How to crack an MD5 password using hashcat
Brute-force attack
Install hashcat:
brew install hashcat
Write the MD5 hashes that we want hashcat to crack for us to a file:
echo '098f6bcd4621d373cade4e832627b4f6' >> hashes
echo '1a1dc91c907325c69271ddf0c944bc72' >> hashes
Attempt to crack MD5 password hash using brute force (“-a 3” switch):
$ hashcat -a 3 hashes
Show cracked hashes and passwords:
$ hashcat -a 3 hashes --show
098f6bcd4621d373cade4e832627b4f6:test
1a1dc91c907325c69271ddf0c944bc72:pass
Dictionary attack
Download a dictionary:
wget https://raw.githubusercontent.com/berzerk0/Probable-Wordlists/master/Real-Passwords/Top196-probable.txt
Write the MD5 hashes that we want hashcat to crack for us to a file:
echo '5f4dcc3b5aa765d61d8327deb882cf99' >> hashes
Attempt to crack the password using the dictionary:
hashcat -a 0 hashes Top196-probable.txt
Show cracked hashes and passwords:
$ hashcat -a 3 hashes --show
5f4dcc3b5aa765d61d8327deb882cf99:password
How to decode base64 encoded MD5 password hash
To decode a base64 encoded MD5 password hash you can use these commands:
echo -n 'base64-encoded-md5-password' | base64 -D | xxd -g 0 -ps > hashes
Tested with hashcat v4.0.1.