Step 5: Cracking MD5 hashed password
I can easily crack this simple password using hashcat or similar softwares.
[email protected]:~# hashcat -m 0 -a 0 /root/wireshark-hash.lf /root/rockyou.txt (or) [email protected]:~# cudahashcat -m 0 -a 0 /root/wireshark-hash.lf /root/rockyou.txt (or) [email protected]:~# cudahashcat32 -m 0 -a 0 /root/wireshark-hash.lf /root/rockyou.txt (or) [email protected]:~# cudahashcat64 -m 0 -a 0 /root/wireshark-hash.lf /root/rockyou.txt
Because this was a simple password that existed in my password list, hashcat cracked it very easily.
Cracking password hashes
Out final outcome looks like this:
- username: sampleuser
- password: e4b7c855be6e3d4307b8d6ba4cd4ab91:simplepassword
Well, to be honest it’s not possible for every website owner to implement SSL to secure password, some SSL’s cost you upto 1500$ per URL (well, you can get 10$ ones too but I personally never used those so I can’t really comment). But the least website owners (public ones where anyone can register) should do is to implement hashing during login-procedures. In that way, at least the password is hashed and that adds one more hurdle for someone from hacking website password easily. Actually it’s a big one as SSL encryption (theoretically) can take 100+years even with the best SuperComputer of today.
Enjoy and use this guide responsibly. Please Share and RT. Thanks.