH EXAMPLE
MD5 Hash Example 8743b52063cd84097a65d1633f5c74f5
MD5 $PASS:$SALT Example 01dfae6e5d4d90d9892622325959afbe:7050461
MD5 $SALT:$PASS f0fda58630310a6dd91a7d8f0a4ceda2:4225637426
SHA1 Hash Example b89eaac7e61417341b710b727768294d0e6a277b
SHA1 $PASS:$SALT 2fc5a684737ce1bf7b3b239df432416e0dd07357:2014
SHA1 $SALT:$PASS cac35ec206d868b7d7cb0b55f31d9425b075082b:5363620024
127e6fbfe24a750e72930c220a8e138275656b
SHA-256
8e5d8f48a98c3c92df2caba935

https://uwnthesis.wordpress.com/2013/08/07/kali-how-to-crack-passwords-using-hashcat/ 13/26
26/3/2018 KALI – How to crack passwords using Hashcat – The Visual Guide | University of South Wales: Information Security & Privacy

HASH EXAMPLE
c73d08de890479518ed60cf670d17faa26a4a7
SHA-256 $PASS:$SALT
1f995c1dcc978165399401a6c4
eb368a2dfd38b405f014118c7d9747fcc97f4
SHA-256 $SALT:$PASS
f0ee75c05963cd9da6ee65ef498:560407001617
82a9dda829eb7f8ffe9fbe49e45d47d2dad9
664fbb7adf72492e3c81ebd3e29134d9bc
SHA-512
12212bf83c6840f10e8246b9db54a4
859b7ccd0123d86e5872c1e5082f
e5c3ede3e49fb86592fb03f471c35ba13e8
d89b8ab65142c9a8fdafb635fa2223c24e5
SHA-512 $PASS:$SALT
558fd9313e8995019dcbec1fb58414
6b7bb12685c7765fc8c0d51379fd
976b451818634a1e2acba682da3fd6ef
a72adf8a7a08d7939550c244b237c72c7d4236754
SHA-512 $SALT:$PASS
4e826c0c83fe5c02f97c0373b6b1
386cc794bf0d21d2df01bb9c08a
NTLM Hash Example b4b9b02e6f09a9bd760f388b67351e2b

Reference

(h ps://uwnthesis.files.wordpress.com/2013/08/kali-linux-kindle-
cover.jpg)

https://uwnthesis.wordpress.com/2013/08/07/kali-how-to-crack-passwords-using-hashcat/ 14/26
26/3/2018 KALI – How to crack passwords using Hashcat – The Visual Guide | University of South Wales: Information Security & Privacy

Amazon.co.uk link to Kali Linux – How to crack

passwords using Hashcat
(https://www.amazon.co.uk/KALI-LINUX-
passwords-Hashcat-Visual-
ebook/dp/B072YVDHS5)

https://uwnthesis.wordpress.com/2013/08/07/kali-how-to-crack-passwords-using-hashcat/ 15/26
26/3/2018 KALI – How to crack passwords using Hashcat – The Visual Guide | University of South Wales: Information Security & Privacy

https://www.amazon.co.uk/s/ref=nb_sb_noss_2?
url=search-alias%3Daps&field-
keywords=hashcat
(https://www.amazon.co.uk/s/ref=nb_sb_noss_2
url=search-alias%3Daps&field-
keywords=hashcat)

h ps://highon.coffee/blog/penetration-testing-tools-cheat-sheet/
(h ps://highon.coffee/blog/penetration-testing-tools-cheat-sheet/)

*****

Password hacking / password cracking –

http://www.hashkiller.co.uk
(http://www.hashkiller.co.uk)

h ps://uwnthesis.wordpress.com/2016/06/12/password-hacking-password-cracking-www-
hashkiller-co-uk/ (h ps://uwnthesis.wordpress.com/2016/06/12/password-hacking-password-
cracking-www-hashkiller-co-uk/)

BRUTE FORCE HACKING – Brute force Calculator – A

Visual Guide

https://uwnthesis.wordpress.com/2014/04/18/bruteforc
hacking-bruteforce-calculator-a-visual-guide/

*****

https://uwnthesis.wordpress.com/2013/08/07/kali-how-to-crack-passwords-using-hashcat/ 16/26
26/3/2018 KALI – How to crack passwords using Hashcat – The Visual Guide | University of South Wales: Information Security & Privacy

SupraFortix – Hashcat Password Cracking – Uni South

Wales blog

http://suprafortix.wordpress.com/2014/06/13/hashcat-
password-craking/

KALI – First things to do after installing Kali Debian Linux – The

Visual Guide

h ps://uwnthesis.wordpress.com/2014/07/20/kali-first-things-to-do-after-installing-kali-debian-
linux-the-visual-guide/ (h ps://uwnthesis.wordpress.com/2014/07/20/kali-first-things-to-do-after-
installing-kali-debian-linux-the-visual-guide/)

How to write a password that takes over 35

quadrillion years to crack (but is easy
to remember)

h ps://uwnthesis.wordpress.com/2016/03/27/how-to-write-a-password-that-takes-over-35-
quadrillion-years-to-crack-but-is-easy-to-remember/
(h ps://uwnthesis.wordpress.com/2016/03/27/how-to-write-a-password-that-takes-over-35-
quadrillion-years-to-crack-but-is-easy-to-remember/)

https://uwnthesis.wordpress.com/2013/08/07/kali-how-to-crack-passwords-using-hashcat/ 17/26
26/3/2018 KALI – How to crack passwords using Hashcat – The Visual Guide | University of South Wales: Information Security & Privacy

Advertisements

Report this ad

Report this ad
From → BackTrack, Hacking, KALI, Password Tests

49 Comments
1. oogenhand permalink
Reblogged this on oogenhand and commented:
Very important.

Reply
2. Jay (@simply__jay) permalink
A very helpful article brilliantly illustrated.
Good work! Cheers

Reply
3. Người Đến Từ Bình Dương permalink
Reblogged this on Người Đến Từ Bình Dương.

Reply
4. dcht.org permalink
A very good post.

You can find a new sorted & uniq dictionary list for hashcat && jtr. DCHTPassv1.0 is available.
Check it out and Enjoy!

Reply
tyler m permalink

https://uwnthesis.wordpress.com/2013/08/07/kali-how-to-crack-passwords-using-hashcat/ 18/26
26/3/2018 KALI – How to crack passwords using Hashcat – The Visual Guide | University of South Wales: Information Security & Privacy

Hi , I have been a empting this for the last hour! Please help! I am able to load the 5 hashes
into the hashes.txt file , but when I go to run the a ack I recieve the error msg :
/root/rockyou.txt: No such file or directory.

Thank you in advance .

Reply
uwnthesis permalink
Hi Tyler
If you search for the standard location of the rockyou dictionary, you’ll find the original
path on Kali.
*rockyou*.* – and it’ll reveal the full path.

As I’m lazy, I copied the file over to /root/rockyou.txt. that’s so the rockyou dictionary is
always easy to find. Sorry if I caused you any confusion.

tyler m permalink
thanks for the reply uwnthesis. I was able to locate the rockyou file, when i am running the
tests i receive the following:
Input.Mode : Dict ( /usr/share/hashcat/rules/rockyou-30000.rule)
Index….: 1/1 (segment), 30000 (words), 331161 (bytes)
Recovered : 0/5 hashes, 0/1 salts
Speed/sec . : 5.29M Plains, 176 words
Progress : 30000/30000 (100%)
Estimated time / . —

[s]tatus [p]ause [r]esume [b]ypass [q]uit =>

Am Doing the a ack right because it doesn’t seem to be recovering any passwords from the
hashes!

Thanks for your help, i am fairly new with all this but am super intrigued! thanks again.

uwnthesis permalink
Hi Tyler,
Try making up your own hashes file for easy passwords like password, password123. Then
run hashcat against these easy passwords to get a feel for how the system works.
Use the MD5 hashes from h p://www.miraclesalad.com/webtools/md5.php to create your
md5 hashes file.
Go for a nice easy a ack, such as the straight thru a ack
hashcat -m 0 -a 0 hashes.txt rockyou.txt
-m 0 = md5 hashes
-a 0 = straight through a ack

Good luck! Password cracking is very addictive – so you’ll have lots of fun.

tyler m permalink
Hey again.

I was able to get all of my hashes stored into the file hashes.txt and run the a tack
hashcat -m 0 -a 0 /hashes/hashes.txt /usr/share/hashcat/rules/rockyou-30000.rule
when i locate *rockyou* , it tells me that the file is the /usr/share/hashcat/rules/rockyou-
30000.rule so i figured thats where i should execute the a ack from however it seems to
load all 5 hashes, but doesn’t seem to run. This is what happens when i run the a ack.
https://uwnthesis.wordpress.com/2013/08/07/kali-how-to-crack-passwords-using-hashcat/ 19/26
26/3/2018 KALI – How to crack passwords using Hashcat – The Visual Guide | University of South Wales: Information Security & Privacy

Initizialing hashcat v2.00 with 1 thread and 32 mb segment size…

Added hashes from file /hashes/hashes.txt : 5 (1 salts)

[s]tatus [p]ause [r]esume [b]ypass [q]uit =>

Input.Mode: Dict (/usr/share/hashcat/rules/rockyou-30000.rule)

Index…. : 1/1 (segment), 30000 (words), 331161 (bytes)
Recovered: 0/5 hashes, 0/1 salts
Speed/sec : – plains, – words
Progress : 30000/30000 (100%)
Running : –: –: –: —
Estimated –: –: –: —

Started : Wed Mar 23 19:13:52 2016

Stopped: Wed Mar 23 19:13:53 2016

Am i doing everything correct and maybe its my virtual kali machine that is installed
improperly? Anyway to re install it from scratch?

Thanks again for your help and time, it is greatly appreciated from a noobie!

Cheers,

Tyler

tyler m permalink
Hi uwnthesis, I was able to crack the hashes! What a relief and great feeling! I am now
looking at hacking wireless networks but do not have a wireless card or adapter.

I am running kali linux via virtualbox on a macbook air. I am curious what your
recommendation would be for a wirless adapater? I have been reading a lot on the Kali
forum but have found it fairly confusing! I want to be able to just plug in the adapater and
enable monitor mode so i can scan for networks!

Thanks again for your help uwnthesis, you are the best!

Cheers,

Tyler

uwnthesis permalink
Hi Tyler,
Cracking Wifi is great fun. The first rule is to use a wifi adapter that is compatible with
Kali. Most hackers would recommended the Alfa range.

You’ll need a high gain antenna to reach longer distances. You can use an Alfa paddle or 7
db gain antenna – or an Alfa adapter that has 2 antennas on it.
Alfa have drivers for Kali.
h p://www.amazon.co.uk/Network-APA-M25-directional-connector-WL-ANT-
157/dp/B00R1PA9EO/ref=sr_1_9?ie=UTF8&qid=1458929826&sr=8-
9&keywords=alfa+network+adapters
h p://www.amazon.co.uk/ALFA-Network-AWUS051NH-V2-
Detachable/dp/B00REZPU3G/ref=pd_sim_147_1?ie=UTF8&dpID=31AzbT-
IELL&dpSrc=sims&preST=_AC_UL160_SR160%2C160_&refRID=06T9TP73C5H6JMZZGQZ
https://uwnthesis.wordpress.com/2013/08/07/kali-how-to-crack-passwords-using-hashcat/ 20/26
26/3/2018 KALI – How to crack passwords using Hashcat – The Visual Guide | University of South Wales: Information Security & Privacy

You need to be careful about the network adapter you select.

1. Must work with Kali
2. Must be capable of packet injection.

The easiest tool to use is Fern for wifi hacking. It’s very easy to use.
The tool I really like is Wifite – this is an auditing tool and will carry out packet injection for
you. It will colour code the wifi – so you’ll know if your signal is strong enough.

Transmission power is an important part of hacking. You can alter the country code to
remove regulations, eg if you set the country code to BO for Bolivia all restrictions on
transmission power would be removed.
The easiest way to hack is to use Fern, and go for WPS cracking to start off with.
Have fun!

tyler m permalink
Thank you so much for the reply! I will let you know if I encounter any problems along the
way!

tyler m permalink
would something like this work? h ps://www.amazon.ca/TP-LINK-TL-WN822N-Wireless-
External-Antennas/dp/B00416Q5KI/ref=dp_ob_title_ce

thanks.

uwnthesis permalink
Hi Tyler,
The “bunny ears” adapter – one of my all time favourite adapter.
Sorry no, this can’t carry out packet injection – which is what you need to hack wifi.
But the bunny ears adapter is a very good, fast, and stable network adapter.

This alfa adapter is *very* old, but it was one of the best adapters.
Selecting the right adapter is a very important step. Get the wrong adapter and all the
hacking tools will fail on you.
You might be able to get a second hand AWUS036H to experiment with thats very cheap.
h p://www.amazon.co.uk/ALFA-AWUS036H-2-4GHz-Detachable-
Antenna/dp/B00OZQWLHA/ref=sr_1_ mr0_1?ie=UTF8&qid=1458935530&sr=8-1-
mr0&keywords=alfa+network+adapter+h

But it’s only 54 mpbs. It will be very limited and old school, however this was an amazing
adapter for Kali – a legendary network adapter to be honest, as it picked up so many
networks.

tyler m permalink
Thanks again for your help in finding the right adapter! I am in Canada so that one does
not ship to Canada! But I managed to find 3 on amazon.ca Here are the three that seem
similar. let me know which one you recommend!

h ps://www.amazon.ca/Alfa-AWUS036H-802-11b-Wireless-
Original/dp/B002BFMZR8/ref=sr_1_ mr0_1?ie=UTF8&qid=1458936277&sr=8-1-
mr0&keywords=ALFA+AWUS036H+54Mbp%2Fs+2.4GHz+USB+WiFi+Dongle+with+Deta
SMA+Antenna

https://uwnthesis.wordpress.com/2013/08/07/kali-how-to-crack-passwords-using-hashcat/ 21/26
26/3/2018 KALI – How to crack passwords using Hashcat – The Visual Guide | University of South Wales: Information Security & Privacy

h ps://www.amazon.ca/Alfa-AWUS036H-802-11b-Wireless-Long-
Rang/dp/B003V17P4O/ref=sr_1_ mr0_2?ie=UTF8&qid=1458936277&sr=8-2-
mr0&keywords=ALFA+AWUS036H+54Mbp%2Fs+2.4GHz+USB+WiFi+Dongle+with+Deta
SMA+Antenna

h ps://www.amazon.ca/Alfa-AWUS036H-Upgraded-Long-Rang-
Panel/dp/B003YHYIT0/ref=sr_1_ mr0_3?ie=UTF8&qid=1458936277&sr=8-3-
mr0&keywords=ALFA+AWUS036H+54Mbp%2Fs+2.4GHz+USB+WiFi+Dongle+with+Deta
SMA+Antenna

Thanks a bunch!

Tyler

uwnthesis permalink
Hi Tyler,
Are you able to get this adapter locally?
h p://www.blackhackwireless.com/collections/top-kali-wireless-adapters/products/alfa-
awuso36neh-atheros-ar9271-chipset

Remember to get a good high gain antenna to go with it if you’ve any extra cash. Alfa make
a
7db paddle
10 db panel antenna
h p://www.amazon.co.uk/Network-APA-M04-directional-antenna-
connector/dp/B003ZWILOW?
ie=UTF8&keywords=alfa%20antenna&qid=1459005122&ref_=sr_1_4&sr=8-4

Every 3db is a doubling in signal strength. So 7 db or 10 db is a *big* different in picking up

wifi – the 7db paddle is often used for war driving. The 10 db antenna is great for using in
hostile environments – even got it working inside a giant faraday cage. Wifi hacking is
amazing fun – and you’ll get to use all these skills in the workplace too.

5. tyler m permalink
As I’m in Canada , the one you recommend doesn’t ship to Canada! Here are 3 alternatives that I
think are similar to the one you suggested!

h ps://www.amazon.ca/Alfa-AWUS036H-802-11b-Wireless-
Original/dp/B002BFMZR8/ref=sr_1_ mr0_1?ie=UTF8&qid=1458936619&sr=8-1-
mr0&keywords=ALFA+AWUS036H+54Mbp%2Fs+2.4GHz+USB+WiFi+Dongle+with+Detachable+
SMA+Antenna

h ps://www.amazon.ca/Alfa-AWUS036H-802-11b-Wireless-Long-
Rang/dp/B003V17P4O/ref=sr_1_ mr0_2?ie=UTF8&qid=1458936619&sr=8-2-
mr0&keywords=ALFA+AWUS036H+54Mbp%2Fs+2.4GHz+USB+WiFi+Dongle+with+Detachable+
SMA+Antenna

h ps://www.amazon.ca/Alfa-AWUS036H-Upgraded-Long-Rang-
Panel/dp/B003YHYIT0/ref=sr_1_ mr0_3?ie=UTF8&qid=1458936619&sr=8-3-
mr0&keywords=ALFA+AWUS036H+54Mbp%2Fs+2.4GHz+USB+WiFi+Dongle+with+Detachable+
SMA+Antenna

Thank you for your help !

https://uwnthesis.wordpress.com/2013/08/07/kali-how-to-crack-passwords-using-hashcat/ 22/26
26/3/2018 KALI – How to crack passwords using Hashcat – The Visual Guide | University of South Wales: Information Security & Privacy

Tyler

Reply
uwnthesis permalink
No problem with helping! I’ve been exactly where you are.. and opted for a more expensive
wifi adapter – which totally failed. Hopefully I can guide you, so that you don’t waste any
money.
The key to wifi hacking is the chipset inside the wifi adapter.
h p://www.wirelesshack.org/top-kali-linux-compatible-usb-adapters-dongles-2015.html
Here are the most common chipsets used with Kali Linux. Any USB adapter that uses these
chipsets will most likely work with Kali.

Atheros AR9271
Ralink RT3070
Ralink RT3572
Realtek 8187L (Wireless G adapters)

Alfa adapters continue to dominate Pen Testing in 2015. Here are the top Kali Linux
compatible wireless USB adapters with links to Amazon and AliExpress if available.

The AWUS036H is where I started – it’s a great adapter, but showing it’s age. It’s only a G
adapter, and ideally you need an N adapter.
g = 54 mbps at 2.4 ghz
n = 300 mbps at 5 ghz
Most routers these days are n type routers. So you’d want to go for an adapter that can a ack
them.

Don’t buy anything related to signalking – its’ useless!

Here’s another link that details the chipsets used.

h p://www.inkthat.us/kali-linux/best-kali-linux-compatible-usb-wireless-adapters/

Have fun!

Reply
uwnthesis permalink
Tyler,
Found this forum post – which debates alfa adapters
h ps://forums.kali.org/archive/index.php/t-4327.html

AWUS036NHA (my favourite)

excellent packet injecter

most access points had moderate signal strength but was able to connect to Most AP that
had weak signals (-91dBm)

h p://www.cyberprogrammers.net/2015/09/best-usb-wireless-adapterscards.html
So the conclusion seems to be the newer AWUS036 NHA is the best at packet injection at
the moment.

https://uwnthesis.wordpress.com/2013/08/07/kali-how-to-crack-passwords-using-hashcat/ 23/26
26/3/2018 KALI – How to crack passwords using Hashcat – The Visual Guide | University of South Wales: Information Security & Privacy

ALFA Networks AWUS036NHA B/G/N Wi Adapter Unbo…

uwnthesis permalink
Here’s a video of the two different chipsets in action
The AWUS 036 NHA is demonstrated to detect more networks – and to work with weaker
signals.

Packet Injection - AWUS036NHA VS AWUS036NH

tyler m permalink
Thank you so much for your help! Looks like I have a bit of homework before making a
purchase! Will let you know which one I go with!

Once I receive it, I’m sure that Ill be reaching out!

Thanks again!

Tyler

uwnthesis permalink
Yay! It’ll be great to hear how you get on.
You asked great questions, so you’ll be superb at pen testing.
https://uwnthesis.wordpress.com/2013/08/07/kali-how-to-crack-passwords-using-hashcat/ 24/26
26/3/2018 KALI – How to crack passwords using Hashcat – The Visual Guide | University of South Wales: Information Security & Privacy

6. tyler m permalink
Hi uwnthesis! I just recieved my ALFA AWUS036NH. Very excited to get started! Having some
issues early on though. The first being that I run a macbook air with cd/dvd drive so that makes it
difficult to install the adapter! Do you know of anywhere that I can download the driver utility
software for a mac running El Capitan? Thanks! If you also know of an excellent guide to get
started with Wi-Fi hacking, please send me the link! Hope to be in touch soon! Thanks for your
help.
Cheers, Tyler

Reply
uwnthesis permalink
Hi Tyler,

Wifi cracking is such fun.

Try out “Fern” wifi hacking tool as one of the easiest. Use a WEP router, then a router with
WPS on it – and let FERN crack the key for you.

Reply
7. Sarah permalink
Hii, would you be willing to crack this hash for me?

78df07b5ecedd34aece6c84d7c13356d

I simply have no idea how it works, but i really need my password back

I’d appreciate it a lot!

Reply
uwnthesis permalink
Hi Sarah,
I’ve tried this as an MD5, SHA1 and an NTLM hash as its not that. Any idea what type of hash
it is?

You can always submit your hash to h p://www.hashkiller.co.uk

they will decrypt your hashes for free.
h ps://forum.hashkiller.co.uk/topic-view.aspx?t=12255&m=94981#94981 – but make sure that
you change your password straight after.

Reply
uwnthesis permalink
Hi Sarah,
I’m pre y sure that your password was not hashed using MD5.
78df07b5ecedd34aece6c84d7c13356d MD5 : 94b 41eba4e7150261511f4370f65

Any idea of the correct hashing algorithm?

Reply

Trackbacks & Pingbacks

https://uwnthesis.wordpress.com/2013/08/07/kali-how-to-crack-passwords-using-hashcat/ 25/26
26/3/2018 KALI – How to crack passwords using Hashcat – The Visual Guide | University of South Wales: Information Security & Privacy

1. BRUTEFORCE HACKING – Bruteforce Calculator – A Visual Guide | University of South Wales:

Information Security and Privacy
2. BRUTEFORCE HACKING Bruteforce Calculator A Visual Guide … – News4Security
3. University of South Wales: Posts about KALI | Người Đến Từ Bình Dương
4. How to crack passwords on Windows 7 – Hashcat | University of South Wales: Information
Security and Privacy
5. How to crack passwords using a GUI on Windows 7 – Hashcat ... - News4Security
6. Password Cracking – What is a password hash? | University of South Wales: Information Security
and Privacy
7. How to get same crypt(3) function in Mac OS X as Linux gcc/gnu crypt(3)? Linux gcc crypt(3) has
MD5 and SHA512. Apple Gcc crypt(3) *only* uses DES - BlogoSfera
8. KALI – How to crack passwords using Hashcat – The Visual Guide | LUG Mureş
9. Password hacking / password cracking – www.hashkiller.co.uk | University of South Wales:
Information Security for Privacy
10. Hashing Password with Bcrypt – NHR InfoSec and Software Development
11. Yahoo reveals yet another billion-user breach – Technology Spoon
12. Yahoo reveals yet another billion-user breach – Darby's
13. Yahoo reveals yet another billion-user breach | Easy notes
14. Yahoo reveals yet another billion-user breach | Daily Rant Online
15. Yahoo reveals yet another billion-user breach | MyFads
16. Yahoo reveals yet another billion-user breach – TheNycPlug
17. Yahoo reveals yet another billion-user breach | Intelligent Jamaica
18. Yahoo reveals yet another billion-user breach - techietricks.com
19. Yahoo reveals yet another billion-user breach | ZERO DAY TECH
20. Yahoo reveals yet another billion-user breach | Jamaican Moments™
21. Tech Connecto - Let's Talk Tech
22. Yahoo reveals yet another billion-user breach – The Verge | Newsist

Create a free website or blog at WordPress.com.

https://uwnthesis.wordpress.com/2013/08/07/kali-how-to-crack-passwords-using-hashcat/ 26/26