How to crack hash using hashview [Step-by-Step]


Ethical hacking

Reviewer: Deepak Prasad

Hashing cannot be reversed as opposed to encryption. Taking an informed guess of the password, processing it through the hashing algorithm, and comparing the output with the hash you already have are the only techniques to "retrieve" the passphrase from the hash. The tools available for cracking hashes are pretty sophisticated; John the Ripper and Hashcat jointly offer a large number of hash types including all kinds of excellent features and great execution optimizations, as you would anticipate from such a big and time-consuming task.

Nevertheless, in the end, it's the hardware that poses the major challenge, not the software. In this guide, we will be installing and demonstrating how we can use hashview for cracking hash by checking for a passphrase hash against a world list.

 

Requirements

  1. PC running on Ubuntu. (You can check out the guide on how to dual-boot Ubuntu).
  2. A file containing hashes to be cracked.
  3. A wordlist.
  4. Knowledge of using a terminal.

 

Hashcat Overview

This is a password-cracking tool that can be used in cracking the hash of some of the most complex password formats. To achieve that, it offers versatility, efficiency, and multiple methods of cracking a particular passphrase. Hashcat also supports the use of previously generated dictionaries, brute force, and even rainbow tables techniques when cracking hash for efficiency. Some of the features that make hashcat the perfect tool for cracking hash include;

  1. It supports multiple threads when cracking hash.
  2. It is supported on various common operating systems and supports multiple hashes (Linux, Windows, and OSX ).
  3. Sessions can be stopped and automatically restored. At startup, they distinguish retrieved hashes from the output file.
  4. Both hex files are supported. (hex-charset and hex-salt)
  5. Threads can be configured and executed based on priority.
  6. Performance and optimization-focused implementations of more than 90 algorithms are possible.
  7. Specialized rules can be used to enhance any of the attack modes.
  8. It supports multiple hashing algorithms (MD4, MD5, SHA1, MySQL, etc.)

In this guide, we will be cracking hash on a Ubuntu operating system.

 

Install Hashcat

Before cracking the hash, we have to install hashcat. Hashcat can either be used via the command line interface or using hashview which is a web-based version of hashcat and has added features not available via the command line. In this guide, I will be showing you how to install and use hashcat from the command line and hashview to crack hash on a web platform.

 

Hashcat command line installation

To install hashcat on the command line interface is as easy as installing other tools. We first need to ensure that the system's packages are up to date by running the following commands.

sudo apt update
sudo apt upgrade

Ensure you have an active internet connection before running these commands. Once the update is done, we can now install hashcat via apt and start cracking hash.

sudo apt install hashcat

How to crack hash using hashview [Step-by-Step]

After the installation is complete, we can now use hashcat via the command line for cracking hashes.

 

Install Hashview

Installing hashview is different from installing hashcat. Hashview is just hashcat but it has a graphical user interface. While using hashview for cracking hashes, the user doesn't need to know the commands to be used. He just needs to provide a file with a list of hashes, a word list to check against, and other required information. To use hashview, we first need to install the server and then add the agent.

 

Step-1: Installing MySQL

The first step is to set up the database to use with hashview. Hashview uses a MySQL database therefore we install it.

sudo apt install mysql-server

After installation is complete we start MySQL service using the command.

sudo service mysql start

We can now run a secure installation of the MySQL server using the command.

sudo mysql_secure_installation

 

Step-2: Configuring MySQL

When the installation is complete, we are now ready to create an account for use with hashview while cracking hashes on our database server.

NOTE:
We can run hashview with the root account on MySQL but an account with lower privileges is recommended in a production environment.

To create an account we fire up a terminal and run

sudo mysql

We then create a user using the command;

CREATE USER 'yourusername'@'localhost' IDENTIFIED BY 'YOURPASSWORD!';

Grant privileges to the created account.

GRANT ALL PRIVILEGES ON hashview.* TO 'hashview'@'localhost';
FLUSH PRIVILEGES;

and finally, create a hashview database

create database hashview;

We now have the database ready for use. The database will be storing hash files, accounts information, jobs created by a user, and other required information while cracking hashes.

 

Step-3: Installing hashview server

To install hash view we first need to install the dependencies required for hashview to run.

sudo apt-get install python3 python3-pip python3-flask

How to crack hash using hashview [Step-by-Step]

We then clone hashview server files from its GitHub repository as shown below.

git clone https://github.com/hashview/hashview.git

How to crack hash using hashview [Step-by-Step]

Next, we navigate into the directory of the downloaded files to install the required dependencies.

cd hashview

pip install -r requirements.txt

How to crack hash using hashview [Step-by-Step]

After the installation is done, we can now set up hashview by running the setup file.

./setup.py

When we run the setup, we are required to provide the database information such as the database IP, account to use, SMTP configuration, and other information relating to that instance of hashview.

How to crack hash using hashview [Step-by-Step]

After setup, we can now run the server instance of hashview. To access the running instance, we will use a web browser of choice as shown in the image below. We are required to navigate to http://localhost:8443 and log in using the login details we provided during the setup.

cracking hash
The hashview server is ready for use. The next step is to add a hashview-agent to help in cracking hashes.

 

Step-4: Installing a hashview agent

Installing a hashview-agent for cracking hashes using hashview is dead simple. We first download a hashview-agent from within the hashview server by navigating to the agents' option as shown in the image below.
cracking hash

When the download completes we navigate into the directory where we downloaded the hashview-agent and extract it using the commands below.

cd Downloads
tar -xzvf hashview-agent.0.8.0.tgz

We navigate into the newly created directory and install the required dependencies.

pip install -r requirements.txt

After installation is complete we are now ready to run and configure the agent for use while cracking hashes.

python3 hashview-agent.py

we are required to provide server information before we can add the hashview agent as shown in the image below.

How to crack hash using hashview [Step-by-Step]

 

When we navigate back to the agents' page on hashview, we have to allow the agent for us to use it in cracking hashes as shown in the image below.

How to crack hash using hashview [Step-by-Step]

Step-5: Let's start cracking hashes

Once the agent is allowed, we can now create a job by navigating to the jobs page. When creating a job on hashview, we are required to provide information such as the hash file from which we are cracking the hashes, the name of the job, the customer, and the world list file to use for that job. Once everything is set up we can now start the cracking job. With hashview, we can perform unattended cracking by adding to be notified via email when a hash has been cracked.

How to crack hash using hashview [Step-by-Step]

 

Within hashview, we can view general cracking analytics or analytics relating to a specific job. Some of the information that can be found include; Number of cracked hashes and the number of hashes that have not been found. You can also download all cracked and uncracked hashes as a text document.

How to crack hash using hashview [Step-by-Step]

 

Conclusion

In the above guide, we were able to install and use hashview for cracking hashes. Although there are advanced tools such as hashview and hashcat, the efficiency of these tools depends largely on the hardware capabilities of the device that is being used. The efficiency of hashview while cracking hashes can be improved by using world lists which have commonly used passphrases. In our next article on cracking hashes, we will be cracking hashes from the world list we will generate.

 

Kennedy Muthii

Kennedy Muthii

He is an accomplished professional proficient in Python, ethical hacking, Linux, cybersecurity, and OSINT. With a track record including winning a national cybersecurity contest, launching a startup in Kenya, and holding a degree in information science, he is currently engaged in cutting-edge research in ethical hacking. You can connect with him on his LinkedIn profile.

Can't find what you're searching for? Let us assist you.

Enter your query below, and we'll provide instant results tailored to your needs.

If my articles on GoLinuxCloud has helped you, kindly consider buying me a coffee as a token of appreciation.

Buy GoLinuxCloud a Coffee

For any other feedbacks or questions you can send mail to admin@golinuxcloud.com

Thank You for your support!!

Leave a Comment